Today Talos is making the first of a number of additions to the max-detect policy to make it a heavily detection focused policy. As such, performance will be impacted if this policy is enabled and it is highly recommended that users test this policy’s performance before deploying it in production environments.
Talos has added and modified multiple rules in the app-detect, browser-chrome, browser-firefox, browser-ie, browser-other, browser-webkit, content-replace, exploit-kit, file-executable, file-flash, file-identify, file-image, file-java, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, indicator-obfuscation, indicator-scan, indicator-shellcode, malware-backdoor, malware-cnc, malware-other, malware-tools, netbios, os-linux, os-mobile, os-other, os-solaris, os-windows, policy-multimedia, policy-other, policy-social, policy-spam, protocol-dns, protocol-ftp, protocol-icmp, protocol-imap, protocol-nntp, protocol-other, protocol-pop, protocol-rpc, protocol-scada, protocol-services, protocol-snmp, protocol-telnet, protocol-tftp, protocol-voip, pua-adware, pua-other, pua-p2p, pua-toolbars, server-apache, server-iis, server-mail, server-mssql, server-mysql, server-oracle, server-other and sql rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:49940 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules) * 1:49943 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:49942 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:49941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant outbound connection attempt (malware-cnc.rules) * 3:49939 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed RecolorInfoAtom out of bounds read attempt (file-office.rules)
* 1:16260 <-> DISABLED <-> PUA-ADWARE rogue software xp antivirus protection runtime detection - installation (pua-adware.rules) * 1:16261 <-> DISABLED <-> PUA-ADWARE rogue software xp antivirus protection runtime detection - runtime (pua-adware.rules) * 1:16262 <-> DISABLED <-> PUA-ADWARE rogue software xp-shield outbound connection (pua-adware.rules) * 1:16263 <-> DISABLED <-> PUA-ADWARE rogue software xp-shield outbound connection - installation (pua-adware.rules) * 1:16264 <-> DISABLED <-> PUA-ADWARE rogue software 007 anti-spyware runtime detection - update (pua-adware.rules) * 1:16265 <-> DISABLED <-> PUA-ADWARE rogue software 007 anti-spyware runtime detection - register (pua-adware.rules) * 1:16266 <-> DISABLED <-> PUA-ADWARE rogue software pc antispyware 2010 runtime detection - buy (pua-adware.rules) * 1:16267 <-> DISABLED <-> PUA-ADWARE rogue software pc antispyware 2010 runtime detection - files (pua-adware.rules) * 1:16276 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl outbound connection (pua-adware.rules) * 1:16277 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl outbound connection - downloads malicious files (pua-adware.rules) * 1:16278 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl installime detection - updates remote server (pua-adware.rules) * 1:16279 <-> DISABLED <-> PUA-ADWARE rogue-software windows antivirus 2008 runtime detection - pre-sale page (pua-adware.rules) * 1:16280 <-> DISABLED <-> PUA-ADWARE rogue-software windows antivirus 2008 runtime detection - registration and payment page (pua-adware.rules) * 1:16281 <-> DISABLED <-> PUA-P2P BitTorrent scrape request (pua-p2p.rules) * 1:16282 <-> DISABLED <-> PUA-P2P Bittorrent uTP peer request (pua-p2p.rules) * 1:16285 <-> DISABLED <-> PROTOCOL-RPC AIX ttdbserv function 15 buffer overflow attempt (protocol-rpc.rules) * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules) * 1:16287 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt (os-windows.rules) * 1:16290 <-> DISABLED <-> SERVER-ORACLE Oracle database server CREATE_TABLES SQL injection attempt (server-oracle.rules) * 1:16293 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Flash memory corruption attempt (file-other.rules) * 1:16294 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP stack zero window size exploit attempt (os-windows.rules) * 1:16309 <-> DISABLED <-> SERVER-ORACLE auth_sesskey buffer overflow attempt (server-oracle.rules) * 1:16312 <-> DISABLED <-> SERVER-IIS ADFS custom header arbitrary code execution attempt (server-iis.rules) * 1:16313 <-> DISABLED <-> FILE-EXECUTABLE download of executable content (file-executable.rules) * 1:16314 <-> DISABLED <-> FILE-OFFICE Microsoft Windows WordPad and Office text converter integer overflow attempt (file-office.rules) * 1:16315 <-> DISABLED <-> FILE-FLASH Adobe Flash PlugIn check if file exists attempt (file-flash.rules) * 1:16316 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed getPropertyLate actioncode attempt (file-flash.rules) * 1:16320 <-> DISABLED <-> FILE-IMAGE Adobe PNG empty sPLT exploit attempt (file-image.rules) * 1:16321 <-> DISABLED <-> FILE-IMAGE Adobe tiff oversized image length attempt (file-image.rules) * 1:16322 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader oversized object width attempt (file-pdf.rules) * 1:16323 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2k uninitialized QCC memory corruption attempt (file-pdf.rules) * 1:16324 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader doc.export arbitrary file write attempt (file-pdf.rules) * 1:16325 <-> DISABLED <-> FILE-PDF Adobe JPEG2k uninitialized QCC memory corruption attempt (file-pdf.rules) * 1:16327 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ TIFF RLE compressed data buffer overflow attempt (os-windows.rules) * 1:16328 <-> DISABLED <-> FILE-OFFICE Microsoft Office Project file parsing arbitrary memory access attempt (file-office.rules) * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt (server-other.rules) * 1:16335 <-> DISABLED <-> FILE-PDF XPDF ObjectStream integer overflow (file-pdf.rules) * 1:16336 <-> DISABLED <-> FILE-PDF Blackberry Server PDF JBIG2 numnewsyms remote code execution attempt (file-pdf.rules) * 1:16337 <-> DISABLED <-> FILE-FLASH Adobe Flash Player directory traversal attempt (file-flash.rules) * 1:16345 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file HostList processing stack buffer overflow attempt (file-other.rules) * 1:16346 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file InformixServerList processing stack buffer overflow attempt (file-other.rules) * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:16348 <-> DISABLED <-> SERVER-MYSQL database PROCEDURE ANALYSE denial of service attempt - 1 (server-mysql.rules) * 1:16349 <-> DISABLED <-> SERVER-MYSQL database Procedure Analyse denial of service attempt - 2 (server-mysql.rules) * 1:16350 <-> DISABLED <-> SERVER-OTHER ntp mode 7 denial of service attempt (server-other.rules) * 1:16354 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader start-of-file alternate header obfuscation (file-pdf.rules) * 1:16355 <-> DISABLED <-> FILE-PDF Xpdf Splash DrawImage integer overflow attempt (file-pdf.rules) * 1:16356 <-> DISABLED <-> SERVER-IIS multiple extension code execution attempt (server-iis.rules) * 1:16357 <-> DISABLED <-> PROTOCOL-FTP multiple extension code execution attempt (protocol-ftp.rules) * 1:16361 <-> DISABLED <-> FILE-OFFICE Microsoft Office BMP header biClrUsed integer overflow attempt (file-office.rules) * 1:16363 <-> DISABLED <-> FILE-EXECUTABLE potentially executable file upload via FTP (file-executable.rules) * 1:16365 <-> DISABLED <-> PUA-ADWARE OnlineGames download attempt (pua-adware.rules) * 1:16366 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded OpenType font engine LZX decompression buffer overflow attempt (os-windows.rules) * 1:16374 <-> DISABLED <-> SERVER-OTHER Oracle Internet Directory heap corruption attempt (server-other.rules) * 1:16381 <-> ENABLED <-> NETBIOS SMB session negotiation request (netbios.rules) * 1:16385 <-> DISABLED <-> SERVER-MYSQL yaSSL library cert parsing stack overflow attempt (server-mysql.rules) * 1:16390 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader alternate file magic obfuscation (file-pdf.rules) * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16410 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint file LinkedSlide10Atom record parsing heap corruption attempt (file-office.rules) * 1:16434 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.51-v0.61 packed file magic detected (file-identify.rules) * 1:16436 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v2.90 v2.93-v3.00 packed file magic detected (file-identify.rules) * 1:16437 <-> DISABLED <-> SERVER-OTHER CVS Entry line flag remote heap overflow attempt (server-other.rules) * 1:16443 <-> DISABLED <-> POLICY-SOCIAL deny Gmail chat DNS request (policy-social.rules) * 1:16454 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt - empty SMB 2 (os-windows.rules) * 1:16455 <-> DISABLED <-> MALWARE-OTHER Keylogger egyspy keylogger 1.13 runtime detection (malware-other.rules) * 1:16456 <-> DISABLED <-> PUA-ADWARE Rogue-Software ang antivirus 09 runtime detection (pua-adware.rules) * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules) * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:16476 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (file-identify.rules) * 1:16477 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (file-identify.rules) * 1:16478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (file-identify.rules) * 1:16479 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer exploit attempt - public shell code (server-apache.rules) * 1:16480 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer exploit attempt (server-apache.rules) * 1:16486 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - command execution attempt (malware-backdoor.rules) * 1:16487 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - yes command attempt (malware-backdoor.rules) * 1:16488 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - write file attempt (malware-backdoor.rules) * 1:16494 <-> DISABLED <-> PUA-ADWARE Cutwail spambot server communication attempt (pua-adware.rules) * 1:16498 <-> DISABLED <-> PUA-ADWARE PC Antispyware 2010 FakeAV download/update attempt (pua-adware.rules) * 1:16513 <-> DISABLED <-> SQL Jive Software Openfire Jabber Server SQL injection attempt (sql.rules) * 1:16525 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web login attempt (policy-social.rules) * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16535 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio improper attribute code execution attempt (file-office.rules) * 1:16536 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio off-by-one in array index code execution attempt (file-office.rules) * 1:16538 <-> ENABLED <-> NETBIOS NT QUERY SECURITY DESC flowbit (netbios.rules) * 1:16539 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 BytesNeeded ring0 buffer overflow attempt (os-windows.rules) * 1:16546 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader/Acrobat Pro CFF font parsing heap overflow attempt (file-pdf.rules) * 1:16550 <-> DISABLED <-> FILE-OTHER Oracle JRE Java Platform SE and Java Deployment Toolkit plugins code execution attempt - java-deployment-toolkit (file-other.rules) * 1:16552 <-> DISABLED <-> FILE-IDENTIFY Adobe .pfb file download request (file-identify.rules) * 1:16553 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ptg index parsing code execution attempt (file-office.rules) * 1:16556 <-> ENABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm get request attempt (file-other.rules) * 1:16557 <-> DISABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm inbound communication attempt (file-other.rules) * 1:16562 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 2 (file-image.rules) * 1:16563 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 3 (file-image.rules) * 1:16564 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 4 (file-image.rules) * 1:16577 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 compound request DoS attempt (os-windows.rules) * 1:16579 <-> DISABLED <-> PUA-OTHER mIRC IRC URL buffer overflow attempt (pua-other.rules) * 1:16582 <-> DISABLED <-> FILE-OTHER Un4seen Developments XMPlay crafted ASX file buffer overflow attempt (file-other.rules) * 1:16586 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules) * 1:16592 <-> DISABLED <-> BROWSER-OTHER Opera asynchronous document modifications attempted memory corruption (browser-other.rules) * 1:16594 <-> ENABLED <-> PROTOCOL-POP STAT command (protocol-pop.rules) * 1:16598 <-> DISABLED <-> SERVER-OTHER Green Dam URL handling overflow attempt (server-other.rules) * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules) * 1:16611 <-> DISABLED <-> SERVER-APACHE Apache 413 error HTTP request method cross-site scripting attack (server-apache.rules) * 1:16612 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox oversized SOCKS5 DNS reply memory corruption attempt (browser-firefox.rules) * 1:16613 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - cmd (indicator-compromise.rules) * 1:16614 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - search (indicator-compromise.rules) * 1:16615 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - upload (indicator-compromise.rules) * 1:16616 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - about (indicator-compromise.rules) * 1:16617 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - encoder (indicator-compromise.rules) * 1:16618 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - bind (indicator-compromise.rules) * 1:16619 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ps_aux (indicator-compromise.rules) * 1:16620 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ftpquickbrute (indicator-compromise.rules) * 1:16621 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - security (indicator-compromise.rules) * 1:16622 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - sql (indicator-compromise.rules) * 1:16623 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - eval (indicator-compromise.rules) * 1:16624 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - feedback (indicator-compromise.rules) * 1:16625 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - selfremove (indicator-compromise.rules) * 1:16626 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - fsbuff (indicator-compromise.rules) * 1:16627 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ls (indicator-compromise.rules) * 1:16628 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - phpinfo (indicator-compromise.rules) * 1:16630 <-> ENABLED <-> FILE-IDENTIFY DAT file download request (file-identify.rules) * 1:16655 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lbl record stack overflow attempt (file-office.rules) * 1:16680 <-> DISABLED <-> APP-DETECT Tandberg VCS SSH default key (app-detect.rules) * 1:16686 <-> DISABLED <-> SERVER-OTHER IBM WebSphere application server cross site scripting attempt (server-other.rules) * 1:16689 <-> DISABLED <-> SERVER-OTHER Palo Alto Networks Firewall editUser.esp XSS attempt (server-other.rules) * 1:16691 <-> ENABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules) * 1:16696 <-> DISABLED <-> FILE-OTHER Astonsoft Deepburner db file path buffer overflow attempt (file-other.rules) * 1:16697 <-> DISABLED <-> PROTOCOL-FTP httpdx USER null byte denial of service (protocol-ftp.rules) * 1:16698 <-> DISABLED <-> PROTOCOL-FTP httpdx PASS null byte denial of service (protocol-ftp.rules) * 1:16707 <-> DISABLED <-> SERVER-MYSQL mysql_log COM_CREATE_DB format string vulnerability exploit attempt (server-mysql.rules) * 1:16708 <-> DISABLED <-> SERVER-MYSQL mysql_log COM_DROP_DB format string vulnerability exploit attempt (server-mysql.rules) * 1:16718 <-> DISABLED <-> PUA-OTHER Skype URI handler input validation exploit attempt (pua-other.rules) * 1:16726 <-> DISABLED <-> FILE-OTHER gAlan malformed file stack overflow attempt (file-other.rules) * 1:16727 <-> DISABLED <-> FILE-OTHER IDEAL Administration IPJ file handling stack overflow attempt (file-other.rules) * 1:16730 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules) * 1:16731 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules) * 1:16732 <-> DISABLED <-> FILE-OTHER SafeNet SoftRemote multiple policy file local overflow attempt (file-other.rules) * 1:16733 <-> DISABLED <-> FILE-OTHER UltraISO CCD file handling overflow attempt (file-other.rules) * 1:16734 <-> DISABLED <-> FILE-OTHER multiple products malformed CUE file buffer overflow attempt (file-other.rules) * 1:16735 <-> DISABLED <-> FILE-OTHER URSoft W32Dasm Import/Export function buffer overflow attempt (file-other.rules) * 1:16736 <-> DISABLED <-> FILE-OTHER VariCAD multiple products DWB file handling overflow attempt (file-other.rules) * 1:16737 <-> DISABLED <-> FILE-MULTIMEDIA Xenorate Media Player XPL file handling overflow attempt - 1 (file-multimedia.rules) * 1:16738 <-> DISABLED <-> FILE-MULTIMEDIA Xenorate Media Player XPL file handling overflow attempt - 2 (file-multimedia.rules) * 1:16739 <-> DISABLED <-> FILE-MULTIMEDIA Multiple audio players playlist file handling heap overflow attempt (file-multimedia.rules) * 1:16742 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file download request (file-identify.rules) * 1:16743 <-> DISABLED <-> FILE-OTHER Cain & Abel Remote Desktop Protocol file handling buffer overflow attempt (file-other.rules) * 1:16744 <-> DISABLED <-> FILE-MULTIMEDIA Worldweaver DX Studio Player plug-in command injection attempt (file-multimedia.rules) * 1:16787 <-> DISABLED <-> FILE-OTHER Symantec multiple products AeXNSConsoleUtilities RunCMD buffer overflow attempt (file-other.rules) * 1:16795 <-> DISABLED <-> BROWSER-CHROME Google Chrome FTP handling out-of-bounds array index denial of service attempt (browser-chrome.rules) * 1:16799 <-> DISABLED <-> SERVER-MAIL Eureka Mail 2.2q server error response overflow attempt (server-mail.rules) * 1:16801 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll remote memory corruption denial of service attempt (file-pdf.rules) * 1:16934 <-> DISABLED <-> POLICY-SPAM pku-edp.cn known spam email attempt (policy-spam.rules) * 1:16935 <-> DISABLED <-> POLICY-SPAM sjtu-edp.cn known spam email attempt (policy-spam.rules) * 1:16936 <-> DISABLED <-> POLICY-SPAM xoposuhop.cn xoposuhop.cn known spam email attempt (policy-spam.rules) * 1:16937 <-> DISABLED <-> POLICY-SPAM bestdrug-store.com known spam email attempt (policy-spam.rules) * 1:16938 <-> DISABLED <-> POLICY-SPAM pharmrik66y.ru known spam email attempt (policy-spam.rules) * 1:16939 <-> DISABLED <-> POLICY-SPAM refillleonardo59y.ru known spam email attempt (policy-spam.rules) * 1:16940 <-> DISABLED <-> POLICY-SPAM medfreddie55a.ru known spam email attempt (policy-spam.rules) * 1:16941 <-> DISABLED <-> POLICY-SPAM drugshershel38w.ru known spam email attempt (policy-spam.rules) * 1:16942 <-> DISABLED <-> POLICY-SPAM drugshayyim77n.ru known spam email attempt (policy-spam.rules) * 1:16943 <-> DISABLED <-> POLICY-SPAM erectguthry99c.ru known spam email attempt (policy-spam.rules) * 1:16944 <-> DISABLED <-> POLICY-SPAM pilldory92n.ru known spam email attempt (policy-spam.rules) * 1:16945 <-> DISABLED <-> POLICY-SPAM tabwinn77t.ru known spam email attempt (policy-spam.rules) * 1:16946 <-> DISABLED <-> POLICY-SPAM pillrenault15j.ru known spam email attempt (policy-spam.rules) * 1:16947 <-> DISABLED <-> POLICY-SPAM pharmrolland95h.ru known spam email attempt (policy-spam.rules) * 1:16948 <-> DISABLED <-> POLICY-SPAM onlineheindrick60i.ru known spam email attempt (policy-spam.rules) * 1:16949 <-> DISABLED <-> POLICY-SPAM erectnormie71a.ru known spam email attempt (policy-spam.rules) * 1:16950 <-> DISABLED <-> POLICY-SPAM tabscotti71i.ru known spam email attempt (policy-spam.rules) * 1:16951 <-> DISABLED <-> POLICY-SPAM drugsjudd45f.ru known spam email attempt (policy-spam.rules) * 1:16952 <-> DISABLED <-> POLICY-SPAM pharmharman55y.ru known spam email attempt (policy-spam.rules) * 1:16953 <-> DISABLED <-> POLICY-SPAM medgaultiero11e.ru known spam email attempt (policy-spam.rules) * 1:16954 <-> DISABLED <-> POLICY-SPAM pillgaylor21n.ru known spam email attempt (policy-spam.rules) * 1:16955 <-> DISABLED <-> POLICY-SPAM drugspenn84f.ru known spam email attempt (policy-spam.rules) * 1:16956 <-> DISABLED <-> POLICY-SPAM medebeneser68c.ru known spam email attempt (policy-spam.rules) * 1:16957 <-> DISABLED <-> POLICY-SPAM tabmario94r.ru known spam email attempt (policy-spam.rules) * 1:16958 <-> DISABLED <-> POLICY-SPAM tablennard88q.ru known spam email attempt (policy-spam.rules) * 1:16959 <-> DISABLED <-> POLICY-SPAM medforster79j.ru known spam email attempt (policy-spam.rules) * 1:16960 <-> DISABLED <-> POLICY-SPAM erectvincent21v.ru known spam email attempt (policy-spam.rules) * 1:16961 <-> DISABLED <-> POLICY-SPAM drugsdemott21o.ru known spam email attempt (policy-spam.rules) * 1:16962 <-> DISABLED <-> POLICY-SPAM onlinelovell30p.ru known spam email attempt (policy-spam.rules) * 1:16963 <-> DISABLED <-> POLICY-SPAM erecttaylor49i.ru known spam email attempt (policy-spam.rules) * 1:16964 <-> DISABLED <-> POLICY-SPAM smellexact.ru known spam email attempt (policy-spam.rules) * 1:16965 <-> DISABLED <-> POLICY-SPAM givehome.ru known spam email attempt (policy-spam.rules) * 1:16966 <-> DISABLED <-> POLICY-SPAM thingpath.ru known spam email attempt (policy-spam.rules) * 1:16967 <-> DISABLED <-> POLICY-SPAM wereif.ru known spam email attempt (policy-spam.rules) * 1:16968 <-> DISABLED <-> POLICY-SPAM bassmax.ru known spam email attempt (policy-spam.rules) * 1:16969 <-> DISABLED <-> POLICY-SPAM steadfig.ru known spam email attempt (policy-spam.rules) * 1:16970 <-> DISABLED <-> POLICY-SPAM drugsmayne5a.ru known spam email attempt (policy-spam.rules) * 1:16971 <-> DISABLED <-> POLICY-SPAM mystick.ru known spam email attempt (policy-spam.rules) * 1:16972 <-> DISABLED <-> POLICY-SPAM drugsrey95a.ru known spam email attempt (policy-spam.rules) * 1:16973 <-> DISABLED <-> POLICY-SPAM milklowly.ru known spam email attempt (policy-spam.rules) * 1:16974 <-> DISABLED <-> POLICY-SPAM numberenough.ru known spam email attempt (policy-spam.rules) * 1:16975 <-> DISABLED <-> POLICY-SPAM oldsheer.ru known spam email attempt (policy-spam.rules) * 1:16976 <-> DISABLED <-> POLICY-SPAM logzest.ru known spam email attempt (policy-spam.rules) * 1:16977 <-> DISABLED <-> POLICY-SPAM energypotent.ru known spam email attempt (policy-spam.rules) * 1:16978 <-> DISABLED <-> POLICY-SPAM outhave.ru known spam email attempt (policy-spam.rules) * 1:16979 <-> DISABLED <-> POLICY-SPAM solvecalm.ru known spam email attempt (policy-spam.rules) * 1:16980 <-> DISABLED <-> POLICY-SPAM stillvisit.ru known spam email attempt (policy-spam.rules) * 1:16981 <-> DISABLED <-> POLICY-SPAM livelycall.ru known spam email attempt (policy-spam.rules) * 1:16982 <-> DISABLED <-> POLICY-SPAM 64.com1.ru known spam email attempt (policy-spam.rules) * 1:16983 <-> DISABLED <-> POLICY-SPAM heatsettle.ru known spam email attempt (policy-spam.rules) * 1:16984 <-> DISABLED <-> POLICY-SPAM freshmuch.ru known spam email attempt (policy-spam.rules) * 1:16985 <-> DISABLED <-> POLICY-SPAM extoleye.ru known spam email attempt (policy-spam.rules) * 1:16987 <-> DISABLED <-> POLICY-SPAM tabemmerich86b.ru known spam email attempt (policy-spam.rules) * 1:16988 <-> DISABLED <-> POLICY-SPAM moderneight.ru known spam email attempt (policy-spam.rules) * 1:16989 <-> DISABLED <-> POLICY-SPAM tabferd49a.ru known spam email attempt (policy-spam.rules) * 1:16990 <-> DISABLED <-> POLICY-SPAM nextmail.ru known spam email attempt (policy-spam.rules) * 1:16991 <-> DISABLED <-> POLICY-SPAM fruitone.ru known spam email attempt (policy-spam.rules) * 1:16992 <-> DISABLED <-> POLICY-SPAM liquideat.ru known spam email attempt (policy-spam.rules) * 1:16993 <-> DISABLED <-> POLICY-SPAM tabwinn2a.ru known spam email attempt (policy-spam.rules) * 1:16994 <-> DISABLED <-> POLICY-SPAM abletool.ru known spam email attempt (policy-spam.rules) * 1:16995 <-> DISABLED <-> POLICY-SPAM miltyrefil.ru known spam email attempt (policy-spam.rules) * 1:16996 <-> DISABLED <-> POLICY-SPAM quincytab.ru known spam email attempt (policy-spam.rules) * 1:16997 <-> DISABLED <-> POLICY-SPAM giacoporx.ru known spam email attempt (policy-spam.rules) * 1:16998 <-> DISABLED <-> POLICY-SPAM drugsnevile.ru known spam email attempt (policy-spam.rules) * 1:16999 <-> DISABLED <-> POLICY-SPAM jasemed.ru known spam email attempt (policy-spam.rules) * 1:17000 <-> DISABLED <-> POLICY-SPAM ximenezdrug.ru known spam email attempt (policy-spam.rules) * 1:17001 <-> DISABLED <-> POLICY-SPAM dillonline.ru known spam email attempt (policy-spam.rules) * 1:17002 <-> DISABLED <-> POLICY-SPAM swellliquid.ru known spam email attempt (policy-spam.rules) * 1:17003 <-> DISABLED <-> POLICY-SPAM younglaugh.ru known spam email attempt (policy-spam.rules) * 1:17004 <-> DISABLED <-> POLICY-SPAM 2047757.kaskad-travel.ru known spam email attempt (policy-spam.rules) * 1:17005 <-> DISABLED <-> POLICY-SPAM paintwater.ru known spam email attempt (policy-spam.rules) * 1:17006 <-> DISABLED <-> POLICY-SPAM lovingover.ru known spam email attempt (policy-spam.rules) * 1:17007 <-> DISABLED <-> POLICY-SPAM pharmerastus.ru known spam email attempt (policy-spam.rules) * 1:17008 <-> DISABLED <-> POLICY-SPAM hisoffer.ru known spam email attempt (policy-spam.rules) * 1:17009 <-> DISABLED <-> POLICY-SPAM butleft.ru known spam email attempt (policy-spam.rules) * 1:17010 <-> DISABLED <-> POLICY-SPAM starknow.ru known spam email attempt (policy-spam.rules) * 1:17011 <-> DISABLED <-> POLICY-SPAM beginwisdom.ru known spam email attempt (policy-spam.rules) * 1:17012 <-> DISABLED <-> POLICY-SPAM oneus.ru known spam email attempt (policy-spam.rules) * 1:17013 <-> DISABLED <-> POLICY-SPAM reapcomfy.ru known spam email attempt (policy-spam.rules) * 1:17014 <-> DISABLED <-> POLICY-SPAM rowsay.ru known spam email attempt (policy-spam.rules) * 1:17015 <-> DISABLED <-> POLICY-SPAM pamperletter.ru known spam email attempt (policy-spam.rules) * 1:17016 <-> DISABLED <-> POLICY-SPAM boxdouble.ru known spam email attempt (policy-spam.rules) * 1:17017 <-> DISABLED <-> POLICY-SPAM beatmoon.ru known spam email attempt (policy-spam.rules) * 1:17018 <-> DISABLED <-> POLICY-SPAM ensureequate.ru known spam email attempt (policy-spam.rules) * 1:17020 <-> DISABLED <-> POLICY-SPAM sheerwheel.ru known spam email attempt (policy-spam.rules) * 1:17021 <-> DISABLED <-> POLICY-SPAM nearpass.ru known spam email attempt (policy-spam.rules) * 1:17022 <-> DISABLED <-> POLICY-SPAM thatmile.ru known spam email attempt (policy-spam.rules) * 1:17023 <-> DISABLED <-> POLICY-SPAM hillfoot.ru known spam email attempt (policy-spam.rules) * 1:17024 <-> DISABLED <-> POLICY-SPAM writeobject.ru known spam email attempt (policy-spam.rules) * 1:17025 <-> DISABLED <-> POLICY-SPAM thoughthese.ru known spam email attempt (policy-spam.rules) * 1:17026 <-> DISABLED <-> POLICY-SPAM redlead.ru known spam email attempt (policy-spam.rules) * 1:17027 <-> DISABLED <-> POLICY-SPAM scoreenjoy.ru known spam email attempt (policy-spam.rules) * 1:17029 <-> DISABLED <-> POLICY-SPAM tenderpower.ru known spam email attempt (policy-spam.rules) * 1:17030 <-> DISABLED <-> POLICY-SPAM fewvalley.ru known spam email attempt (policy-spam.rules) * 1:17031 <-> DISABLED <-> POLICY-SPAM burnshy.ru known spam email attempt (policy-spam.rules) * 1:17032 <-> DISABLED <-> POLICY-SPAM centtry.ru known spam email attempt (policy-spam.rules) * 1:17033 <-> DISABLED <-> POLICY-SPAM signpearl.ru known spam email attempt (policy-spam.rules) * 1:17041 <-> DISABLED <-> SERVER-OTHER ISA Server OTP-based Forms-authorization fallback policy bypass attempt (server-other.rules) * 1:17044 <-> ENABLED <-> SQL WinCC DB default password security bypass attempt (sql.rules) * 1:17059 <-> DISABLED <-> PROTOCOL-FTP Vermillion 1.31 vftpd port command memory corruption (protocol-ftp.rules) * 1:17104 <-> DISABLED <-> FILE-OTHER FeedDemon OPML file handling buffer overflow attempt (file-other.rules) * 1:17105 <-> DISABLED <-> FILE-OTHER FeedDemon unicode OPML file handling buffer overflow attempt (file-other.rules) * 1:17109 <-> DISABLED <-> SERVER-ORACLE Oracle Java Web Console logging functionality format string exploit attempt (server-oracle.rules) * 1:17110 <-> DISABLED <-> APP-DETECT VxWorks remote debugging agent login attempt (app-detect.rules) * 1:17112 <-> DISABLED <-> OS-WINDOWS DCERPC rpcss2 _RemoteGetClassObject attempt (os-windows.rules) * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules) * 1:17118 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET CreateDelegate method arbitrary code execution attempt (file-executable.rules) * 1:17125 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 MaxDataCount overflow attempt (os-windows.rules) * 1:17126 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB large session length with small packet (os-windows.rules) * 1:17141 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid data precision arbitrary code execution exploit attempt (file-flash.rules) * 1:17142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF ActionScript exploit attempt (file-flash.rules) * 1:17151 <-> ENABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (netbios.rules) * 1:17180 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM record exploit attempt (file-other.rules) * 1:17181 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM record exploit attempt (file-other.rules) * 1:17182 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC record exploit attempt (file-other.rules) * 1:17183 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC record exploit attempt (file-other.rules) * 1:17184 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC record exploit attempt (file-other.rules) * 1:17185 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17186 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17187 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17188 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17189 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17190 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:17192 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:17193 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:17196 <-> DISABLED <-> FILE-OTHER Adobe Director file exploit attempt (file-other.rules) * 1:17197 <-> DISABLED <-> FILE-OTHER Adobe Director file exploit attempt (file-other.rules) * 1:17198 <-> DISABLED <-> FILE-OTHER Adobe Director file exploit attempt (file-other.rules) * 1:17199 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director file lRTX overflow attempt (file-other.rules) * 1:17200 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM overflow attempt (file-other.rules) * 1:17201 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director file LsCM overflow attempt (file-other.rules) * 1:17203 <-> DISABLED <-> FILE-OTHER Adobe Director file file rcsL overflow attempt (file-other.rules) * 1:17204 <-> DISABLED <-> FILE-OTHER Adobe Director file mmap overflow attempt (file-other.rules) * 1:17216 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari TABLE tag with large CELLSPACING attribute exploit attempt (browser-webkit.rules) * 1:17217 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari invalid FRAME tag remote code execution attempt (browser-webkit.rules) * 1:17218 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari LI tag with large VALUE attribute exploit attempt (browser-webkit.rules) * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:17240 <-> DISABLED <-> SERVER-MAIL Multiple IMAP server literal CREATE command buffer overflow attempt (server-mail.rules) * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules) * 1:17249 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSASS integer overflow attempt (os-windows.rules) * 1:17257 <-> DISABLED <-> FILE-FLASH Adobe Flash Player and Reader remote code execution attempt (file-flash.rules) * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules) * 1:17267 <-> DISABLED <-> FILE-OTHER Multiple vendor malformed ZIP archive Antivirus detection bypass attempt (file-other.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules) * 1:10064 <-> DISABLED <-> SERVER-OTHER Peercast URL Parameter overflow attempt (server-other.rules) * 1:10078 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10079 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10080 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10081 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10082 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10083 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10088 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by smtp (malware-other.rules) * 1:10089 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by ftp (malware-other.rules) * 1:10090 <-> DISABLED <-> PUA-ADWARE Trickler zango easymessenger outbound connection (pua-adware.rules) * 1:10091 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool spylply.a runtime detection (malware-tools.rules) * 1:10092 <-> DISABLED <-> MALWARE-OTHER Trackware russian searchbar runtime detection (malware-other.rules) * 1:10093 <-> DISABLED <-> PUA-TOOLBARS Hijacker kuaiso toolbar runtime detection (pua-toolbars.rules) * 1:10094 <-> DISABLED <-> PUA-ADWARE Adware borlan runtime detection (pua-adware.rules) * 1:10095 <-> DISABLED <-> MALWARE-OTHER Trackware bydou runtime detection (malware-other.rules) * 1:10096 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - keylog (malware-other.rules) * 1:10097 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules) * 1:10098 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - get system info (malware-other.rules) * 1:10099 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules) * 1:10100 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - open website (malware-other.rules) * 1:10101 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - delete file (malware-backdoor.rules) * 1:10102 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - chat with victim (malware-backdoor.rules) * 1:10103 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules) * 1:10104 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules) * 1:10105 <-> DISABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection - retrieve pc info (malware-backdoor.rules) * 1:10107 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pslist (malware-backdoor.rules) * 1:10108 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pskill (malware-backdoor.rules) * 1:10109 <-> DISABLED <-> MALWARE-BACKDOOR k-msnrat 1.0.0 runtime detection - init connection (malware-backdoor.rules) * 1:10110 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection (malware-backdoor.rules) * 1:10111 <-> DISABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection - init connection (malware-backdoor.rules) * 1:10112 <-> DISABLED <-> MALWARE-BACKDOOR rix3 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:10115 <-> DISABLED <-> FILE-IMAGE Microsoft Windows WMF denial of service attempt (file-image.rules) * 1:10123 <-> DISABLED <-> PROTOCOL-VOIP PA168 chipset based IP phone default password attempt (protocol-voip.rules) * 1:10124 <-> DISABLED <-> PROTOCOL-VOIP PA168 chipset based IP phone authentication bypass (protocol-voip.rules) * 1:10125 <-> DISABLED <-> SERVER-OTHER bomberclone buffer overflow attempt (server-other.rules) * 1:10131 <-> DISABLED <-> BROWSER-FIREFOX Mozilla compareTo arbitrary code execution attempt (browser-firefox.rules) * 1:10134 <-> DISABLED <-> SERVER-OTHER CA Brightstor discovery service buffer overflow attempt (server-other.rules) * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules) * 1:10164 <-> DISABLED <-> PUA-ADWARE Adware adclicker-ej runtime detection (pua-adware.rules) * 1:10165 <-> DISABLED <-> MALWARE-OTHER Keylogger mybr Keylogger runtime detection (malware-other.rules) * 1:10166 <-> DISABLED <-> MALWARE-OTHER Trackware baigoo runtime detection (malware-other.rules) * 1:10167 <-> DISABLED <-> MALWARE-OTHER Keylogger radar spy 1.0 runtime detection - send html log (malware-other.rules) * 1:10168 <-> DISABLED <-> MALWARE-BACKDOOR one runtime detection (malware-backdoor.rules) * 1:10169 <-> DISABLED <-> MALWARE-BACKDOOR matrix 1.03 by mtronic runtime detection - init connection (malware-backdoor.rules) * 1:10180 <-> DISABLED <-> PUA-TOOLBARS Adware eqiso runtime detection (pua-toolbars.rules) * 1:10181 <-> DISABLED <-> MALWARE-OTHER Keylogger systemsleuth runtime detection (malware-other.rules) * 1:10182 <-> DISABLED <-> PUA-ADWARE Adware newweb runtime detection (pua-adware.rules) * 1:10183 <-> DISABLED <-> MALWARE-OTHER Keylogger activity Keylogger runtime detection (malware-other.rules) * 1:10184 <-> DISABLED <-> MALWARE-BACKDOOR wow 23 runtime detection (malware-backdoor.rules) * 1:10185 <-> DISABLED <-> MALWARE-BACKDOOR x-door runtime detection (malware-backdoor.rules) * 1:10186 <-> DISABLED <-> SERVER-MAIL ClamAV mime parsing directory traversal (server-mail.rules) * 1:10196 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor feed.php code execution (malware-backdoor.rules) * 1:10197 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor theme.php code execution (malware-backdoor.rules) * 1:10285 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP svcctl ChangeServiceConfig2A attempt (netbios.rules) * 1:10408 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD tcp request (protocol-rpc.rules) * 1:10409 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD udp request (protocol-rpc.rules) * 1:10410 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD tcp request (protocol-rpc.rules) * 1:10411 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD udp request (protocol-rpc.rules) * 1:10418 <-> DISABLED <-> OS-SOLARIS Oracle Solaris lpd unlink file attempt (os-solaris.rules) * 1:10435 <-> DISABLED <-> MALWARE-OTHER Trackware admedia runtime detection (malware-other.rules) * 1:10436 <-> DISABLED <-> MALWARE-OTHER Keylogger keyspy runtime detection (malware-other.rules) * 1:10437 <-> DISABLED <-> PUA-ADWARE Hijacker bazookabar outbound connection (pua-adware.rules) * 1:10439 <-> DISABLED <-> PUA-ADWARE Adware mokead runtime detection (pua-adware.rules) * 1:10440 <-> DISABLED <-> MALWARE-OTHER Keylogger pc black box runtime detection (malware-other.rules) * 1:10441 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool statwin runtime detection (malware-tools.rules) * 1:10442 <-> DISABLED <-> MALWARE-BACKDOOR nirvana 2.0 runtime detection - explore c drive (malware-backdoor.rules) * 1:10443 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - sniff info (malware-backdoor.rules) * 1:10444 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - open ftp serice (malware-backdoor.rules) * 1:10445 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get password (malware-backdoor.rules) * 1:10446 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get server info (malware-backdoor.rules) * 1:10448 <-> DISABLED <-> MALWARE-BACKDOOR acessor 2.0 runtime detection - init connection (malware-backdoor.rules) * 1:10449 <-> DISABLED <-> MALWARE-BACKDOOR acid shivers runtime detection - init telnet connection (malware-backdoor.rules) * 1:10450 <-> ENABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules) * 1:10451 <-> DISABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules) * 1:10453 <-> DISABLED <-> MALWARE-BACKDOOR zalivator 1.4.2 pro runtime detection - smtp notification (malware-backdoor.rules) * 1:10454 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:10455 <-> ENABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules) * 1:10456 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules) * 1:10457 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - start keylogger (malware-backdoor.rules) * 1:10458 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 or illusion runtime detection - open file manager (malware-backdoor.rules) * 1:10459 <-> DISABLED <-> MALWARE-BACKDOOR wineggdrop shell pro runtime detection - init connection (malware-backdoor.rules) * 1:10460 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules) * 1:10461 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules) * 1:10462 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules) * 1:10463 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules) * 1:10464 <-> DISABLED <-> PROTOCOL-TELNET kerberos login environment variable authentication bypass attempt (protocol-telnet.rules) * 1:11001 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.delete_refresh_operations buffer overflow attempt (server-oracle.rules) * 1:11002 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.generate_refresh_operations buffer overflow attempt (server-oracle.rules) * 1:11003 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.generate_refresh_operations buffer overflow attempt (server-oracle.rules) * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules) * 1:11073 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss _RemoteGetClassObject attempt (os-windows.rules) * 1:11074 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss _RemoteGetClassObject attempt (os-windows.rules) * 1:11175 <-> DISABLED <-> SERVER-ORACLE dbms_cdc_ipublish.chgtab_cache buffer overflow attempt (server-oracle.rules) * 1:11191 <-> DISABLED <-> SERVER-IIS Microsoft Content Management Server memory corruption (server-iis.rules) * 1:11203 <-> DISABLED <-> SERVER-ORACLE sys.dbms_apply_user_agent.set_registration_handler access attempt (server-oracle.rules) * 1:11205 <-> DISABLED <-> SERVER-ORACLE sys.dbms_upgrade_internal access attempt (server-oracle.rules) * 1:11263 <-> DISABLED <-> SERVER-APACHE Apache mod_ssl non-SSL connection to SSL port denial of service attempt (server-apache.rules) * 1:11264 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server 2000 Server hello buffer overflow attempt (server-mssql.rules) * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules) * 1:11266 <-> DISABLED <-> SERVER-OTHER Kerio Personal Firewall authentication buffer overflow attempt (server-other.rules) * 1:11272 <-> DISABLED <-> SERVER-APACHE Apache newline exploit attempt (server-apache.rules) * 1:11273 <-> DISABLED <-> SERVER-APACHE Apache header parsing space saturation denial of service attempt (server-apache.rules) * 1:11305 <-> DISABLED <-> PUA-ADWARE Snoopware childwebguardian outbound connection - send log through smtp (pua-adware.rules) * 1:11306 <-> DISABLED <-> PUA-ADWARE Snoopware childwebguardian outbound connection - udp broadcast (pua-adware.rules) * 1:11307 <-> DISABLED <-> MALWARE-OTHER Keylogger computer monitor Keylogger runtime detection (malware-other.rules) * 1:11309 <-> DISABLED <-> MALWARE-OTHER Keylogger sskc v2.0 runtime detection (malware-other.rules) * 1:11310 <-> DISABLED <-> PUA-ADWARE Trickler iowa webdownloader - icq notification (pua-adware.rules) * 1:11311 <-> DISABLED <-> MALWARE-OTHER Keylogger pcsentinelsoftware Keylogger runtime detection - upload infor (malware-other.rules) * 1:11312 <-> DISABLED <-> MALWARE-OTHER Trackware uplink runtime detection (malware-other.rules) * 1:11314 <-> DISABLED <-> MALWARE-BACKDOOR shadownet remote spy 2.0 runtime detection (malware-backdoor.rules) * 1:11316 <-> DISABLED <-> MALWARE-BACKDOOR lurker 1.1 runtime detection - init connection (malware-backdoor.rules) * 1:11317 <-> DISABLED <-> MALWARE-BACKDOOR abremote pro 3.1 runtime detection - init connection (malware-backdoor.rules) * 1:11318 <-> DISABLED <-> MALWARE-BACKDOOR boer runtime detection - init connection (malware-backdoor.rules) * 1:11319 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - init connection request (malware-backdoor.rules) * 1:11320 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - reverse mode init connection request (malware-backdoor.rules) * 1:11321 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - udp broadcast (malware-backdoor.rules) * 1:11322 <-> ENABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules) * 1:11323 <-> DISABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules) * 1:11681 <-> DISABLED <-> SERVER-OTHER Openview Omni II command bypass attempt (server-other.rules) * 1:11682 <-> DISABLED <-> SERVER-OTHER niprint_lpd module attack attempt (server-other.rules) * 1:11684 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS overflow attempt (os-windows.rules) * 1:11816 <-> DISABLED <-> NETBIOS Session Service NetDDE attack (netbios.rules) * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:11843 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP spoolss AddPrinter overflow attempt (os-windows.rules) * 1:11945 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11946 <-> DISABLED <-> NETBIOS Datagram Service NetDDE attack (netbios.rules) * 1:11948 <-> DISABLED <-> PUA-TOOLBARS Hijacker snap toolbar runtime detection - cookie (pua-toolbars.rules) * 1:11949 <-> DISABLED <-> MALWARE-BACKDOOR lame rat v1.0 runtime detection (malware-backdoor.rules) * 1:11951 <-> DISABLED <-> MALWARE-BACKDOOR winshadow runtime detection - init connection request (malware-backdoor.rules) * 1:11952 <-> DISABLED <-> MALWARE-BACKDOOR winshadow runtime detection - udp response (malware-backdoor.rules) * 1:11953 <-> ENABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules) * 1:11954 <-> DISABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules) * 1:11955 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11956 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:11959 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11960 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:11961 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11962 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:11968 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules) * 1:11969 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules) * 1:11972 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules) * 1:11973 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules) * 1:11975 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules) * 1:11976 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules) * 1:11977 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules) * 1:11979 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules) * 1:11980 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules) * 1:11981 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules) * 1:11982 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules) * 1:11983 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules) * 1:11984 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules) * 1:11985 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules) * 1:11986 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules) * 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:11988 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:11989 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:11990 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules) * 1:11991 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules) * 1:11992 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules) * 1:11993 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules) * 1:11994 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules) * 1:11995 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules) * 1:11996 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules) * 1:11997 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules) * 1:11998 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules) * 1:11999 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules) * 1:12000 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules) * 1:12001 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules) * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:12005 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules) * 1:12006 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules) * 1:12007 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules) * 1:12009 <-> DISABLED <-> SQL Firebird SQL Fbserver buffer overflow attempt (sql.rules) * 1:12031 <-> DISABLED <-> CONTENT-REPLACE MSN deny in-bound file transfer attempts (content-replace.rules) * 1:12032 <-> DISABLED <-> CONTENT-REPLACE MSN deny out-bound file transfer attempts (content-replace.rules) * 1:12033 <-> DISABLED <-> CONTENT-REPLACE Jabber deny in-bound file transfer attempts (content-replace.rules) * 1:12034 <-> DISABLED <-> CONTENT-REPLACE Jabber deny out-bound file transfer attempts (content-replace.rules) * 1:12035 <-> DISABLED <-> CONTENT-REPLACE IRC deny in-bound file transfer attempts (content-replace.rules) * 1:12036 <-> DISABLED <-> CONTENT-REPLACE IRC deny out-bound file transfer attempts (content-replace.rules) * 1:12037 <-> DISABLED <-> CONTENT-REPLACE AIM deny in-bound file transfer attempts (content-replace.rules) * 1:12038 <-> DISABLED <-> CONTENT-REPLACE AIM deny out-bound file transfer attempts (content-replace.rules) * 1:12039 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny in-bound file transfer attempts (content-replace.rules) * 1:12040 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny out-bound file transfer attempts (content-replace.rules) * 1:12041 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny in-bound file transfer attempts (content-replace.rules) * 1:12042 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny out-bound file transfer attempts (content-replace.rules) * 1:12043 <-> DISABLED <-> SERVER-IIS Microsoft XML parser IIS WebDAV attack attempt (server-iis.rules) * 1:12044 <-> DISABLED <-> SERVER-ORACLE Oracle Web Cache denial of service attempt (server-oracle.rules) * 1:12045 <-> DISABLED <-> SERVER-ORACLE Oracle Web Cache denial of service attempt (server-oracle.rules) * 1:12047 <-> DISABLED <-> PUA-ADWARE Adware yayad runtime detection (pua-adware.rules) * 1:12048 <-> DISABLED <-> MALWARE-OTHER Keylogger computer Keylogger runtime detection (malware-other.rules) * 1:12049 <-> DISABLED <-> MALWARE-OTHER Keylogger apophis spy 1.0 runtime detection (malware-other.rules) * 1:12050 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-greets toolbar runtime detection (pua-toolbars.rules) * 1:12051 <-> DISABLED <-> MALWARE-BACKDOOR ultimate rat 2.1 runtime detection (malware-backdoor.rules) * 1:12052 <-> DISABLED <-> MALWARE-BACKDOOR the[x] 1.2 runtime detection - execute command (malware-backdoor.rules) * 1:12053 <-> DISABLED <-> MALWARE-BACKDOOR trail of destruction 2.0 runtime detection - get system info (malware-backdoor.rules) * 1:12054 <-> ENABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection - flowbit set (malware-backdoor.rules) * 1:12055 <-> DISABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection (malware-backdoor.rules) * 1:12058 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SPNEGO ASN.1 library heap corruption overflow attempt (os-windows.rules) * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:12073 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules) * 1:12074 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules) * 1:12080 <-> DISABLED <-> OS-SOLARIS Oracle Solaris printd arbitrary file deletion vulnerability (os-solaris.rules) * 1:12082 <-> DISABLED <-> SERVER-ORACLE Oracle 9i TNS denial of service attempt (server-oracle.rules) * 1:12112 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules) * 1:12113 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules) * 1:12120 <-> DISABLED <-> PUA-ADWARE Adware pprich runtime detection - version check (pua-adware.rules) * 1:12121 <-> DISABLED <-> PUA-ADWARE Adware pprich runtime detection - udp info sent out (pua-adware.rules) * 1:12122 <-> DISABLED <-> PUA-TOOLBARS Trackware spynova runtime detection (pua-toolbars.rules) * 1:12123 <-> DISABLED <-> PUA-ADWARE Hijacker lookquick outbound connection - hijack ie (pua-adware.rules) * 1:12124 <-> DISABLED <-> PUA-ADWARE Hijacker lookquick outbound connection - monitor and collect user info (pua-adware.rules) * 1:12125 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - hijack ie search assistant (pua-toolbars.rules) * 1:12126 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - collect user information (pua-toolbars.rules) * 1:12127 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - ads (pua-toolbars.rules) * 1:12128 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - init connection (malware-other.rules) * 1:12129 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules) * 1:12130 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules) * 1:12131 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules) * 1:12132 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules) * 1:12133 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules) * 1:12134 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules) * 1:12135 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules) * 1:12136 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules) * 1:12137 <-> DISABLED <-> MALWARE-OTHER Keylogger Keylogger king home 2.3 runtime detection (malware-other.rules) * 1:12138 <-> DISABLED <-> PUA-ADWARE Adware zamingo runtime detection (pua-adware.rules) * 1:12139 <-> DISABLED <-> MALWARE-OTHER Trackware stealth website logger 3.4 runtime detection (malware-other.rules) * 1:12140 <-> DISABLED <-> PUA-ADWARE Hijacker cnnic update outbound connection (pua-adware.rules) * 1:12141 <-> DISABLED <-> MALWARE-OTHER Keylogger logit v1.0 runtime detection (malware-other.rules) * 1:12142 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules) * 1:12143 <-> DISABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules) * 1:12144 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules) * 1:12145 <-> DISABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules) * 1:12146 <-> ENABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules) * 1:12147 <-> DISABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules) * 1:12148 <-> ENABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules) * 1:12149 <-> DISABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules) * 1:12150 <-> ENABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:12151 <-> DISABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection (malware-backdoor.rules) * 1:12152 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - init connection (malware-backdoor.rules) * 1:12153 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12154 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12155 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12156 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12157 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12158 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12159 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - keylogging (malware-backdoor.rules) * 1:12160 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12161 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12162 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12163 <-> ENABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules) * 1:12164 <-> DISABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules) * 1:12167 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules) * 1:12170 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules) * 1:12171 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules) * 1:12172 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules) * 1:12173 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules) * 1:12174 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:12175 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:12176 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:12177 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:12178 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:12179 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:12180 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules) * 1:12181 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules) * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:12209 <-> ENABLED <-> PUA-P2P P2PTv TVAnt udp traffic detected (pua-p2p.rules) * 1:12210 <-> ENABLED <-> PUA-P2P P2PTv TVAnts TCP tracker connect traffic detected (pua-p2p.rules) * 1:12211 <-> ENABLED <-> PUA-P2P P2PTv TVAnts TCP connection traffic detected (pua-p2p.rules) * 1:12220 <-> DISABLED <-> SERVER-OTHER IBM Informix Dynamic Server long username buffer overflow attempt (server-other.rules) * 1:12224 <-> DISABLED <-> PUA-ADWARE Adware enbrowser snackman runtime detection (pua-adware.rules) * 1:12225 <-> DISABLED <-> PUA-TOOLBARS Adware zango2007 toolbar runtime detection (pua-toolbars.rules) * 1:12226 <-> DISABLED <-> MALWARE-OTHER Keylogger overspy runtime detection (malware-other.rules) * 1:12227 <-> DISABLED <-> PUA-TOOLBARS Trackware snap ultrasearch/desktop toolbar runtime detection - search (pua-toolbars.rules) * 1:12228 <-> DISABLED <-> PUA-TOOLBARS Trackware snap ultrasearch/desktop toolbar runtime detection - cookie (pua-toolbars.rules) * 1:12229 <-> DISABLED <-> PUA-ADWARE Adware vroomsearch runtime detection (pua-adware.rules) * 1:12230 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool hippynotify 2.0 runtime detection (malware-tools.rules) * 1:12231 <-> DISABLED <-> PUA-ADWARE Adware vroomsearch runtime detection (pua-adware.rules) * 1:12232 <-> DISABLED <-> PUA-ADWARE Adware errorsafe runtime detection (pua-adware.rules) * 1:12233 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules) * 1:12234 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules) * 1:12235 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules) * 1:12236 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules) * 1:12237 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules) * 1:12238 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules) * 1:12239 <-> DISABLED <-> MALWARE-BACKDOOR webcenter v1.0 Backdoor - init connection (malware-backdoor.rules) * 1:12240 <-> ENABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules) * 1:12241 <-> DISABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules) * 1:12242 <-> ENABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules) * 1:12243 <-> DISABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules) * 1:12244 <-> DISABLED <-> MALWARE-BACKDOOR itadem trojan 3.0 runtime detection (malware-backdoor.rules) * 1:12245 <-> DISABLED <-> MALWARE-BACKDOOR furax 1.0 b3 runtime detection (malware-backdoor.rules) * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:12287 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - ebrss request (pua-toolbars.rules) * 1:12288 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - hijack ie searches (pua-toolbars.rules) * 1:12289 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - get updates (pua-toolbars.rules) * 1:12290 <-> DISABLED <-> PUA-ADWARE Hijacker newdotnet quick! search outbound connection (pua-adware.rules) * 1:12291 <-> DISABLED <-> PUA-TOOLBARS Trackware vmn toolbar runtime detection (pua-toolbars.rules) * 1:12292 <-> DISABLED <-> PUA-TOOLBARS Hijacker morpheus toolbar runtime detection - hijack/search (pua-toolbars.rules) * 1:12293 <-> DISABLED <-> PUA-TOOLBARS Hijacker morpheus toolbar runtime detection - get cfg info (pua-toolbars.rules) * 1:12294 <-> DISABLED <-> PUA-TOOLBARS Hijacker 3search runtime detection - counter (pua-toolbars.rules) * 1:12295 <-> DISABLED <-> PUA-ADWARE Hijacker 3search outbound connection - hijacking (pua-adware.rules) * 1:12296 <-> DISABLED <-> PUA-TOOLBARS Hijacker 3search runtime detection - update (pua-toolbars.rules) * 1:12297 <-> ENABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules) * 1:12298 <-> DISABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules) * 1:12299 <-> DISABLED <-> OS-OTHER Cisco NHRP incorrect packet size (os-other.rules) * 1:12300 <-> DISABLED <-> OS-OTHER Cisco NHRP incorrect packet size (os-other.rules) * 1:12303 <-> DISABLED <-> POLICY-SOCIAL Google Chat web client connection (policy-social.rules) * 1:12304 <-> DISABLED <-> POLICY-SOCIAL AOL Instant Messenger web client connection (policy-social.rules) * 1:12305 <-> DISABLED <-> POLICY-SOCIAL Yahoo Messenger web client connection (policy-social.rules) * 1:12306 <-> DISABLED <-> POLICY-SOCIAL Microsoft Messenger web client connection (policy-social.rules) * 1:12357 <-> DISABLED <-> SERVER-OTHER Apple mDNSresponder excessive HTTP headers (server-other.rules) * 1:12359 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk data length field overflow attempt (protocol-voip.rules) * 1:12361 <-> DISABLED <-> PUA-ADWARE Infostealer.Monstres outbound connection (pua-adware.rules) * 1:12363 <-> DISABLED <-> PUA-ADWARE Other-Technologies malware-stopper outbound connection (pua-adware.rules) * 1:12364 <-> DISABLED <-> PUA-TOOLBARS Hijacker proventactics 3.5 runtime detection - get cfg information (pua-toolbars.rules) * 1:12365 <-> DISABLED <-> PUA-ADWARE Hijacker proventactics 3.5 outbound connection - redirect searches (pua-adware.rules) * 1:12366 <-> DISABLED <-> PUA-TOOLBARS Hijacker proventactics 3.5 runtime detection - toolbar search function (pua-toolbars.rules) * 1:12367 <-> DISABLED <-> PUA-ADWARE Hijacker imesh mediabar outbound connection - hijack ie searches (pua-adware.rules) * 1:12368 <-> DISABLED <-> PUA-ADWARE Hijacker imesh mediabar outbound connection - hijack ie side search (pua-adware.rules) * 1:12369 <-> DISABLED <-> PUA-ADWARE Hijacker imesh mediabar outbound connection - collect user information (pua-adware.rules) * 1:12370 <-> DISABLED <-> PUA-TOOLBARS Hijacker imesh mediabar runtime detection - auto update (pua-toolbars.rules) * 1:12372 <-> DISABLED <-> MALWARE-OTHER Keylogger mg-shadow 2.0 runtime detection (malware-other.rules) * 1:12373 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules) * 1:12374 <-> DISABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules) * 1:12375 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules) * 1:12376 <-> DISABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules) * 1:12377 <-> ENABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules) * 1:12378 <-> DISABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules) * 1:12379 <-> DISABLED <-> MALWARE-OTHER Keylogger PaqKeylogger 5.1 runtime detection - ftp (malware-other.rules) * 1:12390 <-> DISABLED <-> POLICY-SOCIAL Yahoo Webmail client chat applet (policy-social.rules) * 1:12391 <-> DISABLED <-> POLICY-SOCIAL Google Webmail client chat applet (policy-social.rules) * 1:12421 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long transport header (server-other.rules) * 1:12422 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long describe request exploit attempt (server-other.rules) * 1:12425 <-> DISABLED <-> PUA-P2P Ruckus P2P client activity (pua-p2p.rules) * 1:12426 <-> DISABLED <-> PUA-P2P Ruckus P2P broadcast domain probe (pua-p2p.rules) * 1:12427 <-> DISABLED <-> PUA-P2P Ruckus P2P encrypted authentication connection (pua-p2p.rules) * 1:12436 <-> DISABLED <-> POLICY-MULTIMEDIA Youtube video player file request (policy-multimedia.rules) * 1:12437 <-> DISABLED <-> POLICY-MULTIMEDIA Google video player request (policy-multimedia.rules) * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:12455 <-> ENABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules) * 1:12457 <-> DISABLED <-> POLICY-SOCIAL Microsoft Live chat video feed initiation (policy-social.rules) * 1:12458 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt (protocol-rpc.rules) * 1:12464 <-> DISABLED <-> PROTOCOL-NNTP cancel overflow attempt (protocol-nntp.rules) * 1:12465 <-> DISABLED <-> SERVER-APACHE Apache APR memory corruption attempt (server-apache.rules) * 1:12480 <-> ENABLED <-> MALWARE-OTHER Keylogger inside website logger 2.4 runtime detection (malware-other.rules) * 1:12481 <-> DISABLED <-> PUA-TOOLBARS Hijacker 411web toolbar runtime detection (pua-toolbars.rules) * 1:12483 <-> DISABLED <-> PUA-ADWARE Other-Technologies virusprotectpro 3.7 outbound connection (pua-adware.rules) * 1:12484 <-> DISABLED <-> PUA-ADWARE Adware instant buzz runtime detection - ads for members (pua-adware.rules) * 1:12485 <-> DISABLED <-> PUA-ADWARE Adware instant buzz runtime detection - random text ads (pua-adware.rules) * 1:12486 <-> DISABLED <-> PUA-TOOLBARS Hijacker soso toolbar runtime detection - get weather information (pua-toolbars.rules) * 1:12487 <-> DISABLED <-> PUA-TOOLBARS Hijacker soso toolbar runtime detection - hijack ie auto searches / soso toolbar searches requests (pua-toolbars.rules) * 1:12593 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Apple Quicktime chrome exploit (browser-firefox.rules) * 1:12594 <-> DISABLED <-> SERVER-OTHER Oracle TNS Service_CurLoad command (server-other.rules) * 1:12597 <-> DISABLED <-> SERVER-OTHER utf8 filename transfer attempt (server-other.rules) * 1:12608 <-> DISABLED <-> PROTOCOL-RPC portmap walld udp request (protocol-rpc.rules) * 1:12609 <-> DISABLED <-> PROTOCOL-RPC portmap walld udp format string attack attempt (protocol-rpc.rules) * 1:12611 <-> DISABLED <-> POLICY-SOCIAL ebuddy.com login attempt (policy-social.rules) * 1:12619 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange ical/vcal malformed property (server-mail.rules) * 1:12620 <-> DISABLED <-> PUA-ADWARE Adware drive cleaner 1.0.111 runtime detection (pua-adware.rules) * 1:12621 <-> DISABLED <-> PUA-TOOLBARS Trackware extra toolbar 1.0 runtime detection (pua-toolbars.rules) * 1:12622 <-> DISABLED <-> PUA-TOOLBARS Trackware extra toolbar 1.0 runtime detection - file download (pua-toolbars.rules) * 1:12623 <-> DISABLED <-> PUA-ADWARE Hijacker onestepsearch 1.0.118 outbound connection (pua-adware.rules) * 1:12624 <-> DISABLED <-> PUA-ADWARE Hijacker onestepsearch 1.0.118 outbound connection - upgrade (pua-adware.rules) * 1:12625 <-> DISABLED <-> MALWARE-OTHER Keylogger windows family safety 2.0 runtime detection (malware-other.rules) * 1:12626 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmap sadmin port query request attempt (protocol-rpc.rules) * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules) * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules) * 1:12652 <-> DISABLED <-> PUA-ADWARE Hijacker new.net domain 7.2.2 outbound connection - hijack browser (pua-adware.rules) * 1:12653 <-> DISABLED <-> PUA-ADWARE Hijacker new.net domain 7.2.2 outbound connection - download code (pua-adware.rules) * 1:12654 <-> DISABLED <-> PUA-ADWARE Hijacker rabio 4.2 outbound connection - hijack browser (pua-adware.rules) * 1:12655 <-> DISABLED <-> PUA-ADWARE Hijacker rabio 4.2 outbound connection - download updates (pua-adware.rules) * 1:12656 <-> DISABLED <-> PUA-ADWARE Adware icoo loader 2.5 runtime detection 1 (pua-adware.rules) * 1:12657 <-> DISABLED <-> PUA-ADWARE Adware icoo loader 2.5 runtime detection 2 (pua-adware.rules) * 1:12658 <-> DISABLED <-> PUA-ADWARE Adware winantivirus pro 2007 runtime detection (pua-adware.rules) * 1:12659 <-> DISABLED <-> PUA-ADWARE Trickler zlob media codec outbound connection - automatic updates (pua-adware.rules) * 1:12660 <-> DISABLED <-> PUA-ADWARE Trickler zlob media codec outbound connection - download redirect domains (pua-adware.rules) * 1:12672 <-> DISABLED <-> PUA-TOOLBARS Trackware searchmiracle elitebar runtime detection - get ads (pua-toolbars.rules) * 1:12675 <-> DISABLED <-> MALWARE-BACKDOOR Versi TheTheef Detection (malware-backdoor.rules) * 1:12676 <-> DISABLED <-> PUA-ADWARE Conspy Update Checking Detected (pua-adware.rules) * 1:12677 <-> DISABLED <-> PUA-ADWARE Adware ISTBar runtime detection - softwares (pua-adware.rules) * 1:12678 <-> DISABLED <-> PUA-ADWARE SpyTech Realtime Spy Detection (pua-adware.rules) * 1:12679 <-> DISABLED <-> PUA-TOOLBARS Trackware myway speedbar / mywebsearch toolbar user-agent detection (pua-toolbars.rules) * 1:12680 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules) * 1:12681 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules) * 1:12682 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules) * 1:12683 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules) * 1:12684 <-> DISABLED <-> MALWARE-BACKDOOR Sygate Remote Administration Engine (malware-backdoor.rules) * 1:12686 <-> DISABLED <-> POLICY-SOCIAL AIM Express usage (policy-social.rules) * 1:12691 <-> DISABLED <-> PUA-P2P Outbound Joltid PeerEnabler traffic detected (pua-p2p.rules) * 1:12693 <-> DISABLED <-> PUA-ADWARE Hijacker personalweb outbound connection (pua-adware.rules) * 1:12694 <-> DISABLED <-> PUA-ADWARE Adware avsystemcare runtime detection (pua-adware.rules) * 1:12695 <-> DISABLED <-> PUA-ADWARE Adware coopen 3.6.1 runtime detection - initial connection (pua-adware.rules) * 1:12696 <-> DISABLED <-> PUA-ADWARE Adware coopen 3.6.1 runtime detection - automatic upgrade (pua-adware.rules) * 1:12697 <-> DISABLED <-> MALWARE-OTHER Trackware browser accelerator runtime detection - pass user information to server (malware-other.rules) * 1:12698 <-> DISABLED <-> MALWARE-OTHER Keylogger net vizo 5.2 runtime detection (malware-other.rules) * 1:12699 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules) * 1:12700 <-> DISABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules) * 1:12704 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer MIFFILE comment overflow (server-mail.rules) * 1:12705 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer statement overflow (server-mail.rules) * 1:12710 <-> DISABLED <-> SERVER-OTHER ASN.1 constructed bit string (server-other.rules) * 1:12711 <-> DISABLED <-> SERVER-APACHE Apache Tomcat WebDAV system tag remote file disclosure attempt (server-apache.rules) * 1:12712 <-> DISABLED <-> PROTOCOL-SNMP oversized sysName set request (protocol-snmp.rules) * 1:12718 <-> DISABLED <-> PUA-ADWARE Hijacker side find 1.0 outbound connection - initial connection (pua-adware.rules) * 1:12719 <-> DISABLED <-> PUA-ADWARE Hijacker side find 1.0 outbound connection - hijacks search engine (pua-adware.rules) * 1:12720 <-> DISABLED <-> PUA-ADWARE Adware pestbot runtime detection - update (pua-adware.rules) * 1:12721 <-> DISABLED <-> PUA-ADWARE Adware pestbot runtime detection - purchase (pua-adware.rules) * 1:12722 <-> DISABLED <-> PUA-ADWARE Hijacker sexyvideoscreensaver outbound connection (pua-adware.rules) * 1:12724 <-> ENABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules) * 1:12725 <-> DISABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules) * 1:12726 <-> ENABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules) * 1:12727 <-> DISABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules) * 1:12758 <-> ENABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules) * 1:12759 <-> DISABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules) * 1:12760 <-> ENABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules) * 1:12761 <-> DISABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules) * 1:12789 <-> DISABLED <-> PUA-ADWARE Adware sunshine spy 1.0 runtime detection - check update (pua-adware.rules) * 1:12790 <-> DISABLED <-> MALWARE-OTHER Trackware partypoker runtime detection (malware-other.rules) * 1:12791 <-> DISABLED <-> PUA-TOOLBARS Adware gophoria toolbar runtime detection (pua-toolbars.rules) * 1:12792 <-> ENABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules) * 1:12793 <-> DISABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules) * 1:12794 <-> DISABLED <-> PUA-ADWARE Hijacker gralicwrap outbound connection - search frauddb process (pua-adware.rules) * 1:12795 <-> DISABLED <-> PUA-ADWARE Hijacker gralicwrap outbound connection - display frauddb information (pua-adware.rules) * 1:12796 <-> DISABLED <-> PUA-TOOLBARS Trackware happytofind toolbar runtime detection (pua-toolbars.rules) * 1:12797 <-> DISABLED <-> PUA-ADWARE Adware x-con spyware destroyer eh 3.2.8 runtime detection (pua-adware.rules) * 1:12801 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules) * 1:12808 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss OpenPrinter overflow attempt (netbios.rules) * 1:12946 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS SMBv2 protocol negotiation attempt (os-windows.rules) * 1:12947 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB SMBv2 protocol negotiation attempt (os-windows.rules) * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules) * 1:13236 <-> ENABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules) * 1:13237 <-> DISABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules) * 1:13238 <-> DISABLED <-> PUA-ADWARE Adware adult p2p 1.5 runtime detection (pua-adware.rules) * 1:13239 <-> DISABLED <-> PUA-TOOLBARS Hijacker blue wave adult links toolbar runtime detection (pua-toolbars.rules) * 1:13240 <-> DISABLED <-> PUA-ADWARE Adware live protection 2.1 runtime detection - redirects to purchase page (pua-adware.rules) * 1:13241 <-> DISABLED <-> PUA-ADWARE Adware live protection 2.1 runtime detection - application updates (pua-adware.rules) * 1:13242 <-> DISABLED <-> PUA-ADWARE Adware netpumper 1.26 runtime detection (pua-adware.rules) * 1:13243 <-> ENABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules) * 1:13244 <-> DISABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules) * 1:13246 <-> DISABLED <-> MALWARE-BACKDOOR troya 1.4 inbound connection (malware-backdoor.rules) * 1:13247 <-> ENABLED <-> MALWARE-BACKDOOR yuri 1.2 runtime detection - init connection (malware-backdoor.rules) * 1:13277 <-> DISABLED <-> PUA-ADWARE Adware netword agent runtime detection (pua-adware.rules) * 1:13278 <-> ENABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules) * 1:13279 <-> DISABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules) * 1:13280 <-> ENABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules) * 1:13281 <-> DISABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules) * 1:13282 <-> DISABLED <-> PUA-TOOLBARS Adware jily ie toolbar runtime detection (pua-toolbars.rules) * 1:13283 <-> DISABLED <-> PUA-ADWARE Hijacker dreambar outbound connection (pua-adware.rules) * 1:13284 <-> DISABLED <-> PUA-ADWARE Adware netguarder web cleaner runtime detection (pua-adware.rules) * 1:13285 <-> DISABLED <-> PUA-ADWARE Hijacker phazebar outbound connection (pua-adware.rules) * 1:13286 <-> DISABLED <-> PUA-ADWARE Adware 3wplayer 1.7 runtime detection (pua-adware.rules) * 1:13339 <-> DISABLED <-> PUA-TOOLBARS Hijacker direct toolbar runtime detection (pua-toolbars.rules) * 1:13340 <-> DISABLED <-> PUA-ADWARE Hijacker search4top outbound connection - hijack ie searches and error pages (pua-adware.rules) * 1:13341 <-> DISABLED <-> PUA-ADWARE Hijacker search4top outbound connection - popup ads (pua-adware.rules) * 1:13342 <-> DISABLED <-> PUA-TOOLBARS Hijacker ditto toolbar runtime detection (pua-toolbars.rules) * 1:13343 <-> DISABLED <-> PUA-ADWARE Adware 2005-search loader runtime detection (pua-adware.rules) * 1:13344 <-> DISABLED <-> PUA-ADWARE Adware yourprivacyguard runtime detection - presale request (pua-adware.rules) * 1:13345 <-> DISABLED <-> PUA-ADWARE Adware yourprivacyguard runtime detection - update (pua-adware.rules) * 1:13346 <-> ENABLED <-> PUA-ADWARE Snoopware remote desktop inspector outbound connection - init connection (pua-adware.rules) * 1:13347 <-> DISABLED <-> PUA-ADWARE Snoopware remote desktop inspector runtime detection - init connection (pua-adware.rules) * 1:13357 <-> DISABLED <-> SERVER-MYSQL failed Oracle Mysql login attempt (server-mysql.rules) * 1:13358 <-> DISABLED <-> SERVER-MYSQL Oracle Mysql login attempt from unauthorized location (server-mysql.rules) * 1:13359 <-> DISABLED <-> APP-DETECT failed IMAP login attempt - invalid username/password (app-detect.rules) * 1:13360 <-> DISABLED <-> APP-DETECT failed FTP login attempt (app-detect.rules) * 1:13367 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss GetPrinterData attempt (netbios.rules) * 1:13415 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules) * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules) * 1:13471 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher invalid pathname overwrite attempt (file-office.rules) * 1:13477 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.collectEmailInfo exploit attempt - compressed (file-pdf.rules) * 1:13478 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.collectEmailInfo exploit attempt (file-pdf.rules) * 1:13479 <-> ENABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules) * 1:13480 <-> DISABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules) * 1:13481 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - hijacks search engine (pua-toolbars.rules) * 1:13482 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - discloses information (pua-toolbars.rules) * 1:13483 <-> ENABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules) * 1:13484 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules) * 1:13485 <-> DISABLED <-> PUA-TOOLBARS Hijacker sofa toolbar runtime detection - hijacks search engine (pua-toolbars.rules) * 1:13486 <-> DISABLED <-> PUA-TOOLBARS Hijacker sofa toolbar runtime detection - records search information (pua-toolbars.rules) * 1:13487 <-> DISABLED <-> PUA-ADWARE Adware elite protector runtime detection (pua-adware.rules) * 1:13488 <-> DISABLED <-> PUA-TOOLBARS Hijacker people pal toolbar runtime detection - automatic upgrade (pua-toolbars.rules) * 1:13489 <-> DISABLED <-> PUA-TOOLBARS Hijacker people pal toolbar runtime detection - traffic for searching (pua-toolbars.rules) * 1:13490 <-> DISABLED <-> PUA-ADWARE Adware spy shredder 2.1 runtime detection - presale request (pua-adware.rules) * 1:13491 <-> DISABLED <-> PUA-ADWARE Adware spy shredder 2.1 runtime detection - update (pua-adware.rules) * 1:13492 <-> DISABLED <-> PUA-TOOLBARS Hijacker deepdo toolbar runtime detection - redirects search engine (pua-toolbars.rules) * 1:13493 <-> DISABLED <-> PUA-TOOLBARS Hijacker deepdo toolbar runtime detection - automatic update (pua-toolbars.rules) * 1:13494 <-> DISABLED <-> MALWARE-OTHER Keylogger smart pc Keylogger runtime detection (malware-other.rules) * 1:13495 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - initial traffic 1 (pua-toolbars.rules) * 1:13496 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - initial traffic 2 (pua-toolbars.rules) * 1:13497 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - tracking traffic (pua-toolbars.rules) * 1:13498 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - search traffic 1 (pua-adware.rules) * 1:13499 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - search traffic 2 (pua-adware.rules) * 1:13500 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - log information (pua-adware.rules) * 1:13501 <-> DISABLED <-> PUA-ADWARE Adware contravirus runtime detection - presale request (pua-adware.rules) * 1:13502 <-> DISABLED <-> PUA-ADWARE Adware contravirus runtime detection - update (pua-adware.rules) * 1:13503 <-> DISABLED <-> PUA-TOOLBARS Hijacker dealio toolbar runtime detection user-agent detected (pua-toolbars.rules) * 1:13504 <-> DISABLED <-> PUA-ADWARE Adware iedefender runtime detection - presale request (pua-adware.rules) * 1:13505 <-> DISABLED <-> PUA-ADWARE Adware iedefender runtime detection - update (pua-adware.rules) * 1:13506 <-> ENABLED <-> MALWARE-BACKDOOR evilotus 1.3.2 runtime detection - init connection (malware-backdoor.rules) * 1:13515 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules) * 1:13556 <-> DISABLED <-> PUA-ADWARE Hijacker kword interkey outbound connection - search traffic 1 (pua-adware.rules) * 1:13557 <-> DISABLED <-> PUA-ADWARE Hijacker kword interkey outbound connection - search traffic 2 (pua-adware.rules) * 1:13558 <-> DISABLED <-> PUA-ADWARE Hijacker kword interkey outbound connection - log user info (pua-adware.rules) * 1:13559 <-> DISABLED <-> PUA-TOOLBARS Hijacker kompass toolbar runtime detection - initial connection (pua-toolbars.rules) * 1:13560 <-> DISABLED <-> PUA-TOOLBARS Hijacker kompass toolbar runtime detection - search traffic (pua-toolbars.rules) * 1:13561 <-> DISABLED <-> PUA-ADWARE Adware malware alarm runtime detection - presale request (pua-adware.rules) * 1:13562 <-> DISABLED <-> PUA-ADWARE Adware malware alarm runtime detection - update request (pua-adware.rules) * 1:13563 <-> DISABLED <-> PUA-ADWARE Adware system doctor runtime detection - presale request (pua-adware.rules) * 1:13564 <-> DISABLED <-> PUA-ADWARE Adware system doctor runtime detection - update status (pua-adware.rules) * 1:13565 <-> DISABLED <-> PUA-ADWARE Trickler iecodec outbound connection - initial traffic (pua-adware.rules) * 1:13566 <-> DISABLED <-> PUA-ADWARE Trickler iecodec outbound connection - message dialog (pua-adware.rules) * 1:13567 <-> DISABLED <-> MALWARE-OTHER Keylogger msn spy monitor runtime detection (malware-other.rules) * 1:13568 <-> DISABLED <-> MALWARE-OTHER Keylogger sys keylog 1.3 advanced runtime detection (malware-other.rules) * 1:13586 <-> DISABLED <-> APP-DETECT SSH server detected on non-standard port (app-detect.rules) * 1:13589 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via header request misplaced - after terminating newline (protocol-voip.rules) * 1:13590 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules) * 1:13594 <-> DISABLED <-> OS-WINDOWS Microsoft Windows print spooler little endian DoS attempt (os-windows.rules) * 1:13613 <-> DISABLED <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt (os-solaris.rules) * 1:13614 <-> DISABLED <-> SERVER-OTHER CVS Argument overflow attempt (server-other.rules) * 1:13615 <-> DISABLED <-> SERVER-OTHER CVS Argument overflow attempt (server-other.rules) * 1:13616 <-> DISABLED <-> SERVER-OTHER CVS Argument overflow (server-other.rules) * 1:13617 <-> DISABLED <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt (server-oracle.rules) * 1:13618 <-> DISABLED <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt (server-oracle.rules) * 1:13620 <-> DISABLED <-> SERVER-OTHER CA Brightstor discovery service alternate buffer overflow attempt (server-other.rules) * 1:13632 <-> DISABLED <-> SERVER-OTHER Zango adware installation request (server-other.rules) * 1:13635 <-> DISABLED <-> PUA-ADWARE Trickler downloader trojan.gen outbound connection - get malicious link (pua-adware.rules) * 1:13636 <-> DISABLED <-> PUA-ADWARE Trickler downloader trojan.gen outbound connection - download malicious link (pua-adware.rules) * 1:13637 <-> DISABLED <-> PUA-ADWARE Adware virus heat runtime detection - presale request (pua-adware.rules) * 1:13639 <-> DISABLED <-> PUA-TOOLBARS Hijacker locmag toolbar runtime detection - connection to toolbar (pua-toolbars.rules) * 1:13640 <-> DISABLED <-> PUA-TOOLBARS Hijacker locmag toolbar runtime detection - hijacks address bar (pua-toolbars.rules) * 1:13641 <-> DISABLED <-> PUA-TOOLBARS Hijacker eclickz toolbar runtime detection - search traffic (pua-toolbars.rules) * 1:13642 <-> DISABLED <-> MALWARE-OTHER Keylogger easy Keylogger runtime detection (malware-other.rules) * 1:13643 <-> DISABLED <-> PUA-TOOLBARS Hijacker zztoolbar runtime detection - toolbar traffic (pua-toolbars.rules) * 1:13644 <-> DISABLED <-> PUA-TOOLBARS Hijacker zztoolbar runtime detection - search traffic (pua-toolbars.rules) * 1:13645 <-> DISABLED <-> PUA-TOOLBARS Hijacker mxs toolbar runtime detection (pua-toolbars.rules) * 1:13646 <-> DISABLED <-> PUA-ADWARE Adware registry defender runtime detection - presale request (pua-adware.rules) * 1:13647 <-> DISABLED <-> PUA-ADWARE Adware registry defender runtime detection - error report request (pua-adware.rules) * 1:13648 <-> DISABLED <-> PUA-ADWARE Hijacker mysearch bar 2.0.2.28 runtime detection (pua-adware.rules) * 1:13649 <-> DISABLED <-> PUA-ADWARE Adware spyware stop runtime detection - presale request (pua-adware.rules) * 1:13650 <-> DISABLED <-> PUA-ADWARE Adware spyware stop runtime detection - auto updates (pua-adware.rules) * 1:13651 <-> DISABLED <-> MALWARE-OTHER Keylogger family cyber alert runtime detection - smtp traffic for recorded activities (malware-other.rules) * 1:13652 <-> DISABLED <-> PUA-ADWARE Keylogger all in one Keylogger runtime detection (pua-adware.rules) * 1:13653 <-> DISABLED <-> PUA-ADWARE Adware cashfiesta adbar runtime detection - updates traffic (pua-adware.rules) * 1:13694 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long get request exploit attempt (server-other.rules) * 1:13695 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long setup request exploit attempt (server-other.rules) * 1:13697 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation - alternate port (policy-other.rules) * 1:13698 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation - second alternate port (policy-other.rules) * 1:13719 <-> DISABLED <-> SERVER-ORACLE database username buffer overflow (server-oracle.rules) * 1:13762 <-> DISABLED <-> PUA-ADWARE Adware system defender runtime detection (pua-adware.rules) * 1:13764 <-> DISABLED <-> PUA-ADWARE Snoopware xpress remote outbound connection - init connection (pua-adware.rules) * 1:13765 <-> DISABLED <-> PUA-ADWARE Adware winxdefender runtime detection - presale request (pua-adware.rules) * 1:13766 <-> DISABLED <-> PUA-ADWARE Adware winxdefender runtime detection - auto update (pua-adware.rules) * 1:13767 <-> ENABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules) * 1:13768 <-> DISABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules) * 1:13769 <-> DISABLED <-> PUA-TOOLBARS Hijacker searchnine toolbar runtime detection - hijacks address bar (pua-toolbars.rules) * 1:13770 <-> DISABLED <-> PUA-TOOLBARS Hijacker searchnine toolbar runtime detection - redirects search function (pua-toolbars.rules) * 1:13771 <-> DISABLED <-> PUA-TOOLBARS Hijacker music of faith toolbar runtime detection - hijacks search engine traffic #1 (pua-toolbars.rules) * 1:13772 <-> DISABLED <-> PUA-TOOLBARS Hijacker music of faith toolbar runtime detection - hijacks search engine traffic #2 (pua-toolbars.rules) * 1:13774 <-> DISABLED <-> PUA-ADWARE Trickler trojan ecodec outbound connection - initial server connection #1 (pua-adware.rules) * 1:13775 <-> DISABLED <-> PUA-ADWARE Trickler trojan ecodec outbound connection - initial server connection #2 (pua-adware.rules) * 1:13776 <-> DISABLED <-> MALWARE-OTHER Trackware syscleaner runtime detection - presale traffic (malware-other.rules) * 1:13778 <-> DISABLED <-> MALWARE-OTHER Keylogger kgb employee monitor runtime detection (malware-other.rules) * 1:13779 <-> DISABLED <-> PUA-TOOLBARS Trackware proofile toolbar runtime detection (pua-toolbars.rules) * 1:13780 <-> DISABLED <-> PUA-TOOLBARS Hijacker find.fm toolbar runtime detection - automatic updates (pua-toolbars.rules) * 1:13781 <-> DISABLED <-> PUA-TOOLBARS Hijacker find.fm toolbar runtime detection - hijacks address bar (pua-toolbars.rules) * 1:13791 <-> DISABLED <-> INDICATOR-OBFUSCATION oversized cast statement - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:13797 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules) * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules) * 1:13808 <-> DISABLED <-> PUA-ADWARE Adware ie antivirus runtime detection - presale request (pua-adware.rules) * 1:13809 <-> DISABLED <-> PUA-ADWARE Adware ie antivirus runtime detection - update request (pua-adware.rules) * 1:13810 <-> DISABLED <-> PUA-ADWARE Trickler Adware.Win32.Ejik runtime detection - udp payload (pua-adware.rules) * 1:13811 <-> DISABLED <-> PUA-ADWARE Adware xp antivirus runtime detection (pua-adware.rules) * 1:13812 <-> DISABLED <-> MALWARE-OTHER Keylogger refog Keylogger runtime detection (malware-other.rules) * 1:13813 <-> DISABLED <-> PUA-ADWARE Trickler mm.exe outbound connection (pua-adware.rules) * 1:13840 <-> DISABLED <-> SERVER-OTHER Borland Interbase service attach operation buffer overflow (server-other.rules) * 1:13841 <-> DISABLED <-> SERVER-OTHER Borland Interbase create operation buffer overflow (server-other.rules) * 1:13842 <-> DISABLED <-> SERVER-OTHER Borland Interbase operation buffer overflow (server-other.rules) * 1:13844 <-> DISABLED <-> SERVER-MAIL BDAT size longer than contents exploit attempt (server-mail.rules) * 1:13845 <-> DISABLED <-> SERVER-MAIL BDAT size public exploit attempt (server-mail.rules) * 1:13847 <-> DISABLED <-> PUA-ADWARE Adware phoenician casino runtime detection (pua-adware.rules) * 1:13848 <-> DISABLED <-> PUA-ADWARE Trickler zwinky runtime detection (pua-adware.rules) * 1:13849 <-> DISABLED <-> PUA-ADWARE Hijacker rcse 4.4 outbound connection - hijack ie browser (pua-adware.rules) * 1:13850 <-> DISABLED <-> PUA-ADWARE Adware roogoo 2.0 runtime detection - popup ads (pua-adware.rules) * 1:13851 <-> DISABLED <-> PUA-ADWARE Adware roogoo 2.0 runtime detection - upgrade (pua-adware.rules) * 1:13852 <-> DISABLED <-> PUA-ADWARE Hijacker bitroll 5.0 outbound connection (pua-adware.rules) * 1:13853 <-> DISABLED <-> PUA-TOOLBARS Hijacker alot toolbar runtime detection - weather request (pua-toolbars.rules) * 1:13854 <-> DISABLED <-> PUA-TOOLBARS Hijacker alot toolbar runtime detection - auto update (pua-toolbars.rules) * 1:13861 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client avatar control (policy-social.rules) * 1:13862 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client item information download (policy-social.rules) * 1:13863 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client successful login (policy-social.rules) * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Dr. Watson error reporting attempt (policy-other.rules) * 1:13866 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker-fc.gen.a runtime detection - popup ads (malware-other.rules) * 1:13867 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker-fc.gen.a runtime detection (malware-other.rules) * 1:13868 <-> DISABLED <-> PUA-ADWARE Adware antispywaremaster runtime detection - start fake scanning (pua-adware.rules) * 1:13869 <-> DISABLED <-> PUA-ADWARE Adware antispywaremaster runtime detection - sale/register request (pua-adware.rules) * 1:13870 <-> DISABLED <-> PUA-ADWARE Adware coopen 5.0.0.87 runtime detection - init conn (pua-adware.rules) * 1:13871 <-> DISABLED <-> PUA-ADWARE Adware coopen 5.0.0.87 runtime detection - ads (pua-adware.rules) * 1:13872 <-> DISABLED <-> PUA-ADWARE Trickler fushion 1.2.4.17 outbound connection - notice (pua-adware.rules) * 1:13873 <-> DISABLED <-> PUA-ADWARE Trickler fushion 1.2.4.17 outbound connection - underground traffic (pua-adware.rules) * 1:13874 <-> DISABLED <-> PUA-ADWARE Adware malware destructor 4.5 runtime detection - order request (pua-adware.rules) * 1:13875 <-> DISABLED <-> PUA-ADWARE Adware malware destructor 4.5 runtime detection - auto update (pua-adware.rules) * 1:13898 <-> ENABLED <-> APP-DETECT Apple iTunes client request for server info (app-detect.rules) * 1:13899 <-> DISABLED <-> APP-DETECT Apple iTunes client login attempt (app-detect.rules) * 1:13900 <-> DISABLED <-> APP-DETECT Apple iTunes server multicast DNS response (app-detect.rules) * 1:13915 <-> ENABLED <-> FILE-IDENTIFY BAK file download request (file-identify.rules) * 1:13923 <-> DISABLED <-> SERVER-MAIL MailEnable SMTP HELO command denial of service attempt (server-mail.rules) * 1:13930 <-> DISABLED <-> PUA-ADWARE Trickler pc privacy cleaner outbound connection - order/register request (pua-adware.rules) * 1:13933 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - ads (malware-other.rules) * 1:13937 <-> DISABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant runtime detection - call home (pua-adware.rules) * 1:13938 <-> ENABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant outbound connection (pua-adware.rules) * 1:13939 <-> DISABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant runtime detection - auto update (pua-adware.rules) * 1:13940 <-> DISABLED <-> PUA-ADWARE Hijacker win32.bho.bgf outbound connection (pua-adware.rules) * 1:13943 <-> ENABLED <-> PUA-ADWARE Trickler dropper agent.rqg outbound connection (pua-adware.rules) * 1:13970 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules) * 1:13979 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Event System Subscription VBScript access (os-windows.rules) * 1:13983 <-> ENABLED <-> FILE-IDENTIFY EPS file download request (file-identify.rules) * 1:13987 <-> DISABLED <-> INDICATOR-OBFUSCATION oversized convert statement - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:13988 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to ascii function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:13989 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to char function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:13991 <-> DISABLED <-> SQL xp_regaddmultistring attempt (sql.rules) * 1:13992 <-> DISABLED <-> SQL xp_regdeletevalue attempt (sql.rules) * 1:13993 <-> DISABLED <-> SQL xp_regenumkeys attempt (sql.rules) * 1:13994 <-> DISABLED <-> SQL xp_regenumvalues attempt (sql.rules) * 1:13995 <-> DISABLED <-> SQL xp_regremovemultistring attempt (sql.rules) * 1:13996 <-> DISABLED <-> SQL xp_servicecontrol attempt (sql.rules) * 1:13997 <-> DISABLED <-> SQL xp_loginconfig attempt (sql.rules) * 1:13998 <-> DISABLED <-> SQL xp_terminate_process attempt (sql.rules) * 1:14008 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to concat function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules) * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules) * 1:14019 <-> DISABLED <-> FILE-MULTIMEDIA CyberLink PowerDVD playlist file handling stack overflow attempt (file-multimedia.rules) * 1:14020 <-> DISABLED <-> FILE-MULTIMEDIA CyberLink PowerDVD playlist file handling stack overflow attempt (file-multimedia.rules) * 1:14054 <-> DISABLED <-> PUA-ADWARE Adware AdwareALERT runtime detection - auto update (pua-adware.rules) * 1:14055 <-> DISABLED <-> PUA-TOOLBARS Hijacker rediff toolbar runtime detection - hijack ie auto search (pua-toolbars.rules) * 1:14056 <-> DISABLED <-> PUA-TOOLBARS Hijacker rediff toolbar runtime detection - get news info (pua-toolbars.rules) * 1:14058 <-> DISABLED <-> PUA-ADWARE Hijacker cpush 2 outbound connection - pass info to controlling server (pua-adware.rules) * 1:14061 <-> DISABLED <-> PUA-ADWARE Trickler antimalware guard runtime detection - order/register request (pua-adware.rules) * 1:14062 <-> DISABLED <-> PUA-ADWARE Trickler antimalware guard runtime detection - auto update (pua-adware.rules) * 1:14063 <-> DISABLED <-> PUA-ADWARE Hijacker cashon outbound connection - hijack ie searches (pua-adware.rules) * 1:14064 <-> DISABLED <-> PUA-ADWARE Hijacker cashon outbound connection - auto update (pua-adware.rules) * 1:14065 <-> DISABLED <-> MALWARE-OTHER Keylogger emptybase j runtime detection (malware-other.rules) * 1:14066 <-> DISABLED <-> PUA-ADWARE Adware winsecuredisc runtime detection (pua-adware.rules) * 1:14067 <-> DISABLED <-> PUA-ADWARE Adware swizzor runtime detection (pua-adware.rules) * 1:14068 <-> DISABLED <-> PUA-ADWARE Adware rond runtime detection (pua-adware.rules) * 1:14069 <-> DISABLED <-> PUA-ADWARE Adware brave sentry runtime detection - order request (pua-adware.rules) * 1:14070 <-> DISABLED <-> PUA-ADWARE Adware brave sentry runtime detection - self update (pua-adware.rules) * 1:14071 <-> DISABLED <-> PUA-ADWARE Hijacker Adware bho.gen runtime detection - pop-up window traffic #1 (pua-adware.rules) * 1:14072 <-> DISABLED <-> PUA-ADWARE Hijacker Adware bho.gen runtime detection - pop-up window traffic #2 (pua-adware.rules) * 1:14073 <-> DISABLED <-> PUA-ADWARE Hijacker Adware bho.gen runtime detection - prompt download page (pua-adware.rules) * 1:14074 <-> DISABLED <-> MALWARE-OTHER Keylogger spybosspro 4.2 runtime detection (malware-other.rules) * 1:14075 <-> DISABLED <-> MALWARE-OTHER Keylogger ultimate Keylogger pro runtime detection (malware-other.rules) * 1:14076 <-> DISABLED <-> PUA-ADWARE Hijacker Adware win32 mostofate runtime detection - hijack search (pua-adware.rules) * 1:14077 <-> DISABLED <-> PUA-ADWARE Hijacker Adware win32 mostofate runtime detection - redirect search results (pua-adware.rules) * 1:14078 <-> DISABLED <-> PUA-ADWARE Adware winspywareprotect runtime detection - download malicous code (pua-adware.rules) * 1:14079 <-> DISABLED <-> PUA-ADWARE Adware winspywareprotect runtime detection - connection to malicious sites (pua-adware.rules) * 1:14080 <-> DISABLED <-> PUA-ADWARE Adware winspywareprotect runtime detection - connection to malicious server (pua-adware.rules) * 1:14264 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (file-identify.rules) * 1:14265 <-> DISABLED <-> PROTOCOL-SCADA Multiple Schneider Electric SCADA products buffer overflow attempt (protocol-scada.rules) * 1:14600 <-> DISABLED <-> SERVER-OTHER SAP Message Server Heap buffer overflow attempt (server-other.rules) * 1:14602 <-> DISABLED <-> SERVER-OTHER Borland Interbase open_marker_file overflow attempt (server-other.rules) * 1:14608 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt (protocol-voip.rules) * 1:14609 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt (protocol-voip.rules) * 1:14615 <-> DISABLED <-> SERVER-OTHER Oracle Java web console format string attempt (server-other.rules) * 1:14741 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Foundation Service NULL service authentication attempt (server-other.rules) * 1:14777 <-> DISABLED <-> PROTOCOL-DNS single byte encoded name response (protocol-dns.rules) * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules) * 1:15071 <-> DISABLED <-> PROTOCOL-SCADA Modbus exception returned (protocol-scada.rules) * 1:15074 <-> DISABLED <-> PROTOCOL-SCADA Modbus user-defined function code - 65 to 72 (protocol-scada.rules) * 1:15075 <-> DISABLED <-> PROTOCOL-SCADA Modbus user-defined function code - 100 to 110 (protocol-scada.rules) * 1:15076 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple coils - too many outputs (protocol-scada.rules) * 1:15077 <-> DISABLED <-> PROTOCOL-SCADA Modbus read multiple coils - too many inputs (protocol-scada.rules) * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules) * 1:15083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file double free attempt (file-office.rules) * 1:15115 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt (os-windows.rules) * 1:15127 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (os-windows.rules) * 1:15128 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (os-windows.rules) * 1:15129 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (os-windows.rules) * 1:15130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (os-windows.rules) * 1:15131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function andx attempt (os-windows.rules) * 1:15132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function attempt (os-windows.rules) * 1:15133 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode andx attempt (os-windows.rules) * 1:15134 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode attempt (os-windows.rules) * 1:15135 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (os-windows.rules) * 1:15136 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (os-windows.rules) * 1:15137 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (os-windows.rules) * 1:15138 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (os-windows.rules) * 1:15139 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function andx attempt (os-windows.rules) * 1:15140 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function attempt (os-windows.rules) * 1:15141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode andx attempt (os-windows.rules) * 1:15142 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode attempt (os-windows.rules) * 1:15144 <-> DISABLED <-> SERVER-MSSQL sp_replwritetovarbin vulnerable function attempt (server-mssql.rules) * 1:15150 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server login Authentication bypass attempt (pua-other.rules) * 1:15151 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server logout Authentication bypass attempt (pua-other.rules) * 1:15152 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server setup-index Authentication bypass attempt (pua-other.rules) * 1:15154 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server gif Authentication bypass attempt (pua-other.rules) * 1:15155 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server png Authentication bypass attempt (pua-other.rules) * 1:15156 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server serverdown Authentication bypass attempt (pua-other.rules) * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules) * 1:15167 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cn dns query (indicator-compromise.rules) * 1:15168 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .ru dns query (indicator-compromise.rules) * 1:15169 <-> DISABLED <-> POLICY-SOCIAL XBOX Live Kerberos authentication request (policy-social.rules) * 1:15170 <-> DISABLED <-> POLICY-SOCIAL XBOX Netflix client activity (policy-social.rules) * 1:15171 <-> DISABLED <-> POLICY-SOCIAL XBOX Marketplace http request (policy-social.rules) * 1:15172 <-> DISABLED <-> POLICY-SOCIAL XBOX avatar retrieval request (policy-social.rules) * 1:15183 <-> DISABLED <-> POLICY-SOCIAL Yahoo messenger http link transmission attempt (policy-social.rules) * 1:15184 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN messenger http link transmission attempt (policy-social.rules) * 1:15185 <-> DISABLED <-> APP-DETECT Nintendo Wii SSL Server Hello (app-detect.rules) * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules) * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15259 <-> DISABLED <-> PROTOCOL-DNS DNS root query traffic amplification attempt (protocol-dns.rules) * 1:15260 <-> DISABLED <-> PROTOCOL-DNS DNS root query response traffic amplification attempt (protocol-dns.rules) * 1:15292 <-> DISABLED <-> POLICY-SOCIAL QQ protocol detected - version 2006 (policy-social.rules) * 1:15293 <-> DISABLED <-> POLICY-SOCIAL QQ protocol detected - version 2008 (policy-social.rules) * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules) * 1:15319 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules) * 1:15320 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules) * 1:15321 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules) * 1:15322 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules) * 1:15323 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules) * 1:15324 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules) * 1:15325 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules) * 1:15326 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules) * 1:15361 <-> ENABLED <-> FILE-PDF pdf file sent via email (file-pdf.rules) * 1:15363 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential obfuscated javascript eval unescape attack attempt (indicator-obfuscation.rules) * 1:15385 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules) * 1:15389 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area write attempt (protocol-scada.rules) * 1:15390 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area fill attempt (protocol-scada.rules) * 1:15391 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area transfer attempt (protocol-scada.rules) * 1:15392 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS parameter area write attempt (protocol-scada.rules) * 1:15393 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS parameter area clear attempt (protocol-scada.rules) * 1:15394 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect attempt (protocol-scada.rules) * 1:15395 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect clear attempt (protocol-scada.rules) * 1:15396 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area write attempt (protocol-scada.rules) * 1:15397 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area clear attempt (protocol-scada.rules) * 1:15398 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS RUN attempt (protocol-scada.rules) * 1:15399 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS STOP attempt (protocol-scada.rules) * 1:15400 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS clock write attempt (protocol-scada.rules) * 1:15401 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS access right acquire attempt (protocol-scada.rules) * 1:15402 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS access right forced acquire attempt (protocol-scada.rules) * 1:15403 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS single file write attempt (protocol-scada.rules) * 1:15404 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS file delete attempt (protocol-scada.rules) * 1:15405 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS forced set/reset attempt (protocol-scada.rules) * 1:15406 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS forced set/reset cancel attempt (protocol-scada.rules) * 1:15407 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS file memory write attempt (protocol-scada.rules) * 1:15408 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS data link table write attempt (protocol-scada.rules) * 1:15409 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS RESET attempt (protocol-scada.rules) * 1:15410 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS name delete attempt (protocol-scada.rules) * 1:15411 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory card format attempt (protocol-scada.rules) * 1:15412 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area write overflow attempt (protocol-scada.rules) * 1:15413 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area fill overflow attempt (protocol-scada.rules) * 1:15414 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect clear brute force attempt (protocol-scada.rules) * 1:15415 <-> DISABLED <-> CONTENT-REPLACE AIM or ICQ deny unencrypted login connection (content-replace.rules) * 1:15416 <-> DISABLED <-> CONTENT-REPLACE ICQ deny http proxy login (content-replace.rules) * 1:15417 <-> DISABLED <-> CONTENT-REPLACE AIM deny server certificate for encrypted login (content-replace.rules) * 1:15418 <-> DISABLED <-> POLICY-SOCIAL AIM server certificate for encrypted login (policy-social.rules) * 1:15420 <-> DISABLED <-> CONTENT-REPLACE MSN deny login (content-replace.rules) * 1:15426 <-> ENABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules) * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules) * 1:15429 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny outbound login attempt (content-replace.rules) * 1:15435 <-> DISABLED <-> SERVER-OTHER IBM Director CIM server consumer name handling denial of service attempt (server-other.rules) * 1:15438 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny udp login (content-replace.rules) * 1:15439 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:15440 <-> DISABLED <-> CONTENT-REPLACE QQ 2008 deny udp login (content-replace.rules) * 1:15441 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:15442 <-> DISABLED <-> SERVER-MYSQL XML Functions ExtractValue Scalar XPath denial of service attempt (server-mysql.rules) * 1:15444 <-> ENABLED <-> FILE-IDENTIFY Core Audio Format file download request (file-identify.rules) * 1:15448 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrShareEnum null policy handle attempt (netbios.rules) * 1:15456 <-> DISABLED <-> SERVER-OTHER WinHTTP SSL/TLS impersonation attempt (server-other.rules) * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15470 <-> DISABLED <-> FILE-EXECUTABLE IIS ASP/ASP.NET potentially malicious file upload attempt (file-executable.rules) * 1:15475 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ISA Server cross-site scripting attempt (os-windows.rules) * 1:15476 <-> DISABLED <-> PUA-ADWARE Waledac spam bot HTTP POST request (pua-adware.rules) * 1:15480 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie record invalid version number exploit attempt (file-multimedia.rules) * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:15487 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime SMIL qtnext redirect file execution attempt (file-multimedia.rules) * 1:15501 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint ParaBuildAtom memory corruption attempt (file-office.rules) * 1:15502 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint DiagramBuildContainer memory corruption attempt (file-office.rules) * 1:15512 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:15513 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules) * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules) * 1:15522 <-> DISABLED <-> SERVER-OTHER Active Directory invalid OID denial of service attempt (server-other.rules) * 1:15528 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DCERPC NCACN-IP-TCP spoolss RpcSetPrinterDataEx attempt (os-windows.rules) * 1:15560 <-> DISABLED <-> POLICY-SOCIAL Yahoo Messenger web client activity (policy-social.rules) * 1:15561 <-> DISABLED <-> POLICY-SOCIAL AOL Aimexpress web client login (policy-social.rules) * 1:15562 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt (file-pdf.rules) * 1:15566 <-> DISABLED <-> PUA-ADWARE Gumblar HTTP GET request attempt (pua-adware.rules) * 1:15567 <-> DISABLED <-> PUA-ADWARE Martuz HTTP GET request attempt (pua-adware.rules) * 1:15568 <-> DISABLED <-> POLICY-SOCIAL AIM encrypted login attempt (policy-social.rules) * 1:15569 <-> DISABLED <-> POLICY-SOCIAL Yahoo encrypted login attempt (policy-social.rules) * 1:15570 <-> DISABLED <-> CONTENT-REPLACE Google Talk deny login (content-replace.rules) * 1:15572 <-> DISABLED <-> SERVER-OTHER Curse of Silence Nokia SMS DoS attempt (server-other.rules) * 1:15574 <-> DISABLED <-> SERVER-MAIL MAIL FROM command overflow attempt (server-mail.rules) * 1:15576 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web client login (policy-social.rules) * 1:15577 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web client activity (policy-social.rules) * 1:15578 <-> DISABLED <-> MALWARE-TOOLS Slowloris http DoS tool (malware-tools.rules) * 1:15579 <-> DISABLED <-> SERVER-OTHER Squid NTLM fakeauth_auth Helper denial of service attempt (server-other.rules) * 1:15581 <-> DISABLED <-> SERVER-SAMBA Samba wildcard filename matching denial of service attempt (server-samba.rules) * 1:15582 <-> ENABLED <-> FILE-IDENTIFY ARJ format file download request (file-identify.rules) * 1:15583 <-> DISABLED <-> FILE-OTHER F-Secure AntiVirus library heap overflow attempt (file-other.rules) * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:15680 <-> DISABLED <-> OS-WINDOWS Microsoft DirectShow QuickTime file atom size parsing heap corruption attempt (os-windows.rules) * 1:15683 <-> DISABLED <-> SERVER-OTHER ISA Server OTP-based Forms-authorization fallback policy bypass attempt (server-other.rules) * 1:15699 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3.5 unicode stack overflow attempt (browser-firefox.rules) * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules) * 1:15713 <-> DISABLED <-> PROTOCOL-SCADA DNP3 device trouble (protocol-scada.rules) * 1:15714 <-> DISABLED <-> PROTOCOL-SCADA DNP3 corrupt configuration (protocol-scada.rules) * 1:15715 <-> DISABLED <-> PROTOCOL-SCADA DNP3 event buffer overflow error (protocol-scada.rules) * 1:15716 <-> DISABLED <-> PROTOCOL-SCADA DNP3 parameter error (protocol-scada.rules) * 1:15717 <-> DISABLED <-> PROTOCOL-SCADA DNP3 unknown object error (protocol-scada.rules) * 1:15718 <-> DISABLED <-> PROTOCOL-SCADA DNP3 unsupported function code error (protocol-scada.rules) * 1:15719 <-> DISABLED <-> PROTOCOL-SCADA DNP3 link service not supported (protocol-scada.rules) * 1:15728 <-> DISABLED <-> FILE-PDF Possible Adobe Acrobat Reader ActionScript byte_array heap spray attempt (file-pdf.rules) * 1:15729 <-> DISABLED <-> FILE-FLASH Possible Adobe Flash Player ActionScript byte_array heap spray attempt (file-flash.rules) * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules) * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules) * 1:15873 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox location spoofing attempt via invalid window.open characters (browser-firefox.rules) * 1:15882 <-> DISABLED <-> SERVER-OTHER McAfee E-Business Server remote preauth code execution attempt (server-other.rules) * 1:15883 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x01 command buffer overflow attempt (server-other.rules) * 1:15884 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x02 command buffer overflow attempt (server-other.rules) * 1:15885 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x03 command buffer overflow attempt (server-other.rules) * 1:15886 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x04 command buffer overflow attempt (server-other.rules) * 1:15887 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x05 command buffer overflow attempt (server-other.rules) * 1:15888 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x31 command buffer overflow attempt (server-other.rules) * 1:15889 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x32 command buffer overflow attempt (server-other.rules) * 1:15890 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x33 command buffer overflow attempt (server-other.rules) * 1:15891 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x34 command buffer overflow attempt (server-other.rules) * 1:15892 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x53 command denial of service attempt (server-other.rules) * 1:15893 <-> DISABLED <-> FILE-OTHER fCreateShellLink function use - potential attack (file-other.rules) * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules) * 1:15903 <-> DISABLED <-> INDICATOR-SHELLCODE x86 PoC CVE-2003-0605 (indicator-shellcode.rules) * 1:15913 <-> DISABLED <-> OS-WINDOWS Microsoft Windows javascript arguments keyword override rce attempt (os-windows.rules) * 1:15921 <-> ENABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules) * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:15932 <-> DISABLED <-> PROTOCOL-FTP LIST globbing denial of service attack (protocol-ftp.rules) * 1:15934 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 172.16/12 address detected (protocol-dns.rules) * 1:15935 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 192.168/16 address detected (protocol-dns.rules) * 1:15936 <-> DISABLED <-> SERVER-MAIL Sendmail identd command parsing vulnerability (server-mail.rules) * 1:15937 <-> DISABLED <-> SERVER-OTHER protos h323 buffer overflow (server-other.rules) * 1:15939 <-> DISABLED <-> SERVER-OTHER MSN Messenger IRC bot calling home attempt (server-other.rules) * 1:15945 <-> ENABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules) * 1:15963 <-> DISABLED <-> OS-LINUX Red Hat Enterprise Linux DNS resolver buffer overflow attempt (os-linux.rules) * 1:15964 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange OWA XSS and spoofing attempt (server-mail.rules) * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules) * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules) * 1:15967 <-> DISABLED <-> SERVER-OTHER ICQ SRV_MULTI/SRV_META_USER overflow attempt (server-other.rules) * 1:15969 <-> DISABLED <-> SERVER-OTHER Symantec Multiple Products ISAKMPd denial of service attempt (server-other.rules) * 1:15970 <-> DISABLED <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt (server-other.rules) * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules) * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules) * 1:15979 <-> DISABLED <-> SERVER-OTHER Check Point VPN-1 ASN.1 Decoding heap overflow attempt (server-other.rules) * 1:15980 <-> DISABLED <-> SERVER-APACHE Apache mod_ssl hook functions format string attempt (server-apache.rules) * 1:15981 <-> DISABLED <-> FILE-OTHER zlib Denial of Service (file-other.rules) * 1:15983 <-> DISABLED <-> SERVER-SAMBA Samba arbitrary file access exploit attempt (server-samba.rules) * 1:15984 <-> DISABLED <-> SERVER-SAMBA Samba Printer Change Notification Request DoS attempt (server-samba.rules) * 1:15985 <-> DISABLED <-> OS-WINDOWS Microsoft ASP.NET canonicalization exploit attempt (os-windows.rules) * 1:15986 <-> DISABLED <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt (server-samba.rules) * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules) * 1:15988 <-> DISABLED <-> OS-WINDOWS Microsoft ISA Server DNS spoofing attempt (os-windows.rules) * 1:15989 <-> DISABLED <-> SERVER-OTHER Squid ASN.1 header parsing denial of service attempt (server-other.rules) * 1:15996 <-> DISABLED <-> OS-WINDOWS Microsoft Negotiate SSP buffer overflow attempt (os-windows.rules) * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules) * 1:16025 <-> DISABLED <-> SERVER-MAIL MailEnable SMTP service SPF lookup buffer overflow attempt (server-mail.rules) * 1:16038 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Thunderbird WYSIWYG engine filtering IFRAME JavaScript execution attempt (browser-firefox.rules) * 1:16040 <-> DISABLED <-> SERVER-OTHER SpamAssassin spamd vpopmail and paranoid options code execution attempt (server-other.rules) * 1:16044 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox CSS Letter-Spacing overflow attempt (browser-firefox.rules) * 1:16051 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 conversion library code execution attempt (file-office.rules) * 1:16053 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules) * 1:16057 <-> DISABLED <-> SERVER-MAIL Sendmail smtp timeout buffer overflow attempt (server-mail.rules) * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules) * 1:16062 <-> DISABLED <-> FILE-OTHER ACD Systems ACDSee Products XPM values section buffer overflow attempt (file-other.rules) * 1:16076 <-> DISABLED <-> SERVER-OTHER Tripwire format string vulnerability nfs exploit attempt (server-other.rules) * 1:16077 <-> DISABLED <-> SERVER-OTHER Tripwire format string vulnerability ftp exploit attempt (server-other.rules) * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules) * 1:16092 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.delf.jwh runtime detection (malware-backdoor.rules) * 1:16114 <-> DISABLED <-> PUA-TOOLBARS Hijacker cramtoolbar runtime detection - hijack (pua-toolbars.rules) * 1:16115 <-> DISABLED <-> PUA-TOOLBARS Hijacker cramtoolbar runtime detection - search (pua-toolbars.rules) * 1:16116 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - pass user info to remote server (malware-other.rules) * 1:16117 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - ads (malware-other.rules) * 1:16118 <-> DISABLED <-> PUA-ADWARE Adware winreanimator runtime detection - register request (pua-adware.rules) * 1:16119 <-> DISABLED <-> PUA-ADWARE Adware winreanimator runtime detection - daily update (pua-adware.rules) * 1:16120 <-> DISABLED <-> PUA-TOOLBARS Trackware 6sq toolbar runtime detection (pua-toolbars.rules) * 1:16121 <-> DISABLED <-> PUA-ADWARE Hijacker weatherstudio outbound connection (pua-adware.rules) * 1:16122 <-> DISABLED <-> PUA-ADWARE rogue antivirus xp 2008 runtime detection - buy (pua-adware.rules) * 1:16123 <-> DISABLED <-> PUA-ADWARE rogue antivirus xp 2008 runtime detection - update (pua-adware.rules) * 1:16125 <-> DISABLED <-> MALWARE-OTHER Keylogger spyyahoo v2.2 runtime detection (malware-other.rules) * 1:16126 <-> DISABLED <-> PUA-ADWARE Trickler virusremover 2008 outbound connection (pua-adware.rules) * 1:16127 <-> DISABLED <-> PUA-ADWARE Adware superiorads runtime detection (pua-adware.rules) * 1:16129 <-> DISABLED <-> MALWARE-OTHER Keylogger kamyab Keylogger v.3 runtime detection (malware-other.rules) * 1:16130 <-> DISABLED <-> MALWARE-OTHER Keylogger lord spy pro 1.4 runtime detection (malware-other.rules) * 1:16131 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker trojan zlob.dnz runtime detection - ads (malware-other.rules) * 1:16132 <-> DISABLED <-> MALWARE-OTHER Trackware owlforce runtime detection - remote server #1 (malware-other.rules) * 1:16133 <-> DISABLED <-> MALWARE-OTHER Trackware owlforce runtime detection - remote server #2 (malware-other.rules) * 1:16134 <-> DISABLED <-> PUA-ADWARE Adware spyware guard 2008 runtime detection - contacts remote server (pua-adware.rules) * 1:16135 <-> DISABLED <-> PUA-ADWARE Adware spyware guard 2008 runtime detection - purchase page (pua-adware.rules) * 1:16136 <-> DISABLED <-> PUA-ADWARE Hijacker xp antispyware 2009 runtime detection - pre-sale webpage (pua-adware.rules) * 1:16137 <-> DISABLED <-> MALWARE-OTHER Keylogger cheat monitor runtime detection (malware-other.rules) * 1:16138 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool 0desa msn pass stealer 8.5 runtime detection (malware-tools.rules) * 1:16141 <-> DISABLED <-> SERVER-OTHER Kaspersky Online Scanner trojaned Dll download attempt (server-other.rules) * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:16153 <-> DISABLED <-> FILE-IMAGE Microsoft Windows malformed WMF meta escape record memory corruption attempt (file-image.rules) * 1:16154 <-> DISABLED <-> FILE-EXECUTABLE GDI+ .NET image property parsing memory corruption (file-executable.rules) * 1:16156 <-> DISABLED <-> FILE-MULTIMEDIA Windows Media Player ASF marker object memory corruption attempt (file-multimedia.rules) * 1:16157 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed ASF voice codec memory corruption attempt (os-windows.rules) * 1:16158 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Runtime malformed ASF codec memory corruption attempt (os-windows.rules) * 1:16167 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSASS integer wrap denial of service attempt (os-windows.rules) * 1:16168 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 integer overflow denial of service attempt (os-windows.rules) * 1:16173 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D progressive mesh continuation pointer overwrite attempt (file-pdf.rules) * 1:16174 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D progressive mesh continuation off by one index attempt (file-pdf.rules) * 1:16175 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.removeStateModel denial of service attempt (file-pdf.rules) * 1:16176 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.addStateModel remote corruption attempt (file-pdf.rules) * 1:16177 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word GDI+ Office Art Property Table remote code execution attempt (file-office.rules) * 1:16178 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel GDI+ Office Art Property Table remote code execution attempt (file-office.rules) * 1:16179 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET MSIL CLR interface multiple instantiation attempt (file-executable.rules) * 1:16181 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI ASN.1 integer overflow attempt (os-windows.rules) * 1:16182 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET MSIL stack corruption attempt (file-executable.rules) * 1:16183 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows .NET MSIL CombineImpl suspicious usage attempt (file-executable.rules) * 1:16184 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:16185 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ compressed TIFF file parsing remote code execution attempt (os-windows.rules) * 1:16186 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ interlaced PNG file parsing heap overflow attempt (file-image.rules) * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules) * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:16220 <-> DISABLED <-> FILE-OTHER Adobe Shockwave director file malformed lcsr block memory corruption attempt (file-other.rules) * 1:16223 <-> DISABLED <-> FILE-OTHER Adobe Shockwave tSAC pointer overwrite attempt (file-other.rules) * 1:16224 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes invalid tref box exploit attempt (file-multimedia.rules) * 1:16225 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Flash arbitrary memory access attempt (file-other.rules) * 1:16226 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel integer field in row record improper validation remote code execution attempt (file-office.rules) * 1:16227 <-> DISABLED <-> SERVER-OTHER Web Service on Devices API WSDAPI URL processing buffer corruption attempt (server-other.rules) * 1:16228 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed StartObject record arbitrary code execution attempt (file-office.rules) * 1:16229 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel oversized ib memory corruption attempt (file-office.rules) * 1:16233 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel oversized ptgFuncVar cparams value buffer overflow attempt (file-office.rules) * 1:16234 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules) * 1:16235 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SXDB record exploit attempt (file-office.rules) * 1:16236 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SxView record exploit attempt (file-office.rules) * 1:16237 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory NTDSA stack space exhaustion attempt (server-other.rules) * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules) * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules) * 1:16240 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file Window/Pane record exploit attempt (file-office.rules) * 1:16241 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FeatHdr BIFF record remote code execution attempt (file-office.rules) * 1:16244 <-> DISABLED <-> PUA-ADWARE rogue software xp police antivirus runtime detection - purchase (pua-adware.rules) * 1:16245 <-> DISABLED <-> PUA-ADWARE rogue software xp police antivirus install-timedetection (pua-adware.rules) * 1:16246 <-> DISABLED <-> PUA-ADWARE rogue software spyware protect 2009 outbound connection - purchase request (pua-adware.rules) * 1:16247 <-> DISABLED <-> PUA-ADWARE rogue software spyware protect 2009 outbound connection - block (pua-adware.rules) * 1:16248 <-> DISABLED <-> PUA-ADWARE rogue software ms antispyware 2009 runtime detection - start (pua-adware.rules) * 1:16249 <-> DISABLED <-> PUA-ADWARE rogue software ms antispyware 2009 runtime detection - pay (pua-adware.rules) * 1:16250 <-> DISABLED <-> PUA-ADWARE rogue software win pc defender outbound connection (pua-adware.rules) * 1:16251 <-> DISABLED <-> PUA-ADWARE rogue software win pc defender outbound connection (pua-adware.rules) * 1:16252 <-> DISABLED <-> PUA-ADWARE rogue software pro antispyware 2009 runtime detection - purchase (pua-adware.rules) * 1:16253 <-> DISABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules) * 1:16254 <-> ENABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules) * 1:16255 <-> DISABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules) * 1:16256 <-> DISABLED <-> PUA-ADWARE rogue software coreguard antivirus 2009 runtime detection (pua-adware.rules) * 1:16257 <-> DISABLED <-> PUA-ADWARE rogue software perfect defender 2009 outbound connection - update (pua-adware.rules) * 1:16258 <-> DISABLED <-> PUA-ADWARE rogue software perfect defender 2009 outbound connection - purchase (pua-adware.rules) * 1:16259 <-> DISABLED <-> PUA-ADWARE rogue software antivirusdoktor2009 runtime detection (pua-adware.rules) * 1:23090 <-> DISABLED <-> SERVER-OTHER known malicious SSL certificate derived from Microsoft CA detected (server-other.rules) * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (policy-other.rules) * 1:23106 <-> ENABLED <-> EXPLOIT-KIT SET java applet load attempt (exploit-kit.rules) * 1:23107 <-> DISABLED <-> INDICATOR-COMPROMISE BeEF javascript hook.js download attempt (indicator-compromise.rules) * 1:23110 <-> DISABLED <-> FILE-IMAGE Microsoft Windows graphics rendering engine buffer overflow attempt (file-image.rules) * 1:23113 <-> DISABLED <-> INDICATOR-OBFUSCATION eval gzinflate base64_decode call - likely malicious (indicator-obfuscation.rules) * 1:23114 <-> DISABLED <-> INDICATOR-OBFUSCATION GIF header with PHP tags - likely malicious (indicator-obfuscation.rules) * 1:23115 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB client authentication bypass attempt (server-mysql.rules) * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (file-flash.rules) * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (file-flash.rules) * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (file-flash.rules) * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (file-flash.rules) * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (file-flash.rules) * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (file-flash.rules) * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (file-flash.rules) * 1:23140 <-> DISABLED <-> FILE-PDF Unknown Malicious PDF - CreationDate (file-pdf.rules) * 1:23141 <-> ENABLED <-> EXPLOIT-KIT Fake transaction redirect page to exploit kit (exploit-kit.rules) * 1:23147 <-> ENABLED <-> EXPLOIT-KIT Suspicious taskkill script - StrReverse (exploit-kit.rules) * 1:23148 <-> ENABLED <-> EXPLOIT-KIT Suspicious StrReverse - Shell (exploit-kit.rules) * 1:23149 <-> ENABLED <-> EXPLOIT-KIT Suspicious StrReverse - Scripting.FileSystemObject (exploit-kit.rules) * 1:23160 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - fromCharCode (indicator-obfuscation.rules) * 1:23161 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - eval (indicator-obfuscation.rules) * 1:23166 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XDP encoded download attempt (file-pdf.rules) * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules) * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23171 <-> DISABLED <-> INDICATOR-COMPROMISE Wordpress Request for html file in fgallery directory (indicator-compromise.rules) * 1:23173 <-> DISABLED <-> OS-MOBILE Android Zitmo trojan command and control channel traffic (os-mobile.rules) * 1:23178 <-> DISABLED <-> PROTOCOL-ICMP IPv6 router advertisement flood attempt (protocol-icmp.rules) * 1:23179 <-> DISABLED <-> INDICATOR-COMPROMISE script before DOCTYPE possible malicious redirect attempt (indicator-compromise.rules) * 1:23188 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23189 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23203 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23204 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23208 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (protocol-voip.rules) * 1:23217 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic avoid_utf8_tolower javascript encoder (indicator-shellcode.rules) * 1:23226 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript error suppression routine (indicator-obfuscation.rules) * 1:23230 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST client identifier overflow attempt (os-windows.rules) * 1:23231 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST hostname overflow attempt (os-windows.rules) * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules) * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules) * 1:23239 <-> DISABLED <-> SERVER-OTHER Wireshark console.lua file load exploit attempt (server-other.rules) * 1:23246 <-> DISABLED <-> PUA-ADWARE Wajam Monitizer url outbound connection - post install (pua-adware.rules) * 1:23247 <-> DISABLED <-> PUA-ADWARE Wajam Monitizer outbound connection - post install (pua-adware.rules) * 1:23309 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:23310 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:23311 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:23312 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:23313 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:23315 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word request for imeshare.dll over SMB attempt (file-office.rules) * 1:23316 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word imeshare.dll dll-load exploit attempt (file-office.rules) * 1:23318 <-> DISABLED <-> FILE-OTHER ELF multiple antivirus evasion attempts (file-other.rules) * 1:23319 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules) * 1:23320 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules) * 1:23321 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules) * 1:23322 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules) * 1:23323 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23324 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23325 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23326 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23327 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23328 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23329 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23330 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:23338 <-> DISABLED <-> MALWARE-BACKDOOR Spindest.A runtime detection - initial connection (malware-backdoor.rules) * 1:23347 <-> ENABLED <-> FILE-IDENTIFY Lotus file download request (file-identify.rules) * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23350 <-> DISABLED <-> MALWARE-OTHER potential clickjacking via css pointer-events attempt (malware-other.rules) * 1:23351 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23356 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office text converters integer underflow attempt (file-office.rules) * 1:23357 <-> DISABLED <-> FILE-OTHER ELF multiple antivirus evasion attempts (file-other.rules) * 1:23358 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23359 <-> DISABLED <-> SERVER-OTHER Multiple Vendors SOAP large array parameter DoS attempt (server-other.rules) * 1:23360 <-> DISABLED <-> SERVER-IIS tilde character file name discovery attempt (server-iis.rules) * 1:23361 <-> DISABLED <-> SERVER-IIS tilde character file name discovery attempt (server-iis.rules) * 1:23362 <-> DISABLED <-> SERVER-IIS tilde character file name discovery attempt (server-iis.rules) * 1:23369 <-> DISABLED <-> PUA-ADWARE Adware.Phono post infection download attempt (pua-adware.rules) * 1:23381 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Thoper.C runtime detection (malware-backdoor.rules) * 1:23393 <-> ENABLED <-> SQL IBM SolidDB initial banner (sql.rules) * 1:23397 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services stack buffer overflow attempt (server-other.rules) * 1:23404 <-> DISABLED <-> SERVER-MAIL Mortal Universe POP Peeper date header overflow attempt (server-mail.rules) * 1:23408 <-> DISABLED <-> OS-WINDOWS Microsoft Windows large image resize denial of service attempt (os-windows.rules) * 1:23435 <-> DISABLED <-> SERVER-MAIL Alt-N MDaemon file attachment directory traversal attempt (server-mail.rules) * 1:23436 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX IDirectPlay4 denial of service attempt (os-windows.rules) * 1:23437 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX IDirectPlay4 denial of service attempt (os-windows.rules) * 1:23438 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell initialization attempt (indicator-compromise.rules) * 1:23439 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell upload attempt (indicator-compromise.rules) * 1:23440 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell upload attempt (indicator-compromise.rules) * 1:23441 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell upload attempt (indicator-compromise.rules) * 1:23442 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command injection attempt (indicator-compromise.rules) * 1:23443 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell failed remote command injection attempt (indicator-compromise.rules) * 1:23445 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox use-after free remote code execution attempt (browser-firefox.rules) * 1:23471 <-> DISABLED <-> BROWSER-CHROME Google Chrome net-internals uri fragment identifier XSS attempt (browser-chrome.rules) * 1:23472 <-> DISABLED <-> PUA-ADWARE FakeAV landing page request (pua-adware.rules) * 1:23474 <-> ENABLED <-> FILE-IDENTIFY PLP file download request (file-identify.rules) * 1:23475 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules) * 1:23476 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules) * 1:23477 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules) * 1:23478 <-> DISABLED <-> FILE-OTHER ACDSee FotoSlate PLP file buffer overflow attempt (file-other.rules) * 1:23479 <-> DISABLED <-> FILE-OTHER ACDSee FotoSlate PLP file buffer overflow attempt (file-other.rules) * 1:23481 <-> DISABLED <-> INDICATOR-OBFUSCATION hex escaped characters in setTimeout call (indicator-obfuscation.rules) * 1:23482 <-> DISABLED <-> INDICATOR-OBFUSCATION hex escaped characters in addEventListener call (indicator-obfuscation.rules) * 1:23483 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Georbot file download (malware-backdoor.rules) * 1:23484 <-> DISABLED <-> INDICATOR-COMPROMISE Wordpress Invit0r plugin non-image file upload attempt (indicator-compromise.rules) * 1:23486 <-> ENABLED <-> FILE-IDENTIFY JOB file download request (file-identify.rules) * 1:23487 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:23488 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (file-other.rules) * 1:23490 <-> DISABLED <-> FILE-MULTIMEDIA Oracle Java MixerSequencer RMF MIDI structure handling exploit attempt (file-multimedia.rules) * 1:23496 <-> ENABLED <-> FILE-IDENTIFY CUR file download request (file-identify.rules) * 1:23497 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23498 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23513 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:23514 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:23515 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:23516 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:23525 <-> DISABLED <-> FILE-OFFICE Microsoft Office BMP header biClrUsed integer overflow attempt (file-office.rules) * 1:23531 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:23532 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:23533 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:23540 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word GDI+ Office Art Property Table remote code execution attempt (file-office.rules) * 1:23541 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel GDI+ Office Art Property Table remote code execution attempt (file-office.rules) * 1:23542 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel integer field in row record improper validation remote code execution attempt (file-office.rules) * 1:23543 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SxView record exploit attempt (file-office.rules) * 1:23557 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office text converters integer underflow attempt (file-office.rules) * 1:23564 <-> DISABLED <-> FILE-OTHER Adobe Illustrator DSC comment overflow attempt (file-other.rules) * 1:23578 <-> DISABLED <-> FILE-OTHER Microsoft Windows malformed ASF voice codec memory corruption attempt (file-other.rules) * 1:23589 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:23590 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:23596 <-> DISABLED <-> INDICATOR-COMPROMISE iframe before DOCTYPE possible malicious redirect attempt (indicator-compromise.rules) * 1:23601 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan default agent string (indicator-scan.rules) * 1:23602 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan Firefox agent string (indicator-scan.rules) * 1:23603 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan MSIE agent string (indicator-scan.rules) * 1:23604 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan iPhone agent string (indicator-scan.rules) * 1:23616 <-> ENABLED <-> APP-DETECT Amazon Kindle 3.0 User-Agent string requested (app-detect.rules) * 1:23617 <-> DISABLED <-> APP-DETECT Amazon Kindle chrome-scriptable-plugin attempt (app-detect.rules) * 1:23618 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection attempt (malware-other.rules) * 1:23620 <-> ENABLED <-> MALWARE-OTHER Malvertising network attempted redirect (malware-other.rules) * 1:23621 <-> DISABLED <-> INDICATOR-OBFUSCATION known packer routine with secondary obfuscation (indicator-obfuscation.rules) * 1:23624 <-> DISABLED <-> SERVER-OTHER Ubisoft Uplay browser plugin backdoor attempt (server-other.rules) * 1:23625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox resource URL handling directory traversal attempt (browser-firefox.rules) * 1:23636 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript built-in function parseInt appears obfuscated - likely packer or encoder (indicator-obfuscation.rules) * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:23642 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules) * 1:23643 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules) * 1:23644 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules) * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:23646 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules) * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:23648 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23649 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules) * 1:23650 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules) * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:23660 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules) * 1:23661 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules) * 1:23662 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:23663 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:23664 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:23665 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules) * 1:23666 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:23668 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules) * 1:23669 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules) * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:23671 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules) * 1:23672 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules) * 1:23673 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:23674 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules) * 1:23675 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules) * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:23679 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23688 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules) * 1:23689 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules) * 1:23690 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules) * 1:23691 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:23692 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules) * 1:23693 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules) * 1:23694 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules) * 1:23695 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:23696 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:23698 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:23702 <-> DISABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules) * 1:23703 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:23704 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.51-v0.61 packed file magic detected (file-identify.rules) * 1:23705 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.62-v1.22 packed file magic detected (file-identify.rules) * 1:23706 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v2.90 v2.93-v3.00 packed file magic detected (file-identify.rules) * 1:23707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:23709 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules) * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:23713 <-> DISABLED <-> FILE-IDENTIFY Metastock mwl file magic detected (file-identify.rules) * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:23722 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Address Book file magic detected (file-identify.rules) * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:23726 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules) * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:23728 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:23730 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules) * 1:23731 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules) * 1:23732 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules) * 1:23733 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules) * 1:23734 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules) * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:23736 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:23737 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:23749 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:23750 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:23751 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:23752 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:23756 <-> DISABLED <-> FILE-IDENTIFY New Executable binary file magic detected (file-identify.rules) * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23760 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:23762 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:23763 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:23764 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:23765 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:23768 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Basic v6.0 - additional file magic detected (file-identify.rules) * 1:23769 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules) * 1:23770 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules) * 1:23771 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules) * 1:23772 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules) * 1:23773 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules) * 1:23774 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:23776 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules) * 1:23779 <-> DISABLED <-> SERVER-APACHE Apache WebDAV mod_dav nested entity reference DoS attempt (server-apache.rules) * 1:23798 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection page (malware-other.rules) * 1:23807 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23810 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23813 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23816 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23819 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23822 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23823 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23829 <-> DISABLED <-> INDICATOR-COMPROMISE Loaderz Web Shell (indicator-compromise.rules) * 1:23830 <-> DISABLED <-> INDICATOR-COMPROMISE Alsa3ek Web Shell (indicator-compromise.rules) * 1:23831 <-> DISABLED <-> INDICATOR-OBFUSCATION non-alphanumeric javascript detected (indicator-obfuscation.rules) * 1:23832 <-> DISABLED <-> INDICATOR-OBFUSCATION non-alphanumeric javascript detected (indicator-obfuscation.rules) * 1:23833 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection campaign - blackmuscat (malware-other.rules) * 1:23846 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Terminal server RDP freed memory write attempt (os-windows.rules) * 1:23851 <-> DISABLED <-> FILE-PDF Blackhole exploit kit related malicious file detection (file-pdf.rules) * 1:23852 <-> DISABLED <-> FILE-PDF Blackhole exploit kit related malicious file detection (file-pdf.rules) * 1:23863 <-> DISABLED <-> PUA-ADWARE LiveSecurityPlatinum.A outbound connection - initial connection (pua-adware.rules) * 1:23864 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid font WeightVector attempt (file-pdf.rules) * 1:23865 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid font WeightVector attempt (file-pdf.rules) * 1:23866 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23867 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23868 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23869 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23870 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23871 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23874 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader postscript font execution malformed subroutine entries attempt (file-pdf.rules) * 1:23875 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader postscript font execution malformed subroutine entries attempt (file-pdf.rules) * 1:23881 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23882 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23883 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 encoding invalid symbol in dictionary segment (file-pdf.rules) * 1:23884 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 encoding invalid symbol in dictionary segment (file-pdf.rules) * 1:23891 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23892 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23898 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.collectEmailInfo exploit attempt (file-pdf.rules) * 1:23899 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (file-pdf.rules) * 1:23900 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (file-pdf.rules) * 1:23901 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (file-pdf.rules) * 1:23902 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (file-pdf.rules) * 1:23905 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23906 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23907 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23908 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23909 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23910 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23911 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23912 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23913 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23914 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23915 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23916 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23917 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23918 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23919 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23920 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23921 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23922 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23923 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23924 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23925 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23926 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23927 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23928 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23929 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23930 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23931 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23932 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23933 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules) * 1:23947 <-> DISABLED <-> SQL IBM System Storage DS storage manager profiler sql injection attempt (sql.rules) * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules) * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules) * 1:23952 <-> DISABLED <-> MALWARE-TOOLS Tors Hammer slow post flood attempt (malware-tools.rules) * 1:23954 <-> DISABLED <-> OS-MOBILE Android SMSZombie APK file download attempt (os-mobile.rules) * 1:23964 <-> DISABLED <-> PROTOCOL-SCADA BroadWin WebAccess Client format string exploit attempt (protocol-scada.rules) * 1:23965 <-> DISABLED <-> PROTOCOL-SCADA BroadWin WebAccess Client arbitrary memory corruption attempt (protocol-scada.rules) * 1:23966 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk invite malformed SDP denial of service attempt (protocol-voip.rules) * 1:23969 <-> ENABLED <-> OS-MOBILE Android SMSZombie APK file download (os-mobile.rules) * 1:23979 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23980 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23981 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23982 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23983 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23990 <-> DISABLED <-> POLICY-SOCIAL Apple Messages client side certificate request attempt (policy-social.rules) * 1:23991 <-> DISABLED <-> POLICY-SOCIAL Apple Messages service server request attempt (policy-social.rules) * 1:23998 <-> DISABLED <-> SERVER-OTHER DHCP discover broadcast flood attempt (server-other.rules) * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:17277 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (file-other.rules) * 1:17278 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (file-other.rules) * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules) * 1:17319 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MCAtom remote code execution attempt (file-office.rules) * 1:17320 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MCAtom remote code execution attempt (file-office.rules) * 1:17327 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules) * 1:17332 <-> ENABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules) * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules) * 1:17364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules) * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules) * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules) * 1:17396 <-> ENABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules) * 1:17417 <-> DISABLED <-> SERVER-ORACLE Database Intermedia Denial of Service Attempt (server-oracle.rules) * 1:17418 <-> ENABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules) * 1:17426 <-> ENABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules) * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules) * 1:17445 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:17503 <-> DISABLED <-> SERVER-MAIL MailEnable IMAP Service Invalid Command Buffer Overlow LOGIN (server-mail.rules) * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules) * 1:17537 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel unspecified memory corruption attempt (file-office.rules) * 1:17539 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel unspecified memory corruption attempt (file-office.rules) * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules) * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules) * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules) * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules) * 1:17667 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Pragmatic General Multicast Protocol memory consumption denial of service attempt (os-windows.rules) * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules) * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules) * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules) * 1:17745 <-> ENABLED <-> NETBIOS SMB TRANS2 Find_First2 request attempt (netbios.rules) * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules) * 1:17754 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word bookmark bound check remote code execution attempt (file-office.rules) * 1:17755 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unchecked index value remote code execution attempt (file-office.rules) * 1:17763 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel GhostRw record exploit attempt (file-office.rules) * 1:17773 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player Firefox plugin memory corruption attempt (file-multimedia.rules) * 1:17776 <-> DISABLED <-> FILE-JAVA Oracle Java HsbParser.getSoundBank stack buffer overflow attempt (file-java.rules) * 1:17782 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple registers from external source (protocol-scada.rules) * 1:17783 <-> DISABLED <-> PROTOCOL-SCADA Modbus write single register from external source (protocol-scada.rules) * 1:17784 <-> DISABLED <-> PROTOCOL-SCADA Modbus write single coil from external source (protocol-scada.rules) * 1:17785 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple coils from external source (protocol-scada.rules) * 1:17786 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record from external source (protocol-scada.rules) * 1:17787 <-> DISABLED <-> PROTOCOL-SCADA Modbus read discrete inputs from external source (protocol-scada.rules) * 1:17788 <-> DISABLED <-> PROTOCOL-SCADA Modbus read coils from external source (protocol-scada.rules) * 1:17789 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input register from external source (protocol-scada.rules) * 1:17790 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding registers from external source (protocol-scada.rules) * 1:17791 <-> DISABLED <-> PROTOCOL-SCADA Modbus read/write multiple registers from external source (protocol-scada.rules) * 1:17792 <-> DISABLED <-> PROTOCOL-SCADA Modbus read fifo queue from external source (protocol-scada.rules) * 1:17793 <-> DISABLED <-> PROTOCOL-SCADA Modbus read file record from external source (protocol-scada.rules) * 1:17794 <-> DISABLED <-> PROTOCOL-SCADA Modbus read exception status from external source (protocol-scada.rules) * 1:17795 <-> DISABLED <-> PROTOCOL-SCADA Modbus initiate diagnostic from external source (protocol-scada.rules) * 1:17796 <-> DISABLED <-> PROTOCOL-SCADA Modbus get com event counter from external source (protocol-scada.rules) * 1:17797 <-> DISABLED <-> PROTOCOL-SCADA Modbus get com event log from external source (protocol-scada.rules) * 1:17798 <-> DISABLED <-> PROTOCOL-SCADA Modbus report slave id from external source (protocol-scada.rules) * 1:17799 <-> DISABLED <-> PROTOCOL-SCADA Modbus read device identification from external source (protocol-scada.rules) * 1:17800 <-> DISABLED <-> PROTOCOL-SCADA Modbus mask write register from external source (protocol-scada.rules) * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules) * 1:17810 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of server32.exe (indicator-compromise.rules) * 1:17812 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of iexplore.exe (indicator-compromise.rules) * 1:17813 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of iprinp.dll (indicator-compromise.rules) * 1:17814 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of winzf32.dll (indicator-compromise.rules) * 1:17817 <-> DISABLED <-> SERVER-OTHER Thinkpoint fake antivirus binary download (server-other.rules) * 1:17918 <-> DISABLED <-> POLICY-SPAM aaof.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17919 <-> DISABLED <-> POLICY-SPAM akiq.onlinetommie54y.ru known spam email attempt (policy-spam.rules) * 1:17920 <-> DISABLED <-> POLICY-SPAM aobuii.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17921 <-> DISABLED <-> POLICY-SPAM argue.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:17922 <-> DISABLED <-> POLICY-SPAM ava.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17923 <-> DISABLED <-> POLICY-SPAM axoseb.medicdrugsxck.ru known spam email attempt (policy-spam.rules) * 1:17924 <-> DISABLED <-> POLICY-SPAM azo.onlinetommie54y.ru known spam email attempt (policy-spam.rules) * 1:17925 <-> DISABLED <-> POLICY-SPAM back.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:17926 <-> DISABLED <-> POLICY-SPAM by.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:17927 <-> DISABLED <-> POLICY-SPAM cardinals.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:17928 <-> DISABLED <-> POLICY-SPAM chemist.onlineruggiero33q.ru known spam email attempt (policy-spam.rules) * 1:17929 <-> DISABLED <-> POLICY-SPAM chula.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:17930 <-> DISABLED <-> POLICY-SPAM classification.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17931 <-> DISABLED <-> POLICY-SPAM compensate.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:17932 <-> DISABLED <-> POLICY-SPAM cswjlxey.ru known spam email attempt (policy-spam.rules) * 1:17933 <-> DISABLED <-> POLICY-SPAM current.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17934 <-> DISABLED <-> POLICY-SPAM cyacaz.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17935 <-> DISABLED <-> POLICY-SPAM deepcenter.ru known spam email attempt (policy-spam.rules) * 1:17936 <-> DISABLED <-> POLICY-SPAM delegate.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17937 <-> DISABLED <-> POLICY-SPAM diet.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:17938 <-> DISABLED <-> POLICY-SPAM direct.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17939 <-> DISABLED <-> POLICY-SPAM divyo.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:17940 <-> DISABLED <-> POLICY-SPAM drugsgeorge65g.ru known spam email attempt (policy-spam.rules) * 1:17941 <-> DISABLED <-> POLICY-SPAM dux.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17942 <-> DISABLED <-> POLICY-SPAM dypoh.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:17943 <-> DISABLED <-> POLICY-SPAM eaihar.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17944 <-> DISABLED <-> POLICY-SPAM eeez.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:17945 <-> DISABLED <-> POLICY-SPAM egi.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17946 <-> DISABLED <-> POLICY-SPAM ehyw.cumedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:17947 <-> DISABLED <-> POLICY-SPAM eka.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:17948 <-> DISABLED <-> POLICY-SPAM election.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17949 <-> DISABLED <-> POLICY-SPAM elik.drugslevy46b.ru known spam email attempt (policy-spam.rules) * 1:17950 <-> DISABLED <-> POLICY-SPAM epeno.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17951 <-> DISABLED <-> POLICY-SPAM erectgodart30s.ru known spam email attempt (policy-spam.rules) * 1:17952 <-> DISABLED <-> POLICY-SPAM erol.camedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:17953 <-> DISABLED <-> POLICY-SPAM exa.drugslevy46b.ru known spam email attempt (policy-spam.rules) * 1:17954 <-> DISABLED <-> POLICY-SPAM eyu.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:17955 <-> DISABLED <-> POLICY-SPAM fashionchannel.ru known spam email attempt (policy-spam.rules) * 1:17956 <-> DISABLED <-> POLICY-SPAM fauxy.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:17957 <-> DISABLED <-> POLICY-SPAM food.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17958 <-> DISABLED <-> POLICY-SPAM generality.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:17959 <-> DISABLED <-> POLICY-SPAM goyry.ramedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:17960 <-> DISABLED <-> POLICY-SPAM gueepa.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17961 <-> DISABLED <-> POLICY-SPAM has.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17962 <-> DISABLED <-> POLICY-SPAM have.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:17963 <-> DISABLED <-> POLICY-SPAM headtest.ru known spam email attempt (policy-spam.rules) * 1:17964 <-> DISABLED <-> POLICY-SPAM huhuh.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17965 <-> DISABLED <-> POLICY-SPAM hyem.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17966 <-> DISABLED <-> POLICY-SPAM icysa.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17967 <-> DISABLED <-> POLICY-SPAM iiy.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17968 <-> DISABLED <-> POLICY-SPAM iki.onlinetommie54y.ru known spam email attempt (policy-spam.rules) * 1:17969 <-> DISABLED <-> POLICY-SPAM iner.medicdrugsxdl.ru known spam email attempt (policy-spam.rules) * 1:17970 <-> DISABLED <-> POLICY-SPAM in.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:17971 <-> DISABLED <-> POLICY-SPAM intelpost.ru known spam email attempt (policy-spam.rules) * 1:17972 <-> DISABLED <-> POLICY-SPAM inunuw.medicdrugsxpo.ru known spam email attempt (policy-spam.rules) * 1:17973 <-> DISABLED <-> POLICY-SPAM ipiig.drugslevy46b.ru known spam email attempt (policy-spam.rules) * 1:17974 <-> DISABLED <-> POLICY-SPAM iqor.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17975 <-> DISABLED <-> POLICY-SPAM is.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:17976 <-> DISABLED <-> POLICY-SPAM itaca.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17977 <-> DISABLED <-> POLICY-SPAM ive.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17978 <-> DISABLED <-> POLICY-SPAM iweqyz.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:17979 <-> DISABLED <-> POLICY-SPAM iycyde.medicdrugsxco.ru known spam email attempt (policy-spam.rules) * 1:17980 <-> DISABLED <-> POLICY-SPAM iyw.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17981 <-> DISABLED <-> POLICY-SPAM jaecoh.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17982 <-> DISABLED <-> POLICY-SPAM jael.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:17983 <-> DISABLED <-> POLICY-SPAM jex.remedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:17984 <-> DISABLED <-> POLICY-SPAM john.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:17985 <-> DISABLED <-> POLICY-SPAM joseph.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17986 <-> DISABLED <-> POLICY-SPAM jyn.medicdrugsxdl.ru known spam email attempt (policy-spam.rules) * 1:17987 <-> DISABLED <-> POLICY-SPAM jyzyv.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17988 <-> DISABLED <-> POLICY-SPAM koosaf.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17989 <-> DISABLED <-> POLICY-SPAM lybah.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17990 <-> DISABLED <-> POLICY-SPAM manila.onlinephilbert42f.ru known spam email attempt (policy-spam.rules) * 1:17991 <-> DISABLED <-> POLICY-SPAM masa.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:17992 <-> DISABLED <-> POLICY-SPAM medpenny17j.ru known spam email attempt (policy-spam.rules) * 1:17993 <-> DISABLED <-> POLICY-SPAM minionspre.ru known spam email attempt (policy-spam.rules) * 1:17994 <-> DISABLED <-> POLICY-SPAM nazuwu.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17995 <-> DISABLED <-> POLICY-SPAM negotiations.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:17996 <-> DISABLED <-> POLICY-SPAM niqiv.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:17997 <-> DISABLED <-> POLICY-SPAM odimys.medicdrugsxlb.ru known spam email attempt (policy-spam.rules) * 1:17998 <-> DISABLED <-> POLICY-SPAM odoog.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17999 <-> DISABLED <-> POLICY-SPAM oekaka.aimedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:18000 <-> DISABLED <-> POLICY-SPAM oeqio.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:18001 <-> DISABLED <-> POLICY-SPAM of.onlinephilbert42f.ru known spam email attempt (policy-spam.rules) * 1:18002 <-> DISABLED <-> POLICY-SPAM of.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:18003 <-> DISABLED <-> POLICY-SPAM of.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:18004 <-> DISABLED <-> POLICY-SPAM oipek.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18005 <-> DISABLED <-> POLICY-SPAM oji.medicdrugsxto.ru known spam email attempt (policy-spam.rules) * 1:18006 <-> DISABLED <-> POLICY-SPAM onotye.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:18007 <-> DISABLED <-> POLICY-SPAM opy.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:18008 <-> DISABLED <-> POLICY-SPAM orderbuzz.ru known spam email attempt (policy-spam.rules) * 1:18009 <-> DISABLED <-> POLICY-SPAM ouu.almedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:18010 <-> DISABLED <-> POLICY-SPAM oxuc.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18011 <-> DISABLED <-> POLICY-SPAM pillrolfe64l.ru known spam email attempt (policy-spam.rules) * 1:18012 <-> DISABLED <-> POLICY-SPAM recently.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:18013 <-> DISABLED <-> POLICY-SPAM records.onlinephilbert42f.ru known spam email attempt (policy-spam.rules) * 1:18014 <-> DISABLED <-> POLICY-SPAM reobaj.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18015 <-> DISABLED <-> POLICY-SPAM research.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:18016 <-> DISABLED <-> POLICY-SPAM returning.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:18017 <-> DISABLED <-> POLICY-SPAM right.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:18018 <-> DISABLED <-> POLICY-SPAM riwaro.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:18019 <-> DISABLED <-> POLICY-SPAM ruuav.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:18020 <-> DISABLED <-> POLICY-SPAM ryhux.medicdrugsxpa.ru known spam email attempt (policy-spam.rules) * 1:18021 <-> DISABLED <-> POLICY-SPAM software-buyshop-7.ru known spam email attempt (policy-spam.rules) * 1:18022 <-> DISABLED <-> POLICY-SPAM specialyou.ru known spam email attempt (policy-spam.rules) * 1:18023 <-> DISABLED <-> POLICY-SPAM starring.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:18024 <-> DISABLED <-> POLICY-SPAM store-softwarebuy-7.ru known spam email attempt (policy-spam.rules) * 1:18025 <-> DISABLED <-> POLICY-SPAM sya.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18026 <-> DISABLED <-> POLICY-SPAM tabdarin80s.ru known spam email attempt (policy-spam.rules) * 1:18027 <-> DISABLED <-> POLICY-SPAM tabgordan13n.ru known spam email attempt (policy-spam.rules) * 1:18028 <-> DISABLED <-> POLICY-SPAM tablangston19a.ru known spam email attempt (policy-spam.rules) * 1:18029 <-> DISABLED <-> POLICY-SPAM tabwebster77c.ru known spam email attempt (policy-spam.rules) * 1:18030 <-> DISABLED <-> POLICY-SPAM tanuen.dimedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:18031 <-> DISABLED <-> POLICY-SPAM the.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:18032 <-> DISABLED <-> POLICY-SPAM the.onlineruggiero33q.ru known spam email attempt (policy-spam.rules) * 1:18033 <-> DISABLED <-> POLICY-SPAM to.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:18034 <-> DISABLED <-> POLICY-SPAM trails.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:18035 <-> DISABLED <-> POLICY-SPAM trusting-me.ru known spam email attempt (policy-spam.rules) * 1:18036 <-> DISABLED <-> POLICY-SPAM twodays.ru known spam email attempt (policy-spam.rules) * 1:18037 <-> DISABLED <-> POLICY-SPAM tyqaja.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:18038 <-> DISABLED <-> POLICY-SPAM uboi.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18039 <-> DISABLED <-> POLICY-SPAM uf.drugslevy46b.ru known spam email attempt (policy-spam.rules) * 1:18040 <-> DISABLED <-> POLICY-SPAM uielij.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18041 <-> DISABLED <-> POLICY-SPAM unasu.medicdrugsxto.ru known spam email attempt (policy-spam.rules) * 1:18042 <-> DISABLED <-> POLICY-SPAM upazo.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:18043 <-> DISABLED <-> POLICY-SPAM utuqaj.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18044 <-> DISABLED <-> POLICY-SPAM uuji.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:18045 <-> DISABLED <-> POLICY-SPAM variation.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:18046 <-> DISABLED <-> POLICY-SPAM via.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:18047 <-> DISABLED <-> POLICY-SPAM voiceless.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:18048 <-> DISABLED <-> POLICY-SPAM was.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:18049 <-> DISABLED <-> POLICY-SPAM word.onlinephilbert42f.ru known spam email attempt (policy-spam.rules) * 1:18050 <-> DISABLED <-> POLICY-SPAM world.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:18051 <-> DISABLED <-> POLICY-SPAM www.buhni.ru known spam email attempt (policy-spam.rules) * 1:18052 <-> DISABLED <-> POLICY-SPAM www.visitcover.ru known spam email attempt (policy-spam.rules) * 1:18053 <-> DISABLED <-> POLICY-SPAM xob.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:18054 <-> DISABLED <-> POLICY-SPAM ygy.onlinetommie54y.ru known spam email attempt (policy-spam.rules) * 1:18055 <-> DISABLED <-> POLICY-SPAM yit.medicdrugsxor.ru known spam email attempt (policy-spam.rules) * 1:18056 <-> DISABLED <-> POLICY-SPAM ylum.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:18057 <-> DISABLED <-> POLICY-SPAM ymyuto.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:18058 <-> DISABLED <-> POLICY-SPAM yomy.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18059 <-> DISABLED <-> POLICY-SPAM yzugez.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18060 <-> DISABLED <-> POLICY-SPAM zeroprices.ru known spam email attempt (policy-spam.rules) * 1:18061 <-> DISABLED <-> POLICY-SPAM zueuz.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18070 <-> DISABLED <-> FILE-OFFICE Microsoft Office pptimpconv.dll dll-load exploit attempt (file-office.rules) * 1:18071 <-> DISABLED <-> FILE-OFFICE Microsoft Office pptimpconv.dll dll-load exploit attempt (file-office.rules) * 1:18072 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG external redirect attempt (os-windows.rules) * 1:18073 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG arbitrary embedded scripting attempt (os-windows.rules) * 1:18074 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Forefront UAG URL XSS attempt (os-windows.rules) * 1:18077 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules) * 1:18078 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules) * 1:18096 <-> DISABLED <-> SERVER-APACHE Apache Tomcat username enumeration attempt (server-apache.rules) * 1:18132 <-> DISABLED <-> INDICATOR-OBFUSCATION malware-associated JavaScript obfuscation function (indicator-obfuscation.rules) * 1:18170 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox and SeaMonkey onUnload event handler memory corruption attempt (browser-firefox.rules) * 1:18176 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (browser-firefox.rules) * 1:18177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (browser-firefox.rules) * 1:18178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (browser-firefox.rules) * 1:18179 <-> DISABLED <-> INDICATOR-SCAN Proxyfire.net anonymous proxy scan (indicator-scan.rules) * 1:18180 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript remote code execution attempt (file-flash.rules) * 1:18181 <-> DISABLED <-> PROTOCOL-FTP ProFTPd 1.3.3c backdoor activity (protocol-ftp.rules) * 1:18182 <-> DISABLED <-> PROTOCOL-FTP ProFTPd 1.3.3c backdoor help access attempt (protocol-ftp.rules) * 1:18186 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products -moz-grid and -moz-grid-group display styles code execution attempt (browser-firefox.rules) * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules) * 1:18188 <-> DISABLED <-> BROWSER-FIREFOX Multiple browser marquee tag denial of service attempt (browser-firefox.rules) * 1:18195 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt (os-windows.rules) * 1:18202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Address Book smmscrpt.dll malicious DLL load (os-windows.rules) * 1:18203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Address Book smmscrpt.dll malicious DLL load (os-windows.rules) * 1:18208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet peerdist.dll dll-load exploit attempt (os-windows.rules) * 1:18209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet peerdist.dll dll-load exploit attempt (os-windows.rules) * 1:18210 <-> DISABLED <-> OS-WINDOWS Microsoft Movie Maker hhctrl.ocx dll-load attempt (os-windows.rules) * 1:18211 <-> DISABLED <-> OS-WINDOWS Microsoft Movie Maker hhctrl.ocx dll-load attempt (os-windows.rules) * 1:18213 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher column and row remote code execution attempt (file-office.rules) * 1:18214 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 97 conversion remote code execution attempt (file-office.rules) * 1:18215 <-> DISABLED <-> OS-WINDOWS NETAPI RPC interface reboot attempt (os-windows.rules) * 1:18220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malformed character glyph remote code execution attempt (os-windows.rules) * 1:18222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (os-windows.rules) * 1:18224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (os-windows.rules) * 1:18227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18229 <-> DISABLED <-> FILE-IMAGE Microsoft FlashPix tile length overflow attempt (file-image.rules) * 1:18230 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules) * 1:18231 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher oversized oti length attempt (file-office.rules) * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:18236 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFFIM32.FLT filter memory corruption attempt (file-office.rules) * 1:18246 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Fax Services Cover Page Editor overflow attempt (os-windows.rules) * 1:18249 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Route Information stack buffer overflow attempt (protocol-icmp.rules) * 1:18261 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript engine String.toSource memory corruption attempt (browser-firefox.rules) * 1:18262 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript engine function arguments memory corruption attempt (browser-firefox.rules) * 1:18263 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript deleted frame or window reference attempt (browser-firefox.rules) * 1:18264 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript deleted frame or window reference attempt (browser-firefox.rules) * 1:18266 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:18267 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:18273 <-> ENABLED <-> FILE-IDENTIFY BAT file download request (file-identify.rules) * 1:18274 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules) * 1:18276 <-> DISABLED <-> FILE-OTHER Microsoft Data Access Components library attempt (file-other.rules) * 1:18286 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products element style change memory corruption code execution attempt (browser-firefox.rules) * 1:18298 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript large regex memory corruption attempt (browser-firefox.rules) * 1:18301 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox GeckoActiveXObject memory corruption attempt (browser-firefox.rules) * 1:18302 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox new function garbage collection remote code execution attempt (browser-firefox.rules) * 1:18312 <-> DISABLED <-> SERVER-OTHER Subversion 1.0.2 get-dated-rev buffer overflow attempt (server-other.rules) * 1:18315 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrValidateName2 overflow attempt (os-windows.rules) * 1:18320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt (os-windows.rules) * 1:18326 <-> DISABLED <-> PROTOCOL-FTP ProFTPD mod_site_misc module directory traversal attempt (protocol-ftp.rules) * 1:18327 <-> DISABLED <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt (protocol-scada.rules) * 1:18332 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JS Web Worker arbitrary code execution attempt (browser-firefox.rules) * 1:18396 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hypervisor OS-WINDOWS vfd download attempt (os-windows.rules) * 1:18397 <-> DISABLED <-> SERVER-OTHER HP DDMI Agent spoofing - command execution (server-other.rules) * 1:18400 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CRSS local process allowed to persist through logon or logoff attempt (os-windows.rules) * 1:18405 <-> ENABLED <-> OS-WINDOWS Microsoft Windows LSASS domain name buffer overflow attempt (os-windows.rules) * 1:18406 <-> DISABLED <-> FILE-OTHER Microsoft Windows Server 2003 update service principal name spn dos executable attempt (file-other.rules) * 1:18407 <-> DISABLED <-> FILE-OTHER Microsoft Windows Server 2003 update service principal name spn dos attempt (file-other.rules) * 1:18408 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WMI tracing api integer truncation attempt (os-windows.rules) * 1:18409 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys write message to dead thread code execution attempt (os-windows.rules) * 1:18410 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys write message to dead thread code execution attempt (os-windows.rules) * 1:18411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules) * 1:18412 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules) * 1:18413 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WMI tracing api integer truncation attempt (os-windows.rules) * 1:18414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos auth downgrade to DES MITM attempt (os-windows.rules) * 1:18415 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio deserialization double free attempt (file-office.rules) * 1:18418 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript apply function memory corruption attempt (file-flash.rules) * 1:18419 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader field flags exploit attempt (file-pdf.rules) * 1:18420 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript ASnative function remote code execution attempt (file-flash.rules) * 1:18421 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript beginGradientFill memory corruption attempt (file-flash.rules) * 1:18426 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin sqlite.dll dll-load exploit attempt (file-other.rules) * 1:18431 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin sqlite.dll dll-load exploit attempt (file-pdf.rules) * 1:18432 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader d3dref9.dll dll-load exploit attempt (file-pdf.rules) * 1:18433 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader d3dref9.dll dll-load exploit attempt (file-other.rules) * 1:18434 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin ace.dll dll-load exploit attempt (file-other.rules) * 1:18435 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin agm.dll dll-load exploit attempt (file-other.rules) * 1:18436 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin bibutils.dll dll-load exploit attempt (file-other.rules) * 1:18437 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin cooltype.dll dll-load exploit attempt (file-other.rules) * 1:18438 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin cryptocme2.dll dll-load exploit attempt (file-other.rules) * 1:18439 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin ace.dll dll-load exploit attempt (file-pdf.rules) * 1:18440 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin agm.dll dll-load exploit attempt (file-pdf.rules) * 1:18441 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin bibutils.dll dll-load exploit attempt (file-pdf.rules) * 1:18442 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin cooltype.dll dll-load exploit attempt (file-pdf.rules) * 1:18443 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin cryptocme2.dll dll-load exploit attempt (file-pdf.rules) * 1:18444 <-> DISABLED <-> FILE-FLASH Adobe Flash Player forged atom type attempt (file-flash.rules) * 1:18445 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player nvapi.dll dll-load exploit attempt (file-flash.rules) * 1:18446 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player nvapi.dll dll-load exploit attempt (file-flash.rules) * 1:18447 <-> DISABLED <-> FILE-FLASH Adobe OpenAction crafted URI action thru Firefox attempt (file-flash.rules) * 1:18449 <-> DISABLED <-> FILE-OTHER Adobe Acrobat font definition memory corruption attempt (file-other.rules) * 1:18452 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:18455 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed jpeg2000 superbox attempt (file-pdf.rules) * 1:18456 <-> DISABLED <-> FILE-PDF Adobe Acrobat XML entity escape attempt (file-pdf.rules) * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules) * 1:18473 <-> DISABLED <-> PROTOCOL-ICMP ICMPv6 Echo Reply (protocol-icmp.rules) * 1:18474 <-> DISABLED <-> PROTOCOL-ICMP ICMPv6 Echo Request (protocol-icmp.rules) * 1:18477 <-> DISABLED <-> SERVER-MAIL Lotus Notes MIF viewer statement data overflow 2 (server-mail.rules) * 1:18485 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript handler race condition memory corruption attempt (browser-firefox.rules) * 1:18486 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript handler race condition memory corruption attempt (browser-firefox.rules) * 1:18488 <-> DISABLED <-> FILE-OTHER Adobe Photoshop wintab32.dll dll-load exploit attempt (file-other.rules) * 1:18489 <-> DISABLED <-> FILE-OTHER Adobe Photoshop request for wintab32.dll over SMB attempt (file-other.rules) * 1:18493 <-> DISABLED <-> INDICATOR-OBFUSCATION generic PHP code obfuscation attempt (indicator-obfuscation.rules) * 1:18501 <-> DISABLED <-> OS-WINDOWS Microsoft Malware Protection Engine elevation of privilege attempt (os-windows.rules) * 1:18502 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Actionlf out of range negative offset attempt (file-flash.rules) * 1:18503 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript flash.geom.Point constructor memory corruption attempt (file-flash.rules) * 1:18504 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionConstantPool overflow attempt (file-flash.rules) * 1:18505 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionPush overflow attempt (file-flash.rules) * 1:18508 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit ParentStyleSheet exploit attempt (browser-webkit.rules) * 1:18509 <-> DISABLED <-> SERVER-OTHER PeerCast format string exploit attempt (server-other.rules) * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:18529 <-> DISABLED <-> FILE-OTHER Adobe Premiere Pro ibfs32.dll dll-load exploit attempt (file-other.rules) * 1:18530 <-> DISABLED <-> FILE-OTHER Adobe Premier Pro ibfs32.dll dll-load exploit attempt (file-other.rules) * 1:18550 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint with embedded Flash file attachment (file-office.rules) * 1:18565 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for mail.google.com detected (indicator-compromise.rules) * 1:18566 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for www.google.com detected (indicator-compromise.rules) * 1:18567 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (indicator-compromise.rules) * 1:18568 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (indicator-compromise.rules) * 1:18569 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (indicator-compromise.rules) * 1:18570 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.skype.com detected (indicator-compromise.rules) * 1:18571 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for addons.mozilla.org detected (indicator-compromise.rules) * 1:18572 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.live.com detected (indicator-compromise.rules) * 1:18573 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for global trustee detected (indicator-compromise.rules) * 1:18576 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate from usertrust.com detected (indicator-compromise.rules) * 1:18580 <-> DISABLED <-> PROTOCOL-FTP ACCT overflow attempt (protocol-ftp.rules) * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules) * 1:18598 <-> DISABLED <-> SERVER-OTHER GoodTech SSH Server SFTP Processing Buffer Overflow (server-other.rules) * 1:18604 <-> DISABLED <-> MALWARE-OTHER lizamoon script injection (malware-other.rules) * 1:18605 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService path overflow attempt (protocol-scada.rules) * 1:18606 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService file access attempt (protocol-scada.rules) * 1:18607 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService file information access attempt (protocol-scada.rules) * 1:18608 <-> DISABLED <-> APP-DETECT Dropbox desktop software in use (app-detect.rules) * 1:18609 <-> DISABLED <-> APP-DETECT Dropbox desktop software in use (app-detect.rules) * 1:18610 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink vrn.exe opcode 9 or 10 string parsing overflow attempt (protocol-scada.rules) * 1:18614 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink vrn.exe file access attempt (protocol-scada.rules) * 1:18617 <-> DISABLED <-> SERVER-OTHER Tecnomatix FactoryLink CSService null pointer attempt (server-other.rules) * 1:18619 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc40.dll dll-load exploit attempt (os-windows.rules) * 1:18620 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc42.dll dll-load exploit attempt (os-windows.rules) * 1:18621 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc80.dll dll-load exploit attempt (os-windows.rules) * 1:18622 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc90.dll dll-load exploit attempt (os-windows.rules) * 1:18623 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc100.dll dll-load exploit attempt (os-windows.rules) * 1:18624 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET framework optimizer escalation attempt (os-windows.rules) * 1:18625 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc40.dll dll-load exploit attempt (os-windows.rules) * 1:18626 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc42.dll dll-load exploit attempt (os-windows.rules) * 1:18627 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc80.dll dll-load exploit attempt (os-windows.rules) * 1:18628 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc90.dll dll-load exploit attempt (os-windows.rules) * 1:18629 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc100.dll dll-load exploit attempt (os-windows.rules) * 1:18631 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:18633 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules) * 1:18634 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Workspace file FontCount record memory corruption attempt (file-office.rules) * 1:18636 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint SlideAtom record exploit attempt (file-office.rules) * 1:18637 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint OfficeArt atom memory corruption attempt (file-office.rules) * 1:18641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record invalid cmo.ot exploit attempt (file-office.rules) * 1:18642 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules) * 1:18644 <-> DISABLED <-> FILE-OTHER Microsoft Windows OpenType Fonts CompactFontFormat FontMatrix tranform memory corruption attempt (file-other.rules) * 1:18645 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ arbitrary code execution attempt (file-image.rules) * 1:18652 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template operation overflow attempt (protocol-scada.rules) * 1:18658 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CONNECT_FCS_LOGIN overflow attempt (protocol-scada.rules) * 1:18660 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 write packet buffer overflow attempt (os-windows.rules) * 1:18661 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18662 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18663 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18664 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18666 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18667 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:18684 <-> DISABLED <-> FILE-PDF PDF file with embedded PDF object (file-pdf.rules) * 1:18685 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules) * 1:18691 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AFD.SYS null write attempt (os-windows.rules) * 1:18721 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1C84 integer overflow attempt (protocol-scada.rules) * 1:18722 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1C84 integer overflow attempt (protocol-scada.rules) * 1:18725 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 heap overflow attempt (protocol-scada.rules) * 1:18726 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B2 heap overflow attempt (protocol-scada.rules) * 1:18727 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 heap overflow attempt (protocol-scada.rules) * 1:18728 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DAE heap overflow attempt (protocol-scada.rules) * 1:18729 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBC heap overflow attempt (protocol-scada.rules) * 1:18730 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x089A integer overflow attempt (protocol-scada.rules) * 1:18731 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0453 integer overflow attempt (protocol-scada.rules) * 1:18732 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18733 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18734 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18735 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18736 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18737 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18738 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B2 integer overflow attempt (protocol-scada.rules) * 1:18744 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN vlc player subtitle buffer overflow attempt (file-multimedia.rules) * 1:18746 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CTAGLIST_FCS_XTAG overflow attempt (protocol-scada.rules) * 1:18747 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_BINFILE_FCS_xFILE overflow attempt (protocol-scada.rules) * 1:18748 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_MISC_FCS_MSGx overflow attempt (protocol-scada.rules) * 1:18749 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CTAGLIST_FCS_XTAG overflow attempt (protocol-scada.rules) * 1:18750 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_SCRIPT_FCS_STARTPROG overflow attempt (protocol-scada.rules) * 1:18752 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_INFOTAG_SET_CONTROL overflow attempt (protocol-scada.rules) * 1:18758 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Visual Basic script file download request (file-identify.rules) * 1:18763 <-> DISABLED <-> SERVER-OTHER ActFax Server LPD/LPR Remote Buffer Overflow (server-other.rules) * 1:18765 <-> DISABLED <-> SERVER-MAIL Majordomo2 smtp directory traversal attempt (server-mail.rules) * 1:18778 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 integer overflow attempt (protocol-scada.rules) * 1:18779 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 integer overflow attempt (protocol-scada.rules) * 1:18780 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x07D0 integer overflow attempt (protocol-scada.rules) * 1:18781 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x07D0 integer overflow attempt (protocol-scada.rules) * 1:18783 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DAE integer overflow attempt (protocol-scada.rules) * 1:18784 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DB0 integer overflow attempt (protocol-scada.rules) * 1:18785 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0FA4 integer overflow attempt (protocol-scada.rules) * 1:18786 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0FA7 integer overflow attempt (protocol-scada.rules) * 1:18787 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBC integer overflow attempt (protocol-scada.rules) * 1:18788 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBD integer overflow attempt (protocol-scada.rules) * 1:18789 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x26AC integer overflow attempt (protocol-scada.rules) * 1:18805 <-> DISABLED <-> FILE-FLASH Adobe Flash Player undefined tag exploit attempt (file-flash.rules) * 1:18811 <-> DISABLED <-> FILE-IDENTIFY .ade attachment file type blocked by Outlook detected (file-identify.rules) * 1:18812 <-> DISABLED <-> FILE-IDENTIFY .adp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18813 <-> DISABLED <-> FILE-IDENTIFY .app attachment file type blocked by Outlook detected (file-identify.rules) * 1:18814 <-> DISABLED <-> FILE-IDENTIFY .asp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18815 <-> DISABLED <-> FILE-IDENTIFY .bas attachment file type blocked by Outlook detected (file-identify.rules) * 1:18816 <-> DISABLED <-> FILE-IDENTIFY .bat attachment file type blocked by Outlook detected (file-identify.rules) * 1:18817 <-> DISABLED <-> FILE-IDENTIFY .cer attachment file type blocked by Outlook detected (file-identify.rules) * 1:18818 <-> DISABLED <-> FILE-IDENTIFY .chm attachment file type blocked by Outlook detected (file-identify.rules) * 1:18819 <-> DISABLED <-> FILE-IDENTIFY .cmd attachment file type blocked by Outlook detected (file-identify.rules) * 1:18820 <-> DISABLED <-> FILE-IDENTIFY .cnt attachment file type blocked by Outlook detected (file-identify.rules) * 1:18821 <-> DISABLED <-> FILE-IDENTIFY .com attachment file type blocked by Outlook detected (file-identify.rules) * 1:18822 <-> DISABLED <-> FILE-IDENTIFY .cpl attachment file type blocked by Outlook detected (file-identify.rules) * 1:18823 <-> DISABLED <-> FILE-IDENTIFY .crt attachment file type blocked by Outlook detected (file-identify.rules) * 1:18824 <-> DISABLED <-> FILE-IDENTIFY .csh attachment file type blocked by Outlook detected (file-identify.rules) * 1:18825 <-> DISABLED <-> FILE-IDENTIFY .der attachment file type blocked by Outlook detected (file-identify.rules) * 1:18826 <-> DISABLED <-> FILE-IDENTIFY .exe attachment file type blocked by Outlook detected (file-identify.rules) * 1:18827 <-> DISABLED <-> FILE-IDENTIFY .fxp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18828 <-> DISABLED <-> FILE-IDENTIFY .gadget attachment file type blocked by Outlook detected (file-identify.rules) * 1:18829 <-> DISABLED <-> FILE-IDENTIFY .hlp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18830 <-> DISABLED <-> FILE-IDENTIFY .hpj attachment file type blocked by Outlook detected (file-identify.rules) * 1:18831 <-> DISABLED <-> FILE-IDENTIFY .hta attachment file type blocked by Outlook detected (file-identify.rules) * 1:18832 <-> DISABLED <-> FILE-IDENTIFY .inf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18833 <-> DISABLED <-> FILE-IDENTIFY .ins attachment file type blocked by Outlook detected (file-identify.rules) * 1:18834 <-> DISABLED <-> FILE-IDENTIFY .isp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18835 <-> DISABLED <-> FILE-IDENTIFY .its attachment file type blocked by Outlook detected (file-identify.rules) * 1:18836 <-> DISABLED <-> FILE-IDENTIFY .js attachment file type blocked by Outlook detected (file-identify.rules) * 1:18837 <-> DISABLED <-> FILE-IDENTIFY .jse attachment file type blocked by Outlook detected (file-identify.rules) * 1:18838 <-> DISABLED <-> FILE-IDENTIFY .ksh attachment file type blocked by Outlook detected (file-identify.rules) * 1:18839 <-> DISABLED <-> FILE-IDENTIFY .lnk attachment file type blocked by Outlook detected (file-identify.rules) * 1:18840 <-> DISABLED <-> FILE-IDENTIFY .mad attachment file type blocked by Outlook detected (file-identify.rules) * 1:18841 <-> DISABLED <-> FILE-IDENTIFY .maf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18842 <-> DISABLED <-> FILE-IDENTIFY .mag attachment file type blocked by Outlook detected (file-identify.rules) * 1:18843 <-> DISABLED <-> FILE-IDENTIFY .mam attachment file type blocked by Outlook detected (file-identify.rules) * 1:18844 <-> DISABLED <-> FILE-IDENTIFY .maq attachment file type blocked by Outlook detected (file-identify.rules) * 1:18845 <-> DISABLED <-> FILE-IDENTIFY .mar attachment file type blocked by Outlook detected (file-identify.rules) * 1:18846 <-> DISABLED <-> FILE-IDENTIFY .mas attachment file type blocked by Outlook detected (file-identify.rules) * 1:18847 <-> DISABLED <-> FILE-IDENTIFY .mat attachment file type blocked by Outlook detected (file-identify.rules) * 1:18848 <-> DISABLED <-> FILE-IDENTIFY .mau attachment file type blocked by Outlook detected (file-identify.rules) * 1:18849 <-> DISABLED <-> FILE-IDENTIFY .mav attachment file type blocked by Outlook detected (file-identify.rules) * 1:18850 <-> DISABLED <-> FILE-IDENTIFY .maw attachment file type blocked by Outlook detected (file-identify.rules) * 1:18851 <-> DISABLED <-> FILE-IDENTIFY .mda attachment file type blocked by Outlook detected (file-identify.rules) * 1:18852 <-> DISABLED <-> FILE-IDENTIFY .mdb attachment file type blocked by Outlook detected (file-identify.rules) * 1:18853 <-> DISABLED <-> FILE-IDENTIFY .mde attachment file type blocked by Outlook detected (file-identify.rules) * 1:18854 <-> DISABLED <-> FILE-IDENTIFY .mdt attachment file type blocked by Outlook detected (file-identify.rules) * 1:18855 <-> DISABLED <-> FILE-IDENTIFY .mdw attachment file type blocked by Outlook detected (file-identify.rules) * 1:18856 <-> DISABLED <-> FILE-IDENTIFY .mdz attachment file type blocked by Outlook detected (file-identify.rules) * 1:18857 <-> DISABLED <-> FILE-IDENTIFY .msc attachment file type blocked by Outlook detected (file-identify.rules) * 1:18858 <-> DISABLED <-> FILE-IDENTIFY .msh attachment file type blocked by Outlook detected (file-identify.rules) * 1:18859 <-> DISABLED <-> FILE-IDENTIFY .msh1 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18860 <-> DISABLED <-> FILE-IDENTIFY .msh2 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18861 <-> DISABLED <-> FILE-IDENTIFY .mshxml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18862 <-> DISABLED <-> FILE-IDENTIFY .msh1xml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18863 <-> DISABLED <-> FILE-IDENTIFY .msh2xml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18864 <-> DISABLED <-> FILE-IDENTIFY .msi attachment file type blocked by Outlook detected (file-identify.rules) * 1:18865 <-> DISABLED <-> FILE-IDENTIFY .msp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18866 <-> DISABLED <-> FILE-IDENTIFY .mst attachment file type blocked by Outlook detected (file-identify.rules) * 1:18867 <-> DISABLED <-> FILE-IDENTIFY .ops attachment file type blocked by Outlook detected (file-identify.rules) * 1:18868 <-> DISABLED <-> FILE-IDENTIFY .osd attachment file type blocked by Outlook detected (file-identify.rules) * 1:18869 <-> DISABLED <-> FILE-IDENTIFY .pcd attachment file type blocked by Outlook detected (file-identify.rules) * 1:18870 <-> DISABLED <-> FILE-IDENTIFY .pif attachment file type blocked by Outlook detected (file-identify.rules) * 1:18871 <-> DISABLED <-> FILE-IDENTIFY .plg attachment file type blocked by Outlook detected (file-identify.rules) * 1:18872 <-> DISABLED <-> FILE-IDENTIFY .prf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18873 <-> DISABLED <-> FILE-IDENTIFY .prg attachment file type blocked by Outlook detected (file-identify.rules) * 1:18874 <-> DISABLED <-> FILE-IDENTIFY .pst attachment file type blocked by Outlook detected (file-identify.rules) * 1:18875 <-> DISABLED <-> FILE-IDENTIFY .reg attachment file type blocked by Outlook detected (file-identify.rules) * 1:18876 <-> DISABLED <-> FILE-IDENTIFY .scf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18877 <-> DISABLED <-> FILE-IDENTIFY .scr attachment file type blocked by Outlook detected (file-identify.rules) * 1:18878 <-> DISABLED <-> FILE-IDENTIFY .sct attachment file type blocked by Outlook detected (file-identify.rules) * 1:18879 <-> DISABLED <-> FILE-IDENTIFY .shb attachment file type blocked by Outlook detected (file-identify.rules) * 1:18880 <-> DISABLED <-> FILE-IDENTIFY .shs attachment file type blocked by Outlook detected (file-identify.rules) * 1:18881 <-> DISABLED <-> FILE-IDENTIFY .ps1 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18882 <-> DISABLED <-> FILE-IDENTIFY .ps1xml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18883 <-> DISABLED <-> FILE-IDENTIFY .ps2 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18884 <-> DISABLED <-> FILE-IDENTIFY .ps2xml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18885 <-> DISABLED <-> FILE-IDENTIFY .psc1 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18886 <-> DISABLED <-> FILE-IDENTIFY .psc2 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18887 <-> DISABLED <-> FILE-IDENTIFY .tmp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18888 <-> DISABLED <-> FILE-IDENTIFY .url attachment file type blocked by Outlook detected (file-identify.rules) * 1:18889 <-> DISABLED <-> FILE-IDENTIFY .vb attachment file type blocked by Outlook detected (file-identify.rules) * 1:18890 <-> DISABLED <-> FILE-IDENTIFY .vbe attachment file type blocked by Outlook detected (file-identify.rules) * 1:18891 <-> DISABLED <-> FILE-IDENTIFY .vbp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18892 <-> DISABLED <-> FILE-IDENTIFY .vbs attachment file type blocked by Outlook detected (file-identify.rules) * 1:18893 <-> DISABLED <-> FILE-IDENTIFY .vsmacros attachment file type blocked by Outlook detected (file-identify.rules) * 1:18894 <-> DISABLED <-> FILE-IDENTIFY .vsw attachment file type blocked by Outlook detected (file-identify.rules) * 1:18895 <-> DISABLED <-> FILE-IDENTIFY .ws attachment file type blocked by Outlook detected (file-identify.rules) * 1:18896 <-> DISABLED <-> FILE-IDENTIFY .wsc attachment file type blocked by Outlook detected (file-identify.rules) * 1:18897 <-> DISABLED <-> FILE-IDENTIFY .wsf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18898 <-> DISABLED <-> FILE-IDENTIFY .wsh attachment file type blocked by Outlook detected (file-identify.rules) * 1:18899 <-> DISABLED <-> FILE-IDENTIFY .xnk attachment file type blocked by Outlook detected (file-identify.rules) * 1:18931 <-> DISABLED <-> SERVER-APACHE Apache Struts OGNL parameter interception bypass command execution attempt (server-apache.rules) * 1:18933 <-> DISABLED <-> SERVER-OTHER SolarWinds TFTP Server Read request denial of service attempt (server-other.rules) * 1:18950 <-> DISABLED <-> OS-WINDOWS Microsoft WINS service oversize payload exploit attempt (os-windows.rules) * 1:18963 <-> DISABLED <-> FILE-FLASH Adobe ActionScript 3 addEventListener exploit attempt (file-flash.rules) * 1:18964 <-> DISABLED <-> FILE-FLASH Adobe Flash file DefineFont4 remote code execution attempt (file-flash.rules) * 1:18965 <-> DISABLED <-> FILE-FLASH Adobe Flash file ActionScript 2 ActionJump remote code execution attempt (file-flash.rules) * 1:18966 <-> DISABLED <-> FILE-FLASH Adobe Flash file DefineFont4 remote code execution attempt (file-flash.rules) * 1:18967 <-> DISABLED <-> FILE-FLASH Adobe ActionScript argumentCount download attempt (file-flash.rules) * 1:18968 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript3 stack integer overflow attempt (file-flash.rules) * 1:18969 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript ActionIf integer overflow attempt (file-flash.rules) * 1:18970 <-> DISABLED <-> FILE-FLASH Adobe Flash Player null pointer dereference attempt (file-flash.rules) * 1:18971 <-> DISABLED <-> FILE-FLASH Adobe Flash beginGradientfill improper color validation attempt (file-flash.rules) * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules) * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules) * 1:19015 <-> DISABLED <-> POLICY-SPAM visiopharm-3d.eu known spam email attempt (policy-spam.rules) * 1:19020 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cc dns query (indicator-compromise.rules) * 1:19026 <-> DISABLED <-> PUA-ADWARE Smart Protector outbound connection (pua-adware.rules) * 1:19043 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.BestBoan outbound connection (pua-adware.rules) * 1:19044 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.ThinkPoint outbound connection (pua-adware.rules) * 1:19046 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.Winwebsec outbound connection (pua-adware.rules) * 1:19059 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.SystemDefragmenter outbound connection (pua-adware.rules) * 1:19061 <-> DISABLED <-> PUA-ADWARE Adware.Win32.Cashtitan contact to server attempt (pua-adware.rules) * 1:19067 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19068 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19069 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19070 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19075 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript uuencoded eval statement (indicator-obfuscation.rules) * 1:19106 <-> DISABLED <-> MALWARE-OTHER Keylogger Ardamax keylogger runtime detection - http (malware-other.rules) * 1:19122 <-> DISABLED <-> POLICY-SPAM appledownload.com known spam email attempt (policy-spam.rules) * 1:19125 <-> DISABLED <-> PROTOCOL-DNS ISC BIND DNSSEC authority response record overflow attempt (protocol-dns.rules) * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:19135 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Buterat Checkin (malware-backdoor.rules) * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:19178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site request forgery attempt (file-flash.rules) * 1:19179 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site request forgery attempt (file-flash.rules) * 1:19185 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET ArraySegment escape exploit attempt (os-windows.rules) * 1:19188 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (os-windows.rules) * 1:19189 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans2 Distributed File System response PathConsumed integer overflow attempt (os-windows.rules) * 1:19190 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System GET_DFS_REFERRAL request (netbios.rules) * 1:19191 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 zero length write attempt (os-windows.rules) * 1:19199 <-> DISABLED <-> OS-WINDOWS Smb2Create_Finalize malformed EndOfFile field exploit attempt (os-windows.rules) * 1:19200 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff exploit attempt (file-office.rules) * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules) * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules) * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules) * 1:19229 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules) * 1:19230 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules) * 1:19231 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Series record exploit attempt (file-office.rules) * 1:19232 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel XF record exploit attempt (file-office.rules) * 1:19233 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Visual Studio DISCO file download request (file-identify.rules) * 1:19234 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio information disclosure attempt (os-windows.rules) * 1:19247 <-> DISABLED <-> FILE-IMAGE Adobe jpeg 2000 image exploit attempt (file-image.rules) * 1:19248 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D texture continuation integer overflow attempt (file-pdf.rules) * 1:19249 <-> DISABLED <-> FILE-FLASH Adobe Universal3D meshes.removeItem exploit attempt (file-flash.rules) * 1:19250 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D file include overflow attempt (file-pdf.rules) * 1:19251 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CIDFont dictionary glyph width corruption attempt (file-pdf.rules) * 1:19252 <-> ENABLED <-> FILE-IDENTIFY language.engtesselate.ln file download request (file-identify.rules) * 1:19253 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious language.engtesselate.ln file download attempt (file-pdf.rules) * 1:19254 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript in PDF go-to actions exploit attempt (file-pdf.rules) * 1:19255 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC ProfileDescriptionTag overflow attempt (file-pdf.rules) * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:19261 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF8 invalid Selection.cref exploit attempt (file-office.rules) * 1:19289 <-> ENABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules) * 1:19297 <-> ENABLED <-> SERVER-OTHER sidename.js script injection (server-other.rules) * 1:19298 <-> ENABLED <-> SERVER-OTHER cssminibar.js script injection (server-other.rules) * 1:19299 <-> ENABLED <-> SERVER-OTHER banner.txt access - possible compromised multi-mesh injection server (server-other.rules) * 1:19300 <-> DISABLED <-> FILE-OTHER probable multi-mesh injection attack (file-other.rules) * 1:19301 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules) * 1:19302 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules) * 1:19309 <-> DISABLED <-> PUA-ADWARE hijacker starware videos outbound connection (pua-adware.rules) * 1:19311 <-> DISABLED <-> PUA-ADWARE Keylogger aspy v2.12 runtime detection (pua-adware.rules) * 1:19318 <-> DISABLED <-> MALWARE-OTHER Dos.Tool.LOIC UDP default U dun goofed attack (malware-other.rules) * 1:19319 <-> DISABLED <-> MALWARE-OTHER Dos.Tool.LOIC TCP default U dun goofed attack (malware-other.rules) * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:19324 <-> ENABLED <-> MALWARE-OTHER Keylogger WL-Keylogger inbound connection (malware-other.rules) * 1:19325 <-> DISABLED <-> MALWARE-OTHER Keylogger WL-Keylogger outbound connection (malware-other.rules) * 1:19326 <-> ENABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules) * 1:19327 <-> DISABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules) * 1:19333 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules) * 1:19334 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules) * 1:19335 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules) * 1:19336 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules) * 1:19337 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules) * 1:19338 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules) * 1:19354 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Agent.bhxn variant outbound connection (malware-backdoor.rules) * 1:19362 <-> DISABLED <-> MALWARE-OTHER generic IRC botnet connection (malware-other.rules) * 1:19364 <-> DISABLED <-> PROTOCOL-VOIP Time Stop header invalid value (protocol-voip.rules) * 1:19365 <-> DISABLED <-> PROTOCOL-VOIP Time Stop Header invalid value (protocol-voip.rules) * 1:19373 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules) * 1:19374 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules) * 1:19375 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules) * 1:19376 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules) * 1:19377 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules) * 1:19378 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules) * 1:19379 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules) * 1:19380 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules) * 1:19381 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules) * 1:19382 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules) * 1:19383 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules) * 1:19384 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules) * 1:19385 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules) * 1:19386 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules) * 1:19387 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules) * 1:19388 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules) * 1:19391 <-> DISABLED <-> PUA-ADWARE Lost Door v3.0 (pua-adware.rules) * 1:19392 <-> ENABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules) * 1:19393 <-> DISABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules) * 1:19409 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules) * 1:19410 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules) * 1:19416 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPad download attempt (os-mobile.rules) * 1:19417 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPad download attempt (os-mobile.rules) * 1:19418 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPhone download attempt (os-mobile.rules) * 1:19419 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPod download attempt (os-mobile.rules) * 1:19422 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:19423 <-> ENABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules) * 1:19424 <-> ENABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules) * 1:19425 <-> ENABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules) * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules) * 1:19453 <-> DISABLED <-> PUA-ADWARE Sus.BancDI-B trojan outbound connection (pua-adware.rules) * 1:19460 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRSS multiple consoles on a single process attempt (os-windows.rules) * 1:19461 <-> DISABLED <-> OS-WINDOWS Microsoft CSRSS NULL Fontface pointer attempt (os-windows.rules) * 1:19462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRSS negative array index code execution attempt (os-windows.rules) * 1:19463 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRSS double free attempt (os-windows.rules) * 1:19464 <-> DISABLED <-> OS-WINDOWS Microsoft CSRSS integer overflow attempt (os-windows.rules) * 1:19465 <-> DISABLED <-> OS-WINDOWS Visio mfc71 dll-load attempt (os-windows.rules) * 1:19466 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio mfc71 dll-load exploit attempt (file-office.rules) * 1:19467 <-> DISABLED <-> OS-WINDOWS Microsoft CSRSS NULL Fontface pointer attempt (os-windows.rules) * 1:19468 <-> DISABLED <-> OS-WINDOWS Microsoft stale data code execution attempt (os-windows.rules) * 1:19469 <-> DISABLED <-> OS-WINDOWS Microsoft invalid message kernel-mode memory disclosure attempt (os-windows.rules) * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (policy-other.rules) * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (policy-other.rules) * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (policy-other.rules) * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (policy-other.rules) * 1:19486 <-> DISABLED <-> PUA-ADWARE W32.Fiala.A outbound connection (pua-adware.rules) * 1:19551 <-> DISABLED <-> MALWARE-OTHER self-signed SSL certificate with default Internet Widgits Pty Ltd organization name (malware-other.rules) * 1:19566 <-> DISABLED <-> PUA-ADWARE W32.Ackantta.C.mm mass-mailer outbound connection (pua-adware.rules) * 1:19567 <-> DISABLED <-> PUA-ADWARE W32.Ackantta.C.mm mass-mailer outbound connection (pua-adware.rules) * 1:19571 <-> DISABLED <-> PUA-ADWARE Antivirus Agent Pro outbound connection (pua-adware.rules) * 1:19576 <-> DISABLED <-> PUA-ADWARE Antivirus Pro 2010 outbound connection (pua-adware.rules) * 1:19578 <-> DISABLED <-> PUA-ADWARE Personal Guard 2009 outbound connection (pua-adware.rules) * 1:19594 <-> DISABLED <-> PUA-ADWARE Win32.Fruspam outbound connection (pua-adware.rules) * 1:19595 <-> DISABLED <-> MALWARE-OTHER known malicious email string - You have received a Hallmark E-Card (malware-other.rules) * 1:19598 <-> DISABLED <-> PUA-ADWARE Infostealer.Gampass outbound connection (pua-adware.rules) * 1:19601 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspotrc file load exploit attempt (server-other.rules) * 1:19602 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (server-other.rules) * 1:19603 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment .hotspotrc file load exploit attempt (file-java.rules) * 1:19604 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (file-java.rules) * 1:19605 <-> DISABLED <-> SERVER-ORACLE Glass Fish Server malformed username cross site scripting attempt (server-oracle.rules) * 1:19606 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word STSH record parsing memory corruption (file-office.rules) * 1:19607 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word STSH record parsing memory corruption (file-office.rules) * 1:19609 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management upload directory traversal attempt (server-other.rules) * 1:19617 <-> DISABLED <-> FILE-OTHER Adobe Audition assist.dll dll-load exploit attempt (file-other.rules) * 1:19619 <-> DISABLED <-> FILE-OTHER Adobe Audition assist.dll dll-load exploit attempt (file-other.rules) * 1:19621 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (file-multimedia.rules) * 1:19646 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:19647 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:19648 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:19661 <-> DISABLED <-> SERVER-OTHER Alucar php shell download attempt (server-other.rules) * 1:19665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop web access cross site scripting attempt - GET request (os-windows.rules) * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules) * 1:19673 <-> DISABLED <-> OS-WINDOWS Microsoft Data Access Components bidlab.dll dll-load exploit attempt (os-windows.rules) * 1:19674 <-> DISABLED <-> OS-WINDOWS Microsoft Data Access Components bidlab.dll dll-load exploit attempt (os-windows.rules) * 1:19676 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid UMLDTOptions object exploit attempt (file-office.rules) * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules) * 1:19678 <-> DISABLED <-> SERVER-OTHER multiple products blacknurse ICMP denial of service attempt (server-other.rules) * 1:19679 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows NDISTAPI Driver code execution attempt (file-executable.rules) * 1:19680 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows CSRSS SrvDeviceEvent exploit attempt (file-executable.rules) * 1:19681 <-> DISABLED <-> OS-WINDOWS Microsoft Report Viewer reflect XSS attempt (os-windows.rules) * 1:19683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 buffer overflow attempt (file-flash.rules) * 1:19684 <-> DISABLED <-> FILE-OTHER Adobe CFF font storage memory corruption attempt (file-other.rules) * 1:19685 <-> DISABLED <-> FILE-FLASH Adobe Flash regular expression grouping depth buffer overflow attempt (file-flash.rules) * 1:19686 <-> DISABLED <-> FILE-FLASH Adobe Flash uninitialized bitmap structure memory corruption attempt (file-flash.rules) * 1:19688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript BitmapData buffer overflow attempt (file-flash.rules) * 1:19689 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript dynamic calculation double-free attempt (file-flash.rules) * 1:19690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript duplicateDoorInputArguments stack overwrite (file-flash.rules) * 1:19691 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript File reference buffer overflow attempt (file-flash.rules) * 1:19692 <-> DISABLED <-> FILE-FLASH Adobe Flash cross-site request forgery attempt (file-flash.rules) * 1:19709 <-> DISABLED <-> SERVER-APACHE Apache APR apr_fn match infinite loop denial of service attempt (server-apache.rules) * 1:19717 <-> DISABLED <-> PUA-ADWARE Virus.Win32.Virut.ce outbound connection (pua-adware.rules) * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (policy-other.rules) * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (policy-other.rules) * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (policy-other.rules) * 1:19741 <-> DISABLED <-> MALWARE-OTHER PWS.Win32.Scofted keylogger runtime detection (malware-other.rules) * 1:19747 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.GGDoor.22 variant outbound connection (malware-backdoor.rules) * 1:19775 <-> DISABLED <-> PUA-ADWARE PWS.Win32.Ldpinch.gen outbound connection (pua-adware.rules) * 1:19777 <-> DISABLED <-> PUA-ADWARE Fast Antivirus 2009 outbound connection (pua-adware.rules) * 1:19779 <-> DISABLED <-> INDICATOR-SCAN sqlmap SQL injection scan attempt (indicator-scan.rules) * 1:19780 <-> DISABLED <-> POLICY-OTHER logmein.com connection attempt (policy-other.rules) * 1:19806 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit SVG memory corruption attempt (browser-webkit.rules) * 1:19807 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit SVG memory corruption attempt (browser-webkit.rules) * 1:19816 <-> ENABLED <-> NETBIOS Juniper NeoterisSetupService named pipe access attempt (netbios.rules) * 1:19817 <-> DISABLED <-> NETBIOS Juniper Odyssey Access Client DSSETUPSERVICE_CMD_UNINSTALL overflow attempt (netbios.rules) * 1:19823 <-> DISABLED <-> PUA-ADWARE Downloader.Banload.AKBB outbound connection (pua-adware.rules) * 1:19827 <-> DISABLED <-> PUA-ADWARE PWS-QQGame outbound connection (pua-adware.rules) * 1:19835 <-> DISABLED <-> PUA-ADWARE Delphi-Piette Windows (pua-adware.rules) * 1:19837 <-> DISABLED <-> PUA-ADWARE Spyware Guard 2008 outbound connection (pua-adware.rules) * 1:19838 <-> DISABLED <-> PUA-ADWARE Spyware Guard 2008 outbound connection (pua-adware.rules) * 1:19839 <-> DISABLED <-> PUA-ADWARE Antivirus XP 2008 runtime detection (pua-adware.rules) * 1:19840 <-> DISABLED <-> PUA-ADWARE XP Antispyware 2009 outbound connection (pua-adware.rules) * 1:19841 <-> DISABLED <-> PUA-ADWARE 0desa MSN password stealer (pua-adware.rules) * 1:19842 <-> DISABLED <-> PUA-ADWARE Windows Antivirus 2008 (pua-adware.rules) * 1:19843 <-> DISABLED <-> PUA-ADWARE Windows Antivirus 2008 (pua-adware.rules) * 1:19848 <-> DISABLED <-> PUA-ADWARE Adware.Virtumonde runtime detection (pua-adware.rules) * 1:19849 <-> DISABLED <-> PUA-ADWARE Adware.Virtumonde runtime detection (pua-adware.rules) * 1:19853 <-> DISABLED <-> PUA-ADWARE Wowpa KI outbound connection (pua-adware.rules) * 1:19859 <-> DISABLED <-> PUA-ADWARE XP Deluxe Protector outbound connection (pua-adware.rules) * 1:19860 <-> DISABLED <-> PUA-ADWARE Trust Warrior outbound connection (pua-adware.rules) * 1:19868 <-> DISABLED <-> INDICATOR-OBFUSCATION hidden 1x1 div tag - potential malware obfuscation (indicator-obfuscation.rules) * 1:19869 <-> DISABLED <-> MALWARE-TOOLS Anonymous PHP RefRef DoS tool (malware-tools.rules) * 1:19870 <-> DISABLED <-> MALWARE-TOOLS Anonymous Perl RefRef DoS tool (malware-tools.rules) * 1:19883 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player libdirectx_plugin.dll AMV parsing buffer overflow attempt (file-multimedia.rules) * 1:19896 <-> DISABLED <-> PUA-ADWARE Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 Install Detection (pua-adware.rules) * 1:19897 <-> DISABLED <-> PUA-TOOLBARS Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 Runtime Detection (pua-toolbars.rules) * 1:19899 <-> ENABLED <-> MALWARE-OTHER Tong Keylogger outbound connectiooutbound connection (malware-other.rules) * 1:19900 <-> DISABLED <-> MALWARE-OTHER Tong Keylogger outbound connection (malware-other.rules) * 1:19901 <-> DISABLED <-> MALWARE-OTHER Tong Keylogger outbound connection (malware-other.rules) * 1:19902 <-> DISABLED <-> PUA-ADWARE Targetedbanner.biz Adrotator outbound connection (pua-adware.rules) * 1:19903 <-> DISABLED <-> PUA-ADWARE Win32.Agent.vvm outbound connection (pua-adware.rules) * 1:19904 <-> DISABLED <-> PUA-ADWARE WinReanimator outbound connection (pua-adware.rules) * 1:19906 <-> DISABLED <-> PUA-TOOLBARS 6SQ Toolbar runtime detection (pua-toolbars.rules) * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:19927 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19928 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19929 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19930 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19933 <-> DISABLED <-> INDICATOR-SCAN DirBuster brute forcing tool detected (indicator-scan.rules) * 1:19939 <-> DISABLED <-> PUA-ADWARE WeatherStudio outbound connection (pua-adware.rules) * 1:19984 <-> DISABLED <-> PUA-ADWARE Antivirus 2010 outbound connection (pua-adware.rules) * 1:19985 <-> DISABLED <-> PUA-ADWARE AntivirusPC2009 runtime traffic detected (pua-adware.rules) * 1:19986 <-> DISABLED <-> PUA-ADWARE AntivirusPC2009 install-time traffic detected (pua-adware.rules) * 1:19987 <-> DISABLED <-> PUA-ADWARE PCLiveGuard outbound connection (pua-adware.rules) * 1:19989 <-> DISABLED <-> PUA-ADWARE Total Protect 2009 outbound connection (pua-adware.rules) * 1:19990 <-> DISABLED <-> PUA-ADWARE Total Protect 2009 outbound connection (pua-adware.rules) * 1:19994 <-> DISABLED <-> PUA-ADWARE Antivirus 360 outbound connection (pua-adware.rules) * 1:19998 <-> ENABLED <-> PUA-ADWARE IP address disclosure to advertisement sites attempt (pua-adware.rules) * 1:19999 <-> DISABLED <-> PUA-ADWARE ThreatNuker outbound connection (pua-adware.rules) * 1:20000 <-> DISABLED <-> POLICY-OTHER Achievement Unlocked (Billion Dollar Company -- policy-other.rules) * 1:20007 <-> DISABLED <-> PUA-ADWARE Cinmus.asaq outbound connection (pua-adware.rules) * 1:20025 <-> DISABLED <-> PUA-ADWARE VirusBye outbound connection (pua-adware.rules) * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules) * 1:20041 <-> DISABLED <-> PUA-ADWARE Adware.BB outbound connection (pua-adware.rules) * 1:20045 <-> DISABLED <-> SQL PHPSESSID SQL injection attempt (sql.rules) * 1:20046 <-> DISABLED <-> SQL PHPSESSID SQL injection attempt (sql.rules) * 1:20047 <-> DISABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules) * 1:20048 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager CasLogDirectInsertHandler.cs cross site request forgery attempt (server-other.rules) * 1:20049 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules) * 1:20050 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory consumption vulnerability (file-flash.rules) * 1:20051 <-> DISABLED <-> SERVER-OTHER SAP MaxDB malformed handshake request buffer overflow attempt (server-other.rules) * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules) * 1:20053 <-> DISABLED <-> SERVER-MYSQL Database SELECT subquery denial of service attempt (server-mysql.rules) * 1:20054 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager denial of service attempt (server-other.rules) * 1:20055 <-> DISABLED <-> FILE-JAVA Oracle Java runtime JPEGImageReader overflow attempt (file-java.rules) * 1:20058 <-> DISABLED <-> SERVER-OTHER VMWare authorization service user credential parsing DoS attempt (server-other.rules) * 1:20059 <-> DISABLED <-> FILE-IMAGE Apple Quicktime PictureViewer GIF rendering vulnerability (file-image.rules) * 1:20060 <-> DISABLED <-> SERVER-OTHER CVS annotate command buffer overflow attempt (server-other.rules) * 1:20063 <-> DISABLED <-> PUA-ADWARE SecurityTool outbound connection (pua-adware.rules) * 1:20084 <-> DISABLED <-> SERVER-OTHER ALTAP Salamander PE Viewer PDB Filename Buffer Overflow (server-other.rules) * 1:20089 <-> DISABLED <-> INDICATOR-COMPROMISE IRC nick change on non-standard port (indicator-compromise.rules) * 1:20090 <-> DISABLED <-> INDICATOR-COMPROMISE IRC DCC file transfer request on non-standard port (indicator-compromise.rules) * 1:20091 <-> DISABLED <-> INDICATOR-COMPROMISE IRC DCC chat request on non-standard port (indicator-compromise.rules) * 1:20092 <-> DISABLED <-> INDICATOR-COMPROMISE IRC channel join on non-standard port (indicator-compromise.rules) * 1:20093 <-> DISABLED <-> INDICATOR-COMPROMISE IRC channel notice on non-standard port (indicator-compromise.rules) * 1:20094 <-> DISABLED <-> INDICATOR-COMPROMISE IRC message on non-standard port (indicator-compromise.rules) * 1:20095 <-> DISABLED <-> INDICATOR-COMPROMISE IRC dns request on non-standard port (indicator-compromise.rules) * 1:20100 <-> DISABLED <-> PUA-ADWARE Adware Arcade Web - installation/update (pua-adware.rules) * 1:20101 <-> DISABLED <-> PUA-ADWARE Adware Arcade Web - User-Agent (pua-adware.rules) * 1:20102 <-> DISABLED <-> PUA-ADWARE Adware Arcade Web - X-Arcadeweb header (pua-adware.rules) * 1:20103 <-> DISABLED <-> PUA-ADWARE Adware playsushi - User-Agent (pua-adware.rules) * 1:20118 <-> DISABLED <-> OS-WINDOWS Microsoft Windows shell extensions deskpan.dll dll-load exploit attempt (os-windows.rules) * 1:20119 <-> DISABLED <-> OS-WINDOWS Microsoft Windows shell extensions deskpan.dll dll-load exploit attempt (os-windows.rules) * 1:20120 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS internal communications on network exploit attempt (os-windows.rules) * 1:20123 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ShrFmla record use after free attempt (file-office.rules) * 1:20125 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:20126 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:20129 <-> DISABLED <-> FILE-OFFICE Microsoft Office BpscBulletProof uninitialized pointer dereference attempt (file-office.rules) * 1:20132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vista SMB2 zero length write attempt (os-windows.rules) * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (policy-other.rules) * 1:20138 <-> DISABLED <-> SERVER-OTHER Nortel Networks Multiple UNIStim VoIP Products Remote Eavesdrop Attempt (server-other.rules) * 1:20142 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader app.openDoc path vulnerability (file-pdf.rules) * 1:20143 <-> DISABLED <-> PUA-ADWARE Adware mightymagoo/playpickle/livingplay - User-Agent (pua-adware.rules) * 1:20144 <-> DISABLED <-> FILE-PDF Adobe Acrobat embedded TIFF DotRange structure memory corruption attempt (file-pdf.rules) * 1:20145 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PICT parsing corruption attempt (file-pdf.rules) * 1:20146 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded PICT image (file-pdf.rules) * 1:20147 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PICT parsing corruption attempt (file-pdf.rules) * 1:20148 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PICT parsing corruption attempt (file-pdf.rules) * 1:20149 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded IFF file RGBA chunk memory corruption attempt (file-pdf.rules) * 1:20150 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PCX parsing corruption attempt (file-pdf.rules) * 1:20151 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded PCX image (file-pdf.rules) * 1:20152 <-> DISABLED <-> FILE-PDF Adobe Acrobat GDI object leak memory corruption attempt (file-pdf.rules) * 1:20153 <-> DISABLED <-> FILE-PDF Adobe Acrobat embedded JPEG file APP0 chunk memory corruption attempt (file-pdf.rules) * 1:20156 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getCosObj file overwrite attempt (file-pdf.rules) * 1:20157 <-> DISABLED <-> SERVER-ORACLE Oracle GlassFish Server war file upload attempt (server-oracle.rules) * 1:20162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader sandbox disable attempt (file-pdf.rules) * 1:20169 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP parsing corruption attempt (file-pdf.rules) * 1:20170 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP parsing corruption attempt (file-pdf.rules) * 1:20171 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP parsing corruption attempt (file-pdf.rules) * 1:20172 <-> DISABLED <-> FILE-IDENTIFY Metastock mwl file magic detected (file-identify.rules) * 1:20173 <-> DISABLED <-> PROTOCOL-SCADA Cogent DataHub server-side information disclosure (protocol-scada.rules) * 1:20174 <-> DISABLED <-> PROTOCOL-SCADA Cogent DataHub server-side information disclosure (protocol-scada.rules) * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules) * 1:20178 <-> DISABLED <-> PROTOCOL-SCADA RSLogix rna protocol denial of service attempt (protocol-scada.rules) * 1:20181 <-> DISABLED <-> FILE-FLASH Adobe Flash Speex-encoded audio buffer underflow attempt (file-flash.rules) * 1:20182 <-> DISABLED <-> FILE-FLASH Adobe Flash Player viewSource blacklist exclusion attempt (file-flash.rules) * 1:20183 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setInterval use attempt (file-flash.rules) * 1:20184 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit php meterpreter stub .php file upload (indicator-shellcode.rules) * 1:20185 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_fs_method request/response attempt (indicator-shellcode.rules) * 1:20186 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_sys_process_method request/response attempt (indicator-shellcode.rules) * 1:20187 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_sys_eventlog_method request/response attempt (indicator-shellcode.rules) * 1:20189 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_ui_method request/response attempt (indicator-shellcode.rules) * 1:20190 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_registry_method request/response attempt (indicator-shellcode.rules) * 1:20192 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter incognito_method request/response attempt (indicator-shellcode.rules) * 1:20193 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter webcam_method request/response attempt (indicator-shellcode.rules) * 1:20194 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter sniffer_method request/response attempt (indicator-shellcode.rules) * 1:20195 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter priv_method request/response attempt (indicator-shellcode.rules) * 1:20196 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter lanattacks_method request/response attempt (indicator-shellcode.rules) * 1:20197 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter espia_method request/response attempt (indicator-shellcode.rules) * 1:20198 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter networkpug_method request/response attempt (indicator-shellcode.rules) * 1:20199 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_railgun_method request/response attempt (indicator-shellcode.rules) * 1:20206 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcre ActionScript under allocation (file-flash.rules) * 1:20207 <-> DISABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules) * 1:20208 <-> DISABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules) * 1:20209 <-> DISABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules) * 1:20211 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursive stack overflow attempt (file-flash.rules) * 1:20212 <-> DISABLED <-> SERVER-OTHER SSL CBC encryption mode weakness brute force attempt (server-other.rules) * 1:20220 <-> DISABLED <-> PUA-ADWARE Adware.Wizpop outbound connection (pua-adware.rules) * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules) * 1:20224 <-> DISABLED <-> FILE-MULTIMEDIA MPlayer SMI file buffer overflow attempt (file-multimedia.rules) * 1:20225 <-> ENABLED <-> FILE-OTHER SMI file download request (file-other.rules) * 1:20226 <-> DISABLED <-> FILE-OTHER MPlayer SMI file buffer overflow attempt (file-other.rules) * 1:20227 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC webm memory corruption attempt (file-multimedia.rules) * 1:20237 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Jukebox playlist file handling heap overflow attempt (file-multimedia.rules) * 1:20238 <-> DISABLED <-> SERVER-OTHER Oracle Java calendar deserialize vulnerability (server-other.rules) * 1:20239 <-> DISABLED <-> FILE-JAVA Oracle Java GIF LZW minimum code size overflow attempt (file-java.rules) * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules) * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (policy-other.rules) * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (policy-other.rules) * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (policy-other.rules) * 1:20248 <-> DISABLED <-> PROTOCOL-RPC IBM AIX and Oracle Solaris nfsd v4 nfs_portmon security bypass attempt (protocol-rpc.rules) * 1:20249 <-> DISABLED <-> SERVER-OTHER Oracle Java Web Start BasicService arbitrary command execution attempt (server-other.rules) * 1:20251 <-> DISABLED <-> SERVER-OTHER PointBase 4.6 database DoS (server-other.rules) * 1:20253 <-> DISABLED <-> OS-WINDOWS Microsoft products oleacc.dll dll-load exploit attempt (os-windows.rules) * 1:20254 <-> DISABLED <-> OS-WINDOWS Microsoft products oleacc.dll dll-load exploit attempt (os-windows.rules) * 1:20256 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG http response splitting attempt (os-windows.rules) * 1:20257 <-> DISABLED <-> OS-WINDOWS Microsoft ForeFront UAG ExcelTable.asp XSS attempt (os-windows.rules) * 1:20260 <-> ENABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules) * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules) * 1:20270 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows afd.sys kernel-mode memory corruption attempt (file-executable.rules) * 1:20271 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Host Integration Server SNA length dos attempt (os-windows.rules) * 1:20272 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Forefront UAG NLSessionS cookie overflow attempt (os-windows.rules) * 1:20274 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP NetShareEnumAll request (netbios.rules) * 1:20282 <-> ENABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules) * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules) * 1:20296 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules) * 1:20297 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules) * 1:20298 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules) * 1:20299 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules) * 1:20300 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules) * 1:20301 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules) * 1:20302 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules) * 1:20303 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules) * 1:20304 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules) * 1:20305 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules) * 1:20306 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules) * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules) * 1:20308 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules) * 1:20309 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules) * 1:20310 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules) * 1:20311 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules) * 1:20312 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules) * 1:20313 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules) * 1:20314 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:20315 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules) * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules) * 1:20317 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules) * 1:20318 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:20319 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules) * 1:20320 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules) * 1:20321 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules) * 1:20323 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:20324 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules) * 1:20325 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules) * 1:20326 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules) * 1:20327 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules) * 1:20328 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules) * 1:20329 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules) * 1:20330 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules) * 1:20331 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules) * 1:20332 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules) * 1:20333 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules) * 1:20334 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules) * 1:20335 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules) * 1:20336 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules) * 1:20337 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules) * 1:20338 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules) * 1:20339 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules) * 1:20340 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules) * 1:20341 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules) * 1:20342 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules) * 1:20343 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules) * 1:20344 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules) * 1:20345 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules) * 1:20346 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules) * 1:20347 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules) * 1:20348 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules) * 1:20349 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules) * 1:20350 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules) * 1:20351 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules) * 1:20352 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules) * 1:20353 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules) * 1:20354 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20355 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules) * 1:20356 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules) * 1:20357 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules) * 1:20358 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20359 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20360 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules) * 1:20361 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules) * 1:20362 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules) * 1:20363 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules) * 1:20364 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules) * 1:20365 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules) * 1:20366 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules) * 1:20367 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules) * 1:20370 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules) * 1:20371 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules) * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules) * 1:20373 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules) * 1:20374 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules) * 1:20375 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules) * 1:20376 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules) * 1:20377 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules) * 1:20378 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules) * 1:20379 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules) * 1:20380 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules) * 1:20382 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules) * 1:20383 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules) * 1:20384 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules) * 1:20385 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules) * 1:20386 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules) * 1:20387 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt (protocol-voip.rules) * 1:20388 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt (protocol-voip.rules) * 1:20389 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules) * 1:20393 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:20394 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:20396 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood attempt (protocol-voip.rules) * 1:20397 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood (protocol-voip.rules) * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:20399 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:20401 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:20403 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:20404 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules) * 1:20405 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules) * 1:20406 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules) * 1:20407 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:20408 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:20409 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:20410 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules) * 1:20411 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules) * 1:20412 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules) * 1:20413 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules) * 1:20414 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules) * 1:20415 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules) * 1:20416 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:20417 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:20418 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:20419 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules) * 1:20420 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules) * 1:20421 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:20422 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via field request misplaced - after terminating newline (protocol-voip.rules) * 1:20423 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules) * 1:20424 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules) * 1:20426 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules) * 1:20427 <-> DISABLED <-> PROTOCOL-VOIP OpenSBC VIA header denial of service attempt (protocol-voip.rules) * 1:20430 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start BasicServiceImpl security policy bypass attempt (file-java.rules) * 1:20431 <-> DISABLED <-> FILE-OTHER Wireshark DECT packet dissector overflow attempt (file-other.rules) * 1:20433 <-> DISABLED <-> PUA-ADWARE XP Guardian 2010 anutayadokalug host outbound connection (pua-adware.rules) * 1:20434 <-> DISABLED <-> PUA-ADWARE XP Guardian 2010 proantivirus21 host runtime traffic detection (pua-adware.rules) * 1:20436 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (malware-tools.rules) * 1:20437 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (malware-tools.rules) * 1:20438 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (malware-tools.rules) * 1:20439 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (malware-tools.rules) * 1:20440 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules) * 1:20441 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules) * 1:20442 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules) * 1:20443 <-> DISABLED <-> APP-DETECT Apple OSX Remote Mouse usage (app-detect.rules) * 1:20445 <-> DISABLED <-> FILE-PDF Foxit Reader title overflow attempt (file-pdf.rules) * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:20453 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules) * 1:20454 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules) * 1:20455 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules) * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:20458 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules) * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:20460 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20461 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules) * 1:20462 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules) * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:20474 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules) * 1:20475 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules) * 1:20476 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:20477 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:20478 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:20479 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules) * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:20484 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules) * 1:20485 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules) * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:20487 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules) * 1:20488 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules) * 1:20489 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:20490 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules) * 1:20491 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules) * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:20495 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20511 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules) * 1:20512 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules) * 1:20513 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules) * 1:20514 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:20515 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules) * 1:20516 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules) * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules) * 1:20519 <-> ENABLED <-> FILE-IDENTIFY vmd file download request (file-identify.rules) * 1:20520 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules) * 1:20521 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:20522 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:20529 <-> DISABLED <-> FILE-JAVA Oracle Java trusted method chaining attempt (file-java.rules) * 1:20534 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:20535 <-> DISABLED <-> BROWSER-OTHER Opera Config File script access attempt (browser-other.rules) * 1:20540 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document with embedded TrueType font (file-office.rules) * 1:20543 <-> DISABLED <-> OS-WINDOWS Microsoft Windows IppRateLimitIcmp integer overflow exploit attempt (os-windows.rules) * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules) * 1:20545 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF embedded font null pointer attempt (file-flash.rules) * 1:20547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overlapping record overflow attempt (file-flash.rules) * 1:20548 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursive doaction stack exhaustion (file-flash.rules) * 1:20549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion attempt (file-flash.rules) * 1:20550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Mover3D clipping exploit (file-flash.rules) * 1:20551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Stage 3D texture format overflow attempt (file-flash.rules) * 1:20553 <-> DISABLED <-> FILE-MULTIMEDIA Un4seen Developments XMPlay crafted ASX file buffer overflow attempt (file-multimedia.rules) * 1:20556 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PlaceObjectX null pointer dereference attempt (file-flash.rules) * 1:20557 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionDefineFunction2 length overflow attempt (file-flash.rules) * 1:20558 <-> ENABLED <-> EXPLOIT-KIT URI request for known malicious URI /stat2.php (exploit-kit.rules) * 1:20559 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp MIDI file buffer overflow attempt (file-multimedia.rules) * 1:20560 <-> DISABLED <-> FILE-FLASH Adobe Flash Player salign null javascript access attempt (file-flash.rules) * 1:20563 <-> ENABLED <-> FILE-IDENTIFY amf file download request (file-identify.rules) * 1:20564 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules) * 1:20565 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp AMF file buffer overflow attempt (file-other.rules) * 1:20566 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp AMF file buffer overflow attempt (file-other.rules) * 1:20567 <-> DISABLED <-> FILE-FLASH Adobe Flash SWF AVM2 namespace lookup deref exploit (file-flash.rules) * 1:20568 <-> DISABLED <-> FILE-FLASH Adobe Flash SWF ActionScript 3 ByteArray class vulnerability (file-flash.rules) * 1:20572 <-> DISABLED <-> FILE-OTHER Microsoft Windows Font Library file buffer overflow attempt (file-other.rules) * 1:20578 <-> DISABLED <-> SERVER-MAIL Qualcomm Eudora url buffer overflow attempt (server-mail.rules) * 1:20581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:20582 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:20583 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple location headers malicious redirect attempt (browser-firefox.rules) * 1:20584 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple content-type headers malicious redirect attempt (browser-firefox.rules) * 1:20585 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple content-length headers malicious redirect attempt (browser-firefox.rules) * 1:20586 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple content-disposition headers malicious redirect attempt (browser-firefox.rules) * 1:20588 <-> ENABLED <-> FILE-IDENTIFY CDR file download request (file-identify.rules) * 1:20589 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules) * 1:20594 <-> DISABLED <-> SERVER-ORACLE Outside In CorelDRAW file parser integer overflow attempt (server-oracle.rules) * 1:20601 <-> DISABLED <-> PROTOCOL-SERVICES rlogin nobody (protocol-services.rules) * 1:20602 <-> DISABLED <-> PROTOCOL-SERVICES rlogin guest (protocol-services.rules) * 1:20603 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RSH daemon buffer overflow attempt (os-windows.rules) * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:20609 <-> DISABLED <-> SERVER-OTHER Sunway ForceControl SNMP NetDBServer stack buffer overflow attempt (server-other.rules) * 1:20610 <-> DISABLED <-> FILE-FLASH Adobe Shockwave Flash Flex authoring tool XSS exploit attempt (file-flash.rules) * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules) * 1:20612 <-> DISABLED <-> SERVER-APACHE Apache Tomcat Java AJP connector invalid header timeout DOS attempt (server-apache.rules) * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules) * 1:20616 <-> DISABLED <-> SERVER-OTHER Peercast Basic HTTP authentication buffer overflow attempt (server-other.rules) * 1:20618 <-> DISABLED <-> SERVER-OTHER Sage SalesLogix database credential disclosure attempt (server-other.rules) * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules) * 1:20638 <-> DISABLED <-> PROTOCOL-SCADA Progea Movicon/PowerHMI EIDP over HTTP memory corruption attempt (protocol-scada.rules) * 1:20653 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player ASX file ref href buffer overflow attempt (file-multimedia.rules) * 1:20655 <-> DISABLED <-> PUA-OTHER Yahoo Messenger iframe injection status change attempt (pua-other.rules) * 1:20658 <-> DISABLED <-> POLICY-OTHER HP Printer firmware update attempt (policy-other.rules) * 1:20660 <-> DISABLED <-> SERVER-OTHER sl.php script injection (server-other.rules) * 1:20662 <-> DISABLED <-> SERVER-OTHER Dameware Mini Remote Control username buffer overflow (server-other.rules) * 1:20664 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (server-iis.rules) * 1:20665 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (server-iis.rules) * 1:20666 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Thunderbird / SeaMonkey Content-Type header buffer overflow attempt (browser-firefox.rules) * 1:20667 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Thunderbird / SeaMonkey Content-Type header buffer overflow attempt (browser-firefox.rules) * 1:20668 <-> DISABLED <-> EXPLOIT-KIT URI request for known malicious URI - /content/v1.jar (exploit-kit.rules) * 1:20669 <-> DISABLED <-> EXPLOIT-KIT URI request for known malicious URI - w.php?f= (exploit-kit.rules) * 1:20670 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk data length field overflow attempt (protocol-voip.rules) * 1:20673 <-> DISABLED <-> FILE-MULTIMEDIA invalid VLC media player SMB URI download attempt (file-multimedia.rules) * 1:20675 <-> DISABLED <-> SERVER-IIS Microsoft Active Directory Federation Services code execution attempt (server-iis.rules) * 1:20690 <-> DISABLED <-> SERVER-OTHER Quest NetVault SmartDisk libnvbasics.dll denial of service attempt (server-other.rules) * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules) * 1:20698 <-> DISABLED <-> FILE-OTHER Telnet protocol specifier command injection attempt (file-other.rules) * 1:20717 <-> DISABLED <-> FILE-OFFICE Microsoft Windows OLE versioned stream missing data stream (file-office.rules) * 1:20718 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules) * 1:20719 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Opltc memory corruption attempt (file-office.rules) * 1:20721 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher PLC object memory corruption attempt (file-office.rules) * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules) * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (os-solaris.rules) * 1:20727 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox user interface event dispatcher dos attempt (browser-firefox.rules) * 1:20729 <-> DISABLED <-> BROWSER-FIREFOX Mozilla XBL object init code execution attempt (browser-firefox.rules) * 1:20730 <-> DISABLED <-> BROWSER-FIREFOX Mozilla XBL.method memory corruption attempt (browser-firefox.rules) * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules) * 1:20735 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (file-other.rules) * 1:20736 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari x-man-page URI terminal escape attempt (browser-webkit.rules) * 1:20738 <-> DISABLED <-> SERVER-OTHER Check Point vpn-1 ISAKMP buffer overflow attempt (server-other.rules) * 1:20739 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Object.watch parent access attempt (browser-firefox.rules) * 1:20741 <-> DISABLED <-> SERVER-OTHER SpamAssassin GTube string denial of service attempt (server-other.rules) * 1:20742 <-> DISABLED <-> BROWSER-FIREFOX Mozilla PLUGINSPAGE javascript execution attempt (browser-firefox.rules) * 1:20743 <-> DISABLED <-> BROWSER-OTHER Multiple web browser window injection attempt (browser-other.rules) * 1:20745 <-> DISABLED <-> SERVER-OTHER Ethereal Netflow dissector buffer overflow attempt (server-other.rules) * 1:20746 <-> DISABLED <-> SERVER-OTHER Ethereal IGAP Dissector Buffer Overflow attempt (server-other.rules) * 1:20747 <-> DISABLED <-> SERVER-OTHER Ethereal IGAP Dissector Buffer Overflow attempt (server-other.rules) * 1:20748 <-> DISABLED <-> SERVER-OTHER Yahoo Messenger possible file transfer spoofing (server-other.rules) * 1:20750 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules) * 1:20751 <-> ENABLED <-> FILE-IDENTIFY webm file download request (file-identify.rules) * 1:20752 <-> DISABLED <-> PUA-ADWARE Win32.GameVance outbound connection (pua-adware.rules) * 1:20753 <-> DISABLED <-> PUA-ADWARE Win32.GamePlayLabs outbound connection (pua-adware.rules) * 1:20758 <-> DISABLED <-> POLICY-OTHER Progrea Movicon TCPUploadServer.exe unauthenticated access attempt (policy-other.rules) * 1:20761 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:20768 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20769 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20770 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20771 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20772 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20773 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20774 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20775 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20776 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20802 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PRC file MarkupLinkedItem arbitrary code execution attempt (file-pdf.rules) * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules) * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules) * 1:20814 <-> DISABLED <-> BROWSER-FIREFOX Mozilla favicon href javascript execution attempt (browser-firefox.rules) * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules) * 1:20821 <-> DISABLED <-> SERVER-APACHE Apache APR header memory corruption attempt (server-apache.rules) * 1:20831 <-> ENABLED <-> FILE-JAVA Oracle Java Applet Rhino script engine remote code execution attempt (file-java.rules) * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules) * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules) * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules) * 1:20848 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules) * 1:20849 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules) * 1:20852 <-> ENABLED <-> FILE-IDENTIFY DAZ Studio script download request (file-identify.rules) * 1:20853 <-> DISABLED <-> FILE-OTHER DAZ Studio dangerous scripting method attempt (file-other.rules) * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20856 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20857 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20858 <-> DISABLED <-> FILE-JAVA Oracle Java getSoundBank overflow Attempt malicious jar file (file-java.rules) * 1:20859 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya embedded language script download request (file-identify.rules) * 1:20860 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules) * 1:20861 <-> DISABLED <-> FILE-OTHER Autodesk Maya dangerous scripting method attempt (file-other.rules) * 1:20869 <-> ENABLED <-> FILE-IDENTIFY Autodesk 3D Studio Maxscript download request (file-identify.rules) * 1:20870 <-> DISABLED <-> FILE-OTHER Autodesk 3D Studio Maxscript dangerous scripting method attempt (file-other.rules) * 1:20873 <-> DISABLED <-> POLICY-OTHER TRACE attempt (policy-other.rules) * 1:20874 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (server-other.rules) * 1:20876 <-> DISABLED <-> SERVER-OTHER IBM solidDB solid.exe authentication bypass attempt (server-other.rules) * 1:20880 <-> DISABLED <-> FILE-OFFICE Microsoft DirectShow Line 21 decoder exploit attempt (file-office.rules) * 1:20885 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (file-office.rules) * 1:20886 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (file-office.rules) * 1:20887 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (file-office.rules) * 1:20888 <-> ENABLED <-> FILE-IDENTIFY Video Spirit visprj download attempt (file-identify.rules) * 1:20889 <-> DISABLED <-> FILE-OTHER Video Spirit visprj buffer overflow (file-other.rules) * 1:20893 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules) * 1:20894 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules) * 1:20895 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules) * 1:20896 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules) * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20902 <-> DISABLED <-> FILE-OTHER Microsoft Windows OpenType font parsing stack overflow attempt (file-other.rules) * 1:20904 <-> DISABLED <-> FILE-OTHER Microsoft Windows OpenType font parsing stack overflow attempt (file-other.rules) * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20911 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules) * 1:20912 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules) * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20915 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules) * 1:20916 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules) * 1:20917 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules) * 1:20918 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules) * 1:20919 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader BMP color unused corruption (file-pdf.rules) * 1:20920 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DCT dequantizer memory corruption attempt (file-pdf.rules) * 1:20921 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP colors used integer overflow attempt (file-pdf.rules) * 1:20922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP bit count integer overflow attempt (file-pdf.rules) * 1:20923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP bit count integer overflow attempt (file-pdf.rules) * 1:20924 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20928 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20960 <-> ENABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules) * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules) * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules) * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules) * 1:20964 <-> ENABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules) * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20968 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules) * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules) * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules) * 1:20972 <-> ENABLED <-> FILE-IDENTIFY M4V file magic request (file-identify.rules) * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules) * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules) * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules) * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules) * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules) * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20989 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic single_static_bit encoder (indicator-shellcode.rules) * 1:20990 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic avoid_utf8_tolower encoder (indicator-shellcode.rules) * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:20992 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:20997 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit Display box rendering corruption attempt (browser-webkit.rules) * 1:20998 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript submitform memory corruption attempt (file-pdf.rules) * 1:21000 <-> DISABLED <-> PROTOCOL-SCADA Microsys PROMOTIC ActiveX clsid access (protocol-scada.rules) * 1:21001 <-> DISABLED <-> PROTOCOL-SCADA Microsys PROMOTIC ActiveX function call access (protocol-scada.rules) * 1:21007 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:21008 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file download request (file-identify.rules) * 1:21009 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules) * 1:21010 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules) * 1:21011 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:21012 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules) * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21015 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:21016 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules) * 1:21017 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules) * 1:21018 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules) * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21040 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules) * 1:21052 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file download request (file-identify.rules) * 1:21053 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules) * 1:21054 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules) * 1:21056 <-> DISABLED <-> FILE-JAVA Oracle Java attempt to write in system32 (file-java.rules) * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules) * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21075 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor (server-apache.rules) * 1:21078 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow GraphEdt closed captioning memory corruption (file-multimedia.rules) * 1:21079 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC HMI Administrator cookie detected (protocol-scada.rules) * 1:21082 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel window2 record use after free attempt (file-office.rules) * 1:21083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel window2 record use after free attempt (file-office.rules) * 1:21088 <-> DISABLED <-> OS-WINDOWS Microsoft Windows remote desktop denial of service attempt (os-windows.rules) * 1:21089 <-> DISABLED <-> OS-WINDOWS Microsoft Windows remote desktop oversized cookie attempt (os-windows.rules) * 1:21090 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp player mp4 memory corruption attempt (file-multimedia.rules) * 1:21091 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp player mp4 memory corruption attempt (file-multimedia.rules) * 1:21092 <-> ENABLED <-> MALWARE-TOOLS JavaScript LOIC attack (malware-tools.rules) * 1:21093 <-> DISABLED <-> FILE-MULTIMEDIA A-PDF Wav to mp3 converter buffer overfow (file-multimedia.rules) * 1:21095 <-> DISABLED <-> FILE-PDF Foxit Reader malicious pdf file write access (file-pdf.rules) * 1:21102 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:21103 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:21104 <-> ENABLED <-> MALWARE-TOOLS slowhttptest DoS tool (malware-tools.rules) * 1:21105 <-> DISABLED <-> SERVER-OTHER Avaya WinPDM Unite host router buffer overflow attempt (server-other.rules) * 1:21107 <-> DISABLED <-> FILE-MULTIMEDIA MJM Quickplayer s3m buffer overflow (file-multimedia.rules) * 1:21108 <-> DISABLED <-> EXPLOIT-KIT unknown exploit kit obfuscated landing page (exploit-kit.rules) * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules) * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:21117 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell (indicator-compromise.rules) * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31405 <-> DISABLED <-> SERVER-APACHE Apache Chunked-Encoding worm attempt (server-apache.rules) * 1:31411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31412 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31413 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31415 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31416 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31435 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB record memory corruption attempt (file-office.rules) * 1:31436 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB record memory corruption attempt (file-office.rules) * 1:31455 <-> DISABLED <-> EXPLOIT-KIT Rig Exploit Kit Outbound DGA Request (exploit-kit.rules) * 1:31477 <-> DISABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31478 <-> DISABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31479 <-> DISABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31480 <-> DISABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31481 <-> ENABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31482 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31483 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31484 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31487 <-> ENABLED <-> MALWARE-OTHER Game Over Zeus executable download detected (malware-other.rules) * 1:31488 <-> ENABLED <-> MALWARE-OTHER Game Over Zeus executable download detected (malware-other.rules) * 1:31489 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31490 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31510 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Injector outbound traffic (malware-other.rules) * 1:31511 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:31512 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:31513 <-> DISABLED <-> BROWSER-FIREFOX Multiple browser pressure function denial of service attempt (browser-firefox.rules) * 1:31532 <-> DISABLED <-> APP-DETECT Xolominer outbound connection attempt (app-detect.rules) * 1:31534 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31535 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31536 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31537 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules) * 1:31552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31554 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules) * 1:31555 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt (file-pdf.rules) * 1:31558 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Andromeda variant outbound connection (malware-backdoor.rules) * 1:31559 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Andromeda variant outbound connection (malware-backdoor.rules) * 1:31570 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB mysql.cc buffer overflow attempt (server-mysql.rules) * 1:31571 <-> DISABLED <-> FILE-IMAGE GIMP XWD BlueMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31572 <-> DISABLED <-> FILE-IMAGE GIMP XWD GreenMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31573 <-> DISABLED <-> FILE-IMAGE GIMP XWD RedMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31574 <-> DISABLED <-> FILE-IMAGE GIMP XWD BlueMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31575 <-> DISABLED <-> FILE-IMAGE GIMP XWD GreenMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31576 <-> DISABLED <-> FILE-IMAGE GIMP XWD RedMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31577 <-> DISABLED <-> PROTOCOL-SNMP HP Huawei password disclosure attempt (protocol-snmp.rules) * 1:31578 <-> DISABLED <-> PROTOCOL-SNMP HP Huawei password disclosure attempt (protocol-snmp.rules) * 1:31579 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record attempt (file-office.rules) * 1:31587 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XDP encoded download attempt (file-pdf.rules) * 1:31589 <-> DISABLED <-> PROTOCOL-SERVICES Linux iscsi_add_notunderstood_response request buffer overflow attempt (protocol-services.rules) * 1:31590 <-> DISABLED <-> PROTOCOL-SERVICES Linux iscsi_add_notunderstood_response request buffer overflow attempt (protocol-services.rules) * 1:31594 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (browser-chrome.rules) * 1:31595 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (browser-chrome.rules) * 1:31596 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (browser-chrome.rules) * 1:31597 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (browser-chrome.rules) * 1:31598 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (browser-chrome.rules) * 1:31599 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (browser-chrome.rules) * 1:31612 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded PRC stream NULL dereference denial of service attempt (file-pdf.rules) * 1:31613 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded PRC stream NULL dereference denial of service attempt (file-pdf.rules) * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player possible cross-domain bypass attempt (policy-other.rules) * 1:31670 <-> DISABLED <-> FILE-OTHER Symantec Endpoint Protection Sysplant kernel pool overflow exploit attempt (file-other.rules) * 1:31671 <-> DISABLED <-> FILE-OTHER Symantec Endpoint Protection Sysplant kernel pool overflow exploit attempt (file-other.rules) * 1:31673 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URL handling remote code execution attempt (file-flash.rules) * 1:31674 <-> DISABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31675 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31676 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31677 <-> DISABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31678 <-> ENABLED <-> FILE-FLASH Adobe Flash valueOf memory leak attempt (file-flash.rules) * 1:31679 <-> ENABLED <-> FILE-FLASH Adobe Flash valueOf memory leak attempt (file-flash.rules) * 1:31684 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-origin security policy bypass attempt (file-flash.rules) * 1:31685 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-origin security policy bypass attempt (file-flash.rules) * 1:31692 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page detected (exploit-kit.rules) * 1:31695 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31699 <-> ENABLED <-> EXPLOIT-KIT Hanjuan exploit kit encrypted binary download (exploit-kit.rules) * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31704 <-> DISABLED <-> SERVER-OTHER FCKeditor textinputs cross site scripting attempt (server-other.rules) * 1:31708 <-> DISABLED <-> SERVER-OTHER Cougar-LG SSH key path access attempt (server-other.rules) * 1:31709 <-> DISABLED <-> SERVER-OTHER Cougar-LG configuration file access attempt (server-other.rules) * 1:31719 <-> DISABLED <-> FILE-IMAGE Microsoft Multiple Products JPEG parser heap overflow attempt (file-image.rules) * 1:31723 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules) * 1:31724 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules) * 1:31725 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules) * 1:31726 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules) * 1:31727 <-> DISABLED <-> SERVER-OTHER Cistron-LG configuration file access attempt (server-other.rules) * 1:31732 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MMgc use-after-free attempt (file-flash.rules) * 1:31733 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MMgc use-after-free attempt (file-flash.rules) * 1:31734 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detection (exploit-kit.rules) * 1:31739 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (file-flash.rules) * 1:31740 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (file-flash.rules) * 1:31741 <-> ENABLED <-> SERVER-OTHER Multi-Router Looking Glass remote command injection attempt (server-other.rules) * 1:31746 <-> ENABLED <-> MALWARE-BACKDOOR Backdoor.Perl.Shellbot outbound communication attempt (malware-backdoor.rules) * 1:31749 <-> DISABLED <-> FILE-FLASH Adobe Flash Player marshallException through JavaScript XSS attempt (file-flash.rules) * 1:31750 <-> DISABLED <-> FILE-FLASH Adobe Flash Player marshallException through JavaScript XSS attempt (file-flash.rules) * 1:31764 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC TGS request cross-realm referral null pointer dereference denial of service attempt (server-other.rules) * 1:31765 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC TGS request cross-realm referral null pointer dereference denial of service attempt (server-other.rules) * 1:31766 <-> DISABLED <-> SERVER-OTHER Cougar-LG addr parameter XSS attempt (server-other.rules) * 1:31767 <-> DISABLED <-> SERVER-OTHER MRLG fastping echo reply memory corruption attempt (server-other.rules) * 1:31769 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit outbound connection on non-standard port (exploit-kit.rules) * 1:31770 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit jquery_datepicker domain decode attempt (exploit-kit.rules) * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31817 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Graftor variant retrieval of a DLL hosted as a JPG (malware-other.rules) * 1:31821 <-> DISABLED <-> FILE-OTHER Mozilla products clipPath element stroke-width buffer overflow attempt (file-other.rules) * 1:31822 <-> DISABLED <-> FILE-OTHER Mozilla products clipPath element stroke-width buffer overflow attempt (file-other.rules) * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules) * 1:31839 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules) * 1:31840 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules) * 1:31841 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules) * 1:31842 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules) * 1:31847 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (file-flash.rules) * 1:31848 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (file-flash.rules) * 1:31849 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (file-flash.rules) * 1:31850 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (file-flash.rules) * 1:31851 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A 128 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31852 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A 64 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:21118 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell security information display (indicator-compromise.rules) * 1:21119 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell interactive file system information display (indicator-compromise.rules) * 1:21120 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell interactive console display (indicator-compromise.rules) * 1:21121 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell interactive SQL display (indicator-compromise.rules) * 1:21129 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell (indicator-compromise.rules) * 1:21130 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell enumeration page (indicator-compromise.rules) * 1:21131 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell domain lookup page (indicator-compromise.rules) * 1:21132 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell sql interaction page (indicator-compromise.rules) * 1:21133 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell encoder page (indicator-compromise.rules) * 1:21134 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell security information page (indicator-compromise.rules) * 1:21135 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell password cracking page (indicator-compromise.rules) * 1:21136 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell security bypass page (indicator-compromise.rules) * 1:21137 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell tools page (indicator-compromise.rules) * 1:21138 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell database parsing page (indicator-compromise.rules) * 1:21139 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell spread shell page (indicator-compromise.rules) * 1:21140 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell kill shell page (indicator-compromise.rules) * 1:21146 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules) * 1:21147 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules) * 1:21148 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules) * 1:21149 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules) * 1:21150 <-> DISABLED <-> PROTOCOL-VOIP Grandstream networks denial of service (protocol-voip.rules) * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products floating point buffer overflow attempt (browser-firefox.rules) * 1:21155 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products floating point buffer overflow attempt (browser-firefox.rules) * 1:21160 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (server-iis.rules) * 1:21162 <-> DISABLED <-> FILE-PDF Adobe Acrobat file extension overflow attempt (file-pdf.rules) * 1:21164 <-> DISABLED <-> SERVER-SAMBA Samba username map script command injection attempt (server-samba.rules) * 1:21165 <-> DISABLED <-> FILE-OTHER multiple products GeckoActiveX COM object recon attempt (file-other.rules) * 1:21166 <-> DISABLED <-> BROWSER-CHROME Google Chrome https spoofing attempt (browser-chrome.rules) * 1:21168 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:21169 <-> DISABLED <-> PUA-ADWARE Apperhand SDK advertising data request - Counterclank (pua-adware.rules) * 1:21171 <-> DISABLED <-> APP-DETECT Thunder p2p application activity detection (app-detect.rules) * 1:21172 <-> DISABLED <-> APP-DETECT Thunder p2p application activity detection (app-detect.rules) * 1:21173 <-> DISABLED <-> FILE-EXECUTABLE APP-CONTROL Thunder p2p application download detection (file-executable.rules) * 1:21174 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules) * 1:21176 <-> DISABLED <-> PUA-ADWARE Win32.WindowsOptimizationAndSecurity outbound connection (pua-adware.rules) * 1:21184 <-> DISABLED <-> PUA-ADWARE Internet Security 2010 outbound connection (pua-adware.rules) * 1:21189 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari innerHTML use after free exploit attempt (browser-webkit.rules) * 1:21232 <-> DISABLED <-> SERVER-OTHER Remote Desktop Protocol brute force attempt (server-other.rules) * 1:21244 <-> DISABLED <-> FILE-IDENTIFY New Executable binary file magic detected (file-identify.rules) * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules) * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules) * 1:21254 <-> DISABLED <-> FILE-PDF Foxit Reader createDataObject file write attempt (file-pdf.rules) * 1:21255 <-> ENABLED <-> MALWARE-OTHER known malicious FTP login banner - 0wns j0 (malware-other.rules) * 1:21256 <-> ENABLED <-> MALWARE-OTHER known malicious FTP quit banner - Goodbye happy r00ting (malware-other.rules) * 1:21261 <-> DISABLED <-> SERVER-OTHER Xitami if-modified-since header buffer overflow attempt (server-other.rules) * 1:21262 <-> DISABLED <-> OS-WINDOWS DCERPC ISystemActivate flood attempt (os-windows.rules) * 1:21263 <-> DISABLED <-> SERVER-OTHER Embarcadero Interbase connect request buffer overflow attempt (server-other.rules) * 1:21265 <-> DISABLED <-> INDICATOR-SHELLCODE Piecemeal exploit and shellcode construction (indicator-shellcode.rules) * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (policy-other.rules) * 1:21281 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (os-windows.rules) * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules) * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules) * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules) * 1:21291 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid row option attempt (file-office.rules) * 1:21293 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio corrupted compressed data memory corruption attempt (file-office.rules) * 1:21295 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules) * 1:21296 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules) * 1:21315 <-> DISABLED <-> SERVER-OTHER Quest NetVault SmartDisk libnvbasics.dll DOS attempt (server-other.rules) * 1:21317 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:21319 <-> DISABLED <-> FILE-OTHER Multiple products request for version.dll over SMB attempt (file-other.rules) * 1:21320 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player request for atl.dll over SMB attempt (file-flash.rules) * 1:21321 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player request for uxtheme.dll over SMB attempt (file-flash.rules) * 1:21322 <-> DISABLED <-> FILE-OTHER Multiple products version.dll dll-load exploit attempt (file-other.rules) * 1:21323 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player atl.dll dll-load exploit attempt (file-flash.rules) * 1:21324 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player uxtheme.dll dll-load exploit attempt (file-flash.rules) * 1:21325 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross site request forgery attempt (file-flash.rules) * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (file-flash.rules) * 1:21328 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format server integer overflow attempt (server-other.rules) * 1:21329 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format client integer overflow attempt (server-other.rules) * 1:21330 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format server integer overflow attempt (server-other.rules) * 1:21331 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format client integer overflow attempt (server-other.rules) * 1:21332 <-> ENABLED <-> APP-DETECT Synergy network kvm usage detected (app-detect.rules) * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (file-flash.rules) * 1:21337 <-> DISABLED <-> SERVER-APACHE Apache XML HMAC truncation authentication bypass attempt (server-apache.rules) * 1:21349 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:21350 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:21356 <-> DISABLED <-> SERVER-APACHE Apache URI directory traversal attempt (server-apache.rules) * 1:21357 <-> DISABLED <-> OS-WINDOWS Microsoft Windows OLEAUT32.DLL malicious WMF file remote code execution attempt (os-windows.rules) * 1:21370 <-> DISABLED <-> SERVER-SAMBA Samba name mangling buffer overflow attempt (server-samba.rules) * 1:21387 <-> DISABLED <-> FILE-JAVA Oracle Java runtime RMIConnectionImpl deserialization execution attempt (file-java.rules) * 1:21393 <-> DISABLED <-> FILE-MULTIMEDIA Magix Musik Maker 16 buffer overflow attempt (file-multimedia.rules) * 1:21394 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox null byte file remote code execution attempt (browser-firefox.rules) * 1:21395 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:21396 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:21397 <-> DISABLED <-> FILE-MULTIMEDIA MicroP mppl stack buffer overflow (file-multimedia.rules) * 1:21398 <-> ENABLED <-> FILE-IDENTIFY MPPL file download request (file-identify.rules) * 1:21399 <-> DISABLED <-> BROWSER-OTHER Opera Web Browser History Search Input validation vulnerability (browser-other.rules) * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules) * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules) * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21413 <-> DISABLED <-> FILE-OTHER PeaZip command injection attempt (file-other.rules) * 1:21417 <-> DISABLED <-> FILE-PDF hostile PDF associated with Laik exploit kit (file-pdf.rules) * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules) * 1:21431 <-> DISABLED <-> FILE-PDF Possible malicious pdf - new pdf exploit (file-pdf.rules) * 1:21432 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules) * 1:21433 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules) * 1:21437 <-> DISABLED <-> FILE-OTHER WordPerfect WP3TablesGroup heap overflow attempt (file-other.rules) * 1:21439 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ arbitrary code execution attempt (file-image.rules) * 1:21445 <-> DISABLED <-> SERVER-OTHER vsFTPd denial of service attempt (server-other.rules) * 1:21446 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileSystemObject clsid access (browser-chrome.rules) * 1:21459 <-> ENABLED <-> MALWARE-TOOLS Havij advanced SQL injection tool user-agent string (malware-tools.rules) * 1:21480 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21483 <-> DISABLED <-> PROTOCOL-SCADA Moxa Device Manager buffer overflow attempt (protocol-scada.rules) * 1:21485 <-> DISABLED <-> SERVER-OTHER EMC RepliStor denial of service attempt (server-other.rules) * 1:21488 <-> DISABLED <-> APP-DETECT User-Agent known user agent - GetRight (app-detect.rules) * 1:21489 <-> DISABLED <-> FILE-OTHER Microsoft Windows chm file malware related exploit (file-other.rules) * 1:21490 <-> DISABLED <-> PROTOCOL-SCADA General Electric d20me configuration retrieval attempt (protocol-scada.rules) * 1:21491 <-> DISABLED <-> PROTOCOL-SCADA Sielco Sistemi Winlog Pro stack buffer overflow attempt (protocol-scada.rules) * 1:21494 <-> DISABLED <-> PROTOCOL-SCADA General Electric D20ME backdoor attempt (protocol-scada.rules) * 1:21498 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21501 <-> DISABLED <-> FILE-JAVA Oracle JavaScript file upload keystroke hijack attempt (file-java.rules) * 1:21503 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB memory corruption (file-office.rules) * 1:21509 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit rhino jar request (exploit-kit.rules) * 1:21510 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit logo transfer (exploit-kit.rules) * 1:21512 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zegost.B runtime detection (malware-backdoor.rules) * 1:21513 <-> ENABLED <-> MALWARE-TOOLS HOIC http denial of service attack (malware-tools.rules) * 1:21515 <-> DISABLED <-> SERVER-APACHE Apache Tomcat Web Application Manager access (server-apache.rules) * 1:21519 <-> DISABLED <-> INDICATOR-OBFUSCATION Dadongs obfuscated javascript (indicator-obfuscation.rules) * 1:21524 <-> DISABLED <-> FILE-OFFICE Microsoft Windows object packager dialogue code execution attempt (file-office.rules) * 1:21530 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action script 3 bitmap malicious rectangle attempt (file-flash.rules) * 1:21531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action script 3 bitmap malicious rectangle attempt (file-flash.rules) * 1:21532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action script 3 bitmap malicious rectangle attempt (file-flash.rules) * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21550 <-> ENABLED <-> MALWARE-BACKDOOR ToolsPack PHP Backdoor access (malware-backdoor.rules) * 1:21555 <-> DISABLED <-> MALWARE-OTHER Horde javascript.php href backdoor (malware-other.rules) * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (policy-other.rules) * 1:21557 <-> DISABLED <-> FILE-OTHER Apple OSX ZIP archive shell script execution attempt (file-other.rules) * 1:21573 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file download request (file-identify.rules) * 1:21574 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules) * 1:21575 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules) * 1:21576 <-> DISABLED <-> FILE-OTHER Microsoft Windows Visual Studio .addin file access (file-other.rules) * 1:21577 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - charcode (indicator-obfuscation.rules) * 1:21578 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - eval (indicator-obfuscation.rules) * 1:21579 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - fromCharCode (indicator-obfuscation.rules) * 1:21580 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - fromCharCode (indicator-obfuscation.rules) * 1:21582 <-> DISABLED <-> FILE-PDF PDF obfuscation attempt (file-pdf.rules) * 1:21583 <-> DISABLED <-> FILE-PDF Possible malicious pdf detection - qwe123 (file-pdf.rules) * 1:21584 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file download request (file-identify.rules) * 1:21585 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules) * 1:21586 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules) * 1:21587 <-> DISABLED <-> FILE-OTHER VisiWave VWR file parsing code execution attempt (file-other.rules) * 1:21595 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D initialization request detection (os-mobile.rules) * 1:21596 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D initialization response detection (os-mobile.rules) * 1:21597 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D sms logging request detection (os-mobile.rules) * 1:21598 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D sms logging response detection (os-mobile.rules) * 1:21599 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21600 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21601 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21602 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21603 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21604 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21605 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21606 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21607 <-> DISABLED <-> FILE-OTHER IBM Installation Manager iim uri code execution attempt (file-other.rules) * 1:21608 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 call number denial of service (protocol-voip.rules) * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21629 <-> DISABLED <-> FILE-OTHER ELF file parsing in different antivirus evasion attempt (file-other.rules) * 1:21630 <-> DISABLED <-> FILE-OTHER ELF file parsing in different antivirus evasion attempt (file-other.rules) * 1:21637 <-> DISABLED <-> POLICY-SPAM local user attempted to fill out paypal phishing form (policy-spam.rules) * 1:21641 <-> DISABLED <-> MALWARE-OTHER Possible banking trojan with known banking strings (malware-other.rules) * 1:21642 <-> DISABLED <-> MALWARE-OTHER Possible malicious jar file download page (malware-other.rules) * 1:21644 <-> DISABLED <-> PUA-ADWARE Adware.MediaGetInstaller inbound connection - destination ip infected (pua-adware.rules) * 1:21645 <-> DISABLED <-> PUA-ADWARE Adware.MediaGetInstaller outbound connection - source ip infected (pua-adware.rules) * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules) * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:21662 <-> DISABLED <-> SERVER-OTHER Blue Coat Systems WinProxy telnet denial of service attempt (server-other.rules) * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (exploit-kit.rules) * 1:21669 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk missing SIP version denial of service attempt (protocol-voip.rules) * 1:21672 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP capabilities response message capabilities count overflow attempt (protocol-voip.rules) * 1:21673 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP overly large mem copy attempt (protocol-voip.rules) * 1:21674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules) * 1:21675 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules) * 1:21676 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules) * 1:21677 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules) * 1:21678 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21679 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call attempt (exploit-kit.rules) * 1:21680 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21681 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21682 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21683 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21684 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21685 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21686 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:21708 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21711 <-> ENABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules) * 1:21712 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21715 <-> ENABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules) * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21718 <-> ENABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules) * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21721 <-> ENABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules) * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21724 <-> ENABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules) * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21727 <-> ENABLED <-> FILE-IDENTIFY ANI file magic detection (file-identify.rules) * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21748 <-> ENABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules) * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21751 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:21759 <-> DISABLED <-> FILE-OTHER Ultra Shareware Office HttpUpload buffer overflow attempt (file-other.rules) * 1:21763 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve Backup denial of service attempt (server-other.rules) * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules) * 1:21765 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF subroutine pointer attempt (file-pdf.rules) * 1:21767 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 Channel Driver DoS attempt (protocol-voip.rules) * 1:21768 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 Channel Driver DoS attempt (protocol-voip.rules) * 1:21777 <-> DISABLED <-> SQL waitfor delay function in POST - possible SQL injection attempt (sql.rules) * 1:21779 <-> DISABLED <-> SQL parameter ending in encoded comment characters - possible sql injection attempt - POST (sql.rules) * 1:21780 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded waitfor delay function in POST - possible sql injection attempt (indicator-obfuscation.rules) * 1:21781 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded union select function in POST - possible sql injection attempt (indicator-obfuscation.rules) * 1:21782 <-> DISABLED <-> INDICATOR-OBFUSCATION script tag in POST parameters - likely cross-site scripting (indicator-obfuscation.rules) * 1:21783 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded script tag in POST parameters - likely cross-site scripting (indicator-obfuscation.rules) * 1:21784 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded script tag in POST parameters - likely cross-site scripting (indicator-obfuscation.rules) * 1:21785 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript escape function in POST parameters - likely javascript injection (indicator-obfuscation.rules) * 1:21786 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded javascript escape function in POST parameters - likely javascript injection (indicator-obfuscation.rules) * 1:21787 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded javascript escape function in POST parameters - likely javascript injection (indicator-obfuscation.rules) * 1:21788 <-> DISABLED <-> SQL or kic = kic - known SQL injection routine (sql.rules) * 1:21789 <-> DISABLED <-> SQL or kic = kic - known SQL injection routine (sql.rules) * 1:21802 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file download request (file-identify.rules) * 1:21803 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules) * 1:21804 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules) * 1:21805 <-> DISABLED <-> FILE-MULTIMEDIA HT-MP3Player file parsing boundary buffer overflow attempt (file-multimedia.rules) * 1:21807 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules) * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21810 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:21811 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules) * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21814 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21817 <-> DISABLED <-> PROTOCOL-DNS excessive queries of type ANY - potential DoS (protocol-dns.rules) * 1:21845 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - redirect received (malware-other.rules) * 1:21848 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - page redirecting to a SutraTDS (malware-other.rules) * 1:21849 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - HTTP header redirecting to a SutraTDS (malware-other.rules) * 1:21850 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - request hi.cgi (malware-other.rules) * 1:21851 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - redirect received (malware-other.rules) * 1:21853 <-> DISABLED <-> APP-DETECT ptunnel icmp proxy (app-detect.rules) * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21858 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader msiexec.exe file load exploit attempt (file-pdf.rules) * 1:21859 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader msiexec.exe file load exploit attempt (file-pdf.rules) * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21863 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21864 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21881 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21907 <-> DISABLED <-> FILE-OFFICE Microsoft Office rtf document generic exploit indicator (file-office.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21920 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In CorelDRAW file parser buffer overflow attempt (server-oracle.rules) * 1:21921 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In CorelDRAW file parser buffer overflow attempt (server-oracle.rules) * 1:21923 <-> DISABLED <-> SERVER-APACHE Apache Tomcat PUT request remote file deployment attempt (server-apache.rules) * 1:21924 <-> DISABLED <-> PUA-ADWARE Adware.Downware variant outbound connection attempt (pua-adware.rules) * 1:21929 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules) * 1:21930 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules) * 1:21934 <-> DISABLED <-> PUA-ADWARE 888Poker install outbound connection attempt (pua-adware.rules) * 1:21938 <-> DISABLED <-> PROTOCOL-TELNET RuggedCom default backdoor login attempt (protocol-telnet.rules) * 1:21939 <-> ENABLED <-> PROTOCOL-TELNET RuggedCom telnet initial banner (protocol-telnet.rules) * 1:21941 <-> DISABLED <-> INDICATOR-COMPROMISE Wordpress Request for php file in fgallery directory (indicator-compromise.rules) * 1:21949 <-> ENABLED <-> MALWARE-OTHER nikjju script injection (malware-other.rules) * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules) * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules) * 1:21967 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip.A runtime detection (malware-backdoor.rules) * 1:21968 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Rebhip.A variant outbound connection type A (malware-backdoor.rules) * 1:21969 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Rebhip.A variant outbound connection type B (malware-backdoor.rules) * 1:21970 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zlob.P variant outbound connection (malware-backdoor.rules) * 1:21971 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zlob.P variant inbound connection (malware-backdoor.rules) * 1:21972 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.ZZSlash variant outbound connection (malware-backdoor.rules) * 1:21973 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.ZZSlash runtime detection (malware-backdoor.rules) * 1:21977 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Pinit variant outbound connection (malware-backdoor.rules) * 1:21978 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nervos variant outbound connection (malware-backdoor.rules) * 1:21979 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nervos variant inbound connection (malware-backdoor.rules) * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (file-identify.rules) * 1:22002 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Basic v6.0 - additional file magic detected (file-identify.rules) * 1:22013 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file download request (file-identify.rules) * 1:22014 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules) * 1:22015 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules) * 1:22016 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules) * 1:22017 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file download request (file-identify.rules) * 1:22018 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules) * 1:22019 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules) * 1:22020 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules) * 1:22021 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file download request (file-identify.rules) * 1:22022 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules) * 1:22023 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules) * 1:22024 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules) * 1:22025 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file download request (file-identify.rules) * 1:22026 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules) * 1:22027 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules) * 1:22028 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules) * 1:22029 <-> DISABLED <-> FILE-OTHER Visual Studio DBP file handling buffer overflow attempt (file-other.rules) * 1:22030 <-> DISABLED <-> FILE-OTHER Visual Studio PKP file handling buffer overflow attempt (file-other.rules) * 1:22031 <-> DISABLED <-> FILE-OTHER Visual Studio SLN file handling buffer overflow attempt (file-other.rules) * 1:22032 <-> DISABLED <-> FILE-OTHER Visual Studio VAP file handling buffer overflow attempt (file-other.rules) * 1:22043 <-> ENABLED <-> FILE-IDENTIFY XM file download request (file-identify.rules) * 1:22044 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules) * 1:22045 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules) * 1:22046 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules) * 1:22061 <-> ENABLED <-> MALWARE-OTHER Alureon - Malicious IFRAME load attempt (malware-other.rules) * 1:22071 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - eval (indicator-obfuscation.rules) * 1:22072 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - fromCharCode (indicator-obfuscation.rules) * 1:22073 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - unescape (indicator-obfuscation.rules) * 1:22074 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - charCode (indicator-obfuscation.rules) * 1:22079 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework EvidenceBase class remote code execution attempt (os-windows.rules) * 1:22085 <-> DISABLED <-> FILE-OFFICE Microsoft Office GDI+ incorrect index validation of malformed EMF image attempt (file-office.rules) * 1:22086 <-> DISABLED <-> FILE-OFFICE Microsoft Office GDI+ incorrect index validation of malformed EMF image attempt (file-office.rules) * 1:22087 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font maxComponentPoints overflow attempt (file-other.rules) * 1:22090 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework malicious XBAP attempt (os-windows.rules) * 1:22095 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Agent variant outbound connection (malware-backdoor.rules) * 1:22098 <-> DISABLED <-> INDICATOR-COMPROMISE hex-encoded create_function detected (indicator-compromise.rules) * 1:22110 <-> DISABLED <-> SERVER-MAIL Metamail format string exploit attempt (server-mail.rules) * 1:22111 <-> DISABLED <-> SERVER-MAIL Metamail format string exploit attempt (server-mail.rules) * 1:22112 <-> DISABLED <-> SERVER-MAIL Metamail format string exploit attempt (server-mail.rules) * 1:22113 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (server-mail.rules) * 1:22114 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (server-mail.rules) * 1:22115 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (server-mail.rules) * 1:22917 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - cmd (indicator-compromise.rules) * 1:22918 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - search (indicator-compromise.rules) * 1:22919 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - upload (indicator-compromise.rules) * 1:22920 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - about (indicator-compromise.rules) * 1:22921 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - encoder (indicator-compromise.rules) * 1:22922 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - bind (indicator-compromise.rules) * 1:22923 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ps_aux (indicator-compromise.rules) * 1:22924 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ftpquickbrute (indicator-compromise.rules) * 1:22925 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - security (indicator-compromise.rules) * 1:22926 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - sql (indicator-compromise.rules) * 1:22927 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - eval (indicator-compromise.rules) * 1:22928 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - feedback (indicator-compromise.rules) * 1:22929 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - selfremove (indicator-compromise.rules) * 1:22930 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - fsbuff (indicator-compromise.rules) * 1:22931 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ls (indicator-compromise.rules) * 1:22932 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - phpinfo (indicator-compromise.rules) * 1:22933 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - tools (indicator-compromise.rules) * 1:22940 <-> DISABLED <-> INDICATOR-COMPROMISE Win32.Virut web propagation detection (indicator-compromise.rules) * 1:22941 <-> DISABLED <-> FILE-PDF Possible malicious PDF detection - qweqwe= (file-pdf.rules) * 1:22943 <-> ENABLED <-> FILE-IDENTIFY NAB file download request (file-identify.rules) * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22946 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:22948 <-> DISABLED <-> PROTOCOL-VOIP Avaya WinPDM header buffer overflow attempt (protocol-voip.rules) * 1:22953 <-> DISABLED <-> MALWARE-TOOLS Hulk denial of service attempt (malware-tools.rules) * 1:22955 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules) * 1:22956 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules) * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22967 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules) * 1:22968 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules) * 1:22969 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules) * 1:22970 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules) * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (file-identify.rules) * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (file-identify.rules) * 1:22973 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules) * 1:22974 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules) * 1:22975 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules) * 1:22976 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules) * 1:22977 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules) * 1:22978 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules) * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22981 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules) * 1:22982 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules) * 1:22983 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules) * 1:22984 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules) * 1:22985 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:22986 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:22987 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules) * 1:22988 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules) * 1:22989 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules) * 1:22990 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules) * 1:22991 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules) * 1:22992 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules) * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22997 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22998 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22999 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23002 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules) * 1:23003 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules) * 1:23004 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:23005 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:23006 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:23007 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:23011 <-> ENABLED <-> FILE-IDENTIFY Collada file download request (file-identify.rules) * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23016 <-> DISABLED <-> INDICATOR-COMPROMISE base64-encoded c99shell download (indicator-compromise.rules) * 1:23017 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell comment (indicator-compromise.rules) * 1:23043 <-> DISABLED <-> FILE-PDF Unknown malicious PDF - CreationDate (file-pdf.rules) * 1:23044 <-> DISABLED <-> FILE-PDF Unknown malicious PDF - CreationDate (file-pdf.rules) * 1:23045 <-> DISABLED <-> FILE-PDF Unknown malicious PDF - Title (file-pdf.rules) * 1:23054 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nSSVGValue memory corruption attempt (browser-firefox.rules) * 1:23055 <-> DISABLED <-> PROTOCOL-FTP Multiple Products FTP MKD buffer overflow attempt (protocol-ftp.rules) * 1:23058 <-> ENABLED <-> MALWARE-OTHER NeoSploit Malvertising - URI Requested (malware-other.rules) * 1:23085 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - join (indicator-obfuscation.rules) * 1:23086 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - push (indicator-obfuscation.rules) * 1:23087 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - xval (indicator-obfuscation.rules) * 1:23088 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - qweqwe (indicator-obfuscation.rules) * 1:23089 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript strings - obfuscation pattern (indicator-obfuscation.rules) * 1:29669 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader pattern object memory corruption attempt (file-pdf.rules) * 1:29715 <-> DISABLED <-> SERVER-IIS Microsoft Windows ASP .NET denial of service attempt (server-iis.rules) * 1:29723 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (file-office.rules) * 1:29724 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (file-office.rules) * 1:29725 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (file-office.rules) * 1:29726 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (file-office.rules) * 1:29745 <-> DISABLED <-> INDICATOR-OBFUSCATION Alternating character encodings - JS variable (indicator-obfuscation.rules) * 1:29755 <-> DISABLED <-> BROWSER-CHROME Google Chrome and Apple Safari Ruby before and after memory corruption (browser-chrome.rules) * 1:29792 <-> DISABLED <-> SERVER-OTHER Novell iPrint Server remote code execution attempt (server-other.rules) * 1:29793 <-> DISABLED <-> SERVER-OTHER D-Link IP Cameras execution of commands from administration web interface (server-other.rules) * 1:29794 <-> DISABLED <-> SERVER-OTHER D-Link IP Cameras access to the video stream via HTTP (server-other.rules) * 1:29795 <-> DISABLED <-> SERVER-OTHER D-Link IP Cameras access the ASCII video stream via image luminance (server-other.rules) * 1:29800 <-> DISABLED <-> FILE-OTHER XML exponential entity expansion attack attempt (file-other.rules) * 1:29807 <-> DISABLED <-> INDICATOR-OBFUSCATION Alternating character encodings - JS array (indicator-obfuscation.rules) * 1:29809 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (browser-webkit.rules) * 1:29810 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (browser-webkit.rules) * 1:29811 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (browser-webkit.rules) * 1:29812 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (browser-webkit.rules) * 1:29823 <-> DISABLED <-> OS-WINDOWS Microsoft Windows secure channel malformed certificate request memory corruption attempt (os-windows.rules) * 1:29835 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode object type confusion information disclosure attempt (file-flash.rules) * 1:29836 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode object type confusion information disclosure attempt (file-flash.rules) * 1:29864 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit payload request (exploit-kit.rules) * 1:29866 <-> DISABLED <-> SERVER-IIS Microsoft Windows Server 2012 IIS OData protocol nested replace filter dos attempt (server-iis.rules) * 1:29871 <-> DISABLED <-> SERVER-ORACLE Oracle Reports server remote code execution attempt (server-oracle.rules) * 1:29874 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Dremseko outbound username enumeration (malware-backdoor.rules) * 1:29888 <-> DISABLED <-> FILE-OTHER Clam Anti-Virus TNEF file handling denial of service attempt (file-other.rules) * 1:29889 <-> DISABLED <-> FILE-OTHER Clam Anti-Virus TNEF file handling denial of service attempt (file-other.rules) * 1:29896 <-> DISABLED <-> SERVER-APACHE Apache Tomcat infinite loop denial of service attempt (server-apache.rules) * 1:29902 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:29903 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:29904 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:29905 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:29918 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Vacky system information disclosure (malware-other.rules) * 1:29926 <-> ENABLED <-> FILE-FLASH Adobe Flash Player buffer overflow attempt (file-flash.rules) * 1:29927 <-> ENABLED <-> FILE-FLASH Adobe Flash Player buffer overflow attempt (file-flash.rules) * 1:29932 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE regexp out of bounds memory leak ASLR bypass attempt (file-flash.rules) * 1:29933 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE regexp out of bounds memory leak ASLR bypass attempt (file-flash.rules) * 1:29934 <-> DISABLED <-> FILE-FLASH Adobe Flash regular expression grouping depth buffer overflow attempt (file-flash.rules) * 1:29935 <-> DISABLED <-> PROTOCOL-DNS ISC libdns client NAPTR record regular expression handling denial of service attempt (protocol-dns.rules) * 1:29938 <-> DISABLED <-> SERVER-OTHER InduSoft Web Studio Remote Agent buffer overflow attempt (server-other.rules) * 1:29939 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29940 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29941 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29942 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29950 <-> DISABLED <-> SERVER-OTHER TP-Link TL-WR740N wireless router remote denial of service attempt (server-other.rules) * 1:29951 <-> DISABLED <-> SERVER-OTHER HylaFAX plus LDAP authentication username buffer overflow attempt (server-other.rules) * 1:29952 <-> DISABLED <-> SERVER-OTHER HP LoadRunner XDR handling heap buffer overflow (server-other.rules) * 1:29953 <-> DISABLED <-> SERVER-OTHER Ubiquiti airCam RTSP service buffer overflow attempt (server-other.rules) * 1:29954 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server heap buffer overflow attempt (protocol-scada.rules) * 1:29958 <-> DISABLED <-> SERVER-OTHER multiple products HTTP HEAD request buffer overflow attempt (server-other.rules) * 1:29959 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:29960 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (protocol-scada.rules) * 1:29961 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (protocol-scada.rules) * 1:29962 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (protocol-scada.rules) * 1:29963 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (protocol-scada.rules) * 1:29964 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime directory traversal attempt (protocol-scada.rules) * 1:29965 <-> DISABLED <-> PROTOCOL-SCADA Tri PLC Nano 10 PLC denial of service attempt (protocol-scada.rules) * 1:29966 <-> DISABLED <-> SERVER-OTHER Ubiquiti airCam RTSP service buffer overflow attempt (server-other.rules) * 1:29967 <-> DISABLED <-> SERVER-OTHER Python socket.recvfrom_into remote buffer overflow attempt (server-other.rules) * 1:29968 <-> DISABLED <-> SERVER-OTHER Python socket.recvfrom_into remote buffer overflow attempt (server-other.rules) * 1:29969 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (file-java.rules) * 1:29970 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (file-java.rules) * 1:29971 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (file-java.rules) * 1:29972 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (file-java.rules) * 1:29991 <-> DISABLED <-> PUA-ADWARE The Best All Codecs App runtime detection (pua-adware.rules) * 1:30000 <-> DISABLED <-> MALWARE-BACKDOOR FireCrotch exploit kit backdoor attempt (malware-backdoor.rules) * 1:30010 <-> DISABLED <-> SERVER-APACHE Apache Solr SolrResourceLoader directory traversal attempt (server-apache.rules) * 1:30014 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:30017 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:30018 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (file-identify.rules) * 1:30032 <-> DISABLED <-> SERVER-OTHER Borland VisiBroker Smart Agent heap overflow attempt (server-other.rules) * 1:30038 <-> DISABLED <-> PUA-TOOLBARS Babylon toolbar outbound connection (pua-toolbars.rules) * 1:30070 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.iBanking outbound connection attempt (malware-other.rules) * 1:30071 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.iBanking outbound connection attempt (malware-other.rules) * 1:30072 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.iBanking outbound connection attempt (malware-other.rules) * 1:30133 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit landing page (exploit-kit.rules) * 1:30134 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit malicious payload delivery - specific string (exploit-kit.rules) * 1:30137 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - RULEZ cookie set (malware-other.rules) * 1:30138 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - RULEZ cookie (malware-other.rules) * 1:30146 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (file-flash.rules) * 1:30147 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (file-flash.rules) * 1:30148 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (file-flash.rules) * 1:30149 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (file-flash.rules) * 1:30150 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:30151 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:30152 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:30195 <-> DISABLED <-> APP-DETECT Paros proxy outbound connection attempt (app-detect.rules) * 1:30202 <-> DISABLED <-> SERVER-MAIL Mortal Universe POP Peeper uidl header overflow attempt (server-mail.rules) * 1:30205 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (server-other.rules) * 1:30206 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (server-other.rules) * 1:30207 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (server-other.rules) * 1:30212 <-> DISABLED <-> FILE-IMAGE GIMP heap buffer overflow vulnerability attempt (file-image.rules) * 1:30213 <-> DISABLED <-> FILE-IMAGE GIMP heap buffer overflow vulnerability attempt (file-image.rules) * 1:30215 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow attempt (file-multimedia.rules) * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:30218 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:30221 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit linux/x86 reverse_tcp stager transfer attempt (indicator-shellcode.rules) * 1:30222 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit shellcode linux/x86/meterpreter stage transfer attempt (indicator-shellcode.rules) * 1:30223 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit shellcode linux/x86/shell stage transfer attempt (indicator-shellcode.rules) * 1:30224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit shellcode linux/x86/shell_reverse_tcp single stage transfer attempt (indicator-shellcode.rules) * 1:30225 <-> DISABLED <-> INDICATOR-SHELLCODE possible /bin/sh shellcode transfer attempt (indicator-shellcode.rules) * 1:30226 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/meterpreter stage transfer attempt (indicator-shellcode.rules) * 1:30227 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/reverse_tcp stager transfer attempt (indicator-shellcode.rules) * 1:30228 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/shell stage transfer attempt (indicator-shellcode.rules) * 1:30229 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/shell stage transfer attempt (indicator-shellcode.rules) * 1:30236 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader field flags exploit attempt (file-pdf.rules) * 1:30237 <-> DISABLED <-> PUA-ADWARE InstallMonster initial runtime outbound connection (pua-adware.rules) * 1:30238 <-> DISABLED <-> PUA-ADWARE InstallMonster follow-up outbound connection (pua-adware.rules) * 1:30240 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules) * 1:30241 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules) * 1:30242 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:30243 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:30244 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fOdbcConn parsing remote code execution attempt (file-office.rules) * 1:30245 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules) * 1:30246 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules) * 1:30247 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules) * 1:30248 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules) * 1:30252 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor filter security policy bypass attempt (browser-chrome.rules) * 1:30253 <-> DISABLED <-> APP-DETECT Anyplace proxy header detected (app-detect.rules) * 1:30254 <-> DISABLED <-> APP-DETECT Anyplace usage attempt (app-detect.rules) * 1:30260 <-> ENABLED <-> PUA-ADWARE Lucky Leap Adware outbound connection (pua-adware.rules) * 1:30261 <-> ENABLED <-> PUA-ADWARE Lucky Leap Adware outbound connection (pua-adware.rules) * 1:30272 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Onimiki redirected client DNS request (malware-other.rules) * 1:30273 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Onimiki DNS compromised server response (malware-other.rules) * 1:30281 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool SMBv2 (policy-other.rules) * 1:30306 <-> ENABLED <-> EXPLOIT-KIT SofosFO/Stamp exploit kit plugin detection page (exploit-kit.rules) * 1:30312 <-> ENABLED <-> EXPLOIT-KIT WhiteLotus exploit kit plugin outbound detection (exploit-kit.rules) * 1:30316 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules) * 1:30317 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules) * 1:30320 <-> ENABLED <-> MALWARE-OTHER connection to malware sinkhole (malware-other.rules) * 1:30325 <-> ENABLED <-> MALWARE-OTHER malicious iframe injection redirect attempt (malware-other.rules) * 1:30326 <-> DISABLED <-> OS-LINUX Linux kernel SCTP duplicate cookie denial of service attempt (os-linux.rules) * 1:30329 <-> DISABLED <-> SERVER-OTHER McAfee Asset Manager downloadReport information disclosure attempt (server-other.rules) * 1:30330 <-> DISABLED <-> SERVER-OTHER McAfee Asset Manager downloadReport information disclosure attempt (server-other.rules) * 1:30337 <-> DISABLED <-> SERVER-OTHER Cisco Catalyst SSH protocol mismatch denial of service attempt (server-other.rules) * 1:30338 <-> DISABLED <-> SERVER-OTHER Cisco 677-678 telnet buffer overflow attempt (server-other.rules) * 1:30339 <-> DISABLED <-> SERVER-OTHER Cisco Catalyst telnet memory leak denial of service attempt (server-other.rules) * 1:30347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (file-flash.rules) * 1:30348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (file-flash.rules) * 1:30349 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (file-flash.rules) * 1:30350 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_bind_tcp (indicator-shellcode.rules) * 1:30351 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_find_port (indicator-shellcode.rules) * 1:30352 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_interact (indicator-shellcode.rules) * 1:30353 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_reverse_tcp (indicator-shellcode.rules) * 1:30354 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload android_shell_reverse_tcp (indicator-shellcode.rules) * 1:30355 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_sparc_shell_bind_tcp (indicator-shellcode.rules) * 1:30356 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_sparc_shell_reverse_tcp (indicator-shellcode.rules) * 1:30357 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_exec (indicator-shellcode.rules) * 1:30358 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_bind_ipv6_tcp (indicator-shellcode.rules) * 1:30359 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_bind_tcp (indicator-shellcode.rules) * 1:30360 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_find_port (indicator-shellcode.rules) * 1:30361 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_reverse_ipv6_tcp (indicator-shellcode.rules) * 1:30362 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_reverse_tcp (indicator-shellcode.rules) * 1:30363 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsdi_x86_shell_find_port (indicator-shellcode.rules) * 1:30364 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_awk (indicator-shellcode.rules) * 1:30365 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_inetd (indicator-shellcode.rules) * 1:30366 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_lua (indicator-shellcode.rules) * 1:30367 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_netcat (indicator-shellcode.rules) * 1:30368 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_netcat_gaping (indicator-shellcode.rules) * 1:30369 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_netcat_gaping_ipv6 (indicator-shellcode.rules) * 1:30370 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_nodejs (indicator-shellcode.rules) * 1:30371 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_perl (indicator-shellcode.rules) * 1:30372 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_perl_ipv6 (indicator-shellcode.rules) * 1:30373 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_ruby (indicator-shellcode.rules) * 1:30374 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_zsh (indicator-shellcode.rules) * 1:30375 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse (indicator-shellcode.rules) * 1:30376 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_awk (indicator-shellcode.rules) * 1:30377 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_lua (indicator-shellcode.rules) * 1:30378 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_openssl (indicator-shellcode.rules) * 1:30379 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (indicator-shellcode.rules) * 1:30380 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl_ssl (indicator-shellcode.rules) * 1:30381 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_php_ssl (indicator-shellcode.rules) * 1:30382 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_python (indicator-shellcode.rules) * 1:30383 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_ruby (indicator-shellcode.rules) * 1:30384 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_ruby_ssl (indicator-shellcode.rules) * 1:30385 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_zsh (indicator-shellcode.rules) * 1:30386 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_adduser (indicator-shellcode.rules) * 1:30387 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_bind_perl (indicator-shellcode.rules) * 1:30388 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_bind_perl_ipv6 (indicator-shellcode.rules) * 1:30389 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_bind_ruby (indicator-shellcode.rules) * 1:30390 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_download_exec_vbs (indicator-shellcode.rules) * 1:30391 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_reverse_perl (indicator-shellcode.rules) * 1:30392 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_reverse_powershell (indicator-shellcode.rules) * 1:30393 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_reverse_ruby (indicator-shellcode.rules) * 1:30394 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload firefox_exec (indicator-shellcode.rules) * 1:30395 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload firefox_shell_bind_tcp (indicator-shellcode.rules) * 1:30396 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload java_jsp_shell_bind_tcp (indicator-shellcode.rules) * 1:30397 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload java_shell_reverse_tcp (indicator-shellcode.rules) * 1:30398 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_adduser (indicator-shellcode.rules) * 1:30399 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_exec (indicator-shellcode.rules) * 1:30400 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_shell_bind_tcp (indicator-shellcode.rules) * 1:30401 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_shell_reverse_tcp (indicator-shellcode.rules) * 1:30402 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsbe_shell_bind_tcp (indicator-shellcode.rules) * 1:30403 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsbe_shell_reverse_tcp (indicator-shellcode.rules) * 1:30404 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsle_reboot (indicator-shellcode.rules) * 1:30405 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsle_shell_bind_tcp (indicator-shellcode.rules) * 1:30406 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsle_shell_reverse_tcp (indicator-shellcode.rules) * 1:30407 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc64_shell_bind_tcp (indicator-shellcode.rules) * 1:30408 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc64_shell_find_port (indicator-shellcode.rules) * 1:30409 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc_shell_bind_tcp (indicator-shellcode.rules) * 1:30410 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc_shell_find_port (indicator-shellcode.rules) * 1:30411 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_exec (indicator-shellcode.rules) * 1:30412 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_bind_tcp (indicator-shellcode.rules) * 1:30413 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_bind_tcp_random_port (indicator-shellcode.rules) * 1:30414 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_find_port (indicator-shellcode.rules) * 1:30415 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_reverse_tcp (indicator-shellcode.rules) * 1:30416 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_adduser (indicator-shellcode.rules) * 1:30417 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_chmod (indicator-shellcode.rules) * 1:30418 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_exec (indicator-shellcode.rules) * 1:30419 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_bind_ipv6_tcp (indicator-shellcode.rules) * 1:30420 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_bind_nonx_tcp (indicator-shellcode.rules) * 1:30421 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_bind_tcp (indicator-shellcode.rules) * 1:30422 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_find_tag (indicator-shellcode.rules) * 1:30423 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_reverse_ipv6_tcp (indicator-shellcode.rules) * 1:30424 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_reverse_nonx_tcp (indicator-shellcode.rules) * 1:30425 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_reverse_tcp (indicator-shellcode.rules) * 1:30426 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_bind_ipv6_tcp (indicator-shellcode.rules) * 1:30427 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_bind_tcp (indicator-shellcode.rules) * 1:30428 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_bind_tcp_random_port (indicator-shellcode.rules) * 1:30429 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_find_port (indicator-shellcode.rules) * 1:30430 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_reverse_tcp (indicator-shellcode.rules) * 1:30431 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_reverse_tcp2 (indicator-shellcode.rules) * 1:30432 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload netware_shell_reverse_tcp (indicator-shellcode.rules) * 1:30433 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload nodejs_shell_bind_tcp (indicator-shellcode.rules) * 1:30434 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_armle_shell_bind_tcp (indicator-shellcode.rules) * 1:30435 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_armle_shell_reverse_tcp (indicator-shellcode.rules) * 1:30436 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_armle_vibrate (indicator-shellcode.rules) * 1:30437 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_ppc_shell_bind_tcp (indicator-shellcode.rules) * 1:30438 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_ppc_shell_find_tag (indicator-shellcode.rules) * 1:30439 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_ppc_shell_reverse_tcp (indicator-shellcode.rules) * 1:30440 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_dupandexecve_bind_tcp (indicator-shellcode.rules) * 1:30441 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_dupandexecve_reverse_tcp (indicator-shellcode.rules) * 1:30442 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_exec (indicator-shellcode.rules) * 1:30443 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_say (indicator-shellcode.rules) * 1:30444 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_shell_find_tag (indicator-shellcode.rules) * 1:30445 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_shell_reverse_tcp (indicator-shellcode.rules) * 1:30446 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_exec (indicator-shellcode.rules) * 1:30447 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_isight_bind_tcp (indicator-shellcode.rules) * 1:30448 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_isight_reverse_tcp (indicator-shellcode.rules) * 1:30449 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_shell_find_port (indicator-shellcode.rules) * 1:30450 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_vforkshell_bind_tcp (indicator-shellcode.rules) * 1:30451 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_vforkshell_reverse_tcp (indicator-shellcode.rules) * 1:30452 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_bind_perl (indicator-shellcode.rules) * 1:30453 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_download_exec (indicator-shellcode.rules) * 1:30454 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_exec (indicator-shellcode.rules) * 1:30455 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_meterpreter_bind_tcp (indicator-shellcode.rules) * 1:30456 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_meterpreter_reverse_tcp (indicator-shellcode.rules) * 1:30457 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_reverse_perl (indicator-shellcode.rules) * 1:30458 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_reverse_php (indicator-shellcode.rules) * 1:30459 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_shell_findsock (indicator-shellcode.rules) * 1:30460 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload python_meterpreter_bind_tcp (indicator-shellcode.rules) * 1:30461 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload python_shell_reverse_tcp_ssl (indicator-shellcode.rules) * 1:30462 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload ruby_shell_bind_tcp (indicator-shellcode.rules) * 1:30463 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload ruby_shell_reverse_tcp (indicator-shellcode.rules) * 1:30464 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload ruby_shell_reverse_tcp_ssl (indicator-shellcode.rules) * 1:30465 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_sparc_shell_bind_tcp (indicator-shellcode.rules) * 1:30466 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_sparc_shell_find_port (indicator-shellcode.rules) * 1:30467 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_sparc_shell_reverse_tcp (indicator-shellcode.rules) * 1:30468 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_x86_shell_bind_tcp (indicator-shellcode.rules) * 1:30469 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_x86_shell_find_port (indicator-shellcode.rules) * 1:30470 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_x86_shell_reverse_tcp (indicator-shellcode.rules) * 1:30471 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_adduser (indicator-shellcode.rules) * 1:30472 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_messagebox (indicator-shellcode.rules) * 1:30473 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_bind_nonx_tcp (indicator-shellcode.rules) * 1:30474 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_bind_tcp (indicator-shellcode.rules) * 1:30475 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_find_tag (indicator-shellcode.rules) * 1:30476 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_reverse_ord_tcp (indicator-shellcode.rules) * 1:30477 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_shell_bind_tcp_xpfw (indicator-shellcode.rules) * 1:30478 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_speak_pwned (indicator-shellcode.rules) * 1:30479 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_x64_exec (indicator-shellcode.rules) * 1:30480 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_x64_meterpreter_reverse_https (indicator-shellcode.rules) * 1:30485 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:30486 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:30487 <-> DISABLED <-> SERVER-OTHER Zilab Chat and Instant Messaging server heap overflow attempt (server-other.rules) * 1:30488 <-> DISABLED <-> SERVER-OTHER Zilab Chat and Instant Messaging server channel join heap overflow attempt (server-other.rules) * 1:30489 <-> DISABLED <-> SERVER-OTHER Zilab Chat and Instant Messaging server connection heap overflow attempt (server-other.rules) * 1:30492 <-> DISABLED <-> PUA-ADWARE Win.Adware.Boaxxe suspicious advert traffic related to click fraud (pua-adware.rules) * 1:30493 <-> DISABLED <-> PUA-ADWARE Win.Adware.Boaxxe suspicious advert traffic related to click fraud (pua-adware.rules) * 1:30496 <-> DISABLED <-> PUA-ADWARE Win.Adware.Boaxxe suspicious advert traffic related to click fraud (pua-adware.rules) * 1:30507 <-> DISABLED <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt (server-other.rules) * 1:30510 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30511 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30512 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30513 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30514 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30515 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30516 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30517 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30520 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 heartbeat read overrun attempt - vulnerable client response (server-other.rules) * 1:30521 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 heartbeat read overrun attempt - vulnerable client response (server-other.rules) * 1:30522 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - vulnerable client response (server-other.rules) * 1:30523 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt - vulnerable client response (server-other.rules) * 1:30524 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30525 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30530 <-> DISABLED <-> FILE-MULTIMEDIA CoCSoft Stream Down SEH based buffer overflow attempt (file-multimedia.rules) * 1:30531 <-> DISABLED <-> FILE-MULTIMEDIA CoCSoft Stream Down SEH based buffer overflow attempt (file-multimedia.rules) * 1:30532 <-> ENABLED <-> FILE-MULTIMEDIA CoCSoft Stream Download session (file-multimedia.rules) * 1:30535 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:30536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:30537 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:30538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:30539 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigateToUrl hidden channel to file creation (file-flash.rules) * 1:30540 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigateToUrl hidden channel to file creation (file-flash.rules) * 1:30549 <-> ENABLED <-> SERVER-OTHER OpenSSL Heartbleed masscan access exploitation attempt (server-other.rules) * 1:30562 <-> ENABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 stack buffer overflow attempt (protocol-scada.rules) * 1:30564 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime long rnet atom size buffer overflow attempt (file-multimedia.rules) * 1:30565 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime long rnet atom size buffer overflow attempt (file-multimedia.rules) * 1:30567 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent E-FAX phishing attempt (malware-other.rules) * 1:30568 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent E-FAX phishing attempt (malware-other.rules) * 1:30569 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent Funeral ceremony phishing attempt (malware-other.rules) * 1:30711 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30712 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30713 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30714 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30715 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30716 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30717 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30718 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30719 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30720 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30721 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30722 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30723 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30724 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30725 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30726 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30727 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30728 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30729 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30730 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30731 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30732 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30733 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30734 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30735 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30736 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30737 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30738 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30739 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30740 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30741 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30742 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30756 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30757 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30758 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30759 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30760 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file download request (file-identify.rules) * 1:30761 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:30762 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:30763 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:30764 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:30765 <-> DISABLED <-> PUA-TOOLBARS Inbox Public Transport Toolbar outbound connection (pua-toolbars.rules) * 1:30766 <-> ENABLED <-> EXPLOIT-KIT Magnitude exploit kit landing page (exploit-kit.rules) * 1:30770 <-> DISABLED <-> FILE-PDF Foxit Reader CFF CharStrings buffer overflow attempt (file-pdf.rules) * 1:30771 <-> DISABLED <-> FILE-PDF Foxit Reader CFF CharStrings buffer overflow attempt (file-pdf.rules) * 1:30777 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30778 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30779 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30780 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30781 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30782 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30783 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30784 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30785 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30786 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30787 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30788 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30790 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30791 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30792 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30793 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30797 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 RETR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30798 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 STOR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30799 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 ATTR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30800 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 XATR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30801 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 PMODE bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30802 <-> ENABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 bkclogserv buffer overflow attempt (protocol-scada.rules) * 1:30816 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - invalid reference type (protocol-scada.rules) * 1:30817 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large byte count (protocol-scada.rules) * 1:30818 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large reference value (protocol-scada.rules) * 1:30819 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - small byte count (protocol-scada.rules) * 1:30820 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - invalid reference type (protocol-scada.rules) * 1:30821 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large byte count (protocol-scada.rules) * 1:30822 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large reference value (protocol-scada.rules) * 1:30823 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - small byte count (protocol-scada.rules) * 1:30843 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Reader cross-site scripting attempt (file-flash.rules) * 1:30844 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Reader cross-site scripting attempt (file-flash.rules) * 1:30845 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF ActionScript exploit attempt (file-flash.rules) * 1:30846 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF ActionScript exploit attempt (file-flash.rules) * 1:30852 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page - base64 encoded xml/jnlp statement (exploit-kit.rules) * 1:30853 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain bitseed.xf2.org (app-detect.rules) * 1:30854 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.btcltcftc.com (app-detect.rules) * 1:30855 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.fc.altcointech.net (app-detect.rules) * 1:30856 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.feathercoin.com (app-detect.rules) * 1:30857 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.koin-project.com (app-detect.rules) * 1:30858 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.litecoinpool.org (app-detect.rules) * 1:30859 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.litecointools.com (app-detect.rules) * 1:30860 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.ltc.xurious.com (app-detect.rules) * 1:30861 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.ppc.altcointech.net (app-detect.rules) * 1:30862 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.xpm.altcointech.net (app-detect.rules) * 1:30863 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dvcstable01.dvcnode.org (app-detect.rules) * 1:30864 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dvcstable02.dvcnode.org (app-detect.rules) * 1:30865 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.bitcoinstats.com (app-detect.rules) * 1:30866 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.dglibrary.org (app-detect.rules) * 1:30867 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.dogechain.info (app-detect.rules) * 1:30868 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.dogecoin.com (app-detect.rules) * 1:30869 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.mophides.com (app-detect.rules) * 1:30870 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.ppcoin.net (app-detect.rules) * 1:30871 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed1.metiscoininvest.info (app-detect.rules) * 1:30872 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed1.net.terracoin.org (app-detect.rules) * 1:30873 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed1.qrkcoin.org (app-detect.rules) * 1:30874 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed2.net.terracoin.org (app-detect.rules) * 1:30875 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain tnseed.ppcoin.net (app-detect.rules) * 1:30878 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit mp3 requested by Java (exploit-kit.rules) * 1:30898 <-> DISABLED <-> FILE-OTHER Microsoft Windows Briefcase integer underflow (file-other.rules) * 1:30904 <-> DISABLED <-> FILE-OTHER RARLAB WinRAR ZIP format filename spoof attempt (file-other.rules) * 1:30907 <-> DISABLED <-> FILE-OTHER RARLAB WinRAR ZIP format filename spoof attempt (file-other.rules) * 1:30920 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit redirection gate (exploit-kit.rules) * 1:30927 <-> DISABLED <-> PUA-ADWARE Win.Adware.Linkular variant outbound connection (pua-adware.rules) * 1:30930 <-> DISABLED <-> PUA-ADWARE Win.Adware.FakeAV variant outbound connection (pua-adware.rules) * 1:24008 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool (policy-other.rules) * 1:24017 <-> ENABLED <-> MALWARE-OTHER Possible malicious redirect - rebots.php (malware-other.rules) * 1:24020 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24021 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24022 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24023 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24024 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24025 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24027 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24028 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24036 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24037 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24038 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24045 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file download request (file-identify.rules) * 1:24046 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules) * 1:24047 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules) * 1:24048 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file download request (file-identify.rules) * 1:24049 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules) * 1:24050 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules) * 1:24051 <-> DISABLED <-> FILE-OTHER Winamp skin file arbitrary code execution attempt (file-other.rules) * 1:24052 <-> DISABLED <-> FILE-OTHER Winamp skin file arbitrary code execution attempt (file-other.rules) * 1:24055 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24056 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24057 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24058 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24064 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24065 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24066 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24067 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 buffer over-read attempt (file-other.rules) * 1:24068 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 bufer over-read attempt (file-other.rules) * 1:24069 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 buffer over-read attempt (file-other.rules) * 1:24070 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 buffer over-read attempt (file-other.rules) * 1:24074 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24084 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24085 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24086 <-> DISABLED <-> PUA-ADWARE Adware.AdultAds outbound connection (pua-adware.rules) * 1:24089 <-> ENABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (os-windows.rules) * 1:24094 <-> DISABLED <-> APP-DETECT Teamviewer control server ping (app-detect.rules) * 1:24095 <-> DISABLED <-> APP-DETECT Teamviewer installer download attempt (app-detect.rules) * 1:24096 <-> DISABLED <-> APP-DETECT Teamviewer remote connection attempt (app-detect.rules) * 1:24097 <-> DISABLED <-> APP-DETECT Teamviewer remote connection attempt (app-detect.rules) * 1:24098 <-> DISABLED <-> APP-DETECT Teamviewer remote connection attempt (app-detect.rules) * 1:24099 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection attempt (malware-other.rules) * 1:24100 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:24101 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:24103 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPG file (malware-other.rules) * 1:24104 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPEG file (malware-other.rules) * 1:24105 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a GIF file (malware-other.rules) * 1:24106 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a PNG file (malware-other.rules) * 1:24107 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a BMP file (malware-other.rules) * 1:24108 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a RAR file (malware-other.rules) * 1:24109 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a ZIP file (malware-other.rules) * 1:24110 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to an MP3 file (malware-other.rules) * 1:24114 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic avoid_underscore_tolower encoder (indicator-shellcode.rules) * 1:24115 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24116 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24117 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24118 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24119 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24120 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24121 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24122 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24123 <-> DISABLED <-> MALWARE-BACKDOOR Virus.Win32.Xpaj.A variant outbound connection (malware-backdoor.rules) * 1:24125 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24126 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24127 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - QUERY_PATH_INFO csrss.exe (indicator-compromise.rules) * 1:24128 <-> DISABLED <-> OS-WINDOWS Microsoft SCCM ReportChart xss attempt (os-windows.rules) * 1:24129 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel catLabel pointer manipulation attempt (file-office.rules) * 1:24130 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel catLabel pointer manipulation attempt (file-office.rules) * 1:24131 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24132 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24133 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24134 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24135 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24136 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24137 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24143 <-> ENABLED <-> MALWARE-OTHER Dorifel/Quervar/XDocCrypt query for machine name KASPERSKY (malware-other.rules) * 1:24144 <-> ENABLED <-> MALWARE-OTHER Dorifel/Quervar/XDocCrypt download (malware-other.rules) * 1:24145 <-> ENABLED <-> MALWARE-OTHER Dorifel/Quervar/XDocCrypt sent over email (malware-other.rules) * 1:24148 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious charstring stream attempt (file-pdf.rules) * 1:24149 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious charstring stream attempt (file-pdf.rules) * 1:24152 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF bytecode memory corruption attempt (file-pdf.rules) * 1:24153 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF bytecode memory corruption attempt (file-pdf.rules) * 1:24154 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader free text annotation invalid IT value denial of service attempt (file-pdf.rules) * 1:24155 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader free text annotation invalid IT value denial of service attempt (file-pdf.rules) * 1:24159 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24160 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24161 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24162 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24163 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24164 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24165 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24166 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24167 <-> DISABLED <-> INDICATOR-OBFUSCATION document write of unescaped value with remote script (indicator-obfuscation.rules) * 1:24168 <-> DISABLED <-> INDICATOR-OBFUSCATION hidden iframe - potential include of malicious content (indicator-obfuscation.rules) * 1:24173 <-> DISABLED <-> MALWARE-BACKDOOR Trojan-Downloader.Win32.Doneltart.A runtime detection (malware-backdoor.rules) * 1:24176 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24177 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24178 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24179 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24180 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24181 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24190 <-> ENABLED <-> FILE-IDENTIFY X PixMap file magic detected (file-identify.rules) * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules) * 1:24209 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow (file-other.rules) * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24218 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:24219 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:24221 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24222 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24223 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24225 <-> ENABLED <-> MALWARE-OTHER malicious redirection attempt (malware-other.rules) * 1:24229 <-> DISABLED <-> FILE-OTHER RealNetworks Netzip Classic zip archive long filename buffer overflow attempt (file-other.rules) * 1:24230 <-> DISABLED <-> FILE-OTHER RealNetworks Netzip Classic zip archive long filename buffer overflow attempt (file-other.rules) * 1:24231 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit redirection attempt (exploit-kit.rules) * 1:24232 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit outbound connection (exploit-kit.rules) * 1:24233 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit outbound connection (exploit-kit.rules) * 1:24234 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit outbound connection (exploit-kit.rules) * 1:24250 <-> DISABLED <-> SERVER-OTHER telephone URI to USSD code for factory reset (server-other.rules) * 1:24251 <-> DISABLED <-> OS-MOBILE Android/Fakelash.A!tr.spy trojan command and control channel traffic (os-mobile.rules) * 1:24253 <-> DISABLED <-> INDICATOR-COMPROMISE IP only webpage redirect attempt (indicator-compromise.rules) * 1:24254 <-> DISABLED <-> INDICATOR-COMPROMISE IP only webpage redirect attempt (indicator-compromise.rules) * 1:24256 <-> ENABLED <-> MALWARE-BACKDOOR phpMyAdmin server_sync.php backdoor access attempt (malware-backdoor.rules) * 1:24257 <-> ENABLED <-> MALWARE-OTHER mygeeksmail.dll download (malware-other.rules) * 1:24258 <-> ENABLED <-> MALWARE-OTHER mygeeksmail.dll download (malware-other.rules) * 1:24259 <-> ENABLED <-> MALWARE-OTHER PwDump7.exe download (malware-other.rules) * 1:24260 <-> ENABLED <-> MALWARE-OTHER PwDump7.exe download (malware-other.rules) * 1:24261 <-> ENABLED <-> MALWARE-OTHER Lanman2.dll download (malware-other.rules) * 1:24262 <-> ENABLED <-> MALWARE-OTHER Lanman2.dll download (malware-other.rules) * 1:24264 <-> DISABLED <-> FILE-PDF Overly large CreationDate within a pdf - likely malicious (file-pdf.rules) * 1:24265 <-> ENABLED <-> MALWARE-OTHER Malicious UA detected on non-standard port (malware-other.rules) * 1:24266 <-> DISABLED <-> FILE-PDF xpdf ObjectStream integer overflow (file-pdf.rules) * 1:24270 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk RTP comfort noise denial of service attempt (protocol-voip.rules) * 1:24283 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC webm memory corruption attempt (file-multimedia.rules) * 1:24290 <-> DISABLED <-> SERVER-OTHER Fortinet FortiOS appliedTags field cross site scripting attempt (server-other.rules) * 1:24294 <-> DISABLED <-> PROTOCOL-ICMP IPv6 neighbor advertisement flood attempt (protocol-icmp.rules) * 1:24295 <-> DISABLED <-> PROTOCOL-ICMP suspicious IPv6 router advertisement attempt (protocol-icmp.rules) * 1:24296 <-> DISABLED <-> PROTOCOL-ICMP IPv6 router advertisement invalid prefix option attempt (protocol-icmp.rules) * 1:24297 <-> DISABLED <-> PROTOCOL-ICMP IPv6 oversized ICMP ping attempt (protocol-icmp.rules) * 1:24298 <-> DISABLED <-> PROTOCOL-ICMP IPv6 0xdeadbeef ICMP ping attempt (protocol-icmp.rules) * 1:24299 <-> DISABLED <-> PROTOCOL-ICMP IPv6 invalid router advertisement attempt (protocol-icmp.rules) * 1:24301 <-> DISABLED <-> PROTOCOL-ICMP IPv6 MLD multicast listener query attempt (protocol-icmp.rules) * 1:24302 <-> DISABLED <-> PROTOCOL-ICMP IPv6 multicast neighbor delete attempt (protocol-icmp.rules) * 1:24304 <-> DISABLED <-> PROTOCOL-DNS dead alive6 DNS attempt (protocol-dns.rules) * 1:24305 <-> DISABLED <-> PROTOCOL-ICMP invalid ICMPv6 header attempt (protocol-icmp.rules) * 1:24306 <-> DISABLED <-> SERVER-APACHE HP Operations Dashboard Apache Tomcat default admin account access attempt (server-apache.rules) * 1:24311 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Downloader download (malware-other.rules) * 1:24312 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Downloader inbound email (malware-other.rules) * 1:24344 <-> ENABLED <-> EXPLOIT-KIT Unknown exploit kit redirection page (exploit-kit.rules) * 1:24348 <-> DISABLED <-> SERVER-APACHE Apache mod_rpaf X-Forwarded-For header denial of service attempt (server-apache.rules) * 1:24355 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server Reporting Services cross site scripting attempt (server-mssql.rules) * 1:24356 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server Reporting Services cross site scripting attempt (server-mssql.rules) * 1:24359 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules) * 1:24360 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Kerberos NULL session denial of service attempt (os-windows.rules) * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24370 <-> DISABLED <-> OS-LINUX Linux kernel IA32 out-of-bounds system call attempt (os-linux.rules) * 1:24371 <-> DISABLED <-> OS-LINUX Linux kernel IA32 out-of-bounds system call attempt (os-linux.rules) * 1:24372 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules) * 1:24376 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.Delf.KDV runtime detection (malware-backdoor.rules) * 1:24377 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.FakeAV.FakeAlert runtime detection (malware-backdoor.rules) * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules) * 1:24379 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules) * 1:24386 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products xdomain object information disclosure attempt (browser-firefox.rules) * 1:24387 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products xdomain object information disclosure attempt (browser-firefox.rules) * 1:24388 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro file upload (indicator-compromise.rules) * 1:24389 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro status check (indicator-compromise.rules) * 1:24390 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro start perl (indicator-compromise.rules) * 1:24391 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro start php (indicator-compromise.rules) * 1:24392 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro write file (indicator-compromise.rules) * 1:24393 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro stop attack (indicator-compromise.rules) * 1:24394 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro start attack (indicator-compromise.rules) * 1:24395 <-> DISABLED <-> MALWARE-OTHER itsoknoproblembro TCP flood (malware-other.rules) * 1:24396 <-> DISABLED <-> MALWARE-OTHER itsoknoproblembro UDP flood (malware-other.rules) * 1:24397 <-> DISABLED <-> APP-DETECT Steam game URI handler (app-detect.rules) * 1:24400 <-> DISABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Protos.A runtime detection (malware-backdoor.rules) * 1:24401 <-> DISABLED <-> OS-WINDOWS PCT Client_Hello overflow attempt (os-windows.rules) * 1:24402 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO install time detection (malware-backdoor.rules) * 1:24403 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (malware-backdoor.rules) * 1:24404 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (malware-backdoor.rules) * 1:24408 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Miniflame download attempt (malware-other.rules) * 1:24409 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Miniflame download attempt (malware-other.rules) * 1:24410 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gauss download attempt (malware-other.rules) * 1:24411 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gauss download attempt (malware-other.rules) * 1:24412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules) * 1:24413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules) * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24421 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL injection attempt (protocol-scada.rules) * 1:24422 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL injection attempt (protocol-scada.rules) * 1:24423 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL hard coded user login attempt (protocol-scada.rules) * 1:24424 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL hard coded user login attempt (protocol-scada.rules) * 1:24425 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi command injection attempt (protocol-scada.rules) * 1:24426 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot class download (malware-other.rules) * 1:24427 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot jar download (malware-other.rules) * 1:24432 <-> DISABLED <-> BROWSER-OTHER HTML5 canvas element heap spray attempt (browser-other.rules) * 1:24433 <-> DISABLED <-> BROWSER-OTHER HTML5 canvas element heap spray attempt (browser-other.rules) * 1:24434 <-> DISABLED <-> INDICATOR-COMPROMISE fx29shell.php connection attempt (indicator-compromise.rules) * 1:24453 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules) * 1:24454 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules) * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24459 <-> ENABLED <-> FILE-IDENTIFY PSD file download request (file-identify.rules) * 1:24460 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules) * 1:24461 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules) * 1:24462 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules) * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:24466 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules) * 1:24467 <-> ENABLED <-> FILE-IDENTIFY XCF file download request (file-identify.rules) * 1:24468 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules) * 1:24469 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules) * 1:24470 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules) * 1:24471 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules) * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24474 <-> DISABLED <-> BROWSER-OTHER Puffin Browser usage detected (browser-other.rules) * 1:24476 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:24477 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:24478 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:24479 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:24481 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24488 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI common name spoofing attempt (os-windows.rules) * 1:24489 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI common name spoofing attempt (os-windows.rules) * 1:24490 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI common name spoofing attempt (os-windows.rules) * 1:24498 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules) * 1:24499 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules) * 1:24506 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader null pointer dereference attempt (file-pdf.rules) * 1:24510 <-> DISABLED <-> FILE-JAVA Oracle Java XGetSamplePtrFromSnd memory corruption attempt (file-java.rules) * 1:24511 <-> DISABLED <-> FILE-JAVA Oracle Java XGetSamplePtrFromSnd memory corruption attempt (file-java.rules) * 1:24512 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules) * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules) * 1:24515 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Lucuis malware file download (malware-other.rules) * 1:24516 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Lucuis malware file download (malware-other.rules) * 1:24522 <-> DISABLED <-> SERVER-OTHER VxWorks RPC request to MGCP service attempt (server-other.rules) * 1:24524 <-> DISABLED <-> SERVER-MAIL Novell GroupWise internet agent iCalendar parsing denial of service attempt (server-mail.rules) * 1:24530 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.Ransomlock runtime detection (malware-backdoor.rules) * 1:24536 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules) * 1:24537 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules) * 1:24538 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules) * 1:24540 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Spy.Heur variant outbound connection attempt (malware-backdoor.rules) * 1:24545 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client response (malware-backdoor.rules) * 1:24551 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:24552 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:24553 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24580 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:24581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:24582 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:24583 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:24584 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:24585 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:24589 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24590 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24591 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24592 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24594 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.MiniFlame C&C command response attempt (malware-other.rules) * 1:24598 <-> DISABLED <-> POLICY-SPAM 1.usa.gov URL in email, possible spam redirect (policy-spam.rules) * 1:24600 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24601 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24602 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24603 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24604 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24605 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24606 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24607 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24609 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24610 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24611 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24612 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24613 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24614 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24615 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24616 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24617 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24618 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24619 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24620 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24621 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24622 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24625 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules) * 1:24626 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules) * 1:24627 <-> DISABLED <-> SERVER-OTHER Quest NetVault SmartDisk libnvbasics.dll denial of service attempt (server-other.rules) * 1:24648 <-> DISABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules) * 1:24649 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:24650 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:24651 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file download request (file-identify.rules) * 1:24652 <-> DISABLED <-> FILE-OTHER Microsoft proxy autoconfig script system library import attempt (file-other.rules) * 1:24655 <-> DISABLED <-> OS-WINDOWS Microsoft .NET fully qualified System.Data.dll assembly name exploit attempt (os-windows.rules) * 1:24656 <-> DISABLED <-> OS-WINDOWS Microsoft .NET fully qualified System.Data.dll assembly name exploit attempt (os-windows.rules) * 1:24658 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record code execution attempt (file-office.rules) * 1:24659 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record code execution attempt (file-office.rules) * 1:24664 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET blacklisted method reflection sandbox bypass attempt (file-executable.rules) * 1:24665 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET blacklisted method reflection sandbox bypass attempt (file-executable.rules) * 1:24673 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SST record invalid length memory corruption attempt (file-office.rules) * 1:24674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SST record invalid length memory corruption attempt (file-office.rules) * 1:24708 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file download request (file-identify.rules) * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24721 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader empty object page tree node reference attempt (file-pdf.rules) * 1:24722 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader empty object page tree node reference attempt (file-pdf.rules) * 1:24727 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules) * 1:24763 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules) * 1:24764 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules) * 1:24770 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24785 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit possible redirection attempt (exploit-kit.rules) * 1:24786 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java Exploit request structure (exploit-kit.rules) * 1:24787 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java Exploit download (exploit-kit.rules) * 1:24788 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit PDF Exploit request structure (exploit-kit.rules) * 1:24789 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit PDF Exploit download attempt (exploit-kit.rules) * 1:24790 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Portable Executable request (exploit-kit.rules) * 1:24791 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Portable Executable download (exploit-kit.rules) * 1:24799 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.Imuler suspicious download (malware-other.rules) * 1:24800 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.Imuler suspicious download (malware-other.rules) * 1:24805 <-> DISABLED <-> SERVER-OTHER lighthttpd connection header denial of service attempt (server-other.rules) * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24814 <-> DISABLED <-> PROTOCOL-SNMP Samsung printer default community string (protocol-snmp.rules) * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24818 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24819 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (file-identify.rules) * 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24824 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file download request (file-identify.rules) * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24866 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (server-iis.rules) * 1:24867 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (server-iis.rules) * 1:24868 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint bad text header txttype attempt (file-office.rules) * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24883 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules) * 1:24884 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules) * 1:24888 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules) * 1:24889 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:24891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action InitArray stack overflow attempt (file-flash.rules) * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24894 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24897 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL grant file long database name stack overflow attempt (server-mysql.rules) * 1:24899 <-> ENABLED <-> MALWARE-OTHER Compromised Website response - leads to Exploit Kit (malware-other.rules) * 1:24900 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules) * 1:24901 <-> ENABLED <-> FILE-IDENTIFY JNLP file download request (file-identify.rules) * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24908 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL user enumeration attempt (server-mysql.rules) * 1:24909 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL select UpdateXML nested xml elements denial of service attempt (server-mysql.rules) * 1:24910 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL MDL free corrupted pointer heap overflow attempt (server-mysql.rules) * 1:24912 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In Excel file parsing integer overflow attempt (server-oracle.rules) * 1:24955 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:24972 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 find file and directory info request (netbios.rules) * 1:24977 <-> ENABLED <-> EXPLOIT-KIT ProPack exploit kit outbound connection attempt (exploit-kit.rules) * 1:24978 <-> ENABLED <-> EXPLOIT-KIT ProPack exploit kit outbound payload request (exploit-kit.rules) * 1:24979 <-> ENABLED <-> EXPLOIT-KIT ProPack exploit kit outbound connection (exploit-kit.rules) * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24988 <-> DISABLED <-> MALWARE-OTHER itsoknoproblembro v2 UDP flood attempt (malware-other.rules) * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:25001 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Narilam variant outbound connection (malware-other.rules) * 1:25002 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Narilam variant inbound attachemtn (malware-other.rules) * 1:25012 <-> DISABLED <-> FILE-OTHER Sophos CAB CFDATA cbData overflow attempt (file-other.rules) * 1:25013 <-> DISABLED <-> FILE-OTHER Sophos CAB CFDATA cbData overflow attempt (file-other.rules) * 1:25014 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file magic detected (file-identify.rules) * 1:25015 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - NOP command attempt (malware-backdoor.rules) * 1:25018 <-> ENABLED <-> MALWARE-OTHER connection to malware sinkhole (malware-other.rules) * 1:25020 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules) * 1:25031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent variant outbound connection (malware-other.rules) * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (file-identify.rules) * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25039 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules) * 1:25040 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules) * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (exploit-kit.rules) * 1:25046 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java V6 exploit download (exploit-kit.rules) * 1:25047 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java V7 exploit download (exploit-kit.rules) * 1:25048 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit PDF Library exploit download (exploit-kit.rules) * 1:25057 <-> DISABLED <-> PROTOCOL-SCADA Tridium Niagara directory traversal config.bog access attempt (protocol-scada.rules) * 1:25058 <-> DISABLED <-> SERVER-OTHER IBM Director CIM server alert indication request dll injection attempt (server-other.rules) * 1:25059 <-> DISABLED <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt (server-other.rules) * 1:25060 <-> DISABLED <-> INDICATOR-OBFUSCATION ActiveX multiple adjacent object tags (indicator-obfuscation.rules) * 1:25080 <-> DISABLED <-> APP-DETECT Apple Messages push.apple.com DNS TXT request attempt (app-detect.rules) * 1:25081 <-> DISABLED <-> APP-DETECT Apple Messages courier.push.apple.com DNS TXT request attempt (app-detect.rules) * 1:25082 <-> DISABLED <-> APP-DETECT Apple Messages client side certificate request attempt (app-detect.rules) * 1:25083 <-> DISABLED <-> APP-DETECT Apple Messages service server request attempt (app-detect.rules) * 1:25084 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25085 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25086 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25087 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25088 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25089 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25090 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25091 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25092 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool variant outbound connection (malware-other.rules) * 1:25094 <-> ENABLED <-> MALWARE-OTHER PERL.Exploit.C99 suspicious file download (malware-other.rules) * 1:25095 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules) * 1:25096 <-> ENABLED <-> MALWARE-OTHER PHP.Exploit.C99 suspicious file download (malware-other.rules) * 1:25097 <-> ENABLED <-> MALWARE-OTHER PHP.Exploit.C99 suspicious file download (malware-other.rules) * 1:25101 <-> DISABLED <-> SERVER-OTHER Cisco IOS syslog message flood denial of service attempt (server-other.rules) * 1:25102 <-> DISABLED <-> SERVER-OTHER Zabbix Agent net.tcp.listen command injection attempt (server-other.rules) * 1:25103 <-> DISABLED <-> SERVER-OTHER Zabbix Server arbitrary command execution attempt (server-other.rules) * 1:25106 <-> DISABLED <-> MALWARE-BACKDOOR UnrealIRCd backdoor command execution attempt (malware-backdoor.rules) * 1:25227 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox iframe and xul element reload crash attempt (browser-firefox.rules) * 1:25228 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox iframe and xul element reload crash attempt (browser-firefox.rules) * 1:25247 <-> DISABLED <-> FILE-OTHER Lattice PAC Designer symbol value buffer overflow attempt (file-other.rules) * 1:25248 <-> DISABLED <-> FILE-OTHER Lattice PAC Designer symbol value buffer overflow attempt (file-other.rules) * 1:25266 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion Admin API arbitrary command execution attempt (server-other.rules) * 1:25267 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion Admin API arbitrary command execution attempt (server-other.rules) * 1:25270 <-> ENABLED <-> FILE-OTHER overly large XML file MSXML heap overflow attempt (file-other.rules) * 1:25274 <-> DISABLED <-> SERVER-IIS Microsoft Windows Server 2012 IIS OData protocol nested replace filter dos attempt (server-iis.rules) * 1:25275 <-> ENABLED <-> FILE-OTHER MSXML dynamic pointer casting arbitrary code execution attempt (file-other.rules) * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules) * 1:25277 <-> ENABLED <-> MALWARE-OTHER Request for a non-legit postal receipt (malware-other.rules) * 1:25278 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - listen (malware-backdoor.rules) * 1:25279 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - slave (malware-backdoor.rules) * 1:25280 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - tran (malware-backdoor.rules) * 1:25281 <-> DISABLED <-> MALWARE-BACKDOOR Htran banner (malware-backdoor.rules) * 1:25282 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - listen (malware-backdoor.rules) * 1:25283 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - slave (malware-backdoor.rules) * 1:25284 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - tran (malware-backdoor.rules) * 1:25285 <-> DISABLED <-> SERVER-OTHER Ruby on Rails authlogic session cookie SQL injection attempt (server-other.rules) * 1:25289 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules) * 1:25290 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules) * 1:25291 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules) * 1:25292 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules) * 1:25294 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules) * 1:25295 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules) * 1:25296 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules) * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (file-identify.rules) * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (file-identify.rules) * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25358 <-> ENABLED <-> APP-DETECT Acunetix web vulnerability scan attempt (app-detect.rules) * 1:25359 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner probe attempt (app-detect.rules) * 1:25360 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner authentication attempt (app-detect.rules) * 1:25361 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner RFI attempt (app-detect.rules) * 1:25362 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner base64 XSS attempt (app-detect.rules) * 1:25363 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner URI injection attempt (app-detect.rules) * 1:25364 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner prompt XSS attempt (app-detect.rules) * 1:25365 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner XSS attempt (app-detect.rules) * 1:25369 <-> DISABLED <-> OS-WINDOWS NVIDIA graphics driver nvsr named pipe buffer overflow attempt (os-windows.rules) * 1:25370 <-> DISABLED <-> SERVER-OTHER CakePHP unserialize method vulnerability exploitation attempt (server-other.rules) * 1:25373 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file download request (file-identify.rules) * 1:25374 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules) * 1:25375 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules) * 1:25376 <-> DISABLED <-> FILE-IMAGE Apple QuickTime Targa image file buffer overflow attempt (file-image.rules) * 1:25378 <-> DISABLED <-> FILE-IMAGE Apple QuickTime Targa image file buffer overflow attempt (file-image.rules) * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Forefront Threat Management Gateway remote code execution attempt (server-other.rules) * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:25449 <-> ENABLED <-> FILE-PDF Javascript openDoc UNC network request attempt (file-pdf.rules) * 1:25450 <-> ENABLED <-> FILE-PDF Javascript openDoc UNC network request attempt (file-pdf.rules) * 1:25451 <-> ENABLED <-> INDICATOR-OBFUSCATION GIF header followed by PDF header (indicator-obfuscation.rules) * 1:25452 <-> ENABLED <-> INDICATOR-OBFUSCATION PNG header followed by PDF header (indicator-obfuscation.rules) * 1:25453 <-> ENABLED <-> INDICATOR-OBFUSCATION JPEG header followed by PDF header (indicator-obfuscation.rules) * 1:25454 <-> ENABLED <-> INDICATOR-OBFUSCATION DOC header followed by PDF header (indicator-obfuscation.rules) * 1:25455 <-> ENABLED <-> INDICATOR-OBFUSCATION GIF header followed by PDF header (indicator-obfuscation.rules) * 1:25456 <-> ENABLED <-> INDICATOR-OBFUSCATION PNG header followed by PDF header (indicator-obfuscation.rules) * 1:25457 <-> ENABLED <-> INDICATOR-OBFUSCATION JPEG header followed by PDF header (indicator-obfuscation.rules) * 1:25458 <-> ENABLED <-> INDICATOR-OBFUSCATION DOC header followed by PDF header (indicator-obfuscation.rules) * 1:25461 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules) * 1:25462 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules) * 1:25463 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules) * 1:25464 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules) * 1:25466 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules) * 1:25467 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules) * 1:25468 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules) * 1:25469 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules) * 1:25474 <-> DISABLED <-> SERVER-OTHER Citrix Access Gateway legacy authentication attempt (server-other.rules) * 1:25478 <-> DISABLED <-> POLICY-SOCIAL IRC G-line active (policy-social.rules) * 1:25479 <-> DISABLED <-> POLICY-SOCIAL IRC K-line active (policy-social.rules) * 1:25512 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSsend variant outbound connection (os-mobile.rules) * 1:25518 <-> DISABLED <-> OS-MOBILE Apple iPod User-Agent detected (os-mobile.rules) * 1:25519 <-> DISABLED <-> OS-MOBILE Apple iPad User-Agent detected (os-mobile.rules) * 1:25520 <-> DISABLED <-> OS-MOBILE Apple iPhone User-Agent detected (os-mobile.rules) * 1:25521 <-> DISABLED <-> OS-MOBILE Android User-Agent detected (os-mobile.rules) * 1:25522 <-> DISABLED <-> OS-MOBILE Nokia User-Agent detected (os-mobile.rules) * 1:25523 <-> DISABLED <-> OS-MOBILE Samsung User-Agent detected (os-mobile.rules) * 1:25524 <-> DISABLED <-> OS-MOBILE Kindle User-Agent detected (os-mobile.rules) * 1:25525 <-> DISABLED <-> OS-OTHER Nintendo User-Agent detected (os-other.rules) * 1:25536 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF parsing bad cmap format attempt (file-pdf.rules) * 1:25537 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF parsing bad cmap format attempt (file-pdf.rules) * 1:25552 <-> DISABLED <-> SERVER-OTHER Rails JSON to YAML parsing deserialization attempt (server-other.rules) * 1:25556 <-> DISABLED <-> SERVER-OTHER RaySharp CCTV derivative user credential retrieval attempt (server-other.rules) * 1:25557 <-> DISABLED <-> SERVER-OTHER RaySharp CCTV derivative command injection attempt (server-other.rules) * 1:25558 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit redirection (exploit-kit.rules) * 1:25559 <-> ENABLED <-> EXPLOIT-KIT JDB exploit kit landing page retrieval (exploit-kit.rules) * 1:25560 <-> ENABLED <-> EXPLOIT-KIT JDB exploit kit landing page (exploit-kit.rules) * 1:25561 <-> ENABLED <-> EXPLOIT-KIT JDB exploit kit landing page (exploit-kit.rules) * 1:25563 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader heap-based buffer overflow attempt (file-pdf.rules) * 1:25564 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader heap-based buffer overflow attempt (file-pdf.rules) * 1:25567 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop web access cross site scripting attempt - POST request (os-windows.rules) * 1:25578 <-> ENABLED <-> MALWARE-OTHER Fake postal receipt HTTP Response phishing attack (malware-other.rules) * 1:25579 <-> ENABLED <-> MALWARE-OTHER Fake bookinginfo HTTP Response phishing attack (malware-other.rules) * 1:25580 <-> ENABLED <-> MALWARE-OTHER Fake bookingdetails HTTP Response phishing attack (malware-other.rules) * 1:25589 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25601 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25602 <-> ENABLED <-> SERVER-OTHER Sybase Open Server TDS login request (server-other.rules) * 1:25604 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file download request (file-identify.rules) * 1:25605 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules) * 1:25606 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules) * 1:25607 <-> DISABLED <-> FILE-OTHER cSounds.com Csound hetro audio file buffer overflow attempt (file-other.rules) * 1:25608 <-> DISABLED <-> FILE-OTHER cSounds.com Csound hetro audio file buffer overflow attempt (file-other.rules) * 1:25612 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25615 <-> DISABLED <-> OS-MOBILE Apple iOS 6.x jailbreak download attempt (os-mobile.rules) * 1:25616 <-> DISABLED <-> OS-MOBILE Apple iOS 6.x jailbreak download attempt (os-mobile.rules) * 1:25617 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25618 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25619 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25620 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25621 <-> DISABLED <-> BROWSER-OTHER Opera use after free attempt (browser-other.rules) * 1:25622 <-> DISABLED <-> BROWSER-OTHER Opera use after free attempt (browser-other.rules) * 1:25630 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules) * 1:25631 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules) * 1:25633 <-> DISABLED <-> FILE-OTHER ELF file parsing in different antivirus evasion attempt (file-other.rules) * 1:25635 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25637 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25638 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25641 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25642 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25643 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25653 <-> DISABLED <-> BROWSER-OTHER Opera browser window null pointer dereference attempt (browser-other.rules) * 1:25654 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25655 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25656 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25657 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations directory traversal attempt (server-other.rules) * 1:25658 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations directory traversal attempt (server-other.rules) * 1:25664 <-> DISABLED <-> SERVER-OTHER MiniUPnPd SSDP request buffer overflow attempt (server-other.rules) * 1:25683 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:25767 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt (file-pdf.rules) * 1:25768 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unchecked index value remote code execution attempt (file-office.rules) * 1:25780 <-> ENABLED <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt (server-other.rules) * 1:25782 <-> DISABLED <-> MALWARE-OTHER WIN.Trojan.Nap Malicious executable file download from webroot (malware-other.rules) * 1:25783 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to char function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:25795 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow MPEG heap overflow attempt (file-multimedia.rules) * 1:25796 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow MPEG heap overflow attempt (file-multimedia.rules) * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules) * 1:25814 <-> DISABLED <-> FILE-FLASH Adobe Flash Player nested SWF cross domain clickjacking attempt (file-flash.rules) * 1:25815 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules) * 1:25816 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules) * 1:25821 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit possible plugin detection attempt (exploit-kit.rules) * 1:25822 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit malicious PDF retrieval (exploit-kit.rules) * 1:25823 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java V5 exploit download (exploit-kit.rules) * 1:25824 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit malicious payload retrieval (exploit-kit.rules) * 1:25825 <-> DISABLED <-> SERVER-OTHER TLSv1.0 plaintext recovery attempt (server-other.rules) * 1:25826 <-> DISABLED <-> SERVER-OTHER TLSv1.1 plaintext recovery attempt (server-other.rules) * 1:25827 <-> DISABLED <-> SERVER-OTHER TLSv1.2 plaintext recovery attempt (server-other.rules) * 1:25828 <-> DISABLED <-> SERVER-OTHER SSLv3 plaintext recovery attempt (server-other.rules) * 1:25836 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Virtuallythere (indicator-compromise.rules) * 1:25837 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 IBM (indicator-compromise.rules) * 1:25838 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Webmail (indicator-compromise.rules) * 1:25839 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Alpha (indicator-compromise.rules) * 1:25840 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Email (indicator-compromise.rules) * 1:25841 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Lame (indicator-compromise.rules) * 1:25842 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 NS (indicator-compromise.rules) * 1:25843 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Server (indicator-compromise.rules) * 1:25844 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Sur (indicator-compromise.rules) * 1:25845 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 AOL (indicator-compromise.rules) * 1:25846 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Yahoo (indicator-compromise.rules) * 1:25847 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Moon-Night (indicator-compromise.rules) * 1:25848 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 No-Name (indicator-compromise.rules) * 1:25864 <-> DISABLED <-> OS-MOBILE Android AngryBirdsRioUnlocker initial device info send (os-mobile.rules) * 1:25868 <-> DISABLED <-> OS-MOBILE Android.Trojan.Rus.SMS outbound communication attempt (os-mobile.rules) * 1:25869 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25870 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25871 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25872 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25873 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25874 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25875 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25876 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25877 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25878 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25879 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25880 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25881 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25882 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25883 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25884 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25885 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25886 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25887 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25888 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25889 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25890 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25891 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25892 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25893 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25894 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25895 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25896 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25897 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25898 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25899 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25900 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25901 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25902 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25903 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25904 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25905 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25906 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25908 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25909 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25910 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25911 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25912 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25913 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25914 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25915 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25916 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25917 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25918 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25919 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25920 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25921 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25922 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25923 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25924 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25925 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25926 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25927 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25928 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25929 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25930 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25931 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25932 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25933 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25934 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25935 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25936 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25937 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25938 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25939 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25940 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25941 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25942 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25943 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25944 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25945 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25947 <-> DISABLED <-> APP-DETECT Ammyy remote access tool (app-detect.rules) * 1:25948 <-> ENABLED <-> EXPLOIT-KIT redirection to driveby download (exploit-kit.rules) * 1:25975 <-> ENABLED <-> POLICY-OTHER Adobe ColdFusion admin interface access attempt (policy-other.rules) * 1:25976 <-> ENABLED <-> POLICY-OTHER Adobe ColdFusion admin API access attempt (policy-other.rules) * 1:25977 <-> ENABLED <-> POLICY-OTHER Adobe ColdFusion component browser access attempt (policy-other.rules) * 1:25981 <-> DISABLED <-> APP-DETECT Chocoplayer successful installation (app-detect.rules) * 1:25983 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS tunneling attempt (indicator-obfuscation.rules) * 1:25997 <-> DISABLED <-> OS-MOBILE Android jSMSHider initial encrypted device info send (os-mobile.rules) * 1:25998 <-> DISABLED <-> OS-MOBILE Android ADRD encrypted information leak (os-mobile.rules) * 1:25999 <-> DISABLED <-> OS-MOBILE Android ADRD encrypted information leak (os-mobile.rules) * 1:26000 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26001 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26002 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26003 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26004 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26005 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26006 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26007 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26008 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF-based shellcode download attempt (file-flash.rules) * 1:26009 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF-based shellcode download attempt (file-flash.rules) * 1:26015 <-> DISABLED <-> OS-MOBILE Android Lovetrap initial connection (os-mobile.rules) * 1:26016 <-> DISABLED <-> OS-MOBILE Android GGTracker server communication (os-mobile.rules) * 1:26017 <-> DISABLED <-> OS-MOBILE Android GGTracker leak of device phone number (os-mobile.rules) * 1:26018 <-> DISABLED <-> OS-MOBILE Android GGTracker installation call out (os-mobile.rules) * 1:26020 <-> ENABLED <-> EXPLOIT-KIT Sibhost exploit kit (exploit-kit.rules) * 1:26026 <-> DISABLED <-> OS-MOBILE Android Gmaster device information send (os-mobile.rules) * 1:26027 <-> DISABLED <-> FILE-OTHER Adobe Director file file rcsL overflow attempt (file-other.rules) * 1:26028 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk memory corruption attempt (file-other.rules) * 1:26029 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:26034 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - stats access (exploit-kit.rules) * 1:26035 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - java on (exploit-kit.rules) * 1:26036 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Java Exploit (exploit-kit.rules) * 1:26040 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Portable Executable download attempt (exploit-kit.rules) * 1:26041 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Portable Executable download attempt (exploit-kit.rules) * 1:26042 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - stats loaded (exploit-kit.rules) * 1:26043 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Portable Executable download attempt (exploit-kit.rules) * 1:26044 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - redirection attempt (exploit-kit.rules) * 1:26045 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - setup (exploit-kit.rules) * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (file-identify.rules) * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:26059 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:26060 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:26061 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:26062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:26070 <-> ENABLED <-> FILE-EXECUTABLE Ichitaro JSMISC32.dll dll-load exploit attempt (file-executable.rules) * 1:26071 <-> ENABLED <-> FILE-EXECUTABLE Ichitaro JSMISC32.dll dll-load exploit attempt (file-executable.rules) * 1:26073 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Message Server buffer overflow attempt (server-other.rules) * 1:26074 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Message Server buffer overflow attempt (server-other.rules) * 1:26079 <-> DISABLED <-> FILE-PDF PDF file with embedded PDF object (file-pdf.rules) * 1:26082 <-> DISABLED <-> FILE-PDF Nuance PDF reader launch overflow attempt (file-pdf.rules) * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:26087 <-> DISABLED <-> OS-MOBILE Android GoneIn60Seconds data upload (os-mobile.rules) * 1:26093 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules) * 1:26102 <-> DISABLED <-> OS-MOBILE Android GoldDream device registration (os-mobile.rules) * 1:26104 <-> DISABLED <-> OS-MOBILE Android KMin imei imsi leakage (os-mobile.rules) * 1:26107 <-> DISABLED <-> SERVER-OTHER HP Linux Imaging and Printing Project hpssd daemon command injection attempt (server-other.rules) * 1:26108 <-> DISABLED <-> SERVER-OTHER HP Linux Imaging and Printing Project hpssd daemon command injection attempt (server-other.rules) * 1:26114 <-> DISABLED <-> OS-MOBILE Android Zitmo trojan intercepted sms upload (os-mobile.rules) * 1:26122 <-> DISABLED <-> FILE-OTHER Lattice Semiconductor ispXCF version attribute overflow attempt (file-other.rules) * 1:26123 <-> DISABLED <-> FILE-OTHER Lattice Semiconductor ispXCF version attribute overflow attempt (file-other.rules) * 1:26126 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file download request (file-identify.rules) * 1:26127 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules) * 1:26128 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules) * 1:26163 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSheet code execution attempt (file-office.rules) * 1:26164 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSheet code execution attempt (file-office.rules) * 1:26170 <-> DISABLED <-> FILE-OFFICE Microsoft Office OneNote 2010 buffer overread info disclosure attempt (file-office.rules) * 1:26171 <-> DISABLED <-> FILE-OFFICE Microsoft Office OneNote 2010 buffer overread info disclosure attempt (file-office.rules) * 1:26172 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sortOn heap overflow attempt (file-flash.rules) * 1:26173 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sortOn heap overflow attempt (file-flash.rules) * 1:26176 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB memory corruption attempt (file-office.rules) * 1:26177 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB memory corruption attempt (file-office.rules) * 1:26180 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt (server-other.rules) * 1:26188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3.5 unicode stack overflow attempt (browser-firefox.rules) * 1:26189 <-> DISABLED <-> OS-MOBILE Android YZHC device registration (os-mobile.rules) * 1:26190 <-> DISABLED <-> OS-MOBILE Android YZHC device registration (os-mobile.rules) * 1:26192 <-> DISABLED <-> OS-MOBILE Android CruseWind imei leakage (os-mobile.rules) * 1:26195 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:26196 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib LookupOp integer overflow attempt (file-java.rules) * 1:26197 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt (file-java.rules) * 1:26198 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:26199 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib LookupOp integer overflow attempt (file-java.rules) * 1:26200 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt (file-java.rules) * 1:26205 <-> DISABLED <-> OS-MOBILE Android Fakenetflix email password upload (os-mobile.rules) * 1:26206 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file download request (file-identify.rules) * 1:26207 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules) * 1:26208 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules) * 1:26209 <-> DISABLED <-> FILE-OTHER CyberLink Power2Go name parameter overflow attempt (file-other.rules) * 1:26210 <-> DISABLED <-> FILE-OTHER CyberLink Power2Go name parameter overflow attempt (file-other.rules) * 1:26226 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit redirection attempt (exploit-kit.rules) * 1:26242 <-> DISABLED <-> FILE-MULTIMEDIA CCMPlayer m3u buffer overflow attempt (file-multimedia.rules) * 1:26243 <-> DISABLED <-> FILE-MULTIMEDIA CCMPlayer m3u buffer overflow attempt (file-multimedia.rules) * 1:26246 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.PremiumSMS APK file download attempt (os-mobile.rules) * 1:26247 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.PremiumSMS APK file download attempt (os-mobile.rules) * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:26257 <-> DISABLED <-> OS-MOBILE Android ANDR-WIN.MSIL variant PC-USB Malicious executable file download (os-mobile.rules) * 1:26258 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari SVG Markers Memory Use-After-Free attempt (browser-webkit.rules) * 1:26259 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari SVG Markers Memory Use-After-Free attempt (browser-webkit.rules) * 1:26261 <-> ENABLED <-> MALWARE-OTHER Fake postal receipt HTTP Response phishing attack (malware-other.rules) * 1:26262 <-> DISABLED <-> SERVER-OTHER MongoDB nativeHelper.apply method command injection attempt (server-other.rules) * 1:26272 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Chuli APK file download attempt (os-mobile.rules) * 1:26273 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Chuli APK file download attempt (os-mobile.rules) * 1:26286 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search.dnssearch.org (app-detect.rules) * 1:26287 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search.namequery.com (app-detect.rules) * 1:26290 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.RootSmart outbound communication attempt (os-mobile.rules) * 1:26291 <-> DISABLED <-> OS-MOBILE Android Ksapp device registration (os-mobile.rules) * 1:26292 <-> ENABLED <-> EXPLOIT-KIT Oracle Java Jar file downloaded when zip is defined (exploit-kit.rules) * 1:26293 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit request (exploit-kit.rules) * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules) * 1:26299 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules) * 1:26300 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules) * 1:26301 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules) * 1:26302 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules) * 1:26303 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules) * 1:26304 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules) * 1:26305 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules) * 1:26306 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules) * 1:26307 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules) * 1:26308 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules) * 1:26309 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules) * 1:26310 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules) * 1:26311 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules) * 1:26312 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules) * 1:26313 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules) * 1:26314 <-> DISABLED <-> SERVER-OTHER Coppermine Photo Gallery picEditor.php command execution attempt (server-other.rules) * 1:26315 <-> DISABLED <-> SERVER-OTHER Coppermine Photo Gallery picEditor.php command execution attempt (server-other.rules) * 1:26316 <-> DISABLED <-> SERVER-OTHER Coppermine Photo Gallery picEditor.php command execution attempt (server-other.rules) * 1:26317 <-> DISABLED <-> FILE-MULTIMEDIA Cool Player Plus M3U buffer overflow attempt (file-multimedia.rules) * 1:26318 <-> DISABLED <-> FILE-MULTIMEDIA Cool Player Plus M3U buffer overflow attempt (file-multimedia.rules) * 1:26321 <-> DISABLED <-> NETBIOS SMB named pipe bruteforce attempt (netbios.rules) * 1:26323 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit redirection page (exploit-kit.rules) * 1:26324 <-> DISABLED <-> PROTOCOL-DNS ISC BIND NAPTR record regular expression handling denial of service attempt (protocol-dns.rules) * 1:26326 <-> ENABLED <-> MALWARE-BACKDOOR DarkSeoul related wiper (malware-backdoor.rules) * 1:26328 <-> ENABLED <-> MALWARE-BACKDOOR Windows vernot download (malware-backdoor.rules) * 1:26332 <-> ENABLED <-> MALWARE-BACKDOOR Jokra dropper download (malware-backdoor.rules) * 1:26333 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra diag request buffer overflow attempt (server-other.rules) * 1:26334 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra diag request buffer overflow attempt (server-other.rules) * 1:26336 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra snmp request buffer overflow attempt (server-other.rules) * 1:26340 <-> DISABLED <-> FILE-OTHER Corel WordPerfect document parsing buffer overflow attempt (file-other.rules) * 1:26353 <-> DISABLED <-> INDICATOR-COMPROMISE IP address check to dyndns.org detected (indicator-compromise.rules) * 1:26366 <-> DISABLED <-> EXPLOIT-KIT Egypack exploit kit landing page (exploit-kit.rules) * 1:26367 <-> DISABLED <-> EXPLOIT-KIT Egypack exploit kit outbound connection (exploit-kit.rules) * 1:26368 <-> DISABLED <-> EXPLOIT-KIT Egypack exploit kit landing page (exploit-kit.rules) * 1:26369 <-> ENABLED <-> MALWARE-OTHER Double HTTP Server declared (malware-other.rules) * 1:26379 <-> DISABLED <-> SERVER-OTHER Squid proxy Accept-Language denial of service attempt (server-other.rules) * 1:26380 <-> DISABLED <-> MALWARE-OTHER UTF-8 BOM in zip file attachment detected (malware-other.rules) * 1:26381 <-> DISABLED <-> MALWARE-OTHER UTF-8 BOM in zip file attachment detected (malware-other.rules) * 1:26382 <-> DISABLED <-> MALWARE-OTHER UTF-8 BOM in zip file attachment detected (malware-other.rules) * 1:26385 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows executable file save onto SMB share attempt (file-executable.rules) * 1:26386 <-> DISABLED <-> SERVER-OTHER Polycom HDX authorization bypass attempt (server-other.rules) * 1:26387 <-> DISABLED <-> OS-MOBILE Android Stels initial server contact (os-mobile.rules) * 1:26388 <-> DISABLED <-> OS-MOBILE Android Stels server response (os-mobile.rules) * 1:26391 <-> DISABLED <-> PROTOCOL-POP libcurl MD5 digest buffer overflow attempt (protocol-pop.rules) * 1:26394 <-> DISABLED <-> SERVER-OTHER Bopup Communications server buffer overflow attempt (server-other.rules) * 1:26395 <-> DISABLED <-> APP-DETECT Ufasoft bitcoin miner possible data upload (app-detect.rules) * 1:26397 <-> DISABLED <-> INDICATOR-COMPROMISE IP address check to myip.dnsomatic.com detected (indicator-compromise.rules) * 1:26410 <-> DISABLED <-> INDICATOR-COMPROMISE IP address check to j.maxmind.com detected (indicator-compromise.rules) * 1:26411 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot folder snkb0ptz creation attempt SMB (malware-other.rules) * 1:26412 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot executable snkb0ptz.exe creation attempt SMB (malware-other.rules) * 1:26413 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot Desktop.ini snkb0ptz.exe creation attempt SMB (malware-other.rules) * 1:26425 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP SDP header parsing stack buffer overflow attempt (protocol-voip.rules) * 1:26426 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP SDP header parsing stack buffer overflow attempt (protocol-voip.rules) * 1:26427 <-> DISABLED <-> PROTOCOL-DNS ISC libdns client NAPTR record regular expression handling denial of service attempt (protocol-dns.rules) * 1:26429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules) * 1:26430 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules) * 1:26432 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:26433 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:26437 <-> DISABLED <-> PUA-OTHER Bitcoin inbound response attempt (pua-other.rules) * 1:26438 <-> DISABLED <-> PUA-OTHER Bitcoin outbound request attempt (pua-other.rules) * 1:26439 <-> DISABLED <-> FILE-JAVA Oracle Java known malicious jar file download - specific structure (file-java.rules) * 1:26440 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript/html generated by myobfuscate.com detected (indicator-obfuscation.rules) * 1:26442 <-> DISABLED <-> OS-MOBILE Android MDK encrypted information leak (os-mobile.rules) * 1:26443 <-> DISABLED <-> OS-MOBILE Android MDK encrypted information leak (os-mobile.rules) * 1:26451 <-> DISABLED <-> INDICATOR-OBFUSCATION g01pack Javascript substr function wrapper attempt (indicator-obfuscation.rules) * 1:26454 <-> DISABLED <-> SERVER-OTHER UltraVNC Listening mode stack buffer overflow attempt (server-other.rules) * 1:26455 <-> DISABLED <-> SERVER-OTHER UltraVNC Listening mode stack buffer overflow attempt (server-other.rules) * 1:26456 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (file-identify.rules) * 1:26457 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (file-identify.rules) * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (file-identify.rules) * 1:26459 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules) * 1:26460 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules) * 1:26461 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules) * 1:26462 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules) * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:26468 <-> DISABLED <-> SERVER-ORACLE Oracle WebCenter FatWire Satellite Server header injection on blobheadername2 attempt (server-oracle.rules) * 1:26469 <-> DISABLED <-> SERVER-ORACLE Oracle WebCenter FatWire Satellite Server header injection on blobheadername2 attempt (server-oracle.rules) * 1:26470 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Zeus Spam 2013 dated zip/exe HTTP Response - potential malware download (malware-other.rules) * 1:26471 <-> DISABLED <-> PROTOCOL-FTP VanDyke AbsoluteFTP LIST command stack buffer overflow attempt (protocol-ftp.rules) * 1:26489 <-> ENABLED <-> BROWSER-OTHER Novell Messenger Client nim URI handler buffer overflow attempt (browser-other.rules) * 1:26490 <-> ENABLED <-> BROWSER-OTHER Novell Messenger Client nim URI handler buffer overflow attempt (browser-other.rules) * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (file-identify.rules) * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:26514 <-> ENABLED <-> FILE-IDENTIFY maplet file download attempt (file-identify.rules) * 1:26515 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules) * 1:26516 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules) * 1:26517 <-> ENABLED <-> FILE-IDENTIFY maplet bin file download attempt (file-identify.rules) * 1:26520 <-> DISABLED <-> FILE-OTHER Maple Maplet File Creation and Command Execution attempt (file-other.rules) * 1:26521 <-> DISABLED <-> FILE-OTHER Maple Maplet File Creation and Command Execution attempt (file-other.rules) * 1:26527 <-> ENABLED <-> EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt (exploit-kit.rules) * 1:26528 <-> DISABLED <-> INDICATOR-COMPROMISE Unix.Backdoor.Cdorked redirect attempt (indicator-compromise.rules) * 1:26529 <-> DISABLED <-> MALWARE-BACKDOOR Unix.Backdoor.Cdorked backdoor command attempt (malware-backdoor.rules) * 1:26530 <-> DISABLED <-> INDICATOR-COMPROMISE Unix.Backdoor.Cdorked redirected URI attempt (indicator-compromise.rules) * 1:26531 <-> ENABLED <-> MALWARE-OTHER Unix.Backdoor.Cdorked download attempt (malware-other.rules) * 1:26532 <-> ENABLED <-> MALWARE-OTHER Unix.Backdoor.Cdorked download attempt (malware-other.rules) * 1:26542 <-> DISABLED <-> SERVER-OTHER Autonomy Ultraseek cs.html url parameter with url - possible malicious redirection attempt (server-other.rules) * 1:26553 <-> DISABLED <-> PUA-ADWARE Win.Adware.BProtector browser hijacker dll list download attempt (pua-adware.rules) * 1:26559 <-> DISABLED <-> OS-OTHER DLink IP camera remote command execution vulnerability - access to vulnerable rtpd.cgi (os-other.rules) * 1:26562 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit Spoofed Host Header .com- requests (exploit-kit.rules) * 1:26565 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded nop sled detected (indicator-obfuscation.rules) * 1:26567 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded nop sled detected (indicator-obfuscation.rules) * 1:26585 <-> DISABLED <-> INDICATOR-COMPROMISE config.inc.php in iframe (indicator-compromise.rules) * 1:26586 <-> DISABLED <-> SERVER-OTHER PostgreSQL database name command line injection attempt (server-other.rules) * 1:26591 <-> ENABLED <-> EXPLOIT-KIT unknown exploit kit script injection attempt (exploit-kit.rules) * 1:26594 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Management Interface HTTP digest authentication stack buffer overflow attempt (protocol-voip.rules) * 1:26597 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules) * 1:26598 <-> DISABLED <-> FILE-OTHER .tar multiple antivirus evasion attempt (file-other.rules) * 1:26610 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Dulevco.A runtime detection (malware-backdoor.rules) * 1:26611 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Dulevco.A runtime detection (malware-backdoor.rules) * 1:26615 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript substr rename attempt (indicator-obfuscation.rules) * 1:26616 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript indexOf rename attempt (indicator-obfuscation.rules) * 1:26619 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple comment tags used in embedded RTF object - potentially malicious (indicator-obfuscation.rules) * 1:26620 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple comment tags used in embedded RTF object - potentially malicious (indicator-obfuscation.rules) * 1:26621 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion adminapi information disclosure attempt (server-other.rules) * 1:26626 <-> DISABLED <-> FILE-OFFICE XML parameter entity reference local file disclosure attempt (file-office.rules) * 1:26627 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio SVG external entity local file disclosure attempt (file-office.rules) * 1:26628 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio SVG external entity local file disclosure attempt (file-office.rules) * 1:26644 <-> ENABLED <-> SERVER-OTHER SSL TLS DEFLATE compression detected (server-other.rules) * 1:26645 <-> DISABLED <-> SERVER-OTHER SSL TLS deflate compression weakness brute force attempt (server-other.rules) * 1:26650 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript regex embedded sandbox escape attempt (file-pdf.rules) * 1:26655 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.PCRat data upload (malware-backdoor.rules) * 1:26658 <-> DISABLED <-> BROWSER-WEBKIT Possible Google Chrome Plugin install from non-trusted source (browser-webkit.rules) * 1:26659 <-> DISABLED <-> BROWSER-FIREFOX Possible Mozilla Firefox Plugin install from non-Mozilla source (browser-firefox.rules) * 1:26660 <-> ENABLED <-> MALWARE-OTHER Fake delivery information phishing attack (malware-other.rules) * 1:26662 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:26670 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.KitM file download (malware-other.rules) * 1:26671 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.KitM file download (malware-other.rules) * 1:26687 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:26688 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:26689 <-> DISABLED <-> OS-MOBILE Android Denofow phone information exfiltration (os-mobile.rules) * 1:26693 <-> DISABLED <-> OS-MOBILE Android Antammi device information exfiltration (os-mobile.rules) * 1:26694 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader dll injection sandbox escape (file-pdf.rules) * 1:26698 <-> ENABLED <-> MALWARE-OTHER Compromised Website response - leads to Exploit Kit (malware-other.rules) * 1:26699 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:26700 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:26701 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:26705 <-> DISABLED <-> OS-MOBILE Android Ewalls device information exfiltration (os-mobile.rules) * 1:26716 <-> ENABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:26717 <-> ENABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:26755 <-> DISABLED <-> FILE-PDF Adobe Acrobat file extension overflow attempt (file-pdf.rules) * 1:26759 <-> DISABLED <-> SERVER-OTHER MIT Kerberos libkdb_ldap principal name handling denial of service attempt (server-other.rules) * 1:26760 <-> DISABLED <-> OS-MOBILE Android Fakeinst device information leakage (os-mobile.rules) * 1:26768 <-> DISABLED <-> OS-MOBILE Android Fakedoc device information leakage (os-mobile.rules) * 1:26769 <-> DISABLED <-> SERVER-OTHER MIT Kerberos kpasswd process_chpw_request denial of service attempt (server-other.rules) * 1:26772 <-> ENABLED <-> SERVER-OTHER Apache Struts2 skillName remote code execution attempt (server-other.rules) * 1:26773 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.Midwgif.A runtime detection (malware-backdoor.rules) * 1:26778 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Kazy download attempt (malware-other.rules) * 1:26783 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Opfake APK file download (os-mobile.rules) * 1:26788 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:26789 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:26795 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.ZertSecurity apk download (os-mobile.rules) * 1:26796 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.ZertSecurity encrypted information leak (malware-other.rules) * 1:26802 <-> DISABLED <-> MALWARE-OTHER WIN.Worm.Beagle.AZ SMTP propagation detection (malware-other.rules) * 1:26803 <-> ENABLED <-> MALWARE-OTHER DNS data exfiltration attempt (malware-other.rules) * 1:26814 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit Initial Gate from Linked-In Mailing Campaign (exploit-kit.rules) * 1:26817 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript regex embedded sandbox escape attempt (file-pdf.rules) * 1:26823 <-> DISABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Neshgai.A runtime detection (malware-backdoor.rules) * 1:26826 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Opfake credential theft attempt (os-mobile.rules) * 1:26827 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Opfake device information disclosure attempt (os-mobile.rules) * 1:26833 <-> DISABLED <-> FILE-OFFICE Microsoft Office MSComctlLib.Toolbar ActiveX control exploit attempt (file-office.rules) * 1:26838 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit Initial Gate from NatPay Mailing Campaign (exploit-kit.rules) * 1:26842 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Boda Malware Checkin (malware-backdoor.rules) * 1:26881 <-> DISABLED <-> MALWARE-OTHER HTML.Dropper.Agent uri scheme detected (malware-other.rules) * 1:26891 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit executable download (exploit-kit.rules) * 1:26892 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit jar file download (exploit-kit.rules) * 1:26893 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit landing page (exploit-kit.rules) * 1:26894 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit Java V6 exploit download (exploit-kit.rules) * 1:26895 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit Java V7 exploit download (exploit-kit.rules) * 1:26896 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit Plugin detection response (exploit-kit.rules) * 1:26897 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit malware download (exploit-kit.rules) * 1:26902 <-> ENABLED <-> FILE-IDENTIFY Android APK download request (file-identify.rules) * 1:26903 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules) * 1:26904 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules) * 1:26906 <-> DISABLED <-> SERVER-OTHER Foswiki/Twiki MAKETEXT command execution attempt (server-other.rules) * 1:26909 <-> DISABLED <-> FILE-IMAGE Microsoft Windows WMF denial of service attempt (file-image.rules) * 1:26921 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Kazy download attempt (malware-other.rules) * 1:26922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:26926 <-> DISABLED <-> FILE-OTHER Multiple products ZIP archive virus detection bypass attempt (file-other.rules) * 1:26933 <-> ENABLED <-> MALWARE-OTHER Clickserver ad harvesting redirection attempt (malware-other.rules) * 1:26934 <-> ENABLED <-> MALWARE-OTHER Clickserver ad harvesting redirection attempt (malware-other.rules) * 1:26938 <-> DISABLED <-> OS-MOBILE Android Tetus device information leakage (os-mobile.rules) * 1:26939 <-> DISABLED <-> OS-MOBILE Android Tetus device information leakage variant (os-mobile.rules) * 1:26949 <-> ENABLED <-> EXPLOIT-KIT DotkaChef/Rmayana/DotCache exploit kit landing page (exploit-kit.rules) * 1:26951 <-> ENABLED <-> EXPLOIT-KIT DotkaChef/Rmayana/DotCache exploit kit Malvertising Campaign URI request (exploit-kit.rules) * 1:26956 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 1 (exploit-kit.rules) * 1:26957 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 2 (exploit-kit.rules) * 1:26958 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 3 (exploit-kit.rules) * 1:26959 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 4 (exploit-kit.rules) * 1:26960 <-> ENABLED <-> EXPLOIT-KIT Zuponcic exploit kit landing page (exploit-kit.rules) * 1:26961 <-> ENABLED <-> EXPLOIT-KIT Flim exploit kit landing page (exploit-kit.rules) * 1:26962 <-> ENABLED <-> EXPLOIT-KIT Flim exploit kit portable executable download (exploit-kit.rules) * 1:26963 <-> DISABLED <-> EXPLOIT-KIT Flim exploit kit outbound jar request (exploit-kit.rules) * 1:26964 <-> DISABLED <-> EXPLOIT-KIT Flim exploit kit outbound jnlp request (exploit-kit.rules) * 1:26982 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules) * 1:26983 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules) * 1:26985 <-> ENABLED <-> EXPLOIT-KIT Rawin exploit kit outbound java retrieval (exploit-kit.rules) * 1:26989 <-> DISABLED <-> FILE-OTHER Multiple products ZIP archive virus detection bypass attempt (file-other.rules) * 1:27005 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Portable Executable downloaded when mp3 is declared (exploit-kit.rules) * 1:27016 <-> DISABLED <-> OS-MOBILE Android AnserverBot initial contact (os-mobile.rules) * 1:27024 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Netweird.A file download attempt (malware-other.rules) * 1:27025 <-> DISABLED <-> MALWARE-OTHER UNIX.Trojan.Netweird.A file download attempt (malware-other.rules) * 1:27026 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit landing page (exploit-kit.rules) * 1:27031 <-> DISABLED <-> OS-MOBILE Android Satfi device information leakage (os-mobile.rules) * 1:27032 <-> DISABLED <-> OS-MOBILE Android Walkinwat / Wandt information leakage generic (os-mobile.rules) * 1:27034 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.Transhell file download (malware-other.rules) * 1:27035 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.Transhell file download (malware-other.rules) * 1:27037 <-> DISABLED <-> OS-MOBILE Android Vidro / EClips sms send instructions (os-mobile.rules) * 1:27038 <-> DISABLED <-> OS-MOBILE Android Vidro / EClips device information leakage (os-mobile.rules) * 1:27046 <-> DISABLED <-> APP-DETECT iodine dns tunneling handshake server ACK (app-detect.rules) * 1:27047 <-> DISABLED <-> INDICATOR-COMPROMISE Unknown ?1 redirect (indicator-compromise.rules) * 1:27050 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Dokstormac file download (malware-other.rules) * 1:27051 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Dokstormac file download (malware-other.rules) * 1:27052 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.JVDrop.A jar file download attempt (malware-other.rules) * 1:27053 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.JVDrop.A jar file download attempt (malware-other.rules) * 1:27055 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Yakes download attempt (malware-other.rules) * 1:27056 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Yakes download attempt (malware-other.rules) * 1:27059 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.HackBack file download attempt (malware-other.rules) * 1:27060 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.HackBack file upload attempt (malware-other.rules) * 1:27064 <-> DISABLED <-> OS-MOBILE Android Spy2Mobile device information leakage (os-mobile.rules) * 1:27068 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious jar file download (exploit-kit.rules) * 1:27069 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious portable executable download (exploit-kit.rules) * 1:27078 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit landing page - specific structure (exploit-kit.rules) * 1:27079 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit landing page stage 2 (exploit-kit.rules) * 1:27080 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit Firefox exploit download - autopwn (exploit-kit.rules) * 1:27084 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit rhino remote code execution exploit download - autopwn (exploit-kit.rules) * 1:27085 <-> ENABLED <-> EXPLOIT-KIT Unknown Malvertising exploit kit Hostile Jar pipe.class (exploit-kit.rules) * 1:27086 <-> ENABLED <-> EXPLOIT-KIT Unknown Malvertising exploit kit stage-1 redirect (exploit-kit.rules) * 1:27089 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules) * 1:27090 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules) * 1:27094 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeToken information disclosure attempt (os-mobile.rules) * 1:27095 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeToken APK file download attempt (os-mobile.rules) * 1:27096 <-> DISABLED <-> FILE-OTHER XML exponential entity expansion attack attempt (file-other.rules) * 1:27097 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSSilence APK file download attempt (os-mobile.rules) * 1:27098 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSSilence unsolicited sms attempt (os-mobile.rules) * 1:27099 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSSilence device information disclosure attempt (os-mobile.rules) * 1:27102 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime enof atom parsing heap buffer overflow attempt (file-multimedia.rules) * 1:27103 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime enof atom parsing heap buffer overflow attempt (file-multimedia.rules) * 1:27106 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious jar download (exploit-kit.rules) * 1:27107 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious jar download (exploit-kit.rules) * 1:27108 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit malicious jar file downloaded when exe is declared (exploit-kit.rules) * 1:27109 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit malicious jar download (exploit-kit.rules) * 1:27115 <-> ENABLED <-> MALWARE-OTHER DirtJumper denial of service attack traffic (malware-other.rules) * 1:27116 <-> DISABLED <-> OS-MOBILE Android Androrat device information leakage (os-mobile.rules) * 1:27117 <-> DISABLED <-> OS-MOBILE Android Androrat sms message leakage (os-mobile.rules) * 1:27118 <-> DISABLED <-> OS-MOBILE Android Androrat contact list leakage (os-mobile.rules) * 1:27119 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple plugin version detection attempt (indicator-obfuscation.rules) * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:27136 <-> ENABLED <-> OS-WINDOWS Microsoft Windows .NET CLR mutlidimensional array handling remote code execution attempt (os-windows.rules) * 1:27139 <-> ENABLED <-> OS-WINDOWS Microsoft Windows .NET CLR mutlidimensional array handling remote code execution attempt (os-windows.rules) * 1:27193 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules) * 1:27194 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules) * 1:27195 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules) * 1:27197 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Pintsized file download attempt (malware-other.rules) * 1:27198 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Pintsized file download attempt (malware-other.rules) * 1:27203 <-> DISABLED <-> INDICATOR-COMPROMISE Apache auto_prepend_file a.control.bin C2 traffic (indicator-compromise.rules) * 1:27210 <-> ENABLED <-> SERVER-OTHER IPMI RAKP cipher zero remote authentication bypass attempt (server-other.rules) * 1:27224 <-> ENABLED <-> SERVER-OTHER Adobe ColdFusion websocket invoke method access (server-other.rules) * 1:27225 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion JRun error page getWriter denial of service attempt (server-other.rules) * 1:27228 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.Janicab file download attempt (malware-other.rules) * 1:27229 <-> ENABLED <-> MALWARE-OTHER IFRAMEr Tool code injection attack (malware-other.rules) * 1:27231 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:27234 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory LDAP search denial of service attempt (server-other.rules) * 1:27236 <-> DISABLED <-> SERVER-OTHER Citrix XenApp password buffer overflow attempt (server-other.rules) * 1:27237 <-> DISABLED <-> SERVER-OTHER IPMI default username - root (server-other.rules) * 1:27238 <-> DISABLED <-> SERVER-OTHER IPMI default username - admin (server-other.rules) * 1:27239 <-> DISABLED <-> SERVER-OTHER IPMI default username - USERID (server-other.rules) * 1:27240 <-> DISABLED <-> SERVER-OTHER multiple vendors IPMI RAKP username brute force attempt (server-other.rules) * 1:27241 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page detected (exploit-kit.rules) * 1:27242 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:27246 <-> ENABLED <-> MALWARE-OTHER Mac OSX FBI ransomware (malware-other.rules) * 1:27249 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:27255 <-> DISABLED <-> INDICATOR-COMPROMISE All Numbers .EXE file name from abnormally ordered HTTP headers - Potential Yakes Trojan Download (indicator-compromise.rules) * 1:27258 <-> DISABLED <-> INDICATOR-OBFUSCATION eval large block of fromCharCode (indicator-obfuscation.rules) * 1:27259 <-> DISABLED <-> INDICATOR-OBFUSCATION eval large block of fromCharCode (indicator-obfuscation.rules) * 1:27265 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap buffer overflow attempt (file-flash.rules) * 1:27266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap buffer overflow attempt (file-flash.rules) * 1:27267 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript user-supplied PCM resampling integer overflow attempt (file-flash.rules) * 1:27268 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript user-supplied PCM resampling integer overflow attempt (file-flash.rules) * 1:27269 <-> DISABLED <-> SERVER-OTHER GuildFTPd CWD command heap overflow attempt (server-other.rules) * 1:27270 <-> DISABLED <-> SERVER-OTHER GuildFTPd LIST command heap overflow attempt (server-other.rules) * 1:27273 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit iframe redirection (exploit-kit.rules) * 1:27274 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java Exploit request structure (exploit-kit.rules) * 1:27275 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:27276 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:27277 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file download request (file-identify.rules) * 1:27278 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (file-other.rules) * 1:27279 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (file-other.rules) * 1:27280 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (file-other.rules) * 1:27281 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (file-other.rules) * 1:27525 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:27526 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:27527 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:27528 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:27529 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:27530 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:27532 <-> DISABLED <-> SERVER-MAIL Exim and Dovecot mail from remote command execution attempt (server-mail.rules) * 1:27536 <-> DISABLED <-> APP-DETECT TCP over DNS response attempt (app-detect.rules) * 1:27538 <-> DISABLED <-> MALWARE-OTHER self-signed SSL certificate with default MyCompany Ltd organization name (malware-other.rules) * 1:27540 <-> DISABLED <-> APP-DETECT OzymanDNS dns tunneling up attempt (app-detect.rules) * 1:27541 <-> DISABLED <-> APP-DETECT OzymanDNS dns tunneling down attempt (app-detect.rules) * 1:27542 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:27543 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:27550 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules) * 1:27552 <-> DISABLED <-> OS-MOBILE Android Exploit Extra_Field APK file download attempt (os-mobile.rules) * 1:27565 <-> ENABLED <-> MALWARE-OTHER HideMeBetter spam injection variant (malware-other.rules) * 1:27569 <-> DISABLED <-> FILE-IMAGE JPEG parser multipacket heap overflow attempt (file-image.rules) * 1:27572 <-> ENABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:27573 <-> ENABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:27574 <-> ENABLED <-> SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt (server-apache.rules) * 1:27575 <-> ENABLED <-> SERVER-APACHE Apache Struts arbitrary OGNL remote code execution attempt (server-apache.rules) * 1:27576 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font maxComponentPoints overflow attempt (file-other.rules) * 1:27578 <-> DISABLED <-> SERVER-OTHER OpenX POST to known backdoored file (server-other.rules) * 1:27579 <-> DISABLED <-> SERVER-OTHER Sybase Open Server function pointer array code execution attempt (server-other.rules) * 1:27593 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split (indicator-obfuscation.rules) * 1:27594 <-> ENABLED <-> MALWARE-OTHER Fake Adobe Flash Player update warning enticing clicks to malware payload (malware-other.rules) * 1:27595 <-> ENABLED <-> MALWARE-OTHER Fake Adobe Flash Player malware binary requested (malware-other.rules) * 1:27602 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:27603 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:27604 <-> DISABLED <-> POLICY-SPAM FedEX spam campaign outbound connection (policy-spam.rules) * 1:27609 <-> DISABLED <-> POLICY-OTHER Microsoft ADFS endpoint information disclosure attempt (policy-other.rules) * 1:27610 <-> DISABLED <-> PROTOCOL-ICMP Truncated ICMPv6 denial of service attempt (protocol-icmp.rules) * 1:27611 <-> DISABLED <-> PROTOCOL-ICMP Truncated ICMPv6 denial of service attempt (protocol-icmp.rules) * 1:27623 <-> DISABLED <-> SERVER-OTHER Joomla media.php arbitrary file upload attempt (server-other.rules) * 1:27624 <-> DISABLED <-> OS-WINDOWS Microsoft ICMPv6 mismatched prefix length and length field denial of service attempt (os-windows.rules) * 1:27668 <-> DISABLED <-> APP-DETECT Heyoka initial outbound connection attempt (app-detect.rules) * 1:27669 <-> DISABLED <-> APP-DETECT Heyoka outbound communication attempt (app-detect.rules) * 1:27689 <-> DISABLED <-> FILE-PDF Foxit PDF Reader authentication bypass attempt (file-pdf.rules) * 1:27690 <-> DISABLED <-> FILE-PDF Foxit PDF Reader authentication bypass attempt (file-pdf.rules) * 1:27693 <-> DISABLED <-> FILE-JAVA Oracle Java 2D ImagingLib BytePackedRaster signed integer overflow attempt (file-java.rules) * 1:27694 <-> DISABLED <-> FILE-JAVA Oracle Java 2D ImagingLib BytePackedRaster signed integer overflow attempt (file-java.rules) * 1:27700 <-> DISABLED <-> APP-DETECT NSTX DNS tunnel outbound connection attempt (app-detect.rules) * 1:27712 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection injection (exploit-kit.rules) * 1:27713 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection injection (exploit-kit.rules) * 1:27715 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page (exploit-kit.rules) * 1:27721 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .su dns query (indicator-compromise.rules) * 1:27723 <-> DISABLED <-> SQL McAfee ePolicy Orchestrator timing based SQL injection attempt (sql.rules) * 1:27724 <-> DISABLED <-> SQL McAfee ePolicy Orchestrator timing based SQL injection attempt (sql.rules) * 1:27725 <-> DISABLED <-> OS-MOBILE Android SMSAgent.C outbound SMTP communication (os-mobile.rules) * 1:27729 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /Silic.jsp (indicator-compromise.rules) * 1:27730 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /css3.jsp (indicator-compromise.rules) * 1:27731 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /inback.jsp (indicator-compromise.rules) * 1:27732 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /jspspy.jsp (indicator-compromise.rules) * 1:27733 <-> DISABLED <-> EXPLOIT-KIT IFRAMEr Tool embedded javascript attack method - generic structure (exploit-kit.rules) * 1:27734 <-> ENABLED <-> EXPLOIT-KIT IFRAMEr Tool embedded javascript attack method - specific structure (exploit-kit.rules) * 1:27738 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit landing page (exploit-kit.rules) * 1:27739 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit redirection page (exploit-kit.rules) * 1:27754 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:27755 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:27764 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:27765 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:27783 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit plugin detection page (exploit-kit.rules) * 1:27786 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:27787 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:27810 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit redirection (exploit-kit.rules) * 1:27818 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint denial of service attempt (server-other.rules) * 1:27819 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint denial of service attempt (server-other.rules) * 1:27820 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel PtgMemFunc zero-value cce-field read access violation attempt (file-office.rules) * 1:27821 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel PtgMemFunc zero-value cce-field read access violation attempt (file-office.rules) * 1:27824 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid external defined names read AV attempt (file-office.rules) * 1:27825 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid external defined names read AV attempt (file-office.rules) * 1:27850 <-> ENABLED <-> FILE-OFFICE Microsoft Office SDTI signed integer underflow attempt (file-office.rules) * 1:27851 <-> ENABLED <-> FILE-OFFICE Microsoft Office SDTI signed integer underflow attempt (file-office.rules) * 1:27852 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word invalid number of cells memory corruption attempt (file-office.rules) * 1:27853 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word invalid number of cells memory corruption attempt (file-office.rules) * 1:27854 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (file-office.rules) * 1:27855 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (file-office.rules) * 1:27856 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (file-office.rules) * 1:27857 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (file-office.rules) * 1:27858 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word malformed OCXINFO element EoP attempt (file-office.rules) * 1:27859 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word malformed OCXINFO element EoP attempt (file-office.rules) * 1:27860 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt (os-windows.rules) * 1:27861 <-> DISABLED <-> SERVER-ORACLE Oracle Enterprise Manager Database Control directory traversal attempt (server-oracle.rules) * 1:27879 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Acrobat Reader 8 (exploit-kit.rules) * 1:27880 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Acrobat Reader 9 (exploit-kit.rules) * 1:27882 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Flash Player (exploit-kit.rules) * 1:27887 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27888 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27889 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27890 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit secondary payload (exploit-kit.rules) * 1:27891 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit secondary payload (exploit-kit.rules) * 1:27899 <-> DISABLED <-> PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt (protocol-voip.rules) * 1:27900 <-> DISABLED <-> PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt (protocol-voip.rules) * 1:27901 <-> DISABLED <-> PROTOCOL-VOIP Ghost call attack attempt (protocol-voip.rules) * 1:27902 <-> DISABLED <-> PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt (protocol-voip.rules) * 1:27903 <-> DISABLED <-> PROTOCOL-VOIP Ghost call attack attempt (protocol-voip.rules) * 1:27904 <-> DISABLED <-> PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt (protocol-voip.rules) * 1:27907 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit payload download attempt (exploit-kit.rules) * 1:27911 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit landing page (exploit-kit.rules) * 1:27912 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit landing page (exploit-kit.rules) * 1:27913 <-> DISABLED <-> PUA-ADWARE Vittalia adware - get ads (pua-adware.rules) * 1:27914 <-> DISABLED <-> PUA-ADWARE Vittalia adware - post install (pua-adware.rules) * 1:27915 <-> DISABLED <-> PUA-ADWARE Vittalia adware outbound connection - pre install (pua-adware.rules) * 1:27916 <-> DISABLED <-> PUA-TOOLBARS Vittalia adware outbound connection - Eazel toolbar install (pua-toolbars.rules) * 1:27917 <-> DISABLED <-> PUA-TOOLBARS Vittalia adware outbound connection - offers (pua-toolbars.rules) * 1:27922 <-> DISABLED <-> APP-DETECT Splashtop outbound connection attempt (app-detect.rules) * 1:27923 <-> DISABLED <-> APP-DETECT Splashtop connection negotiation attempt (app-detect.rules) * 1:27924 <-> DISABLED <-> APP-DETECT Splashtop Streamer download attempt (app-detect.rules) * 1:27925 <-> DISABLED <-> APP-DETECT Splashtop Personal download attempt (app-detect.rules) * 1:27926 <-> DISABLED <-> APP-DETECT Splashtop Streamer certificate server connect attempt (app-detect.rules) * 1:27927 <-> DISABLED <-> APP-DETECT Splashtop inbound connection negotiation attempt (app-detect.rules) * 1:27928 <-> DISABLED <-> APP-DETECT Splashtop connection attempt (app-detect.rules) * 1:27929 <-> DISABLED <-> APP-DETECT Splashtop communication attempt (app-detect.rules) * 1:27930 <-> DISABLED <-> APP-DETECT DNS request for Splashtop domain splashtop.com (app-detect.rules) * 1:27931 <-> DISABLED <-> APP-DETECT DNS request for Splashtop domain splashtop.net (app-detect.rules) * 1:27932 <-> DISABLED <-> APP-DETECT DNS request for Splashtop domain devicevm.com (app-detect.rules) * 1:27933 <-> DISABLED <-> APP-DETECT Splashtop streamer download attempt (app-detect.rules) * 1:27934 <-> DISABLED <-> APP-DETECT Splashtop personal download attempt (app-detect.rules) * 1:27935 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit landing page (exploit-kit.rules) * 1:27936 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit portable executable download (exploit-kit.rules) * 1:27938 <-> DISABLED <-> PROTOCOL-DNS IPv6 host name enumeration (protocol-dns.rules) * 1:27956 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit download attempt (malware-other.rules) * 1:27957 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit download attempt (malware-other.rules) * 1:27958 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit download attempt (malware-other.rules) * 1:27959 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit upload attempt (malware-other.rules) * 1:27960 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit upload attempt (malware-other.rules) * 1:27961 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit upload attempt (malware-other.rules) * 1:27982 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application executable download attempt (app-detect.rules) * 1:27983 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application zip download attempt (app-detect.rules) * 1:27984 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dfgvx.com (app-detect.rules) * 1:27985 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain hjuyv.com (app-detect.rules) * 1:27986 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain rfvcd.com (app-detect.rules) * 1:27987 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain vfrtg.com (app-detect.rules) * 1:27988 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dongtaiwang.com (app-detect.rules) * 1:27989 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain mjuyh.com (app-detect.rules) * 1:27990 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain umikl.com (app-detect.rules) * 1:27991 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain ziyouforever.com (app-detect.rules) * 1:27992 <-> DISABLED <-> APP-DETECT DNS response for Dynamic Internet Technology domain ziyouforever.com (app-detect.rules) * 1:27993 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain xcder.com (app-detect.rules) * 1:27994 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dit-inc.us (app-detect.rules) * 1:27995 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain ewsxz.com (app-detect.rules) * 1:27996 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain nbgtr.com (app-detect.rules) * 1:27997 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dongtaiwang.net (app-detect.rules) * 1:27998 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain washingtonchinareview.org (app-detect.rules) * 1:27999 <-> DISABLED <-> APP-DETECT Possible Dynamic Internet Technology Frontgate application PING (app-detect.rules) * 1:28000 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application executable download attempt (app-detect.rules) * 1:28001 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application zip download attempt (app-detect.rules) * 1:28002 <-> DISABLED <-> INDICATOR-SCAN UPnP WANPPPConnection (indicator-scan.rules) * 1:28003 <-> DISABLED <-> INDICATOR-SCAN UPnP WANIPConnection (indicator-scan.rules) * 1:28006 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kuluoz outbound download request (malware-other.rules) * 1:28015 <-> ENABLED <-> EXPLOIT-KIT g01pack exploit kit redirection attempt (exploit-kit.rules) * 1:28016 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28017 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28018 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28019 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28020 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28021 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28022 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - IFRAMEr injection tool (exploit-kit.rules) * 1:28026 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:28028 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit exploit download attempt (exploit-kit.rules) * 1:28038 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit successful redirection (exploit-kit.rules) * 1:28043 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:28046 <-> DISABLED <-> OS-MOBILE Android fake iMessage app download (os-mobile.rules) * 1:28054 <-> ENABLED <-> MALWARE-OTHER VBScript potential executable write attempt (malware-other.rules) * 1:28055 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV outbound communication attempt (os-mobile.rules) * 1:28056 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV APK file download attempt (os-mobile.rules) * 1:28057 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV APK file download attempt (os-mobile.rules) * 1:28068 <-> DISABLED <-> APP-DETECT 360.cn Safeguard runtime outbound communication (app-detect.rules) * 1:28069 <-> DISABLED <-> APP-DETECT DNS request for potential malware SafeGuard to domain 360.cn (app-detect.rules) * 1:28070 <-> DISABLED <-> APP-DETECT DNS request for potential malware SafeGuard to domain 360safe.com (app-detect.rules) * 1:28071 <-> DISABLED <-> APP-DETECT 360.cn SafeGuard local HTTP management console access attempt (app-detect.rules) * 1:28081 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Malapp APK file download attempt (os-mobile.rules) * 1:28082 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Malapp APK file download attempt (os-mobile.rules) * 1:28086 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SmsSpy APK file download attempt (os-mobile.rules) * 1:28087 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SmsSpy APK file download attempt (os-mobile.rules) * 1:28088 <-> DISABLED <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt (policy-social.rules) * 1:28089 <-> DISABLED <-> POLICY-SOCIAL multiple chat protocols link to local file attempt (policy-social.rules) * 1:28090 <-> DISABLED <-> POLICY-SOCIAL multiple chat protocols link to local file attempt (policy-social.rules) * 1:28098 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS reGenerateReports/DeleteReports SQL injection attempt (server-other.rules) * 1:28099 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS reGenerateReports/DeleteReports SQL injection attempt (server-other.rules) * 1:28100 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS deleteReportFilter SQL injection attempt (server-other.rules) * 1:28101 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS reGenerateReports/DeleteReports SQL injection attempt (server-other.rules) * 1:28102 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS ReportFilterID/reportTemplateID SQL injection attempt (server-other.rules) * 1:28103 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Workspace file FontCount record memory corruption attempt (file-office.rules) * 1:28137 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ShrFmla record use after free attempt (file-office.rules) * 1:28138 <-> ENABLED <-> EXPLOIT-KIT DotkaChef/Rmayana exploit kit redirection attempt (exploit-kit.rules) * 1:28140 <-> DISABLED <-> PUA-ADWARE Win.Adware.Schmidti outbound communication attempt (pua-adware.rules) * 1:28149 <-> DISABLED <-> SERVER-OTHER Quest Software Big Brother attempted arbitrary file deletion (server-other.rules) * 1:28150 <-> DISABLED <-> SERVER-OTHER Quest Software Big Brother attempted arbitrary file upload (server-other.rules) * 1:28156 <-> DISABLED <-> PUA-ADWARE Linkury outbound time check (pua-adware.rules) * 1:28161 <-> DISABLED <-> FILE-OTHER Microsoft .NET XML digital signature denial of service attempt (file-other.rules) * 1:28162 <-> DISABLED <-> FILE-OTHER Microsoft .NET XML digital signature denial of service attempt (file-other.rules) * 1:28165 <-> DISABLED <-> PROTOCOL-VOIP attempted DOS detected (protocol-voip.rules) * 1:28190 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cc dns query (indicator-compromise.rules) * 1:28194 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit landing page (exploit-kit.rules) * 1:28195 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit post java exploit download attempt (exploit-kit.rules) * 1:28201 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint XSS attempt (server-other.rules) * 1:28202 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules) * 1:28203 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules) * 1:28205 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2003 macro byte opcode large data structure arbitrary code execution attempt (file-office.rules) * 1:28206 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2003 macro byte opcode large data structure arbitrary code execution attempt (file-office.rules) * 1:28213 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit redirection received (exploit-kit.rules) * 1:28233 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit payload download attempt (exploit-kit.rules) * 1:28238 <-> DISABLED <-> EXPLOIT-KIT Multiple exploit kits malicious pdf download (exploit-kit.rules) * 1:28245 <-> DISABLED <-> APP-DETECT Bizhi Sogou Wallpaper application outbound connection attempt (app-detect.rules) * 1:28246 <-> DISABLED <-> APP-DETECT Bizhi Sogou Wallpaper application download schema response (app-detect.rules) * 1:28264 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit java compromise successful (exploit-kit.rules) * 1:28265 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page attempt (exploit-kit.rules) * 1:28279 <-> ENABLED <-> PUA-ADWARE Wajam outbound connection - post install (pua-adware.rules) * 1:28280 <-> ENABLED <-> PUA-ADWARE Wajam outbound connection - post install (pua-adware.rules) * 1:28286 <-> ENABLED <-> FILE-OTHER overly large XML file MSXML heap overflow attempt (file-other.rules) * 1:28291 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit exploit download attempt (exploit-kit.rules) * 1:28292 <-> DISABLED <-> PROTOCOL-ICMP IPv6 0xfacebabe ICMP ping attempt (protocol-icmp.rules) * 1:28301 <-> DISABLED <-> INDICATOR-SCAN User-Agent known malicious user-agent Masscan (indicator-scan.rules) * 1:28308 <-> ENABLED <-> EXPLOIT-KIT Himan exploit kit payload - Adobe Reader compromise (exploit-kit.rules) * 1:28310 <-> ENABLED <-> EXPLOIT-KIT Himan exploit kit payload - Oracle Java compromise (exploit-kit.rules) * 1:28324 <-> ENABLED <-> PUA-ADWARE FakeAV runtime detection (pua-adware.rules) * 1:28344 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to chr function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:28347 <-> DISABLED <-> MALWARE-OTHER SimpleTDS - page redirecting to a SimpleTDS (malware-other.rules) * 1:28348 <-> DISABLED <-> MALWARE-OTHER SimpleTDS - request to go.php (malware-other.rules) * 1:28365 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Stoberox outbound communication attempt (malware-other.rules) * 1:28367 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:28368 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:28369 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:28370 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:28371 <-> ENABLED <-> PUA-ADWARE UpdateStar CIS file retrieval attempt (pua-adware.rules) * 1:28372 <-> ENABLED <-> PUA-ADWARE UpdateStar encapsulated installer outbound connection (pua-adware.rules) * 1:28382 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index file download request (file-identify.rules) * 1:28383 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules) * 1:28384 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules) * 1:28386 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTML Help security zone bypass attempt (os-windows.rules) * 1:28387 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTML Help security zone bypass attempt (os-windows.rules) * 1:28390 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:28391 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:28392 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (file-multimedia.rules) * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules) * 1:28423 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit single digit exe detection (exploit-kit.rules) * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:28450 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retrieve attempt (exploit-kit.rules) * 1:28483 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Magitart outbound communication attempt (malware-other.rules) * 1:28497 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules) * 1:28498 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:28499 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:28500 <-> DISABLED <-> FILE-OTHER WordPerfect file magic with .doc extension (file-other.rules) * 1:28501 <-> DISABLED <-> FILE-OTHER WordPerfect file magic with .doc extension (file-other.rules) * 1:28502 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:28503 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:28521 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:28530 <-> DISABLED <-> PUA-TOOLBARS Babylon toolbar outbound connection (pua-toolbars.rules) * 1:28531 <-> DISABLED <-> PUA-ADWARE FreePDS installer outbound connection (pua-adware.rules) * 1:28532 <-> DISABLED <-> MALWARE-TOOLS PyLoris http DoS tool (malware-tools.rules) * 1:28534 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28535 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28536 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28537 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28544 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules) * 1:28545 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules) * 1:28546 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules) * 1:28549 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:28550 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:28552 <-> DISABLED <-> INDICATOR-SCAN inbound probing for IPTUX messenger port (indicator-scan.rules) * 1:28555 <-> DISABLED <-> MALWARE-OTHER SQL Slammer worm propagation attempt inbound (malware-other.rules) * 1:28567 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free race condition (file-flash.rules) * 1:28568 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules) * 1:28569 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules) * 1:28570 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:28571 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:28572 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:28573 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:28574 <-> ENABLED <-> FILE-IDENTIFY FDF file download request (file-identify.rules) * 1:28575 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader FDF submitForm cross-site scripting attempt (file-other.rules) * 1:28576 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader FDF submitForm cross-site scripting attempt (file-other.rules) * 1:28577 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader memory disclosure attempt (file-pdf.rules) * 1:28578 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader memory disclosure attempt (file-pdf.rules) * 1:28587 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GlyphOffset memory disclosure attempt (file-flash.rules) * 1:28588 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GlyphOffset memory disclosure attempt (file-flash.rules) * 1:28589 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28590 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28591 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF remote code execution attempt (file-pdf.rules) * 1:28592 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF remote code execution attempt (file-pdf.rules) * 1:28593 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit payload download (exploit-kit.rules) * 1:28594 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit Microsoft Internet Explorer vulnerability request (exploit-kit.rules) * 1:28597 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader field dictionary null pointer dereference attempt (file-pdf.rules) * 1:28598 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader field dictionary null pointer dereference attempt (file-pdf.rules) * 1:28600 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (file-pdf.rules) * 1:28601 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (file-pdf.rules) * 1:28602 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (file-pdf.rules) * 1:28603 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (file-pdf.rules) * 1:28608 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit Atomic exploit download - specific-structure (exploit-kit.rules) * 1:28609 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit obfuscated exploit payload download (exploit-kit.rules) * 1:28610 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retreive attempt (exploit-kit.rules) * 1:28617 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDSElementGetPageRangeList recursive call denial of service attempt (file-pdf.rules) * 1:28618 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDSElementGetPageRangeList recursive call denial of service attempt (file-pdf.rules) * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:28796 <-> ENABLED <-> EXPLOIT-KIT iFRAMEr successful cnt.php redirection (exploit-kit.rules) * 1:28797 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit binkey xored binary download attempt (exploit-kit.rules) * 1:28798 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit possibly malicious iframe embedded into a webpage (exploit-kit.rules) * 1:28818 <-> DISABLED <-> FILE-OTHER 7-Zip ARJ archive handling buffer overflow attempt (file-other.rules) * 1:28819 <-> DISABLED <-> FILE-OTHER 7-Zip ARJ archive handling buffer overflow attempt (file-other.rules) * 1:28821 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28822 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28823 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28824 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28825 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28826 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28827 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28831 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro d2d1.dll dll-load exploit attempt (file-other.rules) * 1:28833 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules) * 1:28834 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules) * 1:28835 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules) * 1:28836 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wintab32.dll dll-load exploit attempt (file-other.rules) * 1:28837 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro d2d1.dll dll-load exploit attempt (file-other.rules) * 1:28839 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules) * 1:28840 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules) * 1:28841 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules) * 1:28842 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wintab32.dll dll-load exploit attempt (file-other.rules) * 1:28847 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Tavdig download attempt (malware-other.rules) * 1:28848 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Tavdig download attempt (malware-other.rules) * 1:28867 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28871 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28872 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28883 <-> ENABLED <-> PUA-ADWARE Apponic CIS file retrieval attempt (pua-adware.rules) * 1:28884 <-> ENABLED <-> PUA-ADWARE Apponic encapsulated installer outbound connection (pua-adware.rules) * 1:28885 <-> ENABLED <-> PUA-ADWARE Apponic encapsulated installer outbound connection (pua-adware.rules) * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (file-identify.rules) * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (file-identify.rules) * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28908 <-> DISABLED <-> SERVER-OTHER Nagios core config manager tfpassword sql injection attempt (server-other.rules) * 1:28913 <-> DISABLED <-> MALWARE-BACKDOOR Zollard variant outbound connection attempt (malware-backdoor.rules) * 1:28917 <-> DISABLED <-> PROTOCOL-SCADA Microsys Promotic directory traversal attempt (protocol-scada.rules) * 1:28926 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:28927 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:28929 <-> ENABLED <-> PUA-ADWARE Amonetize installer outbound connection attempt (pua-adware.rules) * 1:28934 <-> DISABLED <-> PUA-ADWARE InstallBrain software download attempt (pua-adware.rules) * 1:28935 <-> DISABLED <-> PUA-ADWARE InstallBrain software download attempt (pua-adware.rules) * 1:28945 <-> DISABLED <-> INDICATOR-COMPROMISE exe.exe download (indicator-compromise.rules) * 1:28963 <-> ENABLED <-> EXPLOIT-KIT HiMan exploit kit Flash Exploit landing page (exploit-kit.rules) * 1:28966 <-> ENABLED <-> EXPLOIT-KIT HiMan exploit kit outbound POST connection (exploit-kit.rules) * 1:28968 <-> ENABLED <-> EXPLOIT-KIT HiMan exploit kit outbound flash exploit retrieval attempt (exploit-kit.rules) * 1:28978 <-> DISABLED <-> FILE-OTHER CHM LZX compression reset interval anti-virus evasion attempt (file-other.rules) * 1:28979 <-> DISABLED <-> FILE-OTHER CHM LZX compression reset interval anti-virus evasion attempt (file-other.rules) * 1:28993 <-> DISABLED <-> PROTOCOL-VOIP Sipvicious User-Agent detected (protocol-voip.rules) * 1:28998 <-> DISABLED <-> OS-LINUX Linux kernel ARM put_user write outside process address space privilege escalation attempt (os-linux.rules) * 1:28999 <-> DISABLED <-> OS-LINUX Linux kernel ARM put_user write outside process address space privilege escalation attempt (os-linux.rules) * 1:29001 <-> ENABLED <-> EXPLOIT-KIT SPL2 exploit kit landing page detection (exploit-kit.rules) * 1:29002 <-> ENABLED <-> EXPLOIT-KIT SPL2 exploit kit Silverlight plugin outbound connection attempt (exploit-kit.rules) * 1:29006 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules) * 1:29007 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules) * 1:29008 <-> ENABLED <-> FILE-IDENTIFY XWD image file download request (file-identify.rules) * 1:29009 <-> DISABLED <-> FILE-OTHER GIMP XWD file heap buffer overflow attempt (file-other.rules) * 1:29010 <-> DISABLED <-> FILE-OTHER GIMP XWD file heap buffer overflow attempt (file-other.rules) * 1:29012 <-> ENABLED <-> MALWARE-OTHER Possible Win.Trojan.Zbot variant outbound connection (malware-other.rules) * 1:29013 <-> ENABLED <-> MALWARE-OTHER Possible Win.Trojan.Zbot variant outbound connection (malware-other.rules) * 1:29014 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded OpenType font engine LZX decompression buffer overflow attempt (os-windows.rules) * 1:29023 <-> ENABLED <-> MALWARE-OTHER multi-hop iframe campaign client-side exploit attempt (malware-other.rules) * 1:29024 <-> ENABLED <-> MALWARE-OTHER multi-hop iframe campaign client-side exploit attempt (malware-other.rules) * 1:29025 <-> ENABLED <-> MALWARE-OTHER multi-hop iframe campaign client-side exploit attempt (malware-other.rules) * 1:29028 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server TDS packet fragment handling remote denial of service attempt (server-mssql.rules) * 1:29029 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server TDS packet fragment handling remote denial of service attempt (server-mssql.rules) * 1:29047 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29048 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29049 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29050 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29051 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29052 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29053 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29054 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29055 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Descrantol variant data exfiltration attempt (malware-backdoor.rules) * 1:29061 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:29062 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed JBIG2 decode segment null pointer crash attempt (file-pdf.rules) * 1:29063 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed JBIG2 decode segment null pointer crash attempt (file-pdf.rules) * 1:29094 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.Shatekrat variant initial outbound connection (malware-backdoor.rules) * 1:29096 <-> ENABLED <-> MALWARE-TOOLS Browser Password Decryptor - Password List sent via FTP (malware-tools.rules) * 1:29124 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.InstallMonster variant outbound connection (malware-other.rules) * 1:29162 <-> ENABLED <-> FILE-IDENTIFY CIS file download request (file-identify.rules) * 1:29164 <-> DISABLED <-> EXPLOIT-KIT CritX exploit kit outbound flash request (exploit-kit.rules) * 1:29182 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29183 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29184 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29185 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29186 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound connection (exploit-kit.rules) * 1:29188 <-> DISABLED <-> EXPLOIT-KIT Magnitude exploit kit embedded open type font file request (exploit-kit.rules) * 1:29194 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding registers - too many inputs (protocol-scada.rules) * 1:29195 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input register - too many inputs (protocol-scada.rules) * 1:29196 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input status - too many inputs (protocol-scada.rules) * 1:29197 <-> DISABLED <-> PROTOCOL-SCADA Modbus read write multiple registers - too many writes (protocol-scada.rules) * 1:29198 <-> DISABLED <-> PROTOCOL-SCADA Modbus read write multiple registers - too many writes (protocol-scada.rules) * 1:29199 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple registers - too many registers (protocol-scada.rules) * 1:29200 <-> DISABLED <-> PROTOCOL-SCADA Modbus write single coil - invalid state (protocol-scada.rules) * 1:29201 <-> DISABLED <-> PROTOCOL-SCADA Modbus read coil status response - too many coils (protocol-scada.rules) * 1:29202 <-> DISABLED <-> PROTOCOL-SCADA Modbus read coil status response - too many coils (protocol-scada.rules) * 1:29203 <-> DISABLED <-> PROTOCOL-SCADA Modbus read fifo response invalid byte count (protocol-scada.rules) * 1:29204 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding register response - invalid byte count (protocol-scada.rules) * 1:29205 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input registers response invalid byte count (protocol-scada.rules) * 1:29206 <-> DISABLED <-> PROTOCOL-SCADA Modbus read write register response - invalid byte count (protocol-scada.rules) * 1:29207 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29208 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29209 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29210 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29211 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29212 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29214 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules) * 1:29215 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules) * 1:29218 <-> ENABLED <-> FILE-JAVA Oracle Java and JavaFX JPEGImageReader memory corruption attempt (file-java.rules) * 1:29219 <-> ENABLED <-> FILE-JAVA Oracle Java and JavaFX JPEGImageReader memory corruption attempt (file-java.rules) * 1:29266 <-> DISABLED <-> SERVER-OTHER Cisco Prime Data Center Network Manager arbitrary file read attempt (server-other.rules) * 1:29268 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules) * 1:29269 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules) * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (file-identify.rules) * 1:29282 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29283 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29284 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29286 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29287 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29288 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29314 <-> DISABLED <-> PROTOCOL-SCADA Modbus function scan (protocol-scada.rules) * 1:29315 <-> DISABLED <-> PROTOCOL-SCADA Modbus list scan (protocol-scada.rules) * 1:29316 <-> DISABLED <-> PROTOCOL-SCADA Modbus value scan (protocol-scada.rules) * 1:29317 <-> DISABLED <-> PROTOCOL-SCADA Modbus invalid exception message (protocol-scada.rules) * 1:29318 <-> DISABLED <-> PROTOCOL-SCADA Modbus invalid encapsulated interface response (protocol-scada.rules) * 1:29319 <-> DISABLED <-> PROTOCOL-SCADA Modbus invalid encapsulated interface request (protocol-scada.rules) * 1:29320 <-> DISABLED <-> APP-DETECT Baidu IME download attempt (app-detect.rules) * 1:29321 <-> DISABLED <-> APP-DETECT Baidu IME download attempt (app-detect.rules) * 1:29322 <-> DISABLED <-> APP-DETECT Baidu IME runtime detection - remote sync (app-detect.rules) * 1:29354 <-> DISABLED <-> APP-DETECT Foca file scanning attempt (app-detect.rules) * 1:29357 <-> DISABLED <-> PUA-P2P Vuze BitTorrent client outbound connection (pua-p2p.rules) * 1:29360 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit encrypted binary download (exploit-kit.rules) * 1:29361 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules) * 1:29362 <-> DISABLED <-> SERVER-OTHER Novell NetWare AFP denial of service attempt (server-other.rules) * 1:29364 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Esjey outbound communication attempt (malware-other.rules) * 1:29381 <-> DISABLED <-> APP-DETECT VPN Over DNS outbound traffic attempt (app-detect.rules) * 1:29382 <-> DISABLED <-> APP-DETECT VPN Over DNS application download attempt (app-detect.rules) * 1:29383 <-> DISABLED <-> APP-DETECT VPN Over DNS application download attempt (app-detect.rules) * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (file-identify.rules) * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:29393 <-> DISABLED <-> SERVER-OTHER ntp monlist denial of service attempt (server-other.rules) * 1:29396 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same (policy-spam.rules) * 1:29397 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same (policy-spam.rules) * 1:29398 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same (policy-spam.rules) * 1:29399 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same (policy-spam.rules) * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (file-identify.rules) * 1:29411 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page (exploit-kit.rules) * 1:29412 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Java download attempt (exploit-kit.rules) * 1:29413 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:29414 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:29418 <-> DISABLED <-> OS-MOBILE Android signature validation bypass APK file download attempt (os-mobile.rules) * 1:29419 <-> DISABLED <-> OS-MOBILE Android signature validation bypass APK file download attempt (os-mobile.rules) * 1:29433 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:29437 <-> DISABLED <-> OS-MOBILE Android Goodix gt915 touchscreen driver improper bounds-check privileged access attempt (os-mobile.rules) * 1:29438 <-> DISABLED <-> OS-MOBILE Android Goodix gt915 touchscreen driver improper bounds-check privileged access attempt (os-mobile.rules) * 1:29444 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit flashplayer11 payload download (exploit-kit.rules) * 1:29447 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit payload download - scandsk.exe (exploit-kit.rules) * 1:29454 <-> DISABLED <-> PROTOCOL-ICMP Unusual L3retriever Ping detected (protocol-icmp.rules) * 1:29455 <-> DISABLED <-> PROTOCOL-ICMP Unusual Microsoft Windows Ping detected (protocol-icmp.rules) * 1:29456 <-> DISABLED <-> PROTOCOL-ICMP Unusual PING detected (protocol-icmp.rules) * 1:29457 <-> DISABLED <-> PROTOCOL-ICMP Unusual Microsoft Windows 7 Ping detected (protocol-icmp.rules) * 1:29490 <-> ENABLED <-> FILE-JAVA Oracle Java ShortComponentRaster integer overflow attempt (file-java.rules) * 1:29491 <-> ENABLED <-> FILE-JAVA Oracle Java ShortComponentRaster integer overflow attempt (file-java.rules) * 1:29500 <-> DISABLED <-> PUA-ADWARE 4Shared Downloader outbound connection attempt (pua-adware.rules) * 1:29501 <-> DISABLED <-> PUA-ADWARE 4Shared Downloader executable file download attempt (pua-adware.rules) * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:29515 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:29516 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29517 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules) * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules) * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:29534 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:29539 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29540 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29541 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29542 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29543 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29544 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29545 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29546 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29551 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (file-flash.rules) * 1:29552 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (file-flash.rules) * 1:29553 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (file-flash.rules) * 1:29554 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (file-flash.rules) * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:29582 <-> DISABLED <-> SERVER-OTHER Mediawiki DjVu and PDF handling code execution attempt (server-other.rules) * 1:29585 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt (server-other.rules) * 1:29586 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29587 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29588 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:29589 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:29590 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:29591 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:29604 <-> DISABLED <-> OS-OTHER CoDeSys Gateway Server Denial of Service attempt detected (os-other.rules) * 1:29605 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:29606 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules) * 1:29611 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules) * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules) * 1:29626 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29628 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29629 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29640 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules) * 1:29641 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules) * 1:29642 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules) * 1:29643 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules) * 1:29660 <-> DISABLED <-> FILE-OTHER Norton Anti-Virus decompression bomb denial of service attempt (file-other.rules) * 1:29661 <-> DISABLED <-> FILE-OTHER Norton Anti-Virus decompression bomb denial of service attempt (file-other.rules) * 1:38279 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (malware-other.rules) * 1:38280 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (malware-other.rules) * 1:38289 <-> DISABLED <-> FILE-PDF Oracle IOT IX SDK libvs_pdf null pointer dereference attempt (file-pdf.rules) * 1:38290 <-> DISABLED <-> FILE-PDF Oracle IOT IX SDK libvs_pdf null pointer dereference attempt (file-pdf.rules) * 1:38291 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules) * 1:38292 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules) * 1:38293 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:38294 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:38295 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:38296 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:38306 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules) * 1:38307 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules) * 1:38319 <-> DISABLED <-> NETBIOS SMB winreg named pipe creation attempt (netbios.rules) * 1:38320 <-> DISABLED <-> NETBIOS SMB srvsvc named pipe creation attempt (netbios.rules) * 1:38321 <-> DISABLED <-> NETBIOS SMB svcctl named pipe creation attempt (netbios.rules) * 1:38322 <-> DISABLED <-> NETBIOS SMB samr named pipe creation attempt (netbios.rules) * 1:38323 <-> DISABLED <-> FILE-OTHER 7zip HFS+ handling heap buffer overflow attempt (file-other.rules) * 1:38324 <-> DISABLED <-> FILE-OTHER 7zip HFS+ handling heap buffer overflow attempt (file-other.rules) * 1:38327 <-> ENABLED <-> MALWARE-BACKDOOR ReGeorg proxy read attempt (malware-backdoor.rules) * 1:38328 <-> ENABLED <-> MALWARE-BACKDOOR ReGeorg socks proxy connection attempt (malware-backdoor.rules) * 1:38329 <-> ENABLED <-> MALWARE-BACKDOOR ReGeorg socks proxy initial connection attempt (malware-backdoor.rules) * 1:38338 <-> DISABLED <-> FILE-JAVA Oracle Java Class Loader namespace sandbox bypass attempt (file-java.rules) * 1:38339 <-> DISABLED <-> FILE-JAVA Oracle Java Class Loader namespace sandbox bypass attempt (file-java.rules) * 1:38342 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf Root xref stack exhaustion attempt (file-pdf.rules) * 1:38343 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf Root xref stack exhaustion attempt (file-pdf.rules) * 1:38344 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT is operation null pointer dereference attempt (server-other.rules) * 1:38345 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT is operation null pointer dereference attempt (server-other.rules) * 1:38360 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (malware-other.rules) * 1:38361 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (malware-other.rules) * 1:38365 <-> DISABLED <-> SERVER-OTHER TCPDUMP ISAKMP payload handling denial of service attempt (server-other.rules) * 1:38372 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38373 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38374 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38375 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38376 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38377 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38390 <-> DISABLED <-> SERVER-OTHER HP JetDirect PJL path traversal attempt (server-other.rules) * 1:38391 <-> DISABLED <-> SERVER-OTHER HP JetDirect PJL path traversal attempt (server-other.rules) * 1:38441 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38442 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38443 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38444 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38445 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38446 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38447 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38448 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38449 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38450 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38451 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38452 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38453 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38454 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38457 <-> DISABLED <-> POLICY-OTHER Suspicious typo squatting DNS query to .om TLD attempt (policy-other.rules) * 1:38461 <-> ENABLED <-> OS-WINDOWS DCERPC Bind auth level packet privacy connection detected (os-windows.rules) * 1:38497 <-> DISABLED <-> MALWARE-OTHER samsam delfiletype.exe file load attempt (malware-other.rules) * 1:38498 <-> DISABLED <-> MALWARE-OTHER samsam samsam.exe file load attempt (malware-other.rules) * 1:38499 <-> DISABLED <-> MALWARE-OTHER samsam sqlsrvtmg1.exe file load attempt (malware-other.rules) * 1:38500 <-> DISABLED <-> MALWARE-OTHER samsam delfiletype.exe file load attempt (malware-other.rules) * 1:38501 <-> DISABLED <-> MALWARE-OTHER samsam samsam.exe file load attempt (malware-other.rules) * 1:38502 <-> DISABLED <-> MALWARE-OTHER samsam sqlsrvtmg1.exe file load attempt (malware-other.rules) * 1:38525 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Troll dropper document file detected (malware-other.rules) * 1:38526 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Troll dropper document file detected (malware-other.rules) * 1:38529 <-> DISABLED <-> MALWARE-OTHER XBot CC Social Engineering (malware-other.rules) * 1:38545 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_update_contact out of bounds read attempt (server-other.rules) * 1:38546 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT table markup command out of bounds read attempt (server-other.rules) * 1:38547 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT table markup command out of bounds read attempt (server-other.rules) * 1:38548 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling null pointer dereference attempt (server-other.rules) * 1:38549 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_parse_cmd_extprofile out of bounds read attempt (server-other.rules) * 1:38550 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling splash_remove directory traversal attempt (server-other.rules) * 1:38551 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling splash_remove directory traversal attempt (server-other.rules) * 1:38569 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (file-other.rules) * 1:38570 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (file-other.rules) * 1:38571 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (file-other.rules) * 1:38572 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (file-other.rules) * 1:38575 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS change cipher spec protocol denial of service attempt (server-other.rules) * 1:38578 <-> DISABLED <-> SERVER-OTHER Pidgin multimx_message_received out of bounds read attempt (server-other.rules) * 1:38583 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_parse_cmd_suggestcontacts out of bounds read attempt (server-other.rules) * 1:38594 <-> DISABLED <-> APP-DETECT Bloomberg web crawler outbound connection (app-detect.rules) * 1:38641 <-> DISABLED <-> INDICATOR-OBFUSCATION Invalid header line evasion attempt (indicator-obfuscation.rules) * 1:38650 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38651 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38652 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38653 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38654 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38655 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38656 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38657 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38658 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38659 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38660 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38661 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38662 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38663 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38664 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38665 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38666 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP header invalid entry evasion attempt (indicator-obfuscation.rules) * 1:38682 <-> ENABLED <-> EXPLOIT-KIT Angler Exploit Kit email gate (exploit-kit.rules) * 1:38683 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38684 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38685 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38686 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38687 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38688 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38689 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38690 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38691 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38692 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38693 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38694 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38695 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38696 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38697 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38698 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38699 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38700 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38701 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38702 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38703 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38704 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38705 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38706 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38707 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38708 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38709 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38710 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38711 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38712 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38713 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38714 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38715 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38716 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38717 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38718 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38719 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38731 <-> DISABLED <-> SERVER-OTHER Squid Proxy range header denial of service attempt (server-other.rules) * 1:38767 <-> DISABLED <-> INDICATOR-COMPROMISE potential abuse of originating page privileges by new tab (indicator-compromise.rules) * 1:38822 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:38823 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:38851 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file download request (file-identify.rules) * 1:38852 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules) * 1:38853 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules) * 1:38854 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules) * 1:38855 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules) * 1:38856 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38857 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38858 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38859 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38862 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file download request (file-identify.rules) * 1:38863 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:38864 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:38865 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:38866 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:38867 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_chunk_parse_get_avatar out of bounds read attempt (server-other.rules) * 1:38870 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_chunk_parse_cr out of bounds read attempt (server-other.rules) * 1:38892 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38893 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38897 <-> DISABLED <-> FILE-OTHER Adobe Illustrator CS4 request for aires.dll over SMB attempt (file-other.rules) * 1:38898 <-> DISABLED <-> FILE-OTHER Adobe Illustrator CS4 aires.dll dll-load exploit attempt (file-other.rules) * 1:38922 <-> DISABLED <-> INDICATOR-OBFUSCATION Brotli encoding evasion attempt (indicator-obfuscation.rules) * 1:38933 <-> DISABLED <-> INDICATOR-COMPROMISE IRC nick change on non-standard port (indicator-compromise.rules) * 1:38951 <-> ENABLED <-> PUA-ADWARE Win.Adware.OpenSoftwareUpdater variant outbound connection attempt (pua-adware.rules) * 1:38952 <-> ENABLED <-> PUA-ADWARE Win.Adware.OpenSoftwareUpdater variant outbound connection attempt (pua-adware.rules) * 1:38953 <-> ENABLED <-> PUA-ADWARE Win.Adware.OpenSoftwareUpdater variant outbound connection attempt (pua-adware.rules) * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (policy-other.rules) * 1:38989 <-> DISABLED <-> MALWARE-TOOLS TorStresser http DoS tool (malware-tools.rules) * 1:39034 <-> DISABLED <-> FILE-OTHER libarchive mtree parse_device stack buffer overflow attempt (file-other.rules) * 1:39035 <-> DISABLED <-> FILE-OTHER libarchive mtree parse_device stack buffer overflow attempt (file-other.rules) * 1:39045 <-> DISABLED <-> FILE-OTHER libarchive RAR RestartModel out of bounds write attempt (file-other.rules) * 1:39046 <-> DISABLED <-> FILE-OTHER libarchive RAR RestartModel out of bounds write attempt (file-other.rules) * 1:39047 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Internet Security kl1.sys out of bounds read attempt (file-executable.rules) * 1:39048 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Internet Security kl1.sys out of bounds read attempt (file-executable.rules) * 1:39049 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office NXDeleteLineObj memory corruption attempt (file-office.rules) * 1:39050 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office NXDeleteLineObj memory corruption attempt (file-office.rules) * 1:39058 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:39059 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:39071 <-> DISABLED <-> SERVER-OTHER Aruba Networks IAP PAPI authentication bypass attempt (server-other.rules) * 1:39108 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:39109 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:39110 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office HCell HncChart out of bounds write attempt (file-office.rules) * 1:39111 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office HCell HncChart out of bounds write attempt (file-office.rules) * 1:39150 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT negative message length underflow attempt (server-other.rules) * 1:39151 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT message length overflow attempt (server-other.rules) * 1:39189 <-> ENABLED <-> PUA-TOOLBARS Win.Toolbar.Crossrider variant outbound connection (pua-toolbars.rules) * 1:39262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (file-flash.rules) * 1:39263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (file-flash.rules) * 1:39264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (file-flash.rules) * 1:39265 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (file-flash.rules) * 1:39356 <-> ENABLED <-> MALWARE-OTHER Lamer outbound communication attempt (malware-other.rules) * 1:39357 <-> ENABLED <-> MALWARE-OTHER Flopex outbound communication attempt (malware-other.rules) * 1:39362 <-> DISABLED <-> INDICATOR-COMPROMISE User-Agent blank user-agent string (indicator-compromise.rules) * 1:39378 <-> DISABLED <-> PROTOCOL-FTP PUT overflow attempt (protocol-ftp.rules) * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules) * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules) * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules) * 1:39416 <-> DISABLED <-> PUA-OTHER RMS rmansys remote management tool cnc communication (pua-other.rules) * 1:39443 <-> DISABLED <-> PUA-ADWARE Win.Adware.InstallFaster variant outbound connection attempt (pua-adware.rules) * 1:39444 <-> DISABLED <-> INDICATOR-COMPROMISE Netgear D6000 or D3600 password recovery page access attempt (indicator-compromise.rules) * 1:39449 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server sp_addsrvrolemember privilege escalation attempt (server-mssql.rules) * 1:39450 <-> DISABLED <-> PROTOCOL-TFTP Firmware upgrade request (protocol-tftp.rules) * 1:39451 <-> DISABLED <-> PROTOCOL-TFTP Comtrol RocketLinx switch reboot request (protocol-tftp.rules) * 1:39452 <-> DISABLED <-> PROTOCOL-TFTP Comtrol RocketLinx factory reset request (protocol-tftp.rules) * 1:39463 <-> DISABLED <-> FILE-EXECUTABLE McAfee LiveSafe malformed executable denial of service attempt (file-executable.rules) * 1:39464 <-> DISABLED <-> FILE-EXECUTABLE McAfee LiveSafe malformed executable denial of service attempt (file-executable.rules) * 1:39472 <-> DISABLED <-> SERVER-OTHER Jenkins server auto-discovery attempt (server-other.rules) * 1:39501 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:39502 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:39584 <-> DISABLED <-> SERVER-OTHER EasyCafe Server remote file access attempt (server-other.rules) * 1:39586 <-> DISABLED <-> PUA-ADWARE Win.Adware.Antivirus Container.exe referral link attempt (pua-adware.rules) * 1:39587 <-> DISABLED <-> PUA-ADWARE Win.Adware.Antivirus Container.exe referral link attempt (pua-adware.rules) * 1:39593 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:39594 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:39595 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:39596 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:39597 <-> DISABLED <-> FILE-MULTIMEDIA Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt (file-multimedia.rules) * 1:39598 <-> DISABLED <-> FILE-MULTIMEDIA Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt (file-multimedia.rules) * 1:39599 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image tile size heap buffer overflow attempt (file-image.rules) * 1:39600 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image tile size heap buffer overflow attempt (file-image.rules) * 1:39633 <-> DISABLED <-> PUA-ADWARE Win.Adware.Mizenota outbound connection (pua-adware.rules) * 1:39637 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ranscam initial download attempt (malware-other.rules) * 1:39638 <-> DISABLED <-> MALWARE-TOOLS Win.Packer.ConfuserEx packed .NET executable attempt (malware-tools.rules) * 1:39660 <-> DISABLED <-> FILE-OTHER Oracle OIT gem metafile n_integers heap buffer overflow attempt (file-other.rules) * 1:39661 <-> DISABLED <-> FILE-OTHER Oracle OIT gem metafile n_integers heap buffer overflow attempt (file-other.rules) * 1:39663 <-> DISABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt (file-other.rules) * 1:39664 <-> DISABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt (file-other.rules) * 1:39665 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39666 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39667 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39668 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39669 <-> DISABLED <-> FILE-PDF Adobe Reader submitForm SOP bypass attempt (file-pdf.rules) * 1:39670 <-> DISABLED <-> FILE-PDF Adobe Reader submitForm SOP bypass attempt (file-pdf.rules) * 1:39671 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39672 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39673 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:39674 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:39675 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:39676 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:39682 <-> DISABLED <-> PUA-ADWARE Win.Adware.EoRezo outbound ad download attempt (pua-adware.rules) * 1:39706 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:39707 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:39708 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:39709 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:39713 <-> ENABLED <-> MALWARE-OTHER MKVIS outbound communication attempt (malware-other.rules) * 1:39729 <-> DISABLED <-> INDICATOR-COMPROMISE Content-Type image containing Portable Executable data (indicator-compromise.rules) * 1:39734 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Xtrat outbound connection detected (malware-other.rules) * 1:39735 <-> DISABLED <-> FILE-OTHER VideoCharge buffer overflow SEH attempt (file-other.rules) * 1:39736 <-> DISABLED <-> FILE-OTHER VideoCharge buffer overflow SEH attempt (file-other.rules) * 1:39741 <-> DISABLED <-> PUA-ADWARE Win.Adware.StartPage variant outbound connection (pua-adware.rules) * 1:39744 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:39745 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.FakeRean outbound connection detection (malware-other.rules) * 1:39746 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Apocalypse download attempt (malware-other.rules) * 1:39747 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Apocalypse download attempt (malware-other.rules) * 1:39755 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Retefe variant malicious certificate installation page (malware-other.rules) * 1:39756 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Retefe variant malicious certificate installation page (malware-other.rules) * 1:39757 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:39758 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:39759 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:39760 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:39761 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt (file-office.rules) * 1:39762 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt (file-office.rules) * 1:39766 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Ogimant outbound connection detected (malware-other.rules) * 1:39768 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Alfa download attempt (malware-other.rules) * 1:39769 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Alfa download attempt (malware-other.rules) * 1:39771 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:39772 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:39773 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:39776 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules) * 1:39777 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules) * 1:39778 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file download request (file-identify.rules) * 1:39779 <-> DISABLED <-> FILE-OTHER Ubisoft Heroes of Might and Magic III .h3m map file buffer overflow attempt (file-other.rules) * 1:39780 <-> DISABLED <-> FILE-OTHER Ubisoft Heroes of Might and Magic III .h3m map file buffer overflow attempt (file-other.rules) * 1:39781 <-> DISABLED <-> FILE-OTHER Ubisoft Heroes of Might and Magic III .h3m map file buffer overflow attempt (file-other.rules) * 1:39786 <-> DISABLED <-> PUA-ADWARE Win.Dowadmin.Adware outbound connection detected (pua-adware.rules) * 1:39787 <-> DISABLED <-> PUA-ADWARE Win.Dowadmin.Adware outbound connection detected (pua-adware.rules) * 1:39798 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:39799 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:39804 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:39805 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:39806 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:39807 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Lethic outbound connection detected (malware-other.rules) * 1:39830 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrypMIC outbound connection detected (malware-other.rules) * 1:39863 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:39877 <-> DISABLED <-> PROTOCOL-SNMP Allen-Bradley MicroLogix PLC firmware update detected (protocol-snmp.rules) * 1:39888 <-> DISABLED <-> PUA-ADWARE Dorv Adware variant outbound connection (pua-adware.rules) * 1:39899 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (pua-adware.rules) * 1:39900 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (pua-adware.rules) * 1:39901 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (pua-adware.rules) * 1:39902 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (pua-adware.rules) * 1:39904 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 download attempt (malware-other.rules) * 1:39905 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 SMTP upload attempt (malware-other.rules) * 1:39906 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 download attempt (malware-other.rules) * 1:39907 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 SMTP upload attempt (malware-other.rules) * 1:39908 <-> DISABLED <-> SERVER-APACHE Apache Tomcat Commons FileUpload library denial of service attempt (server-apache.rules) * 1:39918 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt (file-executable.rules) * 1:39919 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt (file-executable.rules) * 1:39922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:39923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:39926 <-> ENABLED <-> MALWARE-OTHER pisloader DNS drive command response attempt (malware-other.rules) * 1:39927 <-> ENABLED <-> MALWARE-OTHER pisloader DNS list command response attempt (malware-other.rules) * 1:39928 <-> ENABLED <-> MALWARE-OTHER pisloader DNS open command response attempt (malware-other.rules) * 1:39929 <-> ENABLED <-> MALWARE-OTHER pisloader DNS sinfo command response attempt (malware-other.rules) * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules) * 1:39974 <-> ENABLED <-> MALWARE-OTHER Andr.Trojan.KungFu variant download (malware-other.rules) * 1:39975 <-> ENABLED <-> MALWARE-OTHER Andr.Trojan.KungFu variant download (malware-other.rules) * 1:39976 <-> DISABLED <-> SERVER-OTHER BGP bad marker strings (server-other.rules) * 1:39977 <-> DISABLED <-> SERVER-OTHER BGP invalid length (server-other.rules) * 1:39983 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt (indicator-compromise.rules) * 1:39984 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules) * 1:39985 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules) * 1:39986 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt (indicator-compromise.rules) * 1:39987 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules) * 1:39993 <-> DISABLED <-> SERVER-OTHER Netcore router backdoor access attempt (server-other.rules) * 1:39995 <-> DISABLED <-> POLICY-SOCIAL IRC server connection (policy-social.rules) * 1:40015 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox about field spoofing attempt (browser-firefox.rules) * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules) * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:40037 <-> DISABLED <-> PUA-ADWARE Google Chrome Google Contacts extension adware (pua-adware.rules) * 1:40046 <-> DISABLED <-> SERVER-OTHER PHP locale_accept_from_http out of bounds read attempt (server-other.rules) * 1:40050 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40051 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40052 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40053 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40054 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40055 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40056 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40057 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40063 <-> DISABLED <-> OS-LINUX Linux Kernel Challenge ACK provocation attempt (os-linux.rules) * 1:40064 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (os-windows.rules) * 1:40065 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (os-windows.rules) * 1:40084 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationBlink property use (indicator-compromise.rules) * 1:40085 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineNone property use (indicator-compromise.rules) * 1:40086 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineOverline property use (indicator-compromise.rules) * 1:40087 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineThrough property use (indicator-compromise.rules) * 1:40088 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineUnderline property use (indicator-compromise.rules) * 1:40089 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationBlink property use (indicator-compromise.rules) * 1:40090 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineNone property use (indicator-compromise.rules) * 1:40091 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineOverline property use (indicator-compromise.rules) * 1:40092 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineThrough property use (indicator-compromise.rules) * 1:40093 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineUnderline property use (indicator-compromise.rules) * 1:40094 <-> DISABLED <-> INDICATOR-SCAN Microsoft Internet Explorer AnchorElement information disclosure attempt (indicator-scan.rules) * 1:40095 <-> DISABLED <-> INDICATOR-SCAN Microsoft Internet Explorer AnchorElement information disclosure attempt (indicator-scan.rules) * 1:40125 <-> DISABLED <-> FILE-OTHER Ichitaro Office Excel TxO record heap overflow attempt (file-other.rules) * 1:40126 <-> DISABLED <-> FILE-OTHER Ichitaro Office Excel TxO record heap overflow attempt (file-other.rules) * 1:40161 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:40162 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:40163 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:40164 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:40165 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:40170 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player use after free attempt (file-flash.rules) * 1:40171 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player use after free attempt (file-flash.rules) * 1:40172 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player out of bounds memory access attempt (file-flash.rules) * 1:40173 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player out of bounds memory access attempt (file-flash.rules) * 1:40174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:40175 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:40184 <-> DISABLED <-> EXPLOIT-KIT Phoenix Exploit Kit inbound geoip.php bdr exploit attempt (exploit-kit.rules) * 1:40186 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40187 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40188 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40189 <-> DISABLED <-> POLICY-OTHER SSH weak 3DES cipher suite use attempt (policy-other.rules) * 1:40190 <-> DISABLED <-> POLICY-OTHER SSH weak blowfish cipher suite use attempt (policy-other.rules) * 1:40191 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40192 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40193 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40196 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40197 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40198 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40199 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40200 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40201 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40202 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40211 <-> DISABLED <-> PUA-ADWARE Win.Adware.EoRezo outbound connection (pua-adware.rules) * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules) * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules) * 1:40294 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (file-image.rules) * 1:40295 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (file-image.rules) * 1:40296 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (file-image.rules) * 1:40297 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (file-image.rules) * 1:40301 <-> DISABLED <-> SERVER-OTHER Redis CONFIG SET array index out of bounds attempt (server-other.rules) * 1:40305 <-> DISABLED <-> PUA-ADWARE Win.Adware.SupTab external connection attempt (pua-adware.rules) * 1:40313 <-> DISABLED <-> SQL PostgreSQL potential remote code execution attempt (sql.rules) * 1:40316 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:40317 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:40318 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:40319 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:40320 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:40321 <-> DISABLED <-> SERVER-APACHE Apache Tomcat credential disclosure attempt (server-apache.rules) * 1:40323 <-> ENABLED <-> SERVER-OTHER Adobe ColdFusion RDS admin bypass attempt (server-other.rules) * 1:40324 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion default credential login attempt (server-other.rules) * 1:40325 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion default credential login attempt (server-other.rules) * 1:40326 <-> DISABLED <-> SERVER-OTHER JBoss directory traversal attempt (server-other.rules) * 1:40327 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion fckeditor arbitrary file upload (server-other.rules) * 1:40328 <-> DISABLED <-> SERVER-OTHER Railo directory traversal attempt (server-other.rules) * 1:40329 <-> DISABLED <-> SERVER-OTHER Axis2 directory traversal attempt (server-other.rules) * 1:40330 <-> DISABLED <-> SERVER-OTHER JBoss directory traversal attempt (server-other.rules) * 1:40333 <-> DISABLED <-> PROTOCOL-SCADA Rockwell firmware upload attempt (protocol-scada.rules) * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (app-detect.rules) * 1:40353 <-> DISABLED <-> SERVER-OTHER Linknat Vos Manager potential directory traversal attempt (server-other.rules) * 1:40354 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Runtime malformed ASF codec memory corruption attempt (os-windows.rules) * 1:40355 <-> DISABLED <-> PROTOCOL-FTP z/OS FTP Job Entry Subsystem JCL execution attempt (protocol-ftp.rules) * 1:40356 <-> DISABLED <-> PUA-ADWARE Win.Trojan.InstantAccess variant outbound connection (pua-adware.rules) * 1:40357 <-> DISABLED <-> PUA-ADWARE Win.Trojan.InstantAccess variant outbound connection (pua-adware.rules) * 1:40361 <-> DISABLED <-> BROWSER-OTHER Android Browser potential denial of service attempt (browser-other.rules) * 1:40376 <-> DISABLED <-> OS-WINDOWS Microsoft GDI local privilege escalation attempt (os-windows.rules) * 1:40377 <-> DISABLED <-> OS-WINDOWS Microsoft GDI local privilege escalation attempt (os-windows.rules) * 1:40387 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules) * 1:40388 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules) * 1:40389 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules) * 1:40390 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules) * 1:40391 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file download request (file-identify.rules) * 1:40457 <-> DISABLED <-> PUA-ADWARE Win.Downloader.OpenCandy variant outbound connection (pua-adware.rules) * 1:40458 <-> DISABLED <-> BROWSER-OTHER Android browser file exfiltration attempt (browser-other.rules) * 1:40459 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:40460 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:40484 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:40485 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:40486 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:40487 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:40492 <-> DISABLED <-> PUA-ADWARE Win.Adware.DownloadManager outbound connection (pua-adware.rules) * 1:40517 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Network Policy Change attempt (protocol-scada.rules) * 1:40518 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Stop CPU attempt (protocol-scada.rules) * 1:40525 <-> DISABLED <-> FILE-IMAGE LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt (file-image.rules) * 1:40526 <-> DISABLED <-> FILE-IMAGE LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt (file-image.rules) * 1:40529 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (pua-adware.rules) * 1:40530 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (pua-adware.rules) * 1:40531 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (pua-adware.rules) * 1:40532 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (pua-adware.rules) * 1:40533 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40534 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40535 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40536 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40537 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40538 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40562 <-> DISABLED <-> OS-LINUX Linux kernel madvise race condition attempt (os-linux.rules) * 1:40564 <-> DISABLED <-> OS-LINUX Linux kernel madvise race condition attempt (os-linux.rules) * 1:40593 <-> DISABLED <-> PUA-ADWARE Win.Adware.CoolMirage outbound ad download attempt (pua-adware.rules) * 1:40594 <-> DISABLED <-> PUA-ADWARE Win.Adware.CoolMirage outbound ad download attempt (pua-adware.rules) * 1:40595 <-> DISABLED <-> PUA-ADWARE Win.Adware.CoolMirage outbound ad download attempt (pua-adware.rules) * 1:40597 <-> DISABLED <-> INDICATOR-COMPROMISE shell script download with wget from external source (indicator-compromise.rules) * 1:40598 <-> DISABLED <-> INDICATOR-COMPROMISE shell script download with curl from external source (indicator-compromise.rules) * 1:40610 <-> DISABLED <-> INDICATOR-COMPROMISE DNS response points to sinkholed domain (indicator-compromise.rules) * 1:40760 <-> DISABLED <-> SERVER-OTHER OpenLDAP deref control denial of service attempt (server-other.rules) * 1:40772 <-> DISABLED <-> PUA-ADWARE Win.Trojan.Miuref variant outbound connection (pua-adware.rules) * 1:40773 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules) * 1:40774 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules) * 1:40811 <-> DISABLED <-> SERVER-OTHER NTP origin timestamp denial of service attempt (server-other.rules) * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules) * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules) * 1:40827 <-> DISABLED <-> PUA-ADWARE MindSpark framework installer attempt (pua-adware.rules) * 1:40839 <-> DISABLED <-> PUA-ADWARE Sokuxuan outbound connection attempt (pua-adware.rules) * 1:40840 <-> DISABLED <-> PUA-OTHER Bitcoin Mining subscribe Stratum protocol client request attempt (pua-other.rules) * 1:40841 <-> DISABLED <-> PUA-OTHER Bitcoin Mining authorize Stratum protocol client request attempt (pua-other.rules) * 1:40842 <-> DISABLED <-> PUA-OTHER Bitcoin Mining extranonce Stratum protocol subscribe client request attempt (pua-other.rules) * 1:40844 <-> DISABLED <-> SERVER-OTHER OpenSSL Invalid CMS structure null pointer dereference attempt (server-other.rules) * 1:40845 <-> DISABLED <-> SERVER-OTHER OpenSSL Invalid CMS structure null pointer dereference attempt (server-other.rules) * 1:40871 <-> DISABLED <-> MALWARE-OTHER Virut CnC command reply (malware-other.rules) * 1:40872 <-> DISABLED <-> FILE-PDF Iceni Argus loadTrailer heap corruption attempt (file-pdf.rules) * 1:40873 <-> DISABLED <-> FILE-PDF Iceni Argus loadTrailer heap corruption attempt (file-pdf.rules) * 1:40874 <-> DISABLED <-> FILE-PDF Iceni Argus icnChainAlloc heap corruption attempt (file-pdf.rules) * 1:40875 <-> DISABLED <-> FILE-PDF Iceni Argus icnChainAlloc heap corruption attempt (file-pdf.rules) * 1:40876 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT file transfer length memory disclosure attempt (server-other.rules) * 1:40891 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file download request (file-identify.rules) * 1:40892 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules) * 1:40893 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules) * 1:40894 <-> DISABLED <-> FILE-OTHER R Project PDF encoding buffer overflow attempt (file-other.rules) * 1:40895 <-> DISABLED <-> FILE-OTHER R Project PDF encoding buffer overflow attempt (file-other.rules) * 1:40908 <-> ENABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules) * 1:40912 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Flokibot variant download attempt (malware-other.rules) * 1:40913 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Flokibot variant download attempt (malware-other.rules) * 1:40921 <-> DISABLED <-> FILE-PDF Iceni Argus loadLZWBuffer out of bounds write attempt (file-pdf.rules) * 1:40922 <-> DISABLED <-> FILE-PDF Iceni Argus loadLZWBuffer out of bounds write attempt (file-pdf.rules) * 1:40961 <-> DISABLED <-> FILE-OTHER Microsoft Office OLE DLL side load attempt (file-other.rules) * 1:40979 <-> ENABLED <-> FILE-IDENTIFY ico file download request (file-identify.rules) * 1:40980 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:40990 <-> DISABLED <-> OS-WINDOWS empty PostScript Type 1 font pfb file null dereference attempt (os-windows.rules) * 1:41027 <-> DISABLED <-> OS-LINUX Linux net af_packet.c tpacket version race condition use after free attempt (os-linux.rules) * 1:41028 <-> DISABLED <-> OS-LINUX Linux net af_packet.c tpacket version race condition use after free attempt (os-linux.rules) * 1:41042 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Dump Boot Code attempt (protocol-scada.rules) * 1:41043 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Ethernet Reset attempt (protocol-scada.rules) * 1:41044 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Crash CPU attempt (protocol-scada.rules) * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules) * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules) * 1:41047 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STARTDT ACT (protocol-scada.rules) * 1:41048 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STARTDT CON (protocol-scada.rules) * 1:41049 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STOPDT ACT (protocol-scada.rules) * 1:41050 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STOPDT CON (protocol-scada.rules) * 1:41051 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 TESTFR ACT (protocol-scada.rules) * 1:41052 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 TESTFR CON (protocol-scada.rules) * 1:41053 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Ack file (protocol-scada.rules) * 1:41054 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Double point information (protocol-scada.rules) * 1:41055 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 End of initialization (protocol-scada.rules) * 1:41056 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 File ready (protocol-scada.rules) * 1:41057 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Integrated totals (protocol-scada.rules) * 1:41058 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Interrogation command (protocol-scada.rules) * 1:41059 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Last section (protocol-scada.rules) * 1:41060 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 List directory (protocol-scada.rules) * 1:41061 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Measured value (protocol-scada.rules) * 1:41062 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Packed start events (protocol-scada.rules) * 1:41063 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Parameter value (protocol-scada.rules) * 1:30934 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity/Rig exploit kit encrypted binary download (exploit-kit.rules) * 1:30935 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity/Rig exploit kit landing page - specific structure (exploit-kit.rules) * 1:30939 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows NtUserMessageCall implementation exploitation attempt (file-executable.rules) * 1:30940 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows NtUserMessageCall implementation exploitation attempt (file-executable.rules) * 1:30946 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Wysotot variant download attempt (malware-other.rules) * 1:30948 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Hikit outbound banner response (malware-backdoor.rules) * 1:30950 <-> DISABLED <-> SERVER-MAIL BitDefender Antivirus logging function format string remote code execution attempt (server-mail.rules) * 1:30960 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit outbound jnlp request (exploit-kit.rules) * 1:30965 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Oracle Java exploit (exploit-kit.rules) * 1:30966 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Microsoft Internet Explorer exploit (exploit-kit.rules) * 1:30967 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Adobe Flash exploit (exploit-kit.rules) * 1:30968 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to font exploit (exploit-kit.rules) * 1:30969 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Internet Explorer landing page (exploit-kit.rules) * 1:30970 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Adobe Flash landing page (exploit-kit.rules) * 1:30971 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Oracle Java landing page (exploit-kit.rules) * 1:30972 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Silverlight landing page (exploit-kit.rules) * 1:30975 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Oracle Java exploit (exploit-kit.rules) * 1:30976 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Adobe Flash exploit (exploit-kit.rules) * 1:30992 <-> DISABLED <-> FILE-OTHER invalid ELF padding field value attempt (file-other.rules) * 1:30993 <-> DISABLED <-> FILE-OTHER invalid ELF padding field value attempt (file-other.rules) * 1:30994 <-> DISABLED <-> INDICATOR-COMPROMISE possible TAR file oversize length field (indicator-compromise.rules) * 1:30995 <-> DISABLED <-> INDICATOR-COMPROMISE possible TAR file oversize length field (indicator-compromise.rules) * 1:31008 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader length-compute UTF-16 string buffer overflow attempt (file-pdf.rules) * 1:31009 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader length-compute UTF-16 string buffer overflow attempt (file-pdf.rules) * 1:31011 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader DCT encoded stream null pointer dereference attempt (file-pdf.rules) * 1:31012 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader DCT encoded stream null pointer dereference attempt (file-pdf.rules) * 1:31013 <-> DISABLED <-> SERVER-OTHER UNIX platform forwardslash directory traversal (server-other.rules) * 1:31015 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (file-pdf.rules) * 1:31016 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (file-pdf.rules) * 1:31019 <-> DISABLED <-> PUA-ADWARE Win.Adware.OptimumInstaller variant outbound connection (pua-adware.rules) * 1:31021 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader api call handling arbitrary execution attempt (file-pdf.rules) * 1:31022 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader api call handling arbitrary execution attempt (file-pdf.rules) * 1:31023 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:31024 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:31025 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:31026 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:31037 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CS3000 BKESimmgr.exe buffer overflow attempt (protocol-scada.rules) * 1:31038 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (file-image.rules) * 1:31039 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (file-image.rules) * 1:31040 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (file-image.rules) * 1:31041 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (file-image.rules) * 1:31042 <-> DISABLED <-> PUA-ADWARE Win.Adware.Outbrowse installation attempt (pua-adware.rules) * 1:31045 <-> DISABLED <-> SERVER-OTHER Oracle Demantra arbitrary file retrieval with authentication bypass attempt (server-other.rules) * 1:31048 <-> DISABLED <-> PUA-ADWARE Win.Adware.PCSpeedUp variant outbound connection (pua-adware.rules) * 1:31052 <-> DISABLED <-> PUA-ADWARE Win.Adware.Kdupd variant outbound connection (pua-adware.rules) * 1:31056 <-> DISABLED <-> PROTOCOL-SNMP Motorola Netopia 3347 series WEP key enumeration attempt (protocol-snmp.rules) * 1:31057 <-> DISABLED <-> PROTOCOL-SNMP Motorola Netopia 3347 series WPA key enumeration attempt (protocol-snmp.rules) * 1:31058 <-> DISABLED <-> PROTOCOL-SNMP Brocade snAgentUserAccntName enumeration attempt (protocol-snmp.rules) * 1:31059 <-> DISABLED <-> PROTOCOL-SNMP Brocade snAgentUserAccntPassword enumeration attempt (protocol-snmp.rules) * 1:31074 <-> DISABLED <-> PUA-TOOLBARS AVG anti-virus toolbar download attempt - download-toolbar.avg.com (pua-toolbars.rules) * 1:31075 <-> DISABLED <-> PUA-TOOLBARS AVG anti-virus toolbar download attempt - mmi.explabs.net (pua-toolbars.rules) * 1:31076 <-> DISABLED <-> PUA-TOOLBARS Babylon toolbar download attempt - stat.info-stream.net (pua-toolbars.rules) * 1:31082 <-> DISABLED <-> SERVER-OTHER Vino VNC multiple client authentication denial of service attempt (server-other.rules) * 1:31085 <-> DISABLED <-> FILE-OTHER Autodesk AutoCAD insecure acad.fas file load attempt (file-other.rules) * 1:31086 <-> DISABLED <-> FILE-OTHER Autodesk AutoCAD insecure acad.fas file load attempt (file-other.rules) * 1:31087 <-> DISABLED <-> FILE-OTHER Sophos RAR virtual machine filters memory corruption attempt (file-other.rules) * 1:31088 <-> DISABLED <-> FILE-OTHER Sophos RAR virtual machine filters memory corruption attempt (file-other.rules) * 1:31089 <-> ENABLED <-> PUA-ADWARE Win.Adware.CloseApp variant outbound connection (pua-adware.rules) * 1:31091 <-> ENABLED <-> PUA-ADWARE Win.Adware.Inbox/PCFixSpeed/RebateInformer variant outbound connection (pua-adware.rules) * 1:31095 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series WEP key enumeration attempt (protocol-snmp.rules) * 1:31096 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series WPA key enumeration attempt (protocol-snmp.rules) * 1:31097 <-> DISABLED <-> PROTOCOL-SNMP CableHome Devices cabhPsDevUIPassword enumeration attempt (protocol-snmp.rules) * 1:31098 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series WEP key enumeration attempt (protocol-snmp.rules) * 1:31099 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series WPA key enumeration attempt (protocol-snmp.rules) * 1:31100 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series password enumeration attempt (protocol-snmp.rules) * 1:31101 <-> DISABLED <-> SERVER-OTHER Sharetronix cross site request forgery attempt (server-other.rules) * 1:31102 <-> DISABLED <-> SERVER-OTHER TrendMicro InterScan Viruswall directory traversal attempt (server-other.rules) * 1:31125 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:31126 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:31127 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:31128 <-> DISABLED <-> PROTOCOL-FTP CoreFTP FTP Server TYPE command denial of service attempt (protocol-ftp.rules) * 1:31130 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31146 <-> DISABLED <-> PUA-ADWARE Win.Adware.iBryte variant outbound connection (pua-adware.rules) * 1:31162 <-> DISABLED <-> SERVER-OTHER Beetel 450TC2 CSRF attempt (server-other.rules) * 1:31166 <-> DISABLED <-> PUA-ADWARE InstallRex bundled installer outbound activity (pua-adware.rules) * 1:31167 <-> DISABLED <-> PUA-ADWARE InstallRex bundled installer outbound activity (pua-adware.rules) * 1:31176 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31177 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31178 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31179 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31180 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules) * 1:31181 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules) * 1:31184 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ZBerp variant download attempt (malware-other.rules) * 1:31185 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ZBerp variant download attempt (malware-other.rules) * 1:31212 <-> DISABLED <-> INDICATOR-COMPROMISE http GET request smuggling attempt (indicator-compromise.rules) * 1:31213 <-> DISABLED <-> INDICATOR-COMPROMISE http POST request smuggling attempt (indicator-compromise.rules) * 1:31217 <-> DISABLED <-> OS-WINDOWS Microsoft Lync Server meeting URL XSS attempt (os-windows.rules) * 1:31229 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:31230 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit outbound connection (exploit-kit.rules) * 1:31231 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit outbound connection (exploit-kit.rules) * 1:31237 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound swf request (exploit-kit.rules) * 1:31245 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:31246 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:31274 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit encrypted binary download (exploit-kit.rules) * 1:31275 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit landing page (exploit-kit.rules) * 1:31281 <-> DISABLED <-> FILE-FLASH Adobe Flash Player redirect attempt (file-flash.rules) * 1:31282 <-> DISABLED <-> FILE-FLASH Adobe Flash Player redirect attempt (file-flash.rules) * 1:31283 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31291 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DynamicAnnotStore exploit attempt (file-pdf.rules) * 1:31292 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DynamicAnnotStore exploit attempt (file-pdf.rules) * 1:31298 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules) * 1:31313 <-> DISABLED <-> PUA-ADWARE Ticno Multibar installation attempt (pua-adware.rules) * 1:31329 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Zbot variant download attempt (malware-other.rules) * 1:31331 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31337 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules) * 1:31338 <-> DISABLED <-> SERVER-OTHER OpenAFS GetStatistics buffer overflow attempt (server-other.rules) * 1:31347 <-> ENABLED <-> FILE-FLASH Adobe AS3 pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31348 <-> ENABLED <-> FILE-FLASH Adobe AS3 pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31349 <-> ENABLED <-> FILE-FLASH Adobe AS3 simplified pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31350 <-> ENABLED <-> FILE-FLASH Adobe AS3 simplified pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31351 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31352 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31353 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31354 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31370 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit redirection page (exploit-kit.rules) * 1:31376 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer mpeg width integer memory underflow attempt (file-multimedia.rules) * 1:31378 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules) * 1:31379 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTTextFflow overflow attempt (file-office.rules) * 1:31392 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31393 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31394 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31395 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31396 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31397 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31853 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A WPA key enumeration attempt (protocol-snmp.rules) * 1:31854 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 128 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31855 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 64 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31856 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products WPA key enumeration attempt (protocol-snmp.rules) * 1:31857 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit enumeration code detected (exploit-kit.rules) * 1:31858 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit enumeration code detected (exploit-kit.rules) * 1:31859 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit exfiltration attempt (exploit-kit.rules) * 1:31860 <-> DISABLED <-> SERVER-OTHER Apple CUPS web interface cross site scripting attempt (server-other.rules) * 1:31861 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (file-flash.rules) * 1:31862 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (file-flash.rules) * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:31898 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:31899 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash encoded shellcode detected (exploit-kit.rules) * 1:31900 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Internet Explorer encoded shellcode detected (exploit-kit.rules) * 1:31902 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit flash file download (exploit-kit.rules) * 1:31903 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit flash file download (exploit-kit.rules) * 1:31966 <-> DISABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules) * 1:31967 <-> DISABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules) * 1:31972 <-> DISABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules) * 1:31986 <-> ENABLED <-> FILE-OTHER Wireshark MPEG dissector stack buffer overflow attempt (file-other.rules) * 1:31987 <-> ENABLED <-> FILE-OTHER Wireshark MPEG dissector stack buffer overflow attempt (file-other.rules) * 1:31988 <-> ENABLED <-> EXPLOIT-KIT Gong Da exploit kit landing page (exploit-kit.rules) * 1:32005 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules) * 1:32006 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules) * 1:32008 <-> ENABLED <-> MALWARE-OTHER Fake Delta Ticket HTTP Response phishing attack (malware-other.rules) * 1:32021 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D format Line Set Continuation out-of-bounds memory access attempt (file-pdf.rules) * 1:32022 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D format Line Set Continuation out-of-bounds memory access attempt (file-pdf.rules) * 1:32024 <-> ENABLED <-> FILE-FLASH Adobe Flash Player unsupported bitmapFormat value memory disclosure attempt (file-flash.rules) * 1:32025 <-> ENABLED <-> FILE-FLASH Adobe Flash Player unsupported bitmapFormat value memory disclosure attempt (file-flash.rules) * 1:32026 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules) * 1:32027 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules) * 1:32029 <-> DISABLED <-> BROWSER-OTHER Android WebView same origin policy bypass attempt (browser-other.rules) * 1:32045 <-> ENABLED <-> OS-OTHER Bash redir_stack here document handling denial of service attempt (os-other.rules) * 1:32046 <-> ENABLED <-> OS-OTHER Bash redir_stack here document handling denial of service attempt (os-other.rules) * 1:32047 <-> ENABLED <-> OS-OTHER Bash CGI nested loops word_lineno denial of service attempt (os-other.rules) * 1:32049 <-> ENABLED <-> OS-OTHER Bash CGI nested loops word_lineno denial of service attempt (os-other.rules) * 1:32055 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Blohi variant outbound connection (malware-backdoor.rules) * 1:32059 <-> ENABLED <-> PROTOCOL-SCADA KingSCADA Alarm Server stack buffer overflow attempt (protocol-scada.rules) * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (policy-other.rules) * 1:32076 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 directory traversal attempt (server-other.rules) * 1:32077 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP ping abort message double free attempt (file-flash.rules) * 1:32080 <-> ENABLED <-> MALWARE-BACKDOOR Linux.Backdoor.Starysu variant inbound connection (malware-backdoor.rules) * 1:32081 <-> ENABLED <-> MALWARE-BACKDOOR Linux.Backdoor.Starysu variant inbound connection (malware-backdoor.rules) * 1:32084 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32085 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32087 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules) * 1:32088 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules) * 1:32089 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules) * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (policy-other.rules) * 1:32099 <-> DISABLED <-> FILE-OTHER Adobe Flash Player integer overflow out-of-bounds read attempt (file-other.rules) * 1:32100 <-> DISABLED <-> FILE-OTHER Adobe Flash Player integer overflow out-of-bounds read attempt (file-other.rules) * 1:32117 <-> DISABLED <-> PUA-ADWARE MplayerX malvertising browser hijacker (pua-adware.rules) * 1:32118 <-> DISABLED <-> PUA-ADWARE MplayerX malvertising connectivity check (pua-adware.rules) * 1:32119 <-> DISABLED <-> PUA-ADWARE Vsearch installer User-Agent (pua-adware.rules) * 1:32120 <-> DISABLED <-> PUA-ADWARE Vsearch installer request (pua-adware.rules) * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:32141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32142 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32143 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32146 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32147 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word styleWithEffects use-after-free attempt (file-office.rules) * 1:32148 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word styleWithEffects use-after-free attempt (file-office.rules) * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (file-identify.rules) * 1:32166 <-> ENABLED <-> FILE-OTHER Microsoft Internet Explorer SVG heap corruption attempt (file-other.rules) * 1:32167 <-> ENABLED <-> FILE-OTHER Microsoft Internet Explorer SVG heap corruption attempt (file-other.rules) * 1:32170 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader string replacement heap overflow attempt (file-pdf.rules) * 1:32171 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader string replacement heap overflow attempt (file-pdf.rules) * 1:32190 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font parsing remote code execution attempt (os-windows.rules) * 1:32191 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font parsing remote code execution attempt (os-windows.rules) * 1:32199 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 305 directory traversal attempt (server-other.rules) * 1:32204 <-> DISABLED <-> SERVER-OTHER SSLv3 POODLE CBC padding brute force attempt (server-other.rules) * 1:32205 <-> DISABLED <-> SERVER-OTHER SSLv3 POODLE CBC padding brute force attempt (server-other.rules) * 1:32236 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (file-flash.rules) * 1:32237 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (file-flash.rules) * 1:32238 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (file-flash.rules) * 1:32239 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (file-flash.rules) * 1:32240 <-> DISABLED <-> SERVER-OTHER rsyslog remote PRI out of bounds attempt (server-other.rules) * 1:32244 <-> DISABLED <-> BROWSER-FIREFOX Mozilla 1.0 Javascript arbitrary cookie access attempt (browser-firefox.rules) * 1:32247 <-> ENABLED <-> MALWARE-BACKDOOR PHP IRCBot command execution attempt (malware-backdoor.rules) * 1:32248 <-> ENABLED <-> MALWARE-BACKDOOR PHP IRCBot file edit attempt (malware-backdoor.rules) * 1:32249 <-> ENABLED <-> MALWARE-BACKDOOR PHP IRCBot port bind attempt (malware-backdoor.rules) * 1:32251 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:32252 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:32253 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file download request (file-identify.rules) * 1:32260 <-> ENABLED <-> MALWARE-OTHER Sinkhole reply - irc-sinkhole.cert.pl (malware-other.rules) * 1:32274 <-> DISABLED <-> OS-MOBILE Apple iOS 8.x jailbreak download attempt (os-mobile.rules) * 1:32275 <-> DISABLED <-> OS-MOBILE Apple iOS 8.x jailbreak download attempt (os-mobile.rules) * 1:32277 <-> DISABLED <-> SERVER-OTHER Novell ZENworks PreBoot directory traversal attempt (server-other.rules) * 1:32301 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32302 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32303 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32304 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32305 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32306 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32307 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32308 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32319 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink locationAttributeSetter use after free attempt (browser-chrome.rules) * 1:32320 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink locationAttributeSetter use after free attempt (browser-chrome.rules) * 1:32321 <-> DISABLED <-> SERVER-OTHER Generic JPEG stored cross site scripting attempt (server-other.rules) * 1:32322 <-> DISABLED <-> SERVER-OTHER Generic JPEG stored cross site scripting attempt (server-other.rules) * 1:32337 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader pattern object memory corruption attempt (file-pdf.rules) * 1:32339 <-> DISABLED <-> PUA-ADWARE Nosibay Bubble Dock freeware auto update outbound connection (pua-adware.rules) * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:32346 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 directory traversal attempt (server-other.rules) * 1:32358 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JpxDecode invalid crgn memory corruption attempt (file-pdf.rules) * 1:32361 <-> DISABLED <-> FILE-OTHER Microsoft Windows Briefcase integer overflow (file-other.rules) * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules) * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules) * 1:32371 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32376 <-> DISABLED <-> SERVER-OTHER Citrix NetScaler stack buffer overflow attempt (server-other.rules) * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (file-identify.rules) * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (file-identify.rules) * 1:32381 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules) * 1:32382 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules) * 1:32387 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit jar file download (exploit-kit.rules) * 1:32388 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules) * 1:32390 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:32399 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound Oracle Java request (exploit-kit.rules) * 1:32403 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32404 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32405 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32406 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32407 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32408 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32409 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32410 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32411 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32412 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32413 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32414 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32415 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32416 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32417 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32419 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel ECDH key exchange heap overflow attempt (os-windows.rules) * 1:32420 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel ECDH key exchange heap overflow attempt (os-windows.rules) * 1:32421 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel ECDH key exchange heap overflow attempt (os-windows.rules) * 1:32422 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DTLSv1.0 handshake cookie buffer overflow attempt (os-windows.rules) * 1:32423 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DTLSv1.0 hello verify request out of bounds read attempt (os-windows.rules) * 1:32428 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document malicious lcbSttbfBkmkArto value attempt (file-office.rules) * 1:32429 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document malicious lcbSttbfBkmkArto value attempt (file-office.rules) * 1:32432 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word lcbPlcffndTxt out-of-bounds attempt (file-office.rules) * 1:32433 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word fcPlfguidUim out-of-bounds attempt (file-office.rules) * 1:32434 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word lcbPlcffndTxt out-of-bounds attempt (file-office.rules) * 1:32435 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word fcPlfguidUim out-of-bounds attempt (file-office.rules) * 1:32465 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (server-other.rules) * 1:32466 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (server-other.rules) * 1:32467 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (server-other.rules) * 1:32468 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (server-other.rules) * 1:32474 <-> ENABLED <-> OS-WINDOWS .NET Framework BinaryServerFormatterSink-ProcessMessage IMessage corruption attempt (os-windows.rules) * 1:32475 <-> ENABLED <-> OS-WINDOWS .NET Framework BinaryServerFormatterSink-ProcessMessage IMessage corruption attempt (os-windows.rules) * 1:32476 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word bOffset value overflow attempt (file-office.rules) * 1:32477 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word bOffset value overflow attempt (file-office.rules) * 1:32489 <-> DISABLED <-> OS-WINDOWS Microsoft Windows tcpip.sys null pointer dereference attempt (os-windows.rules) * 1:32490 <-> DISABLED <-> OS-WINDOWS Microsoft Windows tcpip.sys null pointer dereference attempt (os-windows.rules) * 1:32499 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer EPM sandbox escape attempt (file-other.rules) * 1:32500 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer EPM sandbox escape attempt (file-other.rules) * 1:32501 <-> ENABLED <-> FILE-OTHER Microsoft XML invalid priority in xsl template (file-other.rules) * 1:32502 <-> ENABLED <-> FILE-OTHER Microsoft XML invalid priority in xsl template (file-other.rules) * 1:32514 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules) * 1:32515 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules) * 1:32516 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules) * 1:32517 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules) * 1:32518 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer registry symbolic link attack attempt (file-other.rules) * 1:32519 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer registry symbolic link attack attempt (file-other.rules) * 1:32525 <-> ENABLED <-> BROWSER-OTHER FreeBSD tnftp client detected (browser-other.rules) * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (policy-other.rules) * 1:32530 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32533 <-> ENABLED <-> SERVER-MYSQL Oracle MySQL Server XPath memory Corruption attempt (server-mysql.rules) * 1:32534 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32535 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32537 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32540 <-> ENABLED <-> FILE-FLASH Adobe Flash Player decompressed microphone object codec denial of service attempt (file-flash.rules) * 1:32541 <-> ENABLED <-> FILE-FLASH Adobe Flash Player decompressed microphone object codec denial of service attempt (file-flash.rules) * 1:32542 <-> ENABLED <-> FILE-FLASH Adobe Flash Player compressed microphone object codec denial of service attempt (file-flash.rules) * 1:32543 <-> ENABLED <-> FILE-FLASH Adobe Flash Player compressed microphone object codec denial of service attempt (file-flash.rules) * 1:32544 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML focus with no data denial of service attempt (file-flash.rules) * 1:32545 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML focus with no data denial of service attempt (file-flash.rules) * 1:32552 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect codec denial of service attempt (file-flash.rules) * 1:32553 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect codec denial of service attempt (file-flash.rules) * 1:32554 <-> ENABLED <-> EXPLOIT-KIT Hellspawn exploit kit landing page detected (exploit-kit.rules) * 1:32558 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (file-flash.rules) * 1:32559 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (file-flash.rules) * 1:32560 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (file-flash.rules) * 1:32561 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (file-flash.rules) * 1:32566 <-> DISABLED <-> POLICY-OTHER SSLv3 CBC client connection attempt (policy-other.rules) * 1:32567 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (file-flash.rules) * 1:32568 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (file-flash.rules) * 1:32569 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (file-flash.rules) * 1:32570 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (file-flash.rules) * 1:32571 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32572 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32573 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32574 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32575 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32576 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32578 <-> ENABLED <-> PUA-OTHER Request for known malware domain pierrejb.agora.eu.org (pua-other.rules) * 1:32587 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Series record exploit attempt (file-office.rules) * 1:32588 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules) * 1:32589 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules) * 1:32592 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed JPEG information leak attempt (file-flash.rules) * 1:32593 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed JPEG information leak attempt (file-flash.rules) * 1:32601 <-> DISABLED <-> SERVER-OTHER Hikvision DVR RTSP request buffer overflow attempt (server-other.rules) * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (policy-other.rules) * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (policy-other.rules) * 1:32616 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules) * 1:32617 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules) * 1:32618 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file download request (file-identify.rules) * 1:32619 <-> DISABLED <-> FILE-OTHER MostGear EasyLanFolderShare serial key overflow attempt (file-other.rules) * 1:32620 <-> DISABLED <-> FILE-OTHER MostGear EasyLanFolderShare serial key overflow attempt (file-other.rules) * 1:32628 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32636 <-> DISABLED <-> FILE-OTHER fCreateShellLink function use - potential attack (file-other.rules) * 1:32637 <-> DISABLED <-> PROTOCOL-TFTP UDP large packet use after free attempt (protocol-tftp.rules) * 1:32638 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit Adobe Flash exploit on defined port (exploit-kit.rules) * 1:32640 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit outbound payload detection (exploit-kit.rules) * 1:32641 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit Oracle Java jnlp file requested on defined port (exploit-kit.rules) * 1:32647 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32648 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32649 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32650 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32651 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32668 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray.uncompress use after free attempt (file-flash.rules) * 1:32669 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray.uncompress use after free attempt (file-flash.rules) * 1:32671 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (file-other.rules) * 1:32672 <-> DISABLED <-> SERVER-OTHER Cisco ios ftp proxy overflow attempt (server-other.rules) * 1:32673 <-> DISABLED <-> SERVER-OTHER Web Service on Devices API WSDAPI URL processing buffer corruption attempt (server-other.rules) * 1:32683 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel blip image use after free attempt (file-office.rules) * 1:32684 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel blip image use after free attempt (file-office.rules) * 1:32687 <-> DISABLED <-> FILE-OFFICE Microsoft Office use after free (file-office.rules) * 1:32688 <-> DISABLED <-> FILE-OFFICE Microsoft Office use after free (file-office.rules) * 1:32705 <-> DISABLED <-> SERVER-MAIL Microsoft Exchange OWA meeting invite XSS attempt (server-mail.rules) * 1:32707 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object use after free attempt (file-office.rules) * 1:32708 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object use after free attempt (file-office.rules) * 1:32711 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word array index out-of-bounds attempt (file-office.rules) * 1:32712 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word array index out-of-bounds attempt (file-office.rules) * 1:32713 <-> DISABLED <-> BROWSER-OTHER Microsoft Internet Explorer cross site scripting filter bypass attempt (browser-other.rules) * 1:32718 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel remote code execution attempt (file-office.rules) * 1:32719 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel remote code execution attempt (file-office.rules) * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (policy-other.rules) * 1:32731 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32732 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32737 <-> DISABLED <-> SERVER-OTHER Lianja SQL Server db_netserver Buffer Overflow attempt (server-other.rules) * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32748 <-> DISABLED <-> SERVER-OTHER Ecava IntegraXor HMI /res buffer overflow attempt (server-other.rules) * 1:32749 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules) * 1:32750 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules) * 1:32751 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules) * 1:32752 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules) * 1:32755 <-> DISABLED <-> SERVER-OTHER TLSv1.0 POODLE CBC padding brute force attempt (server-other.rules) * 1:32756 <-> DISABLED <-> SERVER-OTHER TLSv1.1 POODLE CBC padding brute force attempt (server-other.rules) * 1:32757 <-> DISABLED <-> SERVER-OTHER TLSv1.2 POODLE CBC padding brute force attempt (server-other.rules) * 1:32758 <-> DISABLED <-> SERVER-OTHER TLSv1.0 POODLE CBC padding brute force attempt (server-other.rules) * 1:32759 <-> DISABLED <-> SERVER-OTHER TLSv1.1 POODLE CBC padding brute force attempt (server-other.rules) * 1:32760 <-> DISABLED <-> SERVER-OTHER TLSv1.2 POODLE CBC padding brute force attempt (server-other.rules) * 1:32764 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (file-flash.rules) * 1:32765 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (file-flash.rules) * 1:32766 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (file-flash.rules) * 1:32767 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (file-flash.rules) * 1:32768 <-> DISABLED <-> SQL PK-CMS SQL injection attempt (sql.rules) * 1:32771 <-> DISABLED <-> MALWARE-OTHER Adobe Invoice email scam phishing attempt (malware-other.rules) * 1:32772 <-> DISABLED <-> MALWARE-OTHER Adobe License Key email scam phishing attempt (malware-other.rules) * 1:32787 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32788 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32789 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32790 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32793 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:32794 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:32795 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D light resource orphaned array use after free attempt (file-pdf.rules) * 1:32796 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D light resource orphaned array use after free attempt (file-pdf.rules) * 1:32797 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32798 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32799 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32800 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32801 <-> DISABLED <-> FILE-FLASH Adobe Flash Player orphaning MP3 crash attempt (file-flash.rules) * 1:32802 <-> DISABLED <-> FILE-FLASH Adobe Flash Player orphaning MP3 crash attempt (file-flash.rules) * 1:32805 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32806 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32807 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32808 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32809 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32813 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D object use after free attempt (file-pdf.rules) * 1:32814 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D object use after free attempt (file-pdf.rules) * 1:32815 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:32816 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:32817 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:32818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:32819 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 row out of bounds memory corruption attempt (file-pdf.rules) * 1:32820 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 row out of bounds memory corruption attempt (file-pdf.rules) * 1:32821 <-> DISABLED <-> FILE-PDF Cross Domain potentially malicious redirection attempt (file-pdf.rules) * 1:32822 <-> DISABLED <-> FILE-PDF Cross Domain potentially malicious redirection attempt (file-pdf.rules) * 1:32828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32832 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32833 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32834 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32835 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32836 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32837 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32838 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ANTrustPropgateAll privilege propagation attempt (file-pdf.rules) * 1:32839 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ANTrustPropgateAll privilege propagation attempt (file-pdf.rules) * 1:32845 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - 209.53.113.223 (app-detect.rules) * 1:32846 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - absolute.com (app-detect.rules) * 1:32847 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - bh.namequery.com (app-detect.rules) * 1:32848 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - namequery.nettrace.co.za (app-detect.rules) * 1:32849 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search.us.namequery.com (app-detect.rules) * 1:32850 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search2.namequery.com (app-detect.rules) * 1:32851 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search64.namequery.com (app-detect.rules) * 1:32864 <-> DISABLED <-> APP-DETECT I2P NetBIOS name resolution request attempt (app-detect.rules) * 1:32865 <-> DISABLED <-> APP-DETECT I2P DNS request attempt (app-detect.rules) * 1:32866 <-> DISABLED <-> APP-DETECT I2P UPNP query attempt (app-detect.rules) * 1:32867 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader resampling invalid graphic matrix value attempt (file-pdf.rules) * 1:32868 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader resampling invalid graphic matrix value attempt (file-pdf.rules) * 1:32872 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff exploit attempt (file-office.rules) * 1:32873 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray crash attempt (file-flash.rules) * 1:32874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray crash attempt (file-flash.rules) * 1:32875 <-> DISABLED <-> MALWARE-TOOLS BlackSpider Tool ali.txt file upload attempt (malware-tools.rules) * 1:32877 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:32878 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:32879 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit payload delivery (exploit-kit.rules) * 1:32880 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules) * 1:32883 <-> DISABLED <-> FILE-OTHER Adobe Reader MoveFileEx arbitrary file write attempt (file-other.rules) * 1:32884 <-> DISABLED <-> FILE-OTHER Adobe Reader MoveFileEx arbitrary file write attempt (file-other.rules) * 1:32889 <-> DISABLED <-> FILE-IMAGE Microsoft and libpng multiple products PNG large image width overflow attempt (file-image.rules) * 1:32890 <-> DISABLED <-> SERVER-OTHER ntpd configure buffer overflow attempt (server-other.rules) * 1:32898 <-> DISABLED <-> FILE-MULTIMEDIA Quicktime MJPEG Frame stsd Atom Heap Overflow attempt (file-multimedia.rules) * 1:32899 <-> DISABLED <-> FILE-MULTIMEDIA Quicktime MJPEG Frame stsd Atom Heap Overflow attempt (file-multimedia.rules) * 1:32900 <-> DISABLED <-> FILE-FLASH Adobe Flash pepper player 307 redirect custom header cross domain policy evasion attempt (file-flash.rules) * 1:32903 <-> DISABLED <-> FILE-OTHER Oracle Database Server XML stack buffer overflow attempt (file-other.rules) * 1:32904 <-> DISABLED <-> FILE-OTHER Oracle Database Server XML stack buffer overflow attempt (file-other.rules) * 1:32907 <-> DISABLED <-> POLICY-OTHER PirateBrowser User-Agent detected (policy-other.rules) * 1:32911 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper inbound communication attempt (malware-backdoor.rules) * 1:32912 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper outbound communication attempt (malware-backdoor.rules) * 1:32913 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper download attempt (malware-backdoor.rules) * 1:32914 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper download attempt (malware-backdoor.rules) * 1:32915 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper inbound communication attempt (malware-backdoor.rules) * 1:32916 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper outbound communication attempt (malware-backdoor.rules) * 1:32917 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper inbound communication attempt (malware-backdoor.rules) * 1:32918 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper download attempt (malware-backdoor.rules) * 1:32919 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32920 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32921 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32922 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32923 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32924 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32925 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32926 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32927 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32928 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32929 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32930 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32931 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32932 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32933 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32934 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32935 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32936 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Wiper proxy tools download attempt (malware-tools.rules) * 1:32937 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Wiper proxy communication attempt (malware-tools.rules) * 1:32938 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Wiper proxy tool download attempt (malware-tools.rules) * 1:32940 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed Label record exploit attempt (file-office.rules) * 1:32941 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules) * 1:32942 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules) * 1:32943 <-> DISABLED <-> FILE-OTHER Microsoft SYmbolic LinK stack overflow attempt (file-other.rules) * 1:32945 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules) * 1:32946 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules) * 1:32947 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file download request (file-identify.rules) * 1:32948 <-> DISABLED <-> INDICATOR-COMPROMISE Download of executable screensaver file (indicator-compromise.rules) * 1:32949 <-> DISABLED <-> MALWARE-OTHER Download of executable screensaver file (malware-other.rules) * 1:32951 <-> DISABLED <-> POLICY-OTHER base64 encoded executable file download (policy-other.rules) * 1:32953 <-> DISABLED <-> SERVER-OTHER XCat Blind XPath Injection attempt (server-other.rules) * 1:32954 <-> DISABLED <-> SERVER-OTHER XCat Blind XPath Injection attempt (server-other.rules) * 1:32955 <-> DISABLED <-> SERVER-OTHER XCat Blind XPath Injection attempt (server-other.rules) * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (protocol-dns.rules) * 1:32960 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules) * 1:32961 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules) * 1:32965 <-> DISABLED <-> OS-WINDOWS Microsoft Windows identity token authorization bypass attempt (os-windows.rules) * 1:32966 <-> DISABLED <-> OS-WINDOWS Microsoft Windows identity token authorization bypass attempt (os-windows.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules) * 1:32974 <-> DISABLED <-> OS-MOBILE Android ObjectInputStream privilege escalation attempt (os-mobile.rules) * 1:32975 <-> DISABLED <-> OS-MOBILE Android ObjectInputStream privilege escalation attempt (os-mobile.rules) * 1:32995 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit Adobe Flash download (exploit-kit.rules) * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules) * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules) * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (file-identify.rules) * 1:33048 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebdavRedirector privilege escalation attempt (os-windows.rules) * 1:33049 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebdavRedirector privilege escalation attempt (os-windows.rules) * 1:33062 <-> DISABLED <-> FILE-OTHER BulletProof FTP Client BPS file buffer overflow attempt (file-other.rules) * 1:33063 <-> DISABLED <-> FILE-OTHER BulletProof FTP Client BPS file buffer overflow attempt (file-other.rules) * 1:33155 <-> DISABLED <-> OS-WINDOWS CryptProtectMemory Impersonation Check Bypass attempt (os-windows.rules) * 1:33156 <-> DISABLED <-> OS-WINDOWS CryptProtectMemory Impersonation Check Bypass attempt (os-windows.rules) * 1:33159 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM2 opcode type confusion denial of service attempt (file-flash.rules) * 1:33160 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM2 opcode type confusion denial of service attempt (file-flash.rules) * 1:33162 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:33163 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:33164 <-> DISABLED <-> FILE-FLASH Adobe Flash Player RTMP out-of-bounds read attempt (file-flash.rules) * 1:33176 <-> ENABLED <-> FILE-FLASH Adobe Flash AWM2 out of bounds corruption attempt (file-flash.rules) * 1:33177 <-> ENABLED <-> FILE-FLASH Adobe Flash AWM2 out of bounds corruption attempt (file-flash.rules) * 1:33183 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:33185 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:33186 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (exploit-kit.rules) * 1:33187 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (exploit-kit.rules) * 1:33197 <-> DISABLED <-> SERVER-OTHER BMC Track-It FileStorageService directory traversal attempt (server-other.rules) * 1:33205 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC 2.1.5 Media Player libavcodex memory corruption attempt (file-multimedia.rules) * 1:33206 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC 2.1.5 Media Player libavcodex memory corruption attempt (file-multimedia.rules) * 1:33208 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bladbindi obfuscated with Yano Obfuscator download attempt (malware-other.rules) * 1:33212 <-> ENABLED <-> PUA-ADWARE SoftPulse variant HTTP response attempt (pua-adware.rules) * 1:33213 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader newfunction memory corruption attempt (file-pdf.rules) * 1:33214 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader newfunction memory corruption attempt (file-pdf.rules) * 1:33215 <-> DISABLED <-> INDICATOR-COMPROMISE DNS request for known malware domain icanhazip.com (indicator-compromise.rules) * 1:33216 <-> DISABLED <-> INDICATOR-COMPROMISE DNS request for known malware domain tor2web.org (indicator-compromise.rules) * 1:33224 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.Blocker variant outbound connection attempt (indicator-compromise.rules) * 1:33280 <-> DISABLED <-> PUA-ADWARE Win.Adware.iBryte variant outbound connection (pua-adware.rules) * 1:33286 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (exploit-kit.rules) * 1:33292 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:33295 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (file-flash.rules) * 1:33296 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (file-flash.rules) * 1:33297 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (file-flash.rules) * 1:33298 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (file-flash.rules) * 1:33304 <-> ENABLED <-> PUA-ADWARE Win.Adware.Gamevance variant outbound connection (pua-adware.rules) * 1:33306 <-> ENABLED <-> MALWARE-OTHER connection to malware sinkhole (malware-other.rules) * 1:33307 <-> DISABLED <-> FILE-OTHER Microsoft Visio packed object parsing memory corruption attempt (file-other.rules) * 1:33308 <-> DISABLED <-> FILE-OTHER Microsoft Visio packed object parsing memory corruption attempt (file-other.rules) * 1:33309 <-> DISABLED <-> FILE-OTHER libxml2 entity reference name heap buffer overflow attempt (file-other.rules) * 1:33310 <-> DISABLED <-> FILE-OTHER libxml2 entity reference name heap buffer overflow attempt (file-other.rules) * 1:33311 <-> ENABLED <-> PUA-ADWARE Win.Adware.OptimizerPro variant outbound connection (pua-adware.rules) * 1:33343 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 x64 linked cursor double free attempt (os-windows.rules) * 1:33344 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 x64 linked cursor double free attempt (os-windows.rules) * 1:33355 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys use-after-free attempt (os-windows.rules) * 1:33363 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules) * 1:33364 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules) * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (policy-other.rules) * 1:33430 <-> DISABLED <-> APP-DETECT I2P traffic transmission attempt (app-detect.rules) * 1:33436 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font integer overflow attempt (file-other.rules) * 1:33437 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font integer overflow attempt (file-other.rules) * 1:33441 <-> DISABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (file-office.rules) * 1:33442 <-> DISABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (file-office.rules) * 1:33445 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP channel driver denial of service attempt (protocol-voip.rules) * 1:33452 <-> ENABLED <-> PUA-TOOLBARS Win.Toolbar.Crossrider variant outbound connection (pua-toolbars.rules) * 1:33454 <-> ENABLED <-> FILE-OTHER Adobe Reader CoolType.DLL out-of-bounds memory access attempt (file-other.rules) * 1:33455 <-> ENABLED <-> FILE-OTHER Adobe Reader CoolType.DLL out-of-bounds memory access attempt (file-other.rules) * 1:33475 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (file-flash.rules) * 1:33476 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (file-flash.rules) * 1:33477 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (file-flash.rules) * 1:33478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (file-flash.rules) * 1:33480 <-> DISABLED <-> PUA-ADWARE Win.Adware.DownloadGuide variant outbound connection (pua-adware.rules) * 1:33483 <-> ENABLED <-> PUA-ADWARE Win.Adware.InstallMonster variant outbound connection (pua-adware.rules) * 1:33515 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33516 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33517 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33518 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33525 <-> DISABLED <-> FILE-OTHER Apple OSX Safari format string validation corruption attempt (file-other.rules) * 1:33526 <-> DISABLED <-> FILE-OTHER Apple OSX Safari format string validation corruption attempt (file-other.rules) * 1:33527 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33528 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33529 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33530 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33531 <-> DISABLED <-> PUA-ADWARE MediaBuzz malvertising browser redirect attempt (pua-adware.rules) * 1:33532 <-> DISABLED <-> PUA-ADWARE MediaBuzz malvertising browser redirect attempt (pua-adware.rules) * 1:33549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33553 <-> DISABLED <-> PUA-ADWARE Win.Adware.iBryte variant outbound connection (pua-adware.rules) * 1:33561 <-> DISABLED <-> SERVER-OTHER OpenSSL fragmented protocol downgrade attempt (server-other.rules) * 1:33562 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document with embedded networking script (file-office.rules) * 1:33563 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document with embedded networking script (file-office.rules) * 1:33564 <-> DISABLED <-> SERVER-MAIL GNU Mailman date field buffer overflow attempt (server-mail.rules) * 1:33565 <-> DISABLED <-> SERVER-OTHER McAfee E-Business Server remote preauth code execution attempt (server-other.rules) * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules) * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules) * 1:33580 <-> DISABLED <-> PUA-ADWARE SuperFish adware outbound connection attempt (pua-adware.rules) * 1:33583 <-> DISABLED <-> PROTOCOL-DNS ISC BIND recursive resolver resource consumption denial of service attempt (protocol-dns.rules) * 1:33588 <-> DISABLED <-> FILE-OTHER Oracle Java WebStart JNLP stack buffer overflow attempt (file-other.rules) * 1:33592 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player SwDir.dll PlayerVersion Buffer Overflow attempt (file-other.rules) * 1:33593 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player SwDir.dll PlayerVersion Buffer Overflow attempt (file-other.rules) * 1:33595 <-> DISABLED <-> SERVER-OTHER GnuTLS TLSA record heap buffer overflow attempt (server-other.rules) * 1:33596 <-> DISABLED <-> SERVER-OTHER GnuTLS TLSA record heap buffer overflow attempt (server-other.rules) * 1:33603 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption attempt (file-other.rules) * 1:33604 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption attempt (file-other.rules) * 1:33615 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules) * 1:33618 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.lubot download (malware-backdoor.rules) * 1:33619 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.lubot download (malware-backdoor.rules) * 1:33622 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33624 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33625 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33626 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33627 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33628 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33629 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33630 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33631 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33634 <-> DISABLED <-> FILE-FLASH Adobe Flash Player decompressing denial of service attempt (file-flash.rules) * 1:33635 <-> DISABLED <-> FILE-FLASH Adobe Flash Player decompressing denial of service attempt (file-flash.rules) * 1:33636 <-> DISABLED <-> SERVER-OTHER SAP Sybase ESP xmlrpc unsafe pointer dereference attempt (server-other.rules) * 1:33637 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query object integer overflow attempt (server-mysql.rules) * 1:33640 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file download request (file-identify.rules) * 1:33641 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules) * 1:33642 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules) * 1:33643 <-> DISABLED <-> FILE-OTHER Apple Motion OZDocumentparseElement Integer Overflow attempt (file-other.rules) * 1:33644 <-> DISABLED <-> FILE-OTHER Apple Motion OZDocumentparseElement Integer Overflow attempt (file-other.rules) * 1:33645 <-> DISABLED <-> PUA-ADWARE SuperFish adware outbound connection attempt (pua-adware.rules) * 1:33654 <-> DISABLED <-> SERVER-OTHER OpenSSH maxstartup threshold connection exhaustion denial of service attempt (server-other.rules) * 1:33661 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (browser-chrome.rules) * 1:33662 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (browser-chrome.rules) * 1:33663 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound uri structure (exploit-kit.rules) * 1:33664 <-> DISABLED <-> BROWSER-OTHER Network Security Services NSS library RSA signature forgery attempt (browser-other.rules) * 1:33666 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file download request (file-identify.rules) * 1:33667 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules) * 1:33668 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules) * 1:33669 <-> DISABLED <-> FILE-OTHER Executable disguised as PIF file (file-other.rules) * 1:33679 <-> DISABLED <-> SERVER-OTHER Cisco CNS Network Registrar denial of service attempt (server-other.rules) * 1:33680 <-> DISABLED <-> SERVER-OTHER Cisco CNS Network Registrar denial of service attempt (server-other.rules) * 1:33682 <-> DISABLED <-> SERVER-OTHER PHP unserialize use after free attempt (server-other.rules) * 1:33683 <-> DISABLED <-> SERVER-OTHER PHP unserialize use after free attempt (server-other.rules) * 1:33685 <-> DISABLED <-> SERVER-OTHER PHPMoAdmin remote code execution attempt (server-other.rules) * 1:33713 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules) * 1:33714 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules) * 1:33717 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Task Scheduler access control bypass attempt (os-windows.rules) * 1:33728 <-> DISABLED <-> OS-WINDOWS ATLMFD.DLL improperly terminated encrypted charstrings in type 1 font attempt (os-windows.rules) * 1:33729 <-> DISABLED <-> OS-WINDOWS ATLMFD.DLL improperly terminated encrypted charstrings in type 1 font attempt (os-windows.rules) * 1:33732 <-> DISABLED <-> FILE-OTHER Microsoft OpenType font atlmfd.dll uninitialized memory read attempt (file-other.rules) * 1:33733 <-> DISABLED <-> FILE-OTHER Microsoft OpenType font atlmfd.dll uninitialized memory read attempt (file-other.rules) * 1:33734 <-> DISABLED <-> FILE-OFFICE Microsoft Office ADODB.RecordSet code execution attempt (file-office.rules) * 1:33735 <-> DISABLED <-> FILE-OFFICE Microsoft Office ADODB.RecordSet code execution attempt (file-office.rules) * 1:33758 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.CTB-Locker download attempt (malware-other.rules) * 1:33759 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.CTB-Locker download attempt (malware-other.rules) * 1:33760 <-> DISABLED <-> FILE-IMAGE Microsoft Internet Explorer PNG tRNS chuck size 1 information disclosure attempt (file-image.rules) * 1:33761 <-> DISABLED <-> FILE-IMAGE Microsoft Internet Explorer PNG tRNS chuck size 1 information disclosure attempt (file-image.rules) * 1:33765 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetClipboardAccessToken privilege escalation attempt (os-windows.rules) * 1:33766 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetClipboardAccessToken privilege escalation attempt (os-windows.rules) * 1:33767 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserFnINOUTNCCALCSIZE kernel memory leak attempt (os-windows.rules) * 1:33768 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserFnINOUTNCCALCSIZE kernel memory leak attempt (os-windows.rules) * 1:33769 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserfnINSTRINGNULL memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:33770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserfnINSTRINGNULL memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:33771 <-> DISABLED <-> FILE-OTHER Microsoft Windows jxr information disclosure attempt (file-other.rules) * 1:33772 <-> DISABLED <-> FILE-OTHER Microsoft Windows jxr information disclosure attempt (file-other.rules) * 1:33773 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CmpGetVirtualizationID race condition user impersonation attempt (os-windows.rules) * 1:33774 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CmpGetVirtualizationID race condition user impersonation attempt (os-windows.rules) * 1:33777 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33778 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33779 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33780 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33781 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33782 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33783 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33784 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33785 <-> DISABLED <-> SERVER-OTHER SSL request for export grade cipher suite attempt (server-other.rules) * 1:33786 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33787 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33788 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33789 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33790 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33791 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33792 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33793 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33794 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33795 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33796 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33797 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33798 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33799 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33800 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33801 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33802 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33803 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33804 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33805 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33806 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33807 <-> DISABLED <-> SERVER-MAIL Microsoft Exchange OWA X-OWA-CANARY command injection attempt (server-mail.rules) * 1:33808 <-> DISABLED <-> SERVER-OTHER Microsoft Sharepoint Server Newsfeed XSS attempt (server-other.rules) * 1:33809 <-> DISABLED <-> SERVER-OTHER Microsoft Sharepoint user display name XSS attempt (server-other.rules) * 1:33810 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server custom DLP policy name cross-site scripting attempt (server-other.rules) * 1:33811 <-> DISABLED <-> SERVER-MAIL Microsoft Exchange UM Management user stored XSS attempt (server-mail.rules) * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:33815 <-> DISABLED <-> PUA-ADWARE Adware Goobzo/CrossRider variant outbound connection (pua-adware.rules) * 1:33816 <-> DISABLED <-> PUA-ADWARE Adware Goobzo/CrossRider variant outbound connection (pua-adware.rules) * 1:33823 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Speccom variant outbound connection (malware-backdoor.rules) * 1:33825 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules) * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules) * 1:33830 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:33833 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules) * 1:33834 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules) * 1:33835 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules) * 1:33858 <-> DISABLED <-> SERVER-OTHER rsyslog remote PRI out of bounds attempt (server-other.rules) * 1:33874 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Latekonsul Runtime Detection (malware-other.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules) * 1:33908 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll out-of-bounds memory write access attempt (file-pdf.rules) * 1:33909 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll out-of-bounds memory write access attempt (file-pdf.rules) * 1:33910 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit rowspan denial of service attempt (browser-webkit.rules) * 1:33911 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit rowspan denial of service attempt (browser-webkit.rules) * 1:33939 <-> DISABLED <-> MALWARE-OTHER Executable control panel file attachment detected (malware-other.rules) * 1:33940 <-> DISABLED <-> MALWARE-OTHER Executable control panel file attachment detected (malware-other.rules) * 1:33941 <-> DISABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:33942 <-> DISABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:33943 <-> ENABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:33944 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33945 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33946 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33947 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33948 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33949 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33950 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33951 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33952 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33953 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33954 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33955 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33956 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33957 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33958 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33959 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33960 <-> DISABLED <-> SERVER-OTHER PHP unserialize code execution attempt (server-other.rules) * 1:33961 <-> DISABLED <-> SERVER-OTHER PHP unserialize code execution attempt (server-other.rules) * 1:33962 <-> DISABLED <-> BROWSER-CHROME Google Chrome Pepper Flash same-origin-policy bypass attempt (browser-chrome.rules) * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33971 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross domain policy bypass attempt (file-flash.rules) * 1:33972 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross domain policy bypass attempt (file-flash.rules) * 1:33973 <-> DISABLED <-> FILE-FLASH Adobe Flash Player compressed file cross domain policy bypass attempt (file-flash.rules) * 1:33974 <-> DISABLED <-> FILE-FLASH Adobe Flash Player compressed file cross domain policy bypass attempt (file-flash.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34027 <-> DISABLED <-> SERVER-OTHER PHP 4 unserialize ZVAL Reference Counter Overflow attempt (server-other.rules) * 1:34053 <-> DISABLED <-> SERVER-OTHER PHP unserialize and __wakeup use after free attempt (server-other.rules) * 1:34054 <-> DISABLED <-> SERVER-OTHER PHP unserialize and __wakeup use after free attempt (server-other.rules) * 1:34057 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:34058 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:34078 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules) * 1:34079 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules) * 1:34080 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules) * 1:34081 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules) * 1:34082 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules) * 1:34083 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules) * 1:34088 <-> DISABLED <-> SERVER-IIS Web.config information disclosure attempt (server-iis.rules) * 1:34091 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender misconfiguration MpCmdRun.exe system execution attempt (os-windows.rules) * 1:34092 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender misconfiguration MpCmdRun.exe system execution attempt (os-windows.rules) * 1:34095 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtCreateTransactionManager type confusion attempt (os-windows.rules) * 1:34096 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtCreateTransactionManager type confusion attempt (os-windows.rules) * 1:34097 <-> DISABLED <-> FILE-OTHER Multiple products external entity injection attempt (file-other.rules) * 1:34098 <-> DISABLED <-> FILE-OTHER Multiple products external entity injection attempt (file-other.rules) * 1:34099 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint projectdetails.aspx ret parameter XSS attempt (server-other.rules) * 1:34112 <-> DISABLED <-> SERVER-OTHER NTP mode 6 REQ_NONCE denial of service attempt (server-other.rules) * 1:34114 <-> DISABLED <-> SERVER-OTHER NTP mode 6 UNSETTRAP denial of service attempt (server-other.rules) * 1:34118 <-> DISABLED <-> INDICATOR-OBFUSCATION known malicious javascript packer detected (indicator-obfuscation.rules) * 1:34119 <-> DISABLED <-> PUA-ADWARE InstallMetrix precheck stage outbound connection (pua-adware.rules) * 1:34120 <-> DISABLED <-> PUA-ADWARE InstallMetrix fetch offers stage outbound connection (pua-adware.rules) * 1:34121 <-> DISABLED <-> PUA-ADWARE InstallMetrix reporting binary installation stage status (pua-adware.rules) * 1:34122 <-> DISABLED <-> PUA-ADWARE InstallMetrix reporting fetch offers stage status (pua-adware.rules) * 1:34125 <-> DISABLED <-> PUA-ADWARE User-Agent Vitruvian (pua-adware.rules) * 1:34126 <-> DISABLED <-> PUA-ADWARE Vitruvian outbound connection (pua-adware.rules) * 1:34127 <-> DISABLED <-> PUA-ADWARE Vitruvian outbound connection (pua-adware.rules) * 1:34131 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules) * 1:34137 <-> DISABLED <-> PUA-ADWARE SearchProtect user-agent detection (pua-adware.rules) * 1:34141 <-> DISABLED <-> SERVER-OTHER Oracle CorelDRAW file parser heap buffer overflow attempt (server-other.rules) * 1:34142 <-> DISABLED <-> SERVER-OTHER Oracle CorelDRAW file parser heap buffer overflow attempt (server-other.rules) * 1:34144 <-> DISABLED <-> PUA-ADWARE SuperOptimizer installation status (pua-adware.rules) * 1:34145 <-> DISABLED <-> PUA-ADWARE SuperOptimizer encrypted data transmission (pua-adware.rules) * 1:34146 <-> DISABLED <-> PUA-ADWARE SuperOptimizer geolocation request (pua-adware.rules) * 1:34147 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34148 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34149 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34150 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34160 <-> DISABLED <-> SERVER-OTHER Oracle Outside In Paradox database denial of service attempt (server-other.rules) * 1:34170 <-> DISABLED <-> BROWSER-OTHER Opera SVG use after free memory corruption attempt (browser-other.rules) * 1:34171 <-> DISABLED <-> BROWSER-OTHER Opera SVG use after free memory corruption attempt (browser-other.rules) * 1:34176 <-> DISABLED <-> FILE-FLASH Adobe Flash Player domain security bypass attempt (file-flash.rules) * 1:34177 <-> DISABLED <-> FILE-FLASH Adobe Flash Player domain security bypass attempt (file-flash.rules) * 1:34224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (indicator-shellcode.rules) * 1:34226 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple AV products evasion attempt (indicator-obfuscation.rules) * 1:34227 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple AV products evasion attempt (indicator-obfuscation.rules) * 1:34232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules) * 1:34233 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules) * 1:34234 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules) * 1:34235 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules) * 1:34236 <-> DISABLED <-> PUA-ADWARE Eorezo outbound connection (pua-adware.rules) * 1:34237 <-> DISABLED <-> PUA-ADWARE Eorezo get advertisement (pua-adware.rules) * 1:34238 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file upload attempt (server-other.rules) * 1:34239 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file upload attempt (server-other.rules) * 1:34253 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules) * 1:34254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules) * 1:34288 <-> DISABLED <-> SERVER-OTHER Windows iSCSI target login request Denial of Service attempt (server-other.rules) * 1:34295 <-> DISABLED <-> SQL Lblog possible sql injection attempt - GET parameter (sql.rules) * 1:34301 <-> DISABLED <-> SERVER-OTHER GNU Mailman listname directory traversal attempt (server-other.rules) * 1:34336 <-> ENABLED <-> MALWARE-OTHER Html.Phishing.Crea outbound connection attempt (malware-other.rules) * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (policy-other.rules) * 1:34343 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (file-multimedia.rules) * 1:34344 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (file-multimedia.rules) * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (policy-other.rules) * 1:34348 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit payload download (exploit-kit.rules) * 1:34373 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34374 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34375 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34376 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34377 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetComboBoxInfo information disclosure attempt (os-windows.rules) * 1:34378 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetComboBoxInfo information disclosure attempt (os-windows.rules) * 1:34395 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:34396 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:34397 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download request (file-identify.rules) * 1:34398 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download attempt (file-identify.rules) * 1:34413 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetScrollBarInfo information disclosure attempt (os-windows.rules) * 1:34414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetScrollBarInfo information disclosure attempt (os-windows.rules) * 1:34426 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:34427 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:34434 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET XML recursive call denial of service attempt (os-windows.rules) * 1:34435 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET XML recursive call denial of service attempt (os-windows.rules) * 1:34438 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .msc file stack overflow attempt (os-windows.rules) * 1:34439 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .msc file stack overflow attempt (os-windows.rules) * 1:34442 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTUserGetTitleBarInfo information disclosure attempt (os-windows.rules) * 1:34443 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTUserGetTitleBarInfo information disclosure attempt (os-windows.rules) * 1:34463 <-> DISABLED <-> APP-DETECT TeamViewer remote administration tool outbound connection attempt (app-detect.rules) * 1:34464 <-> DISABLED <-> SERVER-OTHER AsusWRT infosvr remote command execution attempt (server-other.rules) * 1:34465 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT28 Lisuife (indicator-compromise.rules) * 1:34479 <-> DISABLED <-> FILE-EXECUTABLE Adobe Flash Player Internet Explorer broker process directory traversal attempt (file-executable.rules) * 1:34480 <-> DISABLED <-> FILE-EXECUTABLE Adobe Flash Player Internet Explorer broker process directory traversal attempt (file-executable.rules) * 1:34481 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34482 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34483 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34484 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34485 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34486 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34487 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34488 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:34493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:34494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:34495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:34496 <-> DISABLED <-> APP-DETECT Your-Freedom DNS tunneling query attempt (app-detect.rules) * 1:34497 <-> DISABLED <-> APP-DETECT Your-Freedom DNS tunneling query response attempt (app-detect.rules) * 1:34498 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules) * 1:34499 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules) * 1:34500 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Wekby Torn variant outbound connection (malware-backdoor.rules) * 1:34528 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader AVDoc use-after-free attempt (file-pdf.rules) * 1:34529 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader AVDoc use-after-free attempt (file-pdf.rules) * 1:34530 <-> DISABLED <-> FILE-OTHER Microsoft CAB incorrect version multiple antivirus evasion attempt (file-other.rules) * 1:34531 <-> DISABLED <-> FILE-OTHER Microsoft CAB incorrect version multiple antivirus evasion attempt (file-other.rules) * 1:34532 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader customDictionaryExport information disclosure attempt (file-pdf.rules) * 1:34533 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader customDictionaryExport information disclosure attempt (file-pdf.rules) * 1:34534 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PRC invalid index attempt (file-pdf.rules) * 1:34535 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PRC invalid index attempt (file-pdf.rules) * 1:34536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:34537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:34566 <-> DISABLED <-> FILE-OTHER Microsoft Windows Font Library file buffer overflow attempt (file-other.rules) * 1:34573 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34574 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34575 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34576 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34577 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34578 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34579 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34580 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:34585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34587 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34588 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34595 <-> DISABLED <-> SERVER-OTHER OpenSSL handshake with potentially unseeded PRNG information disclosure attempt (server-other.rules) * 1:34629 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules) * 1:34630 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules) * 1:34631 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file download request (file-identify.rules) * 1:34649 <-> DISABLED <-> SERVER-OTHER OpenSSL zero-length ClientKeyExchange message denial of service attempt (server-other.rules) * 1:34709 <-> DISABLED <-> SERVER-OTHER MIT Kerberos MIT Kerberos 5 krb5_read_message denial of service attempt (server-other.rules) * 1:34710 <-> DISABLED <-> SERVER-OTHER PHP unserialize datetimezone object code execution attempt (server-other.rules) * 1:34714 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules) * 1:34715 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules) * 1:34761 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference privilege escalation attempt (os-windows.rules) * 1:34762 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference privilege escalation attempt (os-windows.rules) * 1:34769 <-> DISABLED <-> SERVER-IIS Microsoft Active Directory Federation Services wct parameter cross site scripting attempt (server-iis.rules) * 1:34770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows bitmap menu item use after free attempt (os-windows.rules) * 1:34771 <-> DISABLED <-> OS-WINDOWS Microsoft Windows bitmap menu item use after free attempt (os-windows.rules) * 1:34774 <-> DISABLED <-> OS-WINDOWS Microsoft Windows multiple linked fonts memory corruption attempt (os-windows.rules) * 1:34775 <-> DISABLED <-> OS-WINDOWS Microsoft Windows multiple linked fonts memory corruption attempt (os-windows.rules) * 1:34776 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserMessageCall information disclosure attempt (os-windows.rules) * 1:34777 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserMessageCall information disclosure attempt (os-windows.rules) * 1:34780 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context visible region memory corruption attempt (file-other.rules) * 1:34781 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context visible region memory corruption attempt (file-other.rules) * 1:34782 <-> DISABLED <-> OS-WINDOWS Microsoft Windows BrushAttributes use-after-free attempt (os-windows.rules) * 1:34783 <-> DISABLED <-> OS-WINDOWS Microsoft Windows BrushAttributes use-after-free attempt (os-windows.rules) * 1:34784 <-> DISABLED <-> OS-WINDOWS Microsoft Windows window placement invalid memory write attempt (os-windows.rules) * 1:34785 <-> DISABLED <-> OS-WINDOWS Microsoft Windows window placement invalid memory write attempt (os-windows.rules) * 1:34786 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context memory corruption attempt (file-other.rules) * 1:34787 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context memory corruption attempt (file-other.rules) * 1:34788 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 CreateWindowEx privilege escalation attempt (os-windows.rules) * 1:34789 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 CreateWindowEx privilege escalation attempt (os-windows.rules) * 1:34792 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules) * 1:34793 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules) * 1:34800 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:34801 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:34802 <-> DISABLED <-> OS-LINUX Linux kernel SCTP Unknown Chunk Types denial of service attempt (os-linux.rules) * 1:34811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player assumed trust URI reference to child file attempt (file-flash.rules) * 1:34812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34814 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34836 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34837 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34838 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34839 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34858 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34859 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34860 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34861 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34864 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (indicator-compromise.rules) * 1:34889 <-> DISABLED <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt (server-other.rules) * 1:34927 <-> DISABLED <-> PUA-ADWARE PullUpdate installer outbound connection (pua-adware.rules) * 1:34930 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy outbound traffic attempt (malware-other.rules) * 1:34933 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HSC DVD driver upgrade code execution attempt (os-windows.rules) * 1:34945 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.Dridex dropper message (malware-tools.rules) * 1:34946 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox automatic user click event attempt (browser-firefox.rules) * 1:34947 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox automatic user click event attempt (browser-firefox.rules) * 1:34951 <-> DISABLED <-> SERVER-OTHER PHP DateTimeZone object timezone unserialize type confusion attempt (server-other.rules) * 1:34952 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34953 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34954 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34955 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34956 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34964 <-> DISABLED <-> PUA-ADWARE Win.Adware.Sendori user-agent detection (pua-adware.rules) * 1:34969 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:34970 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:34973 <-> DISABLED <-> SERVER-OTHER Apache mod_include buffer overflow attempt (server-other.rules) * 1:34974 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio UML string object heap buffer overflow attempt (file-office.rules) * 1:34975 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio UML string object heap buffer overflow attempt (file-office.rules) * 1:34984 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (file-other.rules) * 1:34985 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (file-other.rules) * 1:34986 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (file-other.rules) * 1:34987 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (file-other.rules) * 1:35003 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Malumpos malware download attempt (malware-other.rules) * 1:35004 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Malumpos malware download attempt (malware-other.rules) * 1:35018 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules) * 1:35019 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules) * 1:35020 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules) * 1:35021 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules) * 1:35022 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime corrupt stbl atom out of bounds read attempt (file-multimedia.rules) * 1:35023 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime corrupt stbl atom out of bounds read attempt (file-multimedia.rules) * 1:35038 <-> DISABLED <-> SERVER-OTHER Trustwave ModSecurity chunked transfer encoding policy bypass attempt (server-other.rules) * 1:35042 <-> DISABLED <-> POLICY-OTHER Apple Cups cupsd.conf change attempt (policy-other.rules) * 1:35044 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari URI spoofing attempt (browser-webkit.rules) * 1:35045 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari URI spoofing attempt (browser-webkit.rules) * 1:35070 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (browser-firefox.rules) * 1:35071 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use after free attempt (browser-firefox.rules) * 1:35072 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (browser-firefox.rules) * 1:35073 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (browser-firefox.rules) * 1:35074 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use after free attempt (browser-firefox.rules) * 1:35075 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (browser-firefox.rules) * 1:35084 <-> DISABLED <-> EXPLOIT-KIT Null Hole exploit kit binary download request (exploit-kit.rules) * 1:35085 <-> DISABLED <-> EXPLOIT-KIT Null Hole exploit kit malicious swf request (exploit-kit.rules) * 1:35092 <-> DISABLED <-> SERVER-OTHER PHP core compressed file temp_len buffer overflow attempt (server-other.rules) * 1:35093 <-> DISABLED <-> SERVER-OTHER PHP core compressed file temp_len buffer overflow attempt (server-other.rules) * 1:35094 <-> DISABLED <-> FILE-OTHER Microsoft proxy autoconfig script system library import attempt (file-other.rules) * 1:35097 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35098 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35105 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (os-windows.rules) * 1:35106 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (os-windows.rules) * 1:35107 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (os-windows.rules) * 1:35108 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (os-windows.rules) * 1:35109 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit obfuscated Flash actionscript classname detected (exploit-kit.rules) * 1:35110 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit obfuscated Flash actionscript classname detected (exploit-kit.rules) * 1:35111 <-> DISABLED <-> SERVER-OTHER OpenSSL anomalous x509 certificate with default org name and certificate chain detected (server-other.rules) * 1:35112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference attempt (os-windows.rules) * 1:35113 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference attempt (os-windows.rules) * 1:35118 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos privilege escalation attempt (os-windows.rules) * 1:35129 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid table information disclosure attempt (file-office.rules) * 1:35130 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid table information disclosure attempt (file-office.rules) * 1:35131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserDisableProcessWindowFiltering information disclosure attempt (os-windows.rules) * 1:35132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserDisableProcessWindowFiltering information disclosure attempt (os-windows.rules) * 1:35135 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DeferWindowPos access after release code injection attempt (os-windows.rules) * 1:35136 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DeferWindowPos access after release code injection attempt (os-windows.rules) * 1:35143 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Viewer msostyle.dll dll-load exploit attempt (file-office.rules) * 1:35144 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Viewer request for msostyle.dll over SMB attempt (file-office.rules) * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:35149 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop reference use after free attempt (os-windows.rules) * 1:35150 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop reference use after free attempt (os-windows.rules) * 1:35160 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules) * 1:35161 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules) * 1:35162 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules) * 1:35163 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules) * 1:35166 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object remote code execution attempt (file-office.rules) * 1:35167 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object remote code execution attempt (file-office.rules) * 1:35168 <-> DISABLED <-> FILE-OFFICE Microsoft Office rapi.dll dll-load exploit attempt (file-office.rules) * 1:35169 <-> DISABLED <-> FILE-OFFICE Microsoft Office request for rapi.dll over SMB attempt (file-office.rules) * 1:35174 <-> DISABLED <-> OS-WINDOWS DCOM DCE/RPC NTLM reflection elevation of privilege attempt (os-windows.rules) * 1:35175 <-> DISABLED <-> OS-WINDOWS DCOM DCE/RPC NTLM reflection elevation of privilege attempt (os-windows.rules) * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:35186 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:35187 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:35188 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:35189 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35239 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (file-pdf.rules) * 1:35240 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (file-pdf.rules) * 1:35241 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (file-pdf.rules) * 1:35242 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (file-pdf.rules) * 1:35247 <-> ENABLED <-> FILE-IDENTIFY GNI file download request (file-identify.rules) * 1:35248 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules) * 1:35249 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules) * 1:35250 <-> ENABLED <-> FILE-IDENTIFY GNI file magic detected (file-identify.rules) * 1:35253 <-> DISABLED <-> SERVER-OTHER LibreOffice Impress socket manager Use After Free attempt (server-other.rules) * 1:35256 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:35282 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (file-flash.rules) * 1:35283 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (file-flash.rules) * 1:35284 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (file-flash.rules) * 1:35285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (file-flash.rules) * 1:35286 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (file-flash.rules) * 1:35287 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (file-flash.rules) * 1:35288 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (file-flash.rules) * 1:35289 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (file-flash.rules) * 1:35307 <-> DISABLED <-> SERVER-OTHER OpenSSL alternative chains certificate forgery attempt (server-other.rules) * 1:35314 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_proxy denial of service attempt (server-apache.rules) * 1:35333 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:35334 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:35335 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:35371 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Bimteni variant initial outbound connection (malware-backdoor.rules) * 1:35384 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nicabown variant outbound connection (malware-backdoor.rules) * 1:35405 <-> DISABLED <-> SERVER-OTHER HP Release Control authenticated privilege escalation attempt (server-other.rules) * 1:35406 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_status heap buffer overflow attempt (server-apache.rules) * 1:35411 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor Policy ByPass command injection attempt (browser-chrome.rules) * 1:35412 <-> DISABLED <-> BROWSER-CHROME Google Chrome xssauditor policy bypass command injection attempt (browser-chrome.rules) * 1:35413 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules) * 1:35414 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules) * 1:35417 <-> DISABLED <-> SERVER-OTHER Fortinet Single Sign On hello message denial of service attempt (server-other.rules) * 1:35418 <-> DISABLED <-> SERVER-OTHER Fortinet Single Sign On hello message denial of service attempt (server-other.rules) * 1:35432 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:35433 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (file-identify.rules) * 1:35460 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallWrapper error handling code execution attempt (browser-firefox.rules) * 1:35461 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallWrapper error handling code execution attempt (browser-firefox.rules) * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35469 <-> ENABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35487 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Notepad remote printer file access attempt (os-windows.rules) * 1:35488 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Notepad remote printer file access attempt (os-windows.rules) * 1:35513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtGdiGetTextMetricsW TEXTMETRICW kernel mode ASLR bypass attempt (os-windows.rules) * 1:35514 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtGdiGetTextMetricsW TEXTMETRICW kernel mode ASLR bypass attempt (os-windows.rules) * 1:35527 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:35528 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:35529 <-> DISABLED <-> FILE-OTHER Microsoft Windows malformed TTF table hmtx remote code execution attempt (file-other.rules) * 1:35530 <-> DISABLED <-> FILE-OTHER Microsoft Windows malformed TTF table hmtx remote code execution attempt (file-other.rules) * 1:35542 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit flash exploit download attempt (exploit-kit.rules) * 1:35543 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35544 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35545 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35548 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35550 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:35552 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (server-mail.rules) * 1:35553 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (server-mail.rules) * 1:35554 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (server-mail.rules) * 1:35555 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (server-mail.rules) * 1:35561 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules) * 1:35562 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules) * 1:35563 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime esds atom buffer overread attempt (file-multimedia.rules) * 1:35564 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime esds atom buffer overread attempt (file-multimedia.rules) * 1:35567 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid mvhd atom size out of bounds read attempt (file-multimedia.rules) * 1:35568 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid mvhd atom size out of bounds read attempt (file-multimedia.rules) * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (policy-other.rules) * 1:35628 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime tkhd atom matrix integer overflow attempt (file-multimedia.rules) * 1:35629 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime tkhd atom matrix integer overflow attempt (file-multimedia.rules) * 1:35630 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules) * 1:35631 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules) * 1:35636 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid swf tag parsing buffer overflow attempt (file-flash.rules) * 1:35637 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid swf tag parsing buffer overflow attempt (file-flash.rules) * 1:35638 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35639 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35640 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object after free attempt (file-flash.rules) * 1:35641 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35664 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules) * 1:35665 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules) * 1:35688 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml file request (protocol-other.rules) * 1:35689 <-> DISABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml buffer overflow attempt (protocol-other.rules) * 1:35739 <-> DISABLED <-> FILE-PDF Adobe Reader GoToE javascript execution attempt (file-pdf.rules) * 1:35740 <-> DISABLED <-> FILE-PDF Adobe Reader GoToE javascript execution attempt (file-pdf.rules) * 1:35757 <-> DISABLED <-> FILE-PDF Adobe Reader exclGroup element null pointer dereference attempt (file-pdf.rules) * 1:35758 <-> DISABLED <-> FILE-PDF Adobe Reader exclGroup element null pointer dereference attempt (file-pdf.rules) * 1:35763 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules) * 1:35764 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules) * 1:35765 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules) * 1:35766 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules) * 1:35769 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Cobrike inbound connection (malware-backdoor.rules) * 1:35770 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Cobrike outbound connection (malware-backdoor.rules) * 1:35773 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35774 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35775 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35776 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35777 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35778 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35781 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (file-pdf.rules) * 1:35782 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (file-pdf.rules) * 1:35784 <-> DISABLED <-> FILE-PDF Adobe Reader AcroForm null pointer dereference attempt (file-pdf.rules) * 1:35785 <-> DISABLED <-> FILE-PDF Adobe Reader AcroForm null pointer dereference attempt (file-pdf.rules) * 1:35786 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader trusted function privilege escalation attempt (file-pdf.rules) * 1:35787 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader trusted function privilege escalation attempt (file-pdf.rules) * 1:35795 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules) * 1:35796 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules) * 1:35797 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file download request (file-identify.rules) * 1:35805 <-> DISABLED <-> FILE-EXECUTABLE Adobe Reader NtSetInformationFile privilege escalation attempt (file-executable.rules) * 1:35806 <-> DISABLED <-> FILE-EXECUTABLE Adobe Reader NtSetInformationFile privilege escalation attempt (file-executable.rules) * 1:35807 <-> DISABLED <-> FILE-PDF Adobe Reader validation bypass privilege escalation attempt (file-pdf.rules) * 1:35808 <-> DISABLED <-> FILE-PDF Adobe Reader validation bypass privilege escalation attempt (file-pdf.rules) * 1:35826 <-> DISABLED <-> FILE-OTHER TAR archive with absolute path detected (file-other.rules) * 1:35827 <-> DISABLED <-> FILE-OTHER TAR archive with absolute path detected (file-other.rules) * 1:35828 <-> DISABLED <-> FILE-OTHER OpenOffice Starview metafile arbitrary read write attempt (file-other.rules) * 1:35829 <-> DISABLED <-> FILE-OTHER OpenOffice Starview metafile arbitrary read write attempt (file-other.rules) * 1:35831 <-> DISABLED <-> SERVER-OTHER multiple vendors NTP daemon integer overflow attempt (server-other.rules) * 1:35845 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules) * 1:35849 <-> DISABLED <-> POLICY-OTHER EMC Documentum Content Server remote access attempt (policy-other.rules) * 1:35851 <-> DISABLED <-> SERVER-OTHER QEMU VNC set-pixel-format memory corruption attempt (server-other.rules) * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules) * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:35858 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:35876 <-> DISABLED <-> FILE-OTHER InduSoft Web Studio insecure visual basic code execution attempt (file-other.rules) * 1:35886 <-> DISABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules) * 1:35887 <-> DISABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules) * 1:35889 <-> DISABLED <-> PROTOCOL-SCADA Kaskad SCADA arbitrary command execution attempt (protocol-scada.rules) * 1:35904 <-> DISABLED <-> SERVER-OTHER SCADA InduSoft Web Studio buffer overflow attempt (server-other.rules) * 1:35916 <-> DISABLED <-> SERVER-OTHER Websense Triton Web Security untrusted remote file creation attempt (server-other.rules) * 1:35917 <-> DISABLED <-> SERVER-OTHER Websense Triton Web Security untrusted remote file creation attempt (server-other.rules) * 1:35921 <-> DISABLED <-> SERVER-OTHER General Electric Proficy malicious log forwarding request attempt (server-other.rules) * 1:35973 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SURFACE objects kernel privilege escalation attempt (os-windows.rules) * 1:35974 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SURFACE objects kernel privilege escalation attempt (os-windows.rules) * 1:35977 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateObjectTask privilege escalation attempt (os-windows.rules) * 1:35978 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateObjectTask privilege escalation attempt (os-windows.rules) * 1:35979 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file download request (file-identify.rules) * 1:35980 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules) * 1:35981 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules) * 1:35986 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserSetWindowsHook memory disclosure attempt (os-windows.rules) * 1:35987 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserSetWindowsHook memory disclosure attempt (os-windows.rules) * 1:35988 <-> DISABLED <-> FILE-EXECUTABLE NtGdiStretchBlt buffer overflow privilege escalation attempt (file-executable.rules) * 1:35989 <-> DISABLED <-> FILE-EXECUTABLE NtGdiStretchBlt buffer overflow privilege escalation attempt (file-executable.rules) * 1:35994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop window privilege escalation attempt (os-windows.rules) * 1:35995 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop window privilege escalation attempt (os-windows.rules) * 1:36010 <-> DISABLED <-> OS-WINDOWS Microsoft Windows task scheduler race condition attempt (os-windows.rules) * 1:36011 <-> DISABLED <-> OS-WINDOWS Microsoft Windows task scheduler race condition attempt (os-windows.rules) * 1:36012 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel SettingsSyncDiagnostics privilege escalation attempt (os-windows.rules) * 1:36013 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel SettingsSyncDiagnostics privilege escalation attempt (os-windows.rules) * 1:36016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows use after free kernel privilege escalation attempt (os-windows.rules) * 1:36017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows use after free kernel privilege escalation attempt (os-windows.rules) * 1:36025 <-> DISABLED <-> SERVER-OTHER Digium Asterisk TLS Certificate Common Name null byte validation bypass attempt (server-other.rules) * 1:36028 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys use after free attempt (os-windows.rules) * 1:36029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys use after free attempt (os-windows.rules) * 1:36034 <-> DISABLED <-> FILE-FLASH Infinity popup toolkit detected (file-flash.rules) * 1:36035 <-> DISABLED <-> FILE-FLASH Infinity popup toolkit detected (file-flash.rules) * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules) * 1:36061 <-> DISABLED <-> SERVER-OTHER SAP SQL Anywhere .NET malformed integer buffer overflow attempt (server-other.rules) * 1:36062 <-> DISABLED <-> FILE-PDF Adobe Reader makeMeasurement information disclosure attempt (file-pdf.rules) * 1:36063 <-> DISABLED <-> FILE-PDF Adobe Reader makeMeasurement information disclosure attempt (file-pdf.rules) * 1:36067 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:36071 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit browser version detection attempt (exploit-kit.rules) * 1:36096 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake oversized fragment length denial of service attempt (server-other.rules) * 1:36194 <-> DISABLED <-> POLICY-OTHER BitTorrent distributed reflected denial-of-service attempt (policy-other.rules) * 1:36201 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit exfiltration attempt (exploit-kit.rules) * 1:36239 <-> ENABLED <-> FILE-JAVA Oracle Java System.arraycopy race condition attempt (file-java.rules) * 1:36240 <-> ENABLED <-> FILE-JAVA Oracle Java System.arraycopy race condition attempt (file-java.rules) * 1:36241 <-> ENABLED <-> MALWARE-OTHER self-signed SSL certificate transfer for EXEPROXY attempt (malware-other.rules) * 1:36247 <-> DISABLED <-> SERVER-OTHER IRC w3wt0rk pitbull perl bot remote command execution attempt (server-other.rules) * 1:36248 <-> DISABLED <-> SERVER-OTHER IRC w3wt0rk pitbull perl bot remote command execution attempt (server-other.rules) * 1:36250 <-> DISABLED <-> SERVER-OTHER ntpd keyfile buffer overflow attempt (server-other.rules) * 1:36251 <-> DISABLED <-> SERVER-OTHER ntpq atoascii memory corruption attempt (server-other.rules) * 1:36252 <-> DISABLED <-> SERVER-OTHER ntpd remote configuration denial of service attempt (server-other.rules) * 1:36253 <-> DISABLED <-> SERVER-OTHER ntpd saveconfig directory traversal attempt (server-other.rules) * 1:36256 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:36277 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36278 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36279 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36280 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36281 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:36305 <-> DISABLED <-> FILE-PDF Foxit Reader PNG to PDF conversion heap buffer overflow attempt (file-pdf.rules) * 1:36306 <-> DISABLED <-> FILE-PDF Foxit Reader PNG to PDF conversion heap buffer overflow attempt (file-pdf.rules) * 1:36307 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (file-image.rules) * 1:36308 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (file-image.rules) * 1:36309 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (file-image.rules) * 1:36310 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (file-image.rules) * 1:36315 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit relay traffic detected (exploit-kit.rules) * 1:36316 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URI loaded MP4 potential information leak attempt (file-flash.rules) * 1:36317 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URI loaded FLV potential information leak attempt (file-flash.rules) * 1:36332 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit relay traffic detected (exploit-kit.rules) * 1:36338 <-> ENABLED <-> MALWARE-OTHER Apple iTunes Connect HTTP response phishing attempt (malware-other.rules) * 1:36360 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:36361 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:36362 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:36375 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework Endpoint default HTTP password authentication attempt (server-other.rules) * 1:36376 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework lcfd endpoint daemon buffer overflow attempt (server-other.rules) * 1:36377 <-> DISABLED <-> BROWSER-OTHER Google Chrome invalid URI denial of service attempt (browser-other.rules) * 1:36378 <-> DISABLED <-> BROWSER-OTHER Google Chrome invalid URI denial of service attempt (browser-other.rules) * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:36383 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:36384 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:36403 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SepReferenceLowBoxObjects privilege escalation attempt (os-windows.rules) * 1:36404 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SepReferenceLowBoxObjects privilege escalation attempt (os-windows.rules) * 1:36405 <-> DISABLED <-> OS-WINDOWS Microsoft Windows sandbox policy bypass attempt (os-windows.rules) * 1:36406 <-> DISABLED <-> OS-WINDOWS Microsoft Windows sandbox policy bypass attempt (os-windows.rules) * 1:36407 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (os-windows.rules) * 1:36408 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (os-windows.rules) * 1:36409 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (os-windows.rules) * 1:36410 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (os-windows.rules) * 1:36415 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel ALPC synchronous requests memory corruption attempt (os-windows.rules) * 1:36416 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel ALPC synchronous requests memory corruption attempt (os-windows.rules) * 1:36419 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36420 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36422 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36435 <-> DISABLED <-> SERVER-OTHER Xerox Administrator Console password extraction attempt (server-other.rules) * 1:36445 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 10 low integrity level NTFS mount reparse point bypass attempt (os-windows.rules) * 1:36446 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 10 low integrity level NTFS mount reparse point bypass attempt (os-windows.rules) * 1:36454 <-> DISABLED <-> SERVER-OTHER multiple products WinExec function remote code execution attempt (server-other.rules) * 1:36455 <-> DISABLED <-> SERVER-OTHER Schneider Electric InduSoft Web Studio Remote Agent remote code execution attempt (server-other.rules) * 1:36456 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (file-multimedia.rules) * 1:36457 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:36461 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost sadminpwd buffer overflow attempt (server-other.rules) * 1:36462 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost verifypwd buffer overflow attempt (server-other.rules) * 1:36476 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36477 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36479 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36492 <-> DISABLED <-> EXPLOIT-KIT Neutrino exploit kit gate detected (exploit-kit.rules) * 1:36493 <-> DISABLED <-> SERVER-OTHER Squid snmphandleUDP off-by-one buffer overflow attempt (server-other.rules) * 1:36498 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:36499 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:36500 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:36501 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:36523 <-> DISABLED <-> EXPLOIT-KIT Sundown exploit kit landing page detected (exploit-kit.rules) * 1:36524 <-> DISABLED <-> FILE-JAVA Oracle Java TrueType font parsing mort table ligature subtable buffer overflow attempt (file-java.rules) * 1:36525 <-> DISABLED <-> FILE-JAVA Oracle Java TrueType font parsing mort table ligature subtable buffer overflow attempt (file-java.rules) * 1:36527 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:36528 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:36529 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:36530 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (file-identify.rules) * 1:36535 <-> DISABLED <-> EXPLOIT-KIT Neutrino exploit kit landing page detected (exploit-kit.rules) * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:36543 <-> ENABLED <-> EXPLOIT-KIT Hunter exploit kit landing page detected (exploit-kit.rules) * 1:36545 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (server-other.rules) * 1:36546 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (server-other.rules) * 1:36547 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (server-other.rules) * 1:36548 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (server-other.rules) * 1:36562 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:36563 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:36564 <-> DISABLED <-> FILE-MULTIMEDIA libav LZO integer overflow attempt (file-multimedia.rules) * 1:36565 <-> DISABLED <-> FILE-MULTIMEDIA libav LZO integer overflow attempt (file-multimedia.rules) * 1:36585 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari user assisted applescript code execution attempt (browser-webkit.rules) * 1:36596 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos privilege escalation attempt (os-windows.rules) * 1:36606 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (file-flash.rules) * 1:36607 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (file-flash.rules) * 1:36608 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (file-flash.rules) * 1:36609 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (file-flash.rules) * 1:36611 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (indicator-compromise.rules) * 1:36612 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (indicator-compromise.rules) * 1:36650 <-> DISABLED <-> PROTOCOL-ICMP Squid Pinger IPv6 denial of service attempt (protocol-icmp.rules) * 1:36651 <-> DISABLED <-> PROTOCOL-ICMP Squid Pinger IPv6 denial of service attempt (protocol-icmp.rules) * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:36711 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file attachment detected (file-identify.rules) * 1:36718 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel memory information disclosure attempt (os-windows.rules) * 1:36719 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel memory information disclosure attempt (os-windows.rules) * 1:36733 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:36734 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:36735 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:36748 <-> ENABLED <-> FILE-IDENTIFY TTF file attachment detected (file-identify.rules) * 1:36766 <-> DISABLED <-> FILE-OTHER Microsoft Outlook for Mac EML file http-equiv refresh url attempt (file-other.rules) * 1:36767 <-> DISABLED <-> FILE-OTHER Microsoft Outlook for Mac EML file http-equiv refresh url attempt (file-other.rules) * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (policy-other.rules) * 1:36786 <-> DISABLED <-> FILE-OTHER Apple SceneKit qlmanage setelementname buffer overflow attempt (file-other.rules) * 1:36787 <-> DISABLED <-> FILE-OTHER Apple SceneKit qlmanage setelementname buffer overflow attempt (file-other.rules) * 1:36789 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript large regex memory corruption attempt (browser-firefox.rules) * 1:36803 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt (server-other.rules) * 1:36804 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet peerdistsvc.dll dll-load exploit attempt (os-windows.rules) * 1:36805 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet request for peerdistsvc.dll over SMB attempt (os-windows.rules) * 1:36814 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO acceptor acc_ctx_cont denial of service attempt (server-other.rules) * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (server-other.rules) * 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (server-other.rules) * 1:36823 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack Server buffer overflow attempt (server-other.rules) * 1:36825 <-> DISABLED <-> PUA-ADWARE DealPly Adware variant outbound connection (pua-adware.rules) * 1:36854 <-> DISABLED <-> FILE-OTHER IDEAL Administration IPJ file handling stack overflow attempt (file-other.rules) * 1:36855 <-> ENABLED <-> FILE-OTHER Wireshark DECT packet dissector overflow attempt (file-other.rules) * 1:36856 <-> DISABLED <-> FILE-IMAGE Microsoft Windows malformed WMF meta escape record memory corruption attempt (file-image.rules) * 1:36887 <-> DISABLED <-> POLICY-OTHER self-signed SSL certificate eDellRoot use attempt (policy-other.rules) * 1:36888 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:36912 <-> DISABLED <-> SERVER-OTHER Novell eDirectory dhost buffer overflow attempt (server-other.rules) * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (policy-other.rules) * 1:36972 <-> DISABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules) * 1:36973 <-> DISABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules) * 1:37017 <-> DISABLED <-> SERVER-OTHER Redis SSH authorized keys file overwrite attempt (server-other.rules) * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37028 <-> DISABLED <-> PROTOCOL-OTHER Websocket upgrade request without a client key detected (protocol-other.rules) * 1:37054 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37055 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37056 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37057 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37058 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37059 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37060 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37061 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37062 <-> DISABLED <-> APP-DETECT 12P DNS request attempt (app-detect.rules) * 1:37087 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Metafile invalid header size integer overflow (os-windows.rules) * 1:37154 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid RSASSA-PSS certificate denial of service attempt (server-other.rules) * 1:37155 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid RSASSA-PSS certificate denial of service attempt (server-other.rules) * 1:37222 <-> ENABLED <-> MALWARE-OTHER Win.Worm.Pixipos Outbound Connection Attempt (malware-other.rules) * 1:37281 <-> DISABLED <-> FILE-OTHER Microsoft Office MScomctl.ocx memory leak attempt (file-other.rules) * 1:37282 <-> DISABLED <-> FILE-OTHER Microsoft Office MScomctl.ocx memory leak attempt (file-other.rules) * 1:37288 <-> DISABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules) * 1:37291 <-> DISABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules) * 1:37298 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules) * 1:37299 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules) * 1:37300 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:37301 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:37302 <-> DISABLED <-> APP-DETECT Hola VPN X-Hola-Version header nonstandard port attempt (app-detect.rules) * 1:37303 <-> DISABLED <-> APP-DETECT Hola VPN X-Hola-Version header attempt (app-detect.rules) * 1:37304 <-> DISABLED <-> APP-DETECT Hola VPN non-http port ping (app-detect.rules) * 1:37305 <-> DISABLED <-> APP-DETECT Hola VPN tunnel keep alive (app-detect.rules) * 1:37306 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:37310 <-> DISABLED <-> BROWSER-CHROME Google Chrome MOTW pageSerializer HTML injection attempt (browser-chrome.rules) * 1:37311 <-> DISABLED <-> BROWSER-CHROME Google Chrome MOTW pageSerializer HTML injection attempt (browser-chrome.rules) * 1:37314 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (file-pdf.rules) * 1:37315 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (file-pdf.rules) * 1:37318 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rpawinet.dll dll-load exploit attempt (file-office.rules) * 1:37319 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word request for rpawinet.dll over SMB attempt (file-office.rules) * 1:37325 <-> DISABLED <-> BROWSER-CHROME Google Chrome same origin policy bypass attempt (browser-chrome.rules) * 1:37328 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37329 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37330 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37331 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37332 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37333 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37334 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37335 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37336 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37337 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37338 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37339 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37340 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37341 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37342 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37354 <-> DISABLED <-> APP-DETECT Jenkins Groovy script access through script console attempt (app-detect.rules) * 1:37355 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page detected (exploit-kit.rules) * 1:37362 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 conversion library code execution attempt (file-office.rules) * 1:37364 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST client identifier overflow attempt (os-windows.rules) * 1:37365 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST client identifier overflow attempt (os-windows.rules) * 1:37366 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST hostname overflow attempt (os-windows.rules) * 1:37367 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST hostname overflow attempt (os-windows.rules) * 1:37368 <-> DISABLED <-> SERVER-OTHER Multiple Vendors SOAP large array information disclosure attempt (server-other.rules) * 1:37375 <-> DISABLED <-> SERVER-MAIL Multiple IMAP servers EXAMINE command buffer overflow attempt (server-mail.rules) * 1:37401 <-> DISABLED <-> FILE-OTHER librtmp invalid pointer dereference attempt (file-other.rules) * 1:37402 <-> DISABLED <-> FILE-OTHER librtmp invalid pointer dereference attempt (file-other.rules) * 1:37403 <-> DISABLED <-> SERVER-OTHER Easy Chat server authentication request password parameter overflow attempt (server-other.rules) * 1:37404 <-> DISABLED <-> SERVER-OTHER Easy Chat server authentication request username parameter overflow attempt (server-other.rules) * 1:37407 <-> DISABLED <-> FILE-OTHER librtmp invalid pointer dereference attempt (file-other.rules) * 1:37416 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT download (malware-backdoor.rules) * 1:37417 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT server file download (malware-backdoor.rules) * 1:37418 <-> ENABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (malware-backdoor.rules) * 1:37419 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (malware-backdoor.rules) * 1:37420 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT initial connection (malware-backdoor.rules) * 1:37421 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT download (malware-backdoor.rules) * 1:37422 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT server file download (malware-backdoor.rules) * 1:37431 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ExtGState use after free attempt (file-pdf.rules) * 1:37432 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ExtGState use after free attempt (file-pdf.rules) * 1:37441 <-> ENABLED <-> FILE-OTHER Adobe Flash Player javascript parsing cross site scripting attempt (file-other.rules) * 1:37442 <-> ENABLED <-> FILE-OTHER Adobe Flash Player javascript parsing cross site scripting attempt (file-other.rules) * 1:37446 <-> DISABLED <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt (server-other.rules) * 1:37452 <-> DISABLED <-> FILE-IDENTIFY PESpin v0.3 packer file magic detected (file-identify.rules) * 1:37453 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox location.hostname DOM modification bypass attempt (browser-firefox.rules) * 1:37495 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter compressed stream length code execution attempt (file-pdf.rules) * 1:37496 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter compressed stream length code execution attempt (file-pdf.rules) * 1:37497 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter encrypted stream code execution attempt (file-pdf.rules) * 1:37498 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter encrypted stream code execution attempt (file-pdf.rules) * 1:37499 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Basefont string overflow attempt (file-pdf.rules) * 1:37500 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Basefont string overflow attempt (file-pdf.rules) * 1:37501 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt (file-pdf.rules) * 1:37502 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt (file-pdf.rules) * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules) * 1:37524 <-> DISABLED <-> FILE-OTHER ReGet Deluxe wjr file buffer overflow attempt (file-other.rules) * 1:37545 <-> DISABLED <-> POLICY-OTHER Netcore/Netis firmware hard-coded backdoor account access attempt (policy-other.rules) * 1:37546 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules) * 1:37583 <-> DISABLED <-> INDICATOR-SHELLCODE Javascript 0xCCCC unicode unescape (indicator-shellcode.rules) * 1:37619 <-> DISABLED <-> SERVER-OTHER InterSystems Cache UtilConfigHome.csp buffer overflow attempt (server-other.rules) * 1:37620 <-> DISABLED <-> PUA-ADWARE Genieo Adware framework variant outbound connection (pua-adware.rules) * 1:37621 <-> DISABLED <-> PUA-ADWARE Genieo Adware framework User-Agent (pua-adware.rules) * 1:37635 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SPNEGO ASN.1 library heap corruption overflow attempt (os-windows.rules) * 1:37642 <-> ENABLED <-> PUA-ADWARE Win.Adware.Dealply outbound POST attempt (pua-adware.rules) * 1:37643 <-> DISABLED <-> SQL Oracle e-Business Suite ORACLESSWA SQL injection attempt (sql.rules) * 1:37648 <-> DISABLED <-> SQL Oracle e-Business Suite JTF_BISUTILITY_PUB SQL injection attempt (sql.rules) * 1:37649 <-> DISABLED <-> FILE-OTHER Sophos Anti-Virus reserved device name handling vulnerability attempt (file-other.rules) * 1:37651 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.Downloader outbound connection attempt (malware-tools.rules) * 1:37654 <-> DISABLED <-> OS-LINUX Linux kernel SCTP handshake COOKIE ECHO Chunks denial of service attempt (os-linux.rules) * 1:37732 <-> DISABLED <-> POLICY-OTHER eicar test string download attempt (policy-other.rules) * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules) * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37841 <-> DISABLED <-> SERVER-OTHER ntpd reference clock impersonation attempt (server-other.rules) * 1:37842 <-> DISABLED <-> SERVER-OTHER ntpd reference clock impersonation attempt (server-other.rules) * 1:37843 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK possible DoS attempt (server-other.rules) * 1:37861 <-> DISABLED <-> SERVER-OTHER SafeNEt SoftRemote IKE service buffer overflow attempt (server-other.rules) * 1:37862 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:37863 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:37864 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf xref offset out of bounds read attempt (file-pdf.rules) * 1:37865 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf xref offset out of bounds read attempt (file-pdf.rules) * 1:37866 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf arbitrary pointer access attempt (file-pdf.rules) * 1:37867 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf arbitrary pointer access attempt (file-pdf.rules) * 1:37868 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:37869 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:37891 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS tunneling attempt (indicator-obfuscation.rules) * 1:37892 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS tunneling attempt (indicator-obfuscation.rules) * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37918 <-> ENABLED <-> EXPLOIT-KIT Magnitude exploit kit Internet Explorer exploit attempt (exploit-kit.rules) * 1:38060 <-> DISABLED <-> POLICY-OTHER SSLv2 Client Hello attempt (policy-other.rules) * 1:38130 <-> DISABLED <-> POLICY-OTHER HTTP Request missing user-agent (policy-other.rules) * 1:38135 <-> DISABLED <-> BROWSER-OTHER Apple iOS CoreGraphics library PDF embedded image handling information leak attempt (browser-other.rules) * 1:38136 <-> DISABLED <-> SERVER-MAIL excessive email recipients - potential spam attempt (server-mail.rules) * 1:38172 <-> DISABLED <-> FILE-OTHER Adobe Acrobat updaternotifications.dll dll-load exploit attempt (file-other.rules) * 1:38263 <-> DISABLED <-> SERVER-OTHER CUPS Filters command injection attempt (server-other.rules) * 1:38268 <-> DISABLED <-> SERVER-APACHE 404 OK response (server-apache.rules) * 1:38270 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt (server-other.rules) * 1:38271 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt (server-other.rules) * 1:41064 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Query Log (protocol-scada.rules) * 1:41065 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Read command (protocol-scada.rules) * 1:41066 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Regulating step command (protocol-scada.rules) * 1:41067 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Rest process command (protocol-scada.rules) * 1:41068 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Set point command (protocol-scada.rules) * 1:41069 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Single command (protocol-scada.rules) * 1:41070 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Single point information (protocol-scada.rules) * 1:41071 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Step point information (protocol-scada.rules) * 1:41072 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Test command with time tag (protocol-scada.rules) * 1:41073 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 bitstring of 32 bits (protocol-scada.rules) * 1:41074 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 clock sync command (protocol-scada.rules) * 1:41075 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 counter interrogation command (protocol-scada.rules) * 1:41076 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 double command issued (protocol-scada.rules) * 1:41077 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 unknown ASDU type detected (protocol-scada.rules) * 1:41078 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 traffic to/from EXTERNAL_NET (protocol-scada.rules) * 1:41079 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 traffic to/from EXTERNAL_NET (protocol-scada.rules) * 1:41081 <-> ENABLED <-> SERVER-OTHER Tarantool initial connection banner detected (server-other.rules) * 1:41090 <-> DISABLED <-> SERVER-OTHER Rockwell Factorytalk RNADiagReceiver denial of service attempt (server-other.rules) * 1:41091 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Crash Ethernet attempt (protocol-scada.rules) * 1:41097 <-> DISABLED <-> SERVER-OTHER Moxa AWK-3131A serviceAgent information disclosure attempt (server-other.rules) * 1:41118 <-> DISABLED <-> SERVER-OTHER OpenSSL ChaCha20 Poly1305 heap-buffer overflow attempt (server-other.rules) * 1:41132 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules) * 1:41204 <-> DISABLED <-> FILE-PDF Adobe Reader XSL type confusion attempt (file-pdf.rules) * 1:41205 <-> DISABLED <-> FILE-PDF Adobe Reader XSL type confusion attempt (file-pdf.rules) * 1:41207 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed PlaceObject3 memory corruption attempt (file-flash.rules) * 1:41208 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed PlaceObject3 memory corruption attempt (file-flash.rules) * 1:41219 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric denial of service attempt (server-other.rules) * 1:41298 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41299 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41300 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41301 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41302 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41303 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41304 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41305 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41308 <-> DISABLED <-> FILE-OTHER Dell Precision Optimizer dll-load exploit attempt (file-other.rules) * 1:41309 <-> DISABLED <-> FILE-OTHER Dell Precision Optimizer dll-load exploit attempt (file-other.rules) * 1:41365 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RtlQueryRegistryValues buffer overflow attempt (os-windows.rules) * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (policy-other.rules) * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco WebEx explicit use of web plugin (policy-other.rules) * 1:41416 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader image cache use after free attempt (file-pdf.rules) * 1:41417 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader image cache use after free attempt (file-pdf.rules) * 1:41440 <-> DISABLED <-> MALWARE-OTHER Dos.Tool.LOIC TCP default U dun goofed attack (malware-other.rules) * 1:41445 <-> DISABLED <-> SERVER-OTHER QNAP remote buffer overflow attempt (server-other.rules) * 1:41462 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (file-executable.rules) * 1:41463 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (file-executable.rules) * 1:41464 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (file-executable.rules) * 1:41465 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (file-executable.rules) * 1:41467 <-> DISABLED <-> SERVER-OTHER InsideSecure MatrixSSL x509 IssuerDomainPolicy remote code execution attempt (server-other.rules) * 1:41483 <-> DISABLED <-> FILE-OTHER LexMark Perceptive Document Filters BZIP2 convert out of bounds write attempt (file-other.rules) * 1:41484 <-> DISABLED <-> FILE-OTHER LexMark Perceptive Document Filters BZIP2 convert out of bounds write attempt (file-other.rules) * 1:41507 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString denial of service attempt (server-other.rules) * 1:41524 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy server method negotiation on non-standard port (indicator-compromise.rules) * 1:41525 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41526 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41527 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41528 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41529 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41530 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41531 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41532 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41533 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41534 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy server method negotiation on non-standard port (indicator-compromise.rules) * 1:41537 <-> DISABLED <-> SERVER-OTHER Siemens WinCC TIA Portal DOS attempt (server-other.rules) * 1:41563 <-> DISABLED <-> FILE-OFFICE Microsoft Office request for imjp12k.dll over SMB attempt (file-office.rules) * 1:41564 <-> DISABLED <-> FILE-OFFICE Microsoft Office imjp12k.dll dll-load exploit attempt (file-office.rules) * 1:41603 <-> DISABLED <-> FILE-FLASH Adobe Flash player BitmapData class use after free attempt (file-flash.rules) * 1:41604 <-> DISABLED <-> FILE-FLASH Adobe Flash player BitmapData class use after free attempt (file-flash.rules) * 1:41637 <-> DISABLED <-> INDICATOR-COMPROMISE Writable SQL directories discovery attempt (indicator-compromise.rules) * 1:41640 <-> DISABLED <-> FILE-EXECUTABLE QuickHeal Internet Security malformed Mach-O file buffer overflow attempt (file-executable.rules) * 1:41641 <-> DISABLED <-> FILE-EXECUTABLE QuickHeal Internet Security malformed Mach-O file buffer overflow attempt (file-executable.rules) * 1:41647 <-> DISABLED <-> POLICY-OTHER Piwik Analytics Platform PHP plugin installation detected (policy-other.rules) * 1:41648 <-> DISABLED <-> PROTOCOL-SCADA SCADA Trace Mode DoS attempt (protocol-scada.rules) * 1:41649 <-> DISABLED <-> POLICY-OTHER Wordpress Press-This page access detected (policy-other.rules) * 1:41651 <-> DISABLED <-> SERVER-OTHER Schneider Electric ETY Telnet DOS attempt (server-other.rules) * 1:41658 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.MagicHound dropper document file detected (malware-other.rules) * 1:41659 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.MagicHound dropper document file detected (malware-other.rules) * 1:41664 <-> DISABLED <-> PUA-ADWARE Win.Adware.Xiazai variant outbound connection (pua-adware.rules) * 1:41688 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_http2 denial of service attempt (server-apache.rules) * 1:41701 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DSGetNCChanges attempt (policy-other.rules) * 1:41736 <-> DISABLED <-> SERVER-OTHER Beck IPC CHIP DoS attempt (server-other.rules) * 1:41737 <-> DISABLED <-> PROTOCOL-SCADA Sunway DOS attempt (protocol-scada.rules) * 1:41738 <-> DISABLED <-> PROTOCOL-SCADA Sunway DOS attempt (protocol-scada.rules) * 1:41739 <-> DISABLED <-> PROTOCOL-SCADA Moxa Mass Config Tool DOS attempt (protocol-scada.rules) * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules) * 1:41744 <-> DISABLED <-> POLICY-OTHER Cisco IOS configuration transfer via TFTP detected (policy-other.rules) * 1:41747 <-> DISABLED <-> PROTOCOL-SCADA Moxa SoftCMS webserver DOS attempt (protocol-scada.rules) * 1:41755 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (indicator-compromise.rules) * 1:41756 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (indicator-compromise.rules) * 1:41757 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (indicator-compromise.rules) * 1:41758 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (indicator-compromise.rules) * 1:41761 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:41762 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:41771 <-> ENABLED <-> MALWARE-TOOLS slowhttptest DoS tool (malware-tools.rules) * 1:41778 <-> ENABLED <-> PROTOCOL-SCADA Yokogawa CS3000 BKFSim_vhfd buffer overflow attempt (protocol-scada.rules) * 1:41784 <-> DISABLED <-> INDICATOR-COMPROMISE clorius controls information gathering attempt (indicator-compromise.rules) * 1:41794 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:41795 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:41796 <-> DISABLED <-> POLICY-OTHER Cisco IOS privileged user configuration transfer via TFTP detected (policy-other.rules) * 1:41807 <-> DISABLED <-> POLICY-OTHER SSLv3 Client Hello attempt (policy-other.rules) * 1:41812 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ fileserver broker service file move attempt (server-other.rules) * 1:41853 <-> DISABLED <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt (os-linux.rules) * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:41915 <-> DISABLED <-> POLICY-OTHER Carel PlantVisorPRO insecure SQL query transmission (policy-other.rules) * 1:41924 <-> DISABLED <-> FILE-OTHER Notepad++ request for scilexer.dll over SMB attempt (file-other.rules) * 1:41925 <-> DISABLED <-> FILE-OTHER Notepad++ scilexer.dll dll-load exploit attempt (file-other.rules) * 1:41946 <-> DISABLED <-> FILE-IMAGE Microsoft GDI+ malformed EMF description out of bounds read attempt (file-image.rules) * 1:41947 <-> DISABLED <-> FILE-IMAGE GDI+ malformed EMF description out of bounds read attempt (file-image.rules) * 1:41989 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Com Session Moniker pivilege escalation attempt (file-executable.rules) * 1:41990 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Com Session Moniker pivilege escalation attempt (file-executable.rules) * 1:41997 <-> DISABLED <-> OS-WINDOWS Microsoft GDI+ privilege escalation attempt (os-windows.rules) * 1:42000 <-> DISABLED <-> SERVER-OTHER WolfSSL X509 parsing off-by-one code execution attempt (server-other.rules) * 1:42015 <-> DISABLED <-> SERVER-OTHER Randombit Botan Library X509 DistinguishedName out of bounds read attempt (server-other.rules) * 1:42054 <-> DISABLED <-> PROTOCOL-SCADA Moxa get SNMP read string attempt (protocol-scada.rules) * 1:42055 <-> DISABLED <-> PROTOCOL-SCADA Moxa password retrieval attempt (protocol-scada.rules) * 1:42056 <-> DISABLED <-> PROTOCOL-SCADA Moxa password retrieval attempt (protocol-scada.rules) * 1:42057 <-> DISABLED <-> PROTOCOL-SCADA Moxa unlock function code attempt (protocol-scada.rules) * 1:42058 <-> DISABLED <-> PROTOCOL-SCADA Moxa unlock function code attempt (protocol-scada.rules) * 1:42064 <-> DISABLED <-> SERVER-OTHER kaskad SCADA daserver heap overflow exploitation attempt (server-other.rules) * 1:42065 <-> DISABLED <-> SERVER-OTHER kaskad SCADA daserver heap overflow exploitation attempt (server-other.rules) * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules) * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules) * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:42082 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (indicator-compromise.rules) * 1:42084 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:42085 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:42086 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:42087 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules) * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules) * 1:42100 <-> DISABLED <-> FILE-EXECUTABLE AnC MMU side channel ASLR bypass attack (file-executable.rules) * 1:42101 <-> DISABLED <-> FILE-EXECUTABLE AnC MMU side channel ASLR bypass attack (file-executable.rules) * 1:42109 <-> DISABLED <-> PROTOCOL-SCADA invalid modbus protocol identifier (protocol-scada.rules) * 1:42127 <-> DISABLED <-> PROTOCOL-SCADA Eaton Network Pi3Web DOS attempt (protocol-scada.rules) * 1:42133 <-> DISABLED <-> SERVER-APACHE Apache mod_session_crypto padding oracle brute force attempt (server-apache.rules) * 1:42163 <-> DISABLED <-> FILE-OTHER Microsoft Office OneNote 2007 dll-load exploit attempt (file-other.rules) * 1:42164 <-> DISABLED <-> FILE-OTHER Microsoft Office OneNote 2007 dll-load exploit attempt (file-other.rules) * 1:42223 <-> ENABLED <-> FILE-IDENTIFY AOP file download request (file-identify.rules) * 1:42224 <-> DISABLED <-> SERVER-OTHER Moxa MX-AOPC XML external entity injection attempt (server-other.rules) * 1:42226 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:42227 <-> DISABLED <-> SERVER-OTHER NTP Config Unpeer denial of service attempt (server-other.rules) * 1:42229 <-> DISABLED <-> INDICATOR-COMPROMISE RTF url moniker COM file download attempt (indicator-compromise.rules) * 1:42230 <-> DISABLED <-> INDICATOR-COMPROMISE RTF url moniker COM file download attempt (indicator-compromise.rules) * 1:42231 <-> DISABLED <-> FILE-OFFICE RTF url moniker COM file download attempt (file-office.rules) * 1:42256 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB anonymous user session setup request detected (os-windows.rules) * 1:42257 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules) * 1:42258 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:42259 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:42260 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:42261 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules) * 1:42262 <-> ENABLED <-> FILE-IDENTIFY ISO file download request (file-identify.rules) * 1:42263 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42264 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42265 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42266 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42267 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42268 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42269 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42270 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42271 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42272 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42279 <-> DISABLED <-> FILE-OTHER Adobe Acrobat request for RARfsClientNP.dll over SMB attempt (file-other.rules) * 1:42280 <-> DISABLED <-> FILE-OTHER Adobe Acrobat RARfsClientNP.dll dll-load exploit attempt (file-other.rules) * 1:42281 <-> DISABLED <-> OS-SOLARIS Solaris catflap telnet remote code execution attempt (os-solaris.rules) * 1:42282 <-> DISABLED <-> OS-SOLARIS Solaris catflap telnet remote code execution attempt (os-solaris.rules) * 1:42283 <-> DISABLED <-> OS-SOLARIS Solaris catflap telnet remote code execution attempt (os-solaris.rules) * 1:42284 <-> DISABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server DOS attempt (protocol-scada.rules) * 1:42289 <-> DISABLED <-> INDICATOR-SCAN PHP info leak attempt (indicator-scan.rules) * 1:42304 <-> DISABLED <-> FILE-OTHER fwpuclnt dll-load exploit attempt (file-other.rules) * 1:42305 <-> DISABLED <-> FILE-OTHER fwpuclnt dll-load exploit attempt (file-other.rules) * 1:42307 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF out of bounds memory access attempt (file-pdf.rules) * 1:42308 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF out of bounds memory access attempt (file-pdf.rules) * 1:42315 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream tile height out of bounds read attempt (file-pdf.rules) * 1:42316 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream tile height out of bounds read attempt (file-pdf.rules) * 1:42317 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream width out of bounds read attempt (file-pdf.rules) * 1:42318 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream width out of bounds read attempt (file-pdf.rules) * 1:42319 <-> DISABLED <-> FILE-PDF Poppler PDF library embedded jp2 COD levels integer overflow attempt (file-pdf.rules) * 1:42320 <-> DISABLED <-> FILE-PDF Poppler PDF library embedded jp2 COD levels integer overflow attempt (file-pdf.rules) * 1:42341 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:42342 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:42343 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:42344 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:42349 <-> DISABLED <-> PROTOCOL-SCADA InduSoft Web Studio CEServer buffer overflow attempt (protocol-scada.rules) * 1:42350 <-> DISABLED <-> PROTOCOL-SCADA InduSoft Web Studio CEServer buffer overflow attempt (protocol-scada.rules) * 1:42351 <-> DISABLED <-> PROTOCOL-SCADA InduSoft Web Studio CEServer buffer overflow attempt (protocol-scada.rules) * 1:42352 <-> DISABLED <-> FILE-PDF Poppler readProgressiveSOF out of bounds write attempt (file-pdf.rules) * 1:42353 <-> DISABLED <-> FILE-PDF Poppler readProgressiveSOF out of bounds write attempt (file-pdf.rules) * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42367 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42377 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader dll injection sandbox escape (file-pdf.rules) * 1:42378 <-> DISABLED <-> SERVER-OTHER Yealink VoIP phone remote code execution attempt (server-other.rules) * 1:42396 <-> DISABLED <-> EXPLOIT-KIT Blacole inbound malformed pdf download attempt (exploit-kit.rules) * 1:42397 <-> DISABLED <-> EXPLOIT-KIT Blacole inbound malformed pdf download attempt (exploit-kit.rules) * 1:42418 <-> DISABLED <-> FILE-EXECUTABLE Win.Trojan.DoubleAgent download attempt (file-executable.rules) * 1:42419 <-> DISABLED <-> FILE-EXECUTABLE Win.Trojan.DoubleAgent download attempt (file-executable.rules) * 1:42420 <-> DISABLED <-> SERVER-OTHER HP Operations Agent for NonStop server HEALTH packet parsing stack buffer overflow attempt (server-other.rules) * 1:42458 <-> DISABLED <-> PROTOCOL-DNS ISC BIND unexpected DNAME CNAME ordering denial of service attempt (protocol-dns.rules) * 1:42459 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Reader PDF embedded null JPEG image (indicator-compromise.rules) * 1:42460 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Reader PDF embedded null JPEG image (indicator-compromise.rules) * 1:42463 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:42466 <-> DISABLED <-> SERVER-OTHER WinRadius long password denial of service attempt (server-other.rules) * 1:42773 <-> DISABLED <-> OS-WINDOWS Microsoft Windows COM privilege escalation attempt (os-windows.rules) * 1:42774 <-> DISABLED <-> OS-WINDOWS Microsoft Windows COM privilege escalation attempt (os-windows.rules) * 1:42786 <-> DISABLED <-> PROTOCOL-SCADA Moxa unlock function code attempt (protocol-scada.rules) * 1:42822 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (malware-other.rules) * 1:42823 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (malware-other.rules) * 1:42824 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (malware-other.rules) * 1:42825 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (malware-other.rules) * 1:42846 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF heap overflow attempt (file-image.rules) * 1:42847 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF heap overflow attempt (file-image.rules) * 1:42861 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon TM221CE16R password retrieval attempt (protocol-scada.rules) * 1:42865 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS MIBEntryGet buffer overflow attempt (os-windows.rules) * 1:42870 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42871 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42872 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42873 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42874 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42875 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42876 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42877 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42918 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:42919 <-> DISABLED <-> FILE-IDENTIFY ISO file attachment with executable detected (file-identify.rules) * 1:42927 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office with embedded EPS download attempt (indicator-compromise.rules) * 1:42928 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office with embedded EPS download attempt (indicator-compromise.rules) * 1:42934 <-> DISABLED <-> PROTOCOL-SCADA GE Proficy Historian buffer overflow attempt (protocol-scada.rules) * 1:42935 <-> DISABLED <-> FILE-OTHER Everest Software PeakHMI malicious .bsu file buffer overflow attempt (file-other.rules) * 1:42936 <-> DISABLED <-> FILE-OTHER Everest Software PeakHMI malicious .bsu file buffer overflow attempt (file-other.rules) * 1:42937 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules) * 1:42938 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules) * 1:42939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules) * 1:42940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules) * 1:42969 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (file-pdf.rules) * 1:42970 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (file-pdf.rules) * 1:42971 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (file-pdf.rules) * 1:42972 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (file-pdf.rules) * 1:42995 <-> DISABLED <-> PROTOCOL-SCADA Weintek EB Pro denial of service attempt (protocol-scada.rules) * 1:43002 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:43003 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:43044 <-> DISABLED <-> SERVER-OTHER RaySharp DVR administrative interface access attempt (server-other.rules) * 1:43054 <-> DISABLED <-> OS-WINDOWS Microsoft Windows IIS buffer overflow attempt (os-windows.rules) * 1:43065 <-> DISABLED <-> INDICATOR-COMPROMISE Trend Micro Control Manager WFINFOR cookie authentication bypass attempt (indicator-compromise.rules) * 1:43073 <-> DISABLED <-> SQL SysAid potential default credential login attempt (sql.rules) * 1:43074 <-> DISABLED <-> INDICATOR-COMPROMISE SysAid mssql potentially malicious new user creation attempt (indicator-compromise.rules) * 1:43075 <-> DISABLED <-> INDICATOR-COMPROMISE SysAid mssql potentially malicious user permissions creation (indicator-compromise.rules) * 1:43080 <-> ENABLED <-> BROWSER-OTHER Foscam IP Camera User-Agent string detected (browser-other.rules) * 1:43092 <-> DISABLED <-> INDICATOR-COMPROMISE OLE attachment with embedded PICT attempt (indicator-compromise.rules) * 1:43094 <-> DISABLED <-> SERVER-OTHER Ecava IntegraXor SCADA information leak attempt (server-other.rules) * 1:43103 <-> DISABLED <-> PROTOCOL-SCADA Weintek EasyBuilder Pro denial of service attempt (protocol-scada.rules) * 1:43104 <-> DISABLED <-> PROTOCOL-SCADA OPC Systems denial of service attempt (protocol-scada.rules) * 1:43105 <-> DISABLED <-> SERVER-OTHER Novus WS10 Data Server buffer overflow attempt (server-other.rules) * 1:43106 <-> DISABLED <-> PROTOCOL-SCADA Optima PLC APIFTP denial of service attempt (protocol-scada.rules) * 1:43116 <-> DISABLED <-> SERVER-OTHER Moore Industries NCS denial of service attempt (server-other.rules) * 1:43122 <-> DISABLED <-> PROTOCOL-SCADA Advantech WebAccess webvrpcs denial of service attempt (protocol-scada.rules) * 1:43123 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Password read or write attempt (indicator-compromise.rules) * 1:43124 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Username read or write attempt (indicator-compromise.rules) * 1:43125 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Password read or write attempt (indicator-compromise.rules) * 1:43126 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Username read or write attempt (indicator-compromise.rules) * 1:43127 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration enumeration attempt (policy-other.rules) * 1:43128 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration overwrite attempt (policy-other.rules) * 1:43130 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:43131 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:43132 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:43133 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:43136 <-> DISABLED <-> SERVER-MAIL SysGauge SMTP response buffer overflow (server-mail.rules) * 1:43137 <-> DISABLED <-> FILE-OTHER INSAT MasterSCADA malicious project command execution attempt (file-other.rules) * 1:43138 <-> DISABLED <-> FILE-OTHER INSAT MasterSCADA malicious project command execution attempt (file-other.rules) * 1:43139 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large data allocation denial of service attempt (protocol-scada.rules) * 1:43140 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large size value denial of service attempt (protocol-scada.rules) * 1:43141 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large data allocation denial of service attempt (protocol-scada.rules) * 1:43142 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large size value denial of service attempt (protocol-scada.rules) * 1:43143 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX arbitrary memory disclosure attempt (protocol-scada.rules) * 1:43144 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX arbitrary memory disclosure attempt (protocol-scada.rules) * 1:43145 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:43146 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:43161 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:43162 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:43177 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIPROTEC V4.24 crafted packet denial of service attempt (protocol-scada.rules) * 1:43218 <-> DISABLED <-> PUA-ADWARE Win.Adware.Hotbar variant outbound connection (pua-adware.rules) * 1:43219 <-> DISABLED <-> PUA-ADWARE Win.Adware.Hotbar variant outbound connection (pua-adware.rules) * 1:43221 <-> ENABLED <-> MALWARE-OTHER Win.Trojan-Downloader.Jadtree GET request of RAR file to server (malware-other.rules) * 1:43225 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework CLI loader denial of service attempt (os-windows.rules) * 1:43226 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework CLI loader denial of service attempt (os-windows.rules) * 1:43227 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 force off denial of service attempt (protocol-scada.rules) * 1:43228 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 force on denial of service attempt (protocol-scada.rules) * 1:43229 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43230 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43231 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43232 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43233 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43234 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43235 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43236 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43239 <-> DISABLED <-> PROTOCOL-FTP WS-FTP REST command overly large file creation attempt (protocol-ftp.rules) * 1:43247 <-> DISABLED <-> SERVER-APACHE Apache Rave information disclosure attempt (server-apache.rules) * 1:43252 <-> DISABLED <-> PROTOCOL-SCADA IEC 61850 device connection enumeration attempt (protocol-scada.rules) * 1:43253 <-> DISABLED <-> PROTOCOL-SCADA IEC 61850 virtual manufacturing device domain variable enumeration attempt (protocol-scada.rules) * 1:43259 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:43260 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:43261 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:43262 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:43263 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:43264 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:43275 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:43276 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:43277 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:43278 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:43297 <-> DISABLED <-> SERVER-OTHER Cisco ASA 5500 series denial of service attempt (server-other.rules) * 1:43298 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit WebCore CSSSelector denial of service attempt (browser-webkit.rules) * 1:43300 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:43301 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:43302 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:43303 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:43333 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules) * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules) * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules) * 1:43348 <-> DISABLED <-> PROTOCOL-SCADA Advantech Studio DOS attempt (protocol-scada.rules) * 1:43349 <-> DISABLED <-> SERVER-OTHER Karjasoft Sami HTTP Server denial of service attempt (server-other.rules) * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (policy-other.rules) * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:43368 <-> DISABLED <-> FILE-OTHER Compface xbm long declaration buffer overflow attempt (file-other.rules) * 1:43369 <-> DISABLED <-> FILE-OTHER Compface xbm long declaration buffer overflow attempt (file-other.rules) * 1:43370 <-> DISABLED <-> NETBIOS DCERPC possible wmi remote process launch (netbios.rules) * 1:43384 <-> DISABLED <-> INDICATOR-COMPROMISE Wing FTP Server potentially malicious admin user creation attempt (indicator-compromise.rules) * 1:43385 <-> DISABLED <-> INDICATOR-COMPROMISE Wing FTP Server potentially malicious admin user creation attempt (indicator-compromise.rules) * 1:43386 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:43387 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:43388 <-> DISABLED <-> OS-OTHER Apple OSX CFNetwork HTTP response denial of service attempt (os-other.rules) * 1:43389 <-> DISABLED <-> INDICATOR-COMPROMISE Symantec Endpoint Protection potential binary planting RCE attempt (indicator-compromise.rules) * 1:43397 <-> DISABLED <-> SERVER-OTHER Proface GP-Pro EX EX-ED BeginPreRead stack buffer overflow attempt (server-other.rules) * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (policy-other.rules) * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (policy-other.rules) * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules) * 1:43442 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Sorebrect download attempt (malware-other.rules) * 1:43443 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Sorebrect download attempt (malware-other.rules) * 1:43450 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file double free attempt (file-office.rules) * 1:43514 <-> DISABLED <-> SERVER-OTHER Cisco IOS authentication proxy authentication request attempt (server-other.rules) * 1:43516 <-> DISABLED <-> BROWSER-OTHER Apple Safari nested xml tag denial of service attempt (browser-other.rules) * 1:43517 <-> DISABLED <-> BROWSER-OTHER Apple Safari nested xml tag denial of service attempt (browser-other.rules) * 1:43525 <-> DISABLED <-> SERVER-OTHER Cisco ASA malformed SCCP packet denial of service attempt (server-other.rules) * 1:43540 <-> DISABLED <-> FILE-OTHER Aktiv Player wma file buffer overflow attempt (file-other.rules) * 1:43541 <-> DISABLED <-> FILE-OTHER Aktiv Player wma file buffer overflow attempt (file-other.rules) * 1:43542 <-> DISABLED <-> SERVER-OTHER CCProxy telnet ping buffer overflow attempt (server-other.rules) * 1:43543 <-> DISABLED <-> FILE-OTHER multiple vulnerabilities malformed .m3u file buffer overflow attempt (file-other.rules) * 1:43546 <-> DISABLED <-> INDICATOR-COMPROMISE Juniper vSRX Application Firewall IPv6 REJECT buffer overflow attempt (indicator-compromise.rules) * 1:43547 <-> DISABLED <-> SERVER-APACHE httpd mod_mime content-type buffer overflow attempt (server-apache.rules) * 1:43562 <-> DISABLED <-> POLICY-OTHER Teleopti WFM database information request detected (policy-other.rules) * 1:43563 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user credentials request detected (policy-other.rules) * 1:43564 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user creation detected (policy-other.rules) * 1:43565 <-> DISABLED <-> APP-DETECT HTTPTunnel proxy outbound connection detected (app-detect.rules) * 1:43566 <-> DISABLED <-> SERVER-OTHER LAN Messenger initiation request buffer overflow attempt (server-other.rules) * 1:43573 <-> DISABLED <-> SERVER-OTHER Cisco IOS DHCP denial of service attempt (server-other.rules) * 1:43576 <-> DISABLED <-> INDICATOR-COMPROMISE possible Samsung DVR authentication bypass attempt (indicator-compromise.rules) * 1:43581 <-> DISABLED <-> SERVER-OTHER Oracle DBMS AUTH_ALTER_SESSION SQL injection attempt (server-other.rules) * 1:43582 <-> DISABLED <-> FILE-OTHER multiple vulnerabilities malformed .wav file buffer overflow attempt (file-other.rules) * 1:43596 <-> DISABLED <-> SERVER-OTHER Oracle Demantra information disclosure attempt (server-other.rules) * 1:43600 <-> DISABLED <-> FILE-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (file-other.rules) * 1:43601 <-> DISABLED <-> FILE-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (file-other.rules) * 1:43602 <-> DISABLED <-> SERVER-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (server-other.rules) * 1:43603 <-> DISABLED <-> FILE-OTHER Schneider Electric ClearSCADA malicious OPF file (file-other.rules) * 1:43604 <-> DISABLED <-> FILE-OTHER Schneider Electric ClearSCADA malicious OPF file (file-other.rules) * 1:43610 <-> DISABLED <-> SERVER-OTHER Piwigo LocalFiles editor cross-site request forgery attempt (server-other.rules) * 1:43611 <-> DISABLED <-> SERVER-OTHER Piwigo LocalFiles editor cross-site request forgery attempt (server-other.rules) * 1:43620 <-> DISABLED <-> SERVER-OTHER Real Networks Helix Server RTSP denial of service attempt (server-other.rules) * 1:43621 <-> DISABLED <-> SERVER-OTHER Real Networks Helix Server RTSP denial of service attempt (server-other.rules) * 1:43623 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file HostList processing stack buffer overflow attempt (file-other.rules) * 1:43624 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file InformixServerList processing stack buffer overflow attempt (file-other.rules) * 1:43626 <-> DISABLED <-> FILE-OTHER Schneider Electric MaxStream Configuration X-CTU code execution attempt (file-other.rules) * 1:43627 <-> DISABLED <-> FILE-OTHER Schneider Electric MaxStream Configuration X-CTU code execution attempt (file-other.rules) * 1:43632 <-> DISABLED <-> FILE-EXECUTABLE SandboxEscaper WER download attempt (file-executable.rules) * 1:43633 <-> DISABLED <-> FILE-EXECUTABLE SandboxEscaper WER download attempt (file-executable.rules) * 1:43638 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (file-office.rules) * 1:43639 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (file-office.rules) * 1:43640 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (file-office.rules) * 1:43641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (file-office.rules) * 1:43642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox multiple vulnerabilities memory corruption attempt (browser-firefox.rules) * 1:43643 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox design mode deleted style memory corruption attempt (browser-firefox.rules) * 1:43644 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox display moz-deck style memory corruption attempt (browser-firefox.rules) * 1:43651 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox large window null pointer dereference attempt (browser-firefox.rules) * 1:43652 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox large window null pointer dereference attempt (browser-firefox.rules) * 1:43660 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Server information disclosure attempt (server-oracle.rules) * 1:43661 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Servlet information disclosure attempt (server-oracle.rules) * 1:43662 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Servlet information disclosure attempt (server-oracle.rules) * 1:43663 <-> DISABLED <-> SERVER-OTHER WSFTP IpSwitch custom SITE command execution attempt (server-other.rules) * 1:43669 <-> DISABLED <-> FILE-OTHER Node.js JS-YAML js function tag code execution attempt (file-other.rules) * 1:43670 <-> DISABLED <-> FILE-OTHER Node.js JS-YAML js function tag code execution attempt (file-other.rules) * 1:43672 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products obfuscated cross site scripting attempt (browser-firefox.rules) * 1:43673 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products obfuscated cross site scripting attempt (browser-firefox.rules) * 1:43676 <-> DISABLED <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt (file-pdf.rules) * 1:43677 <-> DISABLED <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt (file-pdf.rules) * 1:43682 <-> DISABLED <-> FILE-OTHER Xion Media Player AIFF denial of service attempt (file-other.rules) * 1:43683 <-> DISABLED <-> FILE-OTHER Xion Media Player AIFF denial of service attempt (file-other.rules) * 1:43684 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod variant file download (malware-other.rules) * 1:43685 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod variant outbound connection (malware-other.rules) * 1:43686 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.NemucodAES variant outbound connection (malware-other.rules) * 1:43700 <-> DISABLED <-> SERVER-OTHER Monkey HTTPD null request denial of service attempt (server-other.rules) * 1:43705 <-> DISABLED <-> SERVER-OTHER HPE LoadRunner buffer overflow exploitation attempt (server-other.rules) * 1:43728 <-> DISABLED <-> SERVER-OTHER XChat heap buffer overflow attempt (server-other.rules) * 1:43730 <-> DISABLED <-> SERVER-OTHER multiple vulnerabilities malformed mp3 buffer overflow attempt (server-other.rules) * 1:43748 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox BOM character cross site scripting attempt (browser-firefox.rules) * 1:43749 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox BOM character cross site scripting attempt (browser-firefox.rules) * 1:43750 <-> DISABLED <-> FILE-OTHER Sorensoft Media Player asz file buffer overflow attempt (file-other.rules) * 1:43751 <-> DISABLED <-> FILE-OTHER Sorensoft Media Player asz file buffer overflow attempt (file-other.rules) * 1:43752 <-> DISABLED <-> SERVER-OTHER Sun Solaris dhcpd malformed bootp denial of service attempt (server-other.rules) * 1:43753 <-> DISABLED <-> SERVER-OTHER Sami FTP RETR denial of service attempt (server-other.rules) * 1:43760 <-> DISABLED <-> PROTOCOL-NNTP Control overflow attempt (protocol-nntp.rules) * 1:43761 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox wyciwgy domain forgery attempt (browser-firefox.rules) * 1:43763 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree node removal memory corruption attempt (browser-firefox.rules) * 1:43764 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree node removal memory corruption attempt (browser-firefox.rules) * 1:43765 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL null menu memory corruption attempt (browser-firefox.rules) * 1:43766 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL null menu memory corruption attempt (browser-firefox.rules) * 1:43767 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox floating layer denial of service attempt (browser-firefox.rules) * 1:43768 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox floating layer denial of service attempt (browser-firefox.rules) * 1:43769 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:43770 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:43771 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:43772 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:43773 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:43774 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:43784 <-> DISABLED <-> POLICY-OTHER D-Link DIR-645 router external authentication attempt (policy-other.rules) * 1:43794 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (file-other.rules) * 1:43795 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (file-other.rules) * 1:43797 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (file-other.rules) * 1:43798 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (file-other.rules) * 1:43806 <-> DISABLED <-> MALWARE-BACKDOOR HVL Rat inbound command (malware-backdoor.rules) * 1:43815 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (os-windows.rules) * 1:43816 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (os-windows.rules) * 1:43817 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (os-windows.rules) * 1:43818 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (os-windows.rules) * 1:43826 <-> DISABLED <-> BROWSER-OTHER Opera animation element denial of service attempt (browser-other.rules) * 1:43827 <-> DISABLED <-> BROWSER-OTHER Opera animation element denial of service attempt (browser-other.rules) * 1:43828 <-> DISABLED <-> FILE-OTHER Snackamp malformed AIFF buffer overflow attempt (file-other.rules) * 1:43834 <-> DISABLED <-> FILE-OTHER Bmxplay malformed BMX buffer overflow attempt (file-other.rules) * 1:43840 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP response format string exploit attempt (file-other.rules) * 1:43841 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:43842 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP response format string exploit attempt (file-other.rules) * 1:43843 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:43844 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:43845 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:43871 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (file-image.rules) * 1:43872 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (file-image.rules) * 1:43873 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (file-image.rules) * 1:43874 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (file-image.rules) * 1:43879 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF polygon heap buffer overflow attempt (file-other.rules) * 1:43880 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF polygon heap buffer overflow attempt (file-other.rules) * 1:43891 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules) * 1:43892 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules) * 1:43914 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode type confusion exploitation attempt (file-pdf.rules) * 1:43915 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode type confusion exploitation attempt (file-pdf.rules) * 1:43918 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43919 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43920 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43921 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43926 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA javascript use after free exploitation attempt (file-pdf.rules) * 1:43927 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA javascript use after free exploitation attempt (file-pdf.rules) * 1:43928 <-> DISABLED <-> PROTOCOL-OTHER NETBIOS Session Service header length field denial of service attempt (protocol-other.rules) * 1:43942 <-> DISABLED <-> FILE-OTHER Abbs Media Player LST buffer overflow attempt (file-other.rules) * 1:43943 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.DonaldDick variant outbound connection detection (malware-backdoor.rules) * 1:43944 <-> DISABLED <-> FILE-OTHER multiple products malformed CUE file buffer overflow attempt (file-other.rules) * 1:43945 <-> DISABLED <-> FILE-OTHER Magic Music Editor malformed CDA buffer overflow attempt (file-other.rules) * 1:43946 <-> DISABLED <-> FILE-OTHER Guitar Pro malformed GPX buffer overflow attempt (file-other.rules) * 1:43947 <-> DISABLED <-> FILE-OTHER Guitar Pro malformed GPX buffer overflow attempt (file-other.rules) * 1:43952 <-> DISABLED <-> FILE-OTHER VLC Media Player malformed AMR buffer overflow attempt (file-other.rules) * 1:43953 <-> DISABLED <-> FILE-OTHER VLC Media Player malformed AMR buffer overflow attempt (file-other.rules) * 1:43954 <-> DISABLED <-> BROWSER-FIREFOX Mozilla PLUGINSPAGE javascript execution attempt (browser-firefox.rules) * 1:43955 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine integer overflow attempt (browser-chrome.rules) * 1:43956 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine integer overflow attempt (browser-chrome.rules) * 1:43959 <-> DISABLED <-> SERVER-OTHER Sybase Open Server function pointer array code execution attempt (server-other.rules) * 1:43960 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products element style change memory corruption code execution attempt (browser-firefox.rules) * 1:43965 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .doc file denial of service attempt (os-windows.rules) * 1:43966 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .doc file denial of service attempt (os-windows.rules) * 1:43970 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIER16 out of bounds access attempt (file-multimedia.rules) * 1:43971 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIER16 out of bounds access attempt (file-multimedia.rules) * 1:43975 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Hermit variant malicious dropper download attempt (malware-other.rules) * 1:43976 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Hermit variant malicious dropper download attempt (malware-other.rules) * 1:43986 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electroc ModbusDrv.exe buffer overflow attempt (protocol-scada.rules) * 1:43987 <-> DISABLED <-> SERVER-OTHER Konqueror KDE ftp iframe denial of service attempt (server-other.rules) * 1:43988 <-> DISABLED <-> SERVER-OTHER Konqueror KDE ftp iframe denial of service attempt (server-other.rules) * 1:44004 <-> DISABLED <-> POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected (policy-other.rules) * 1:44009 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox empty lookupGetter dangling pointer attempt (browser-firefox.rules) * 1:44010 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox empty lookupGetter dangling pointer attempt (browser-firefox.rules) * 1:44015 <-> DISABLED <-> PROTOCOL-OTHER STCP heartbeat chunk denial of service attempt (protocol-other.rules) * 1:44019 <-> DISABLED <-> FILE-IMAGE malformed png missing IHDR (file-image.rules) * 1:44020 <-> DISABLED <-> FILE-IMAGE malformed png missing IHDR (file-image.rules) * 1:44024 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44026 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules) * 1:44038 <-> DISABLED <-> SERVER-OTHER LCDproc parse_all_client_messages buffer overflow attempt (server-other.rules) * 1:44039 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Launch action buffer overflow attempt (file-pdf.rules) * 1:44040 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Launch action buffer overflow attempt (file-pdf.rules) * 1:44041 <-> DISABLED <-> SERVER-OTHER LCDproc test_func buffer overflow attempt (server-other.rules) * 1:44050 <-> DISABLED <-> BROWSER-OTHER Apple Safari document.write buffer overflow attempt (browser-other.rules) * 1:44051 <-> DISABLED <-> BROWSER-OTHER Apple Safari document.write buffer overflow attempt (browser-other.rules) * 1:44055 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules) * 1:44056 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules) * 1:44057 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file EMR_ALPHABLEND record memory corruption attempt (file-other.rules) * 1:44058 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file EMR_ALPHABLEND record memory corruption attempt (file-other.rules) * 1:44064 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:44065 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:44066 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:44067 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:44078 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod file download (malware-other.rules) * 1:44096 <-> DISABLED <-> MALWARE-TOOLS Request to service that provices external IP address detected (malware-tools.rules) * 1:44103 <-> DISABLED <-> FILE-PDF Multiple products PDF JavaScript saveAs arbitrary file write attempt (file-pdf.rules) * 1:44104 <-> DISABLED <-> FILE-PDF Multiple products PDF JavaScript saveAs arbitrary file write attempt (file-pdf.rules) * 1:44105 <-> DISABLED <-> SERVER-OTHER WebPageTests upload feature remote file upload attempt (server-other.rules) * 1:44108 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44109 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44110 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44111 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44112 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44113 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44114 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44115 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44119 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record crash attempt (file-other.rules) * 1:44120 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record crash attempt (file-other.rules) * 1:44121 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (file-other.rules) * 1:44122 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (file-other.rules) * 1:44123 <-> DISABLED <-> FILE-OTHER EMF EMR_EXTTEXTOUTW record memory corruption attempt (file-other.rules) * 1:44124 <-> DISABLED <-> FILE-OTHER EMF EMR_EXTTEXTOUTW record memory corruption attempt (file-other.rules) * 1:44143 <-> DISABLED <-> SERVER-OTHER LCDproc test_func format string code execution attempt (server-other.rules) * 1:44151 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:44152 <-> DISABLED <-> SERVER-OTHER Multmedia Builder MEF buffer overflow attempt (server-other.rules) * 1:44155 <-> DISABLED <-> SERVER-APACHE Apache Qpid AMQP denial of service attempt (server-apache.rules) * 1:44156 <-> DISABLED <-> SERVER-APACHE Apache Qpid AMQP denial of service attempt (server-apache.rules) * 1:44158 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media Player malformed au denial of service attempt (file-other.rules) * 1:44159 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media Player malformed au denial of service attempt (file-other.rules) * 1:44172 <-> DISABLED <-> INDICATOR-OBFUSCATION suspicious dynamic http link creation attempt (indicator-obfuscation.rules) * 1:44180 <-> DISABLED <-> FILE-OTHER Bluezone Desktop buffer overflow attempt (file-other.rules) * 1:44181 <-> DISABLED <-> FILE-OTHER Bluezone Desktop buffer overflow attempt (file-other.rules) * 1:44194 <-> DISABLED <-> FILE-MULTIMEDIA multiple audio players playlist file handling heap overflow attempt (file-multimedia.rules) * 1:44201 <-> DISABLED <-> SERVER-OTHER Verso NetPerformer frame relay access device telnet buffer overflow attempt (server-other.rules) * 1:44202 <-> DISABLED <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt (server-other.rules) * 1:44203 <-> DISABLED <-> SERVER-OTHER HP Data Protector memory corruption attempt (server-other.rules) * 1:44204 <-> DISABLED <-> FILE-OTHER VideoLAN VLC Media Player Ogg/Vorbis denial of service attempt (file-other.rules) * 1:44205 <-> DISABLED <-> FILE-OTHER VideoLAN VLC Media Player Ogg/Vorbis denial of service attempt (file-other.rules) * 1:44206 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules) * 1:44207 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules) * 1:44208 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules) * 1:44209 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules) * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (file-identify.rules) * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:44286 <-> DISABLED <-> FILE-IMAGE Real-DRAW PRO malformed PNG denial of service attempt (file-image.rules) * 1:44303 <-> DISABLED <-> FILE-OFFICE Microsoft PowerPoint CString atom overflow attempt (file-office.rules) * 1:44304 <-> DISABLED <-> FILE-OFFICE Microsoft PowerPoint CString atom overflow attempt (file-office.rules) * 1:44320 <-> DISABLED <-> SERVER-OTHER Symantec Firewalls DNS response denial of service attempt (server-other.rules) * 1:44323 <-> DISABLED <-> FILE-OTHER RAR file malformed header antivirus evasion attempt (file-other.rules) * 1:44324 <-> DISABLED <-> POLICY-OTHER vsFTPd denial of service attempt (policy-other.rules) * 1:44325 <-> DISABLED <-> FILE-OTHER ZIP file malformed header antivirus evasion attempt (file-other.rules) * 1:44326 <-> DISABLED <-> SERVER-OTHER Novell iPrint Client buffer overflow attempt (server-other.rules) * 1:44355 <-> DISABLED <-> FILE-IMAGE Free Opener malformed JPEG file buffer overflow attempt (file-image.rules) * 1:44358 <-> DISABLED <-> PUA-ADWARE DealPly Adware variant outbound connection (pua-adware.rules) * 1:44368 <-> DISABLED <-> PROTOCOL-SCADA CoDeSys GatewayService heap overrun attempt (protocol-scada.rules) * 1:44369 <-> DISABLED <-> FILE-PDF Nitro Pro malformed object index buffer overflow attempt (file-pdf.rules) * 1:44370 <-> DISABLED <-> FILE-PDF Nitro Pro malformed object index buffer overflow attempt (file-pdf.rules) * 1:44374 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid hash algorithm (server-other.rules) * 1:44375 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid signature algorithm (server-other.rules) * 1:44382 <-> DISABLED <-> SERVER-OTHER D-Link router remote reboot attempt (server-other.rules) * 1:44394 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab variant outbound connection detected (pua-adware.rules) * 1:44395 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab variant outbound connection detected (pua-adware.rules) * 1:44416 <-> DISABLED <-> INDICATOR-COMPROMISE png file attachment without matching file magic (indicator-compromise.rules) * 1:44418 <-> DISABLED <-> SERVER-OTHER Tipping Point IPS reverse DNS lookup format string exploit attempt (server-other.rules) * 1:44434 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server possible OPTIONS method memory leak attempt (server-apache.rules) * 1:44441 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules) * 1:44442 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules) * 1:44468 <-> DISABLED <-> SERVER-OTHER SAP Netweaver Dynpro Engine denial of service attempt (server-other.rules) * 1:44474 <-> DISABLED <-> MALWARE-OTHER GHBkdr TLS Change Cipher spoof runtime detection (malware-other.rules) * 1:44475 <-> DISABLED <-> MALWARE-OTHER GHBkdr TLS Handshake spoof runtime detection (malware-other.rules) * 1:44476 <-> DISABLED <-> PUA-ADWARE Win.Adware.OutBrowse variant outbound connection detected (pua-adware.rules) * 1:44479 <-> DISABLED <-> PROTOCOL-DNS dnsmasq overly large DNS query denial of service attempt (protocol-dns.rules) * 1:44481 <-> DISABLED <-> SERVER-OTHER dnsmasq IPv6 heap overflow attempt (server-other.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44574 <-> DISABLED <-> SERVER-OTHER Ipass Client control pipe remote code execution attempt (server-other.rules) * 1:44576 <-> DISABLED <-> SERVER-OTHER Samsung Security Manager ActiveMQ arbitrary file upload attempt (server-other.rules) * 1:44577 <-> DISABLED <-> SERVER-OTHER Samsung Security Manager ActiveMQ cross site scripting attempt (server-other.rules) * 1:44581 <-> DISABLED <-> SERVER-OTHER TrendMicro OfficeScan LogonUser buffer overflow attempt (server-other.rules) * 1:44585 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx object type confusion attempt (file-office.rules) * 1:44586 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx object type confusion attempt (file-office.rules) * 1:44615 <-> DISABLED <-> INDICATOR-OBFUSCATION suspicious javascript deobfuscation calls attempt (indicator-obfuscation.rules) * 1:44623 <-> DISABLED <-> POLICY-OTHER EMC Autostart default domain login attempt (policy-other.rules) * 1:44633 <-> DISABLED <-> SERVER-OTHER Colorado FTP Server directory traversal attempt (server-other.rules) * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (policy-other.rules) * 1:44643 <-> DISABLED <-> SERVER-OTHER Mikrotik RouterOS denial of service attempt (server-other.rules) * 1:44647 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB2 transfer attempt (malware-other.rules) * 1:44648 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB transfer attempt (malware-other.rules) * 1:44649 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB2 transfer attempt (malware-other.rules) * 1:44650 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB transfer attempt (malware-other.rules) * 1:44651 <-> DISABLED <-> NETBIOS SMB NTLMSSP authentication brute force attempt (netbios.rules) * 1:44660 <-> DISABLED <-> SERVER-OTHER D-Link DIR-300 and DIR-600 command execution attempt (server-other.rules) * 1:44661 <-> DISABLED <-> SERVER-OTHER D-Link DIR-300 and DIR-600 information disclosure attempt (server-other.rules) * 1:44662 <-> DISABLED <-> SERVER-OTHER D-Link DIR-300 and DIR-600 information disclosure attempt (server-other.rules) * 1:44663 <-> DISABLED <-> SERVER-OTHER Mikrotik RouterOS SNMP security bypass attempt (server-other.rules) * 1:44665 <-> DISABLED <-> SERVER-OTHER Easy Chat Server buffer overflow attempt (server-other.rules) * 1:44666 <-> DISABLED <-> SERVER-OTHER Easy Chat Server buffer overflow attempt (server-other.rules) * 1:44674 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query integer overflow attempt (server-mysql.rules) * 1:44676 <-> DISABLED <-> SERVER-OTHER Wireshark Sigcomp buffer overflow attempt (server-other.rules) * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (policy-other.rules) * 1:44679 <-> DISABLED <-> SERVER-OTHER Beetel Connection Manager username buffer overflow attempt (server-other.rules) * 1:44680 <-> DISABLED <-> SERVER-OTHER Beetel Connection Manager username buffer overflow attempt (server-other.rules) * 1:44685 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules) * 1:44686 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules) * 1:44690 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:44691 <-> DISABLED <-> PUA-ADWARE Win.Adware.Clover outbound connection (pua-adware.rules) * 1:44694 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules) * 1:44695 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules) * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (policy-other.rules) * 1:44703 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44704 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44705 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44706 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44715 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate Collector process remote start attempt (server-other.rules) * 1:44716 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (server-other.rules) * 1:44717 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate Collector process remote start attempt (server-other.rules) * 1:44718 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (server-other.rules) * 1:44719 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (server-other.rules) * 1:44720 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (server-other.rules) * 1:44721 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate Manager process arbitrary file execution attempt (server-other.rules) * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules) * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules) * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44743 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:44756 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK denial of service attempt (server-other.rules) * 1:44757 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (file-other.rules) * 1:44758 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (file-other.rules) * 1:44759 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (file-other.rules) * 1:44783 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (file-identify.rules) * 1:44784 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (file-identify.rules) * 1:44785 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (file-identify.rules) * 1:44786 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (file-identify.rules) * 1:44795 <-> DISABLED <-> FILE-OFFICE Hewlett-Packard Autonomy KeyView library stack-based buffer overflow attempt (file-office.rules) * 1:44796 <-> DISABLED <-> FILE-OFFICE Hewlett-Packard Autonomy KeyView library stack-based buffer overflow attempt (file-office.rules) * 1:44808 <-> DISABLED <-> INDICATOR-COMPROMISE Apache HTTP Server possible mod_dav.c remote denial of service vulnerability attempt (indicator-compromise.rules) * 1:44825 <-> DISABLED <-> OS-WINDOWS Microsoft Edge out of bounds write attempt (os-windows.rules) * 1:44826 <-> DISABLED <-> OS-WINDOWS Microsoft Edge out of bounds write attempt (os-windows.rules) * 1:44838 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF memory corruption attempt (file-office.rules) * 1:44839 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF memory corruption attempt (file-office.rules) * 1:44864 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer OLE auto-open attempt (indicator-compromise.rules) * 1:44865 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer OLE auto-open attempt (indicator-compromise.rules) * 1:44878 <-> DISABLED <-> SERVER-OTHER Mako Web Server arbitrary file upload attempt (server-other.rules) * 1:44889 <-> DISABLED <-> PUA-TOOLBARS WidgiToolbar toolbar runtime detection (pua-toolbars.rules) * 1:44904 <-> DISABLED <-> FILE-PDF Adobe Acrobat untrusted pointer dereference attempt (file-pdf.rules) * 1:44905 <-> DISABLED <-> FILE-PDF Adobe Acrobat untrusted pointer dereference attempt (file-pdf.rules) * 1:44906 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javscript use after free attempt (file-pdf.rules) * 1:44907 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javscript use after free attempt (file-pdf.rules) * 1:44914 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PrintParams out of bounds array index attempt (file-pdf.rules) * 1:44915 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PrintParams out of bounds array index attempt (file-pdf.rules) * 1:44919 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusRectF out of bounds read attempt (file-other.rules) * 1:44920 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusRectF out of bounds read attempt (file-other.rules) * 1:44931 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file embedded JPEG invalid SOS data memory corruption attempt (file-other.rules) * 1:44932 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file embedded JPEG invalid SOS data memory corruption attempt (file-other.rules) * 1:44935 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:44936 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:44941 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader FDF file security bypass attempt (file-other.rules) * 1:44942 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader FDF file security bypass attempt (file-other.rules) * 1:44947 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:44948 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:44957 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed XObject use after free attempt (file-pdf.rules) * 1:44958 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed XObject use after free attempt (file-pdf.rules) * 1:44971 <-> DISABLED <-> SERVER-OTHER QNAP transcode server command injection attempt (server-other.rules) * 1:44974 <-> DISABLED <-> SERVER-OTHER Cisco IOS Smart Install identification attempt (server-other.rules) * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:44979 <-> DISABLED <-> FILE-PDF Foxit Reader util printf information disclosure attempt (file-pdf.rules) * 1:44980 <-> DISABLED <-> FILE-PDF Foxit Reader util printf information disclosure attempt (file-pdf.rules) * 1:44981 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Kristina encryption over SMB attempt (malware-other.rules) * 1:44982 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Kristina encryption over SMB attempt (malware-other.rules) * 1:44985 <-> DISABLED <-> SERVER-OTHER Galil RIO-47100 denial of service attempt (server-other.rules) * 1:44991 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules) * 1:45023 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules) * 1:45024 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules) * 1:45027 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules) * 1:45028 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules) * 1:45029 <-> DISABLED <-> FILE-PDF JPEG2000 image coding style default information disclosure attempt (file-pdf.rules) * 1:45030 <-> DISABLED <-> FILE-PDF JPEG2000 image coding style default information disclosure attempt (file-pdf.rules) * 1:45042 <-> DISABLED <-> BROWSER-OTHER Adobe Acrobat Pro WebCapture information disclosure attempt (browser-other.rules) * 1:45043 <-> DISABLED <-> BROWSER-OTHER Adobe Acrobat Pro WebCapture information disclosure attempt (browser-other.rules) * 1:45058 <-> DISABLED <-> FILE-OTHER Microsoft Windows UAC bypass attempt (file-other.rules) * 1:45059 <-> DISABLED <-> FILE-OTHER Microsoft Windows UAC bypass attempt (file-other.rules) * 1:45068 <-> DISABLED <-> SERVER-OTHER Oracle Identity Manager default login attempt (server-other.rules) * 1:45069 <-> DISABLED <-> SERVER-SAMBA Samba write andx command memory leak attempt (server-samba.rules) * 1:45070 <-> DISABLED <-> SERVER-SAMBA Samba write and close command memory leak attempt (server-samba.rules) * 1:45071 <-> DISABLED <-> SERVER-SAMBA Samba write and unlock command memory leak attempt (server-samba.rules) * 1:45072 <-> DISABLED <-> SERVER-SAMBA Samba write command memory leak attempt (server-samba.rules) * 1:45085 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:45101 <-> DISABLED <-> PROTOCOL-SCADA vxworks rpc credential flavor integer overflow device crash attempt (protocol-scada.rules) * 1:45108 <-> DISABLED <-> PROTOCOL-RPC XDR string allocation denial of service attempt (protocol-rpc.rules) * 1:45125 <-> DISABLED <-> FILE-OTHER Adobe Shockwave newModel memory disclosure attempt (file-other.rules) * 1:45126 <-> DISABLED <-> FILE-OTHER Adobe Shockwave newModel memory disclosure attempt (file-other.rules) * 1:45152 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft MsMpEng shrink compressed zip code execution attempt (indicator-compromise.rules) * 1:45153 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft MsMpEng shrink compressed zip code execution attempt (indicator-compromise.rules) * 1:45157 <-> DISABLED <-> SERVER-OTHER SSDP M-SEARCH ssdp-all potential amplified distributed denial-of-service attempt (server-other.rules) * 1:45164 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 3 dump request attempt (policy-other.rules) * 1:45165 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 2 dump request attempt (policy-other.rules) * 1:45166 <-> DISABLED <-> POLICY-OTHER RPC Portmapper getstat request attempt (policy-other.rules) * 1:45173 <-> DISABLED <-> BROWSER-FIREFOX Mozilla download directory file deletion attempt (browser-firefox.rules) * 1:45174 <-> DISABLED <-> BROWSER-FIREFOX Mozilla download directory file deletion attempt (browser-firefox.rules) * 1:45187 <-> DISABLED <-> SERVER-OTHER WinRadius long password denial of service attempt (server-other.rules) * 1:45188 <-> DISABLED <-> SERVER-OTHER ElectraSoft 32bit FTP PASV reply stack buffer overflow attempt (server-other.rules) * 1:45206 <-> DISABLED <-> BROWSER-FIREFOX Multiple browser pressure function denial of service attempt (browser-firefox.rules) * 1:45207 <-> DISABLED <-> PROTOCOL-SCADA WelinTech Kingview History Server denial of service attempt (protocol-scada.rules) * 1:45224 <-> DISABLED <-> FILE-FLASH Adobe Flash memory corruption exploit attempt (file-flash.rules) * 1:45225 <-> DISABLED <-> FILE-FLASH Adobe Flash memory corruption exploit attempt (file-flash.rules) * 1:45227 <-> DISABLED <-> SERVER-OTHER Docker Rancher Server remote code execution attempt (server-other.rules) * 1:45228 <-> DISABLED <-> SERVER-OTHER Medal Of Honor Allied Assault getinfo buffer overflow attempt (server-other.rules) * 1:45233 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon Quantum modbus stop command attempt (protocol-scada.rules) * 1:45234 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon Quantum modbus start command attempt (protocol-scada.rules) * 1:45246 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox DOM event handler privilege escalation attempt (browser-firefox.rules) * 1:45247 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox DOM event handler privilege escalation attempt (browser-firefox.rules) * 1:45253 <-> DISABLED <-> SERVER-OTHER Dahua DVR hard-coded root login attempt (server-other.rules) * 1:45256 <-> DISABLED <-> BROWSER-OTHER IBM Notes denial of service attempt (browser-other.rules) * 1:45257 <-> DISABLED <-> BROWSER-OTHER IBM Notes denial of service attempt (browser-other.rules) * 1:45307 <-> DISABLED <-> SERVER-APACHE Apache SSI error page cross-site scripting attempt (server-apache.rules) * 1:45311 <-> DISABLED <-> POLICY-OTHER Vicon Security and Infinova IP cameras IP filer state change (policy-other.rules) * 1:45348 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules) * 1:45349 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules) * 1:45350 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules) * 1:45351 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules) * 1:45356 <-> DISABLED <-> FILE-FLASH Adobe Flash Player null pointer dereference attempt (file-flash.rules) * 1:45380 <-> DISABLED <-> SERVER-OTHER Sixnet SixView Manager directory traversal attempt (server-other.rules) * 1:45385 <-> DISABLED <-> OS-OTHER Mac OS X setuid privilege esclatation exploit attempt (os-other.rules) * 1:45386 <-> DISABLED <-> OS-OTHER Mac OS X setuid privilege esclatation exploit attempt (os-other.rules) * 1:45394 <-> DISABLED <-> SERVER-OTHER Quest Privilege Manager pmmasterd denial of service attempt (server-other.rules) * 1:45397 <-> DISABLED <-> PUA-ADWARE Osx.Adware.SurfBuyer adware outbound connection detected (pua-adware.rules) * 1:45398 <-> DISABLED <-> PUA-ADWARE Osx.Adware.SurfBuyer adware outbound connection detected (pua-adware.rules) * 1:45402 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word memory corruption exploit attempt (file-office.rules) * 1:45403 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word memory corruption exploit attempt (file-office.rules) * 1:45411 <-> DISABLED <-> POLICY-OTHER TrendMicro ServerProtect server configuration file download detected (policy-other.rules) * 1:45417 <-> DISABLED <-> POLICY-OTHER Stratum mining protocol outbound connection attempt (policy-other.rules) * 1:45423 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU (protocol-scada.rules) * 1:45424 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ResponsePDU (protocol-scada.rules) * 1:45425 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ErrorPDU (protocol-scada.rules) * 1:45426 <-> DISABLED <-> PROTOCOL-SCADA MMS UnconfirmedPDU (protocol-scada.rules) * 1:45427 <-> DISABLED <-> PROTOCOL-SCADA MMS RejectPDU (protocol-scada.rules) * 1:45428 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-RequestPDU (protocol-scada.rules) * 1:45429 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ResponsePDU (protocol-scada.rules) * 1:45430 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ErrorPDU (protocol-scada.rules) * 1:45431 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-RequestPDU (protocol-scada.rules) * 1:45432 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ResponsePDU (protocol-scada.rules) * 1:45433 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ErrorPDU (protocol-scada.rules) * 1:45434 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-RequestPDU (protocol-scada.rules) * 1:45435 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ResponsePDU (protocol-scada.rules) * 1:45436 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ErrorPDU (protocol-scada.rules) * 1:45440 <-> DISABLED <-> SERVER-OTHER HP LoadRunner remote command execution attempt (server-other.rules) * 1:45476 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox HTTP index format out of bounds read attempt (browser-firefox.rules) * 1:45491 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word PlfLfo use after free attempt (file-office.rules) * 1:45492 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word PlfLfo use after free attempt (file-office.rules) * 1:45499 <-> DISABLED <-> SERVER-OTHER ISC DHCPD remote denial of service attempt (server-other.rules) * 1:45515 <-> ENABLED <-> NETBIOS SMB SESSION_SETUP subcommand detected (netbios.rules) * 1:45533 <-> DISABLED <-> FILE-OTHER Ghostscript rsdparams type confusion attempt (file-other.rules) * 1:45534 <-> DISABLED <-> FILE-OTHER Ghostscript rsdparams type confusion attempt (file-other.rules) * 1:45535 <-> DISABLED <-> FILE-OTHER Ghostscript eqproc type confusion attempt (file-other.rules) * 1:45536 <-> DISABLED <-> FILE-OTHER Ghostscript eqproc type confusion attempt (file-other.rules) * 1:45543 <-> DISABLED <-> FILE-OTHER WinAce RAR file directory traversal attempt (file-other.rules) * 1:45544 <-> DISABLED <-> FILE-OTHER WinAce RAR file directory traversal attempt (file-other.rules) * 1:45545 <-> DISABLED <-> PUA-ADWARE Osx.Adware.Mughthesec outbound connection attempt (pua-adware.rules) * 1:45550 <-> ENABLED <-> PUA-OTHER CPUMiner-Multi cryptocurrency mining pool connection attempt (pua-other.rules) * 1:45565 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant download attempt (malware-other.rules) * 1:45571 <-> DISABLED <-> SERVER-OTHER Commvault Communications Service command injection attempt (server-other.rules) * 1:45576 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Function focus overflow attempt (browser-firefox.rules) * 1:45577 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules) * 1:45578 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules) * 1:45579 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules) * 1:45580 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules) * 1:45581 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules) * 1:45582 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules) * 1:45583 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP SIP servers discovery attempt (protocol-voip.rules) * 1:45584 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP SIP servers discovery attempt (protocol-voip.rules) * 1:45587 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:45588 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:45589 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:45590 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:45591 <-> DISABLED <-> PROTOCOL-FTP LabF nfsAxe FTP Client buffer overflow attempt (protocol-ftp.rules) * 1:45611 <-> DISABLED <-> PROTOCOL-SNMP Cambium cnPilot SNMP request with read-only community string attempt (protocol-snmp.rules) * 1:45612 <-> DISABLED <-> PROTOCOL-TFTP WRITE long filename attempt (protocol-tftp.rules) * 1:45618 <-> DISABLED <-> PROTOCOL-SNMP Cambium ePMP SNMP request with read-only community string attempt (protocol-snmp.rules) * 1:45619 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules) * 1:45630 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS privilege escalation attempt (file-other.rules) * 1:45631 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS privilege escalation attempt (file-other.rules) * 1:45638 <-> DISABLED <-> SERVER-MAIL SqWebMail print_header_ua cross site scripting attempt (server-mail.rules) * 1:45639 <-> DISABLED <-> SERVER-MAIL SqWebMail print_header_ua cross site scripting attempt (server-mail.rules) * 1:45640 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:45641 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:45669 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:45670 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:45671 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:45672 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:45684 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro BMP out of bounds read attempt (file-image.rules) * 1:45685 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro BMP out of bounds read attempt (file-image.rules) * 1:45686 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded JPEG out of bounds read attempt (file-other.rules) * 1:45687 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded JPEG out of bounds read attempt (file-other.rules) * 1:45719 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader OCG heap overflow attempt (file-pdf.rules) * 1:45720 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader OCG heap overflow attempt (file-pdf.rules) * 1:45745 <-> DISABLED <-> SERVER-OTHER CloudMe Sync Client stack buffer overflow attempt (server-other.rules) * 1:45746 <-> DISABLED <-> SERVER-OTHER CloudMe Sync Client stack buffer overflow attempt (server-other.rules) * 1:45747 <-> DISABLED <-> SERVER-OTHER CloudMe Sync Client stack buffer overflow attempt (server-other.rules) * 1:45758 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View guest login attempt (policy-other.rules) * 1:45759 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View built-in function WebGetFile usage attempt (policy-other.rules) * 1:45770 <-> DISABLED <-> POLICY-OTHER Polycom VoIP config download attempt (policy-other.rules) * 1:45776 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:45777 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:45780 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:45781 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:45784 <-> DISABLED <-> FILE-PDF Adobe Reader annotation object out of bounds read attempt (file-pdf.rules) * 1:45785 <-> DISABLED <-> FILE-PDF Adobe Reader annotation object out of bounds read attempt (file-pdf.rules) * 1:45802 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:45803 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:45871 <-> DISABLED <-> PROTOCOL-SCADA IntegraXor 6x denial of service attempt (protocol-scada.rules) * 1:45879 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF listoverride memory corruption attempt (file-office.rules) * 1:45880 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF listoverride memory corruption attempt (file-office.rules) * 1:45919 <-> DISABLED <-> EXPLOIT-KIT Sundown/Terror EK landing page attempt (exploit-kit.rules) * 1:45933 <-> DISABLED <-> FILE-EXECUTABLE Binutils objdump integer overflow attempt (file-executable.rules) * 1:45934 <-> DISABLED <-> FILE-EXECUTABLE Binutils objdump integer overflow attempt (file-executable.rules) * 1:45983 <-> DISABLED <-> POLICY-OTHER Sandvine PacketLogic http redirection attempt (policy-other.rules) * 1:46072 <-> DISABLED <-> FILE-OTHER Python lib wave.py wav zero channel denial of service attempt (file-other.rules) * 1:46073 <-> DISABLED <-> FILE-OTHER Python lib wave.py wav zero channel denial of service attempt (file-other.rules) * 1:46074 <-> DISABLED <-> FILE-OTHER Microsoft Windows Remote Assistance external entity remote file download attempt (file-other.rules) * 1:46075 <-> DISABLED <-> FILE-OTHER Microsoft Windows Remote Assistance external entity remote file download attempt (file-other.rules) * 1:46077 <-> DISABLED <-> FILE-IMAGE Gifsicle gifread double-free attempt (file-image.rules) * 1:46078 <-> DISABLED <-> FILE-IMAGE Gifsicle gifread double-free attempt (file-image.rules) * 1:46098 <-> DISABLED <-> PROTOCOL-OTHER Routing Information Protocol version 1 potential amplified distributed denial of service attempt (protocol-other.rules) * 1:46115 <-> DISABLED <-> SERVER-APACHE FrontPage privilege escalation attempt (server-apache.rules) * 1:46116 <-> DISABLED <-> SERVER-APACHE FrontPage privilege escalation attempt (server-apache.rules) * 1:46121 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46122 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46123 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46124 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46258 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip out of bounds write attempt (file-flash.rules) * 1:46259 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip out of bounds write attempt (file-flash.rules) * 1:46289 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell transfer attempt (malware-backdoor.rules) * 1:46304 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ JMS ObjectMessage deserialization attempt (server-other.rules) * 1:46317 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules) * 1:46318 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules) * 1:46324 <-> ENABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:46326 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed PageManagementService persistent XSS attempt (server-apache.rules) * 1:46327 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed PageManagementService persistent XSS attempt (server-apache.rules) * 1:46335 <-> DISABLED <-> SERVER-OTHER QNAP QTS hard coded credential access attempt (server-other.rules) * 1:46336 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed User Manager service unauthorized API access attempt (server-apache.rules) * 1:46342 <-> DISABLED <-> SERVER-OTHER QNAP QTS cross site request forgery attempt (server-other.rules) * 1:46366 <-> ENABLED <-> PUA-OTHER CryptoNight webassembly download attempt (pua-other.rules) * 1:46367 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file download detected (file-identify.rules) * 1:46373 <-> DISABLED <-> PROTOCOL-OTHER CLDAP potential reflected distributed denial of service attempt (protocol-other.rules) * 1:46374 <-> DISABLED <-> PROTOCOL-OTHER CLDAP potential reflected distributed denial of service attempt (protocol-other.rules) * 1:46375 <-> DISABLED <-> SERVER-OTHER DualDesk v20 Proxy.exe long string denial of service attempt (server-other.rules) * 1:46381 <-> DISABLED <-> INDICATOR-COMPROMISE Potential data exfiltration through Google form submission (indicator-compromise.rules) * 1:46382 <-> DISABLED <-> SERVER-OTHER Micro Focus Operations Orchestration denial of service attempt (server-other.rules) * 1:46383 <-> DISABLED <-> SERVER-OTHER Micro Focus Operations Orchestration information disclosure attempt (server-other.rules) * 1:46387 <-> DISABLED <-> SERVER-OTHER Multiple Vendors NTP zero-origin timestamp denial of service attempt (server-other.rules) * 1:46393 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file detected (file-identify.rules) * 1:46394 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file attachment detected (file-identify.rules) * 1:46398 <-> DISABLED <-> BROWSER-OTHER Mozilla Firefox table object integer underflow (browser-other.rules) * 1:46399 <-> DISABLED <-> BROWSER-OTHER Mozilla Firefox table object integer underflow (browser-other.rules) * 1:46403 <-> DISABLED <-> NETBIOS SMB NTLM Authentication with unknown authentication message type attempt (netbios.rules) * 1:46409 <-> DISABLED <-> OS-WINDOWS Attempted DNS overflow (os-windows.rules) * 1:46412 <-> DISABLED <-> PUA-OTHER Javascript obfuscated by obfuscator.io download attempt (pua-other.rules) * 1:46417 <-> DISABLED <-> SERVER-OTHER X.509 IPAddressFamily extension buffer overread attempt (server-other.rules) * 1:46418 <-> DISABLED <-> SERVER-OTHER X.509 IPAddressFamily extension buffer overread attempt (server-other.rules) * 1:46419 <-> DISABLED <-> OS-WINDOWS Microsoft Windows XXE information disclosure attempt (os-windows.rules) * 1:46420 <-> DISABLED <-> OS-WINDOWS Microsoft Windows XXE information disclosure attempt (os-windows.rules) * 1:46428 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:46447 <-> DISABLED <-> POLICY-OTHER TP-Link device reboot attempt (policy-other.rules) * 1:46448 <-> DISABLED <-> POLICY-OTHER TP-Link device enable remote management attempt (policy-other.rules) * 1:46484 <-> DISABLED <-> SERVER-MAIL Multiple IMAP servers DELETE command buffer overflow attempt (server-mail.rules) * 1:46495 <-> DISABLED <-> SERVER-OTHER HTTP request smuggling attempt (server-other.rules) * 1:46613 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46614 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46615 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46616 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46617 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46618 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46619 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46663 <-> DISABLED <-> INDICATOR-COMPROMISE Outbound telize.com geo-IP location connection attempt (indicator-compromise.rules) * 1:46664 <-> DISABLED <-> INDICATOR-COMPROMISE Outbound freegeoip.net geo-IP location connection attempt (indicator-compromise.rules) * 1:46667 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46668 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46669 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46670 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46671 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46672 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46673 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46674 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46679 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (indicator-compromise.rules) * 1:46711 <-> DISABLED <-> FILE-OTHER Adobe Professional BMP embedded image heap overflow attempt (file-other.rules) * 1:46712 <-> DISABLED <-> FILE-OTHER Adobe Professional BMP embedded image heap overflow attempt (file-other.rules) * 1:46715 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader use after free attempt (file-pdf.rules) * 1:46716 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader use after free attempt (file-pdf.rules) * 1:46725 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (file-image.rules) * 1:46726 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (file-image.rules) * 1:46729 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS out of bounds read attempt (file-other.rules) * 1:46730 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS out of bounds read attempt (file-other.rules) * 1:46765 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46766 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46767 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46781 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46797 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:46798 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:46848 <-> DISABLED <-> INDICATOR-COMPROMISE Possible Samba internal DNS forged response (indicator-compromise.rules) * 1:46878 <-> DISABLED <-> SERVER-OTHER BMC Server Automation RSCD Agent remote code execution attempt (server-other.rules) * 1:46879 <-> DISABLED <-> SERVER-OTHER BMC Server Automation RSCD Agent remote code execution attempt (server-other.rules) * 1:46880 <-> DISABLED <-> SERVER-OTHER BMC Server Automation RSCD Agent remote code execution attempt (server-other.rules) * 1:46903 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows SYSTEM token stealing attempt (indicator-compromise.rules) * 1:46904 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows SYSTEM token stealing attempt (indicator-compromise.rules) * 1:46905 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows malicious CONTEXT structure creation attempt (indicator-compromise.rules) * 1:46906 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows malicious CONTEXT structure creation attempt (indicator-compromise.rules) * 1:46907 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows processor modification return to user-mode attempt (indicator-compromise.rules) * 1:46908 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows processor modification return to user-mode attempt (indicator-compromise.rules) * 1:46909 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows Interrupt Service Routine stack rollback attempt (indicator-compromise.rules) * 1:46910 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows Interrupt Service Routine stack rollback attempt (indicator-compromise.rules) * 1:46915 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:46916 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:46931 <-> DISABLED <-> INDICATOR-COMPROMISE dynamic Excel web query file download attempt (indicator-compromise.rules) * 1:46932 <-> DISABLED <-> INDICATOR-COMPROMISE dynamic Excel web query file download attempt (indicator-compromise.rules) * 1:46957 <-> DISABLED <-> OS-WINDOWS Microsoft Windows hidparse.sys privilege escalation attempt (os-windows.rules) * 1:46958 <-> DISABLED <-> OS-WINDOWS Microsoft Windows hidparse.sys privilege escalation attempt (os-windows.rules) * 1:46960 <-> DISABLED <-> FILE-OTHER Adobe Flash Player AMF0 Shared Object integer overflow attempt (file-other.rules) * 1:46975 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (browser-chrome.rules) * 1:46976 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (browser-chrome.rules) * 1:46977 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (browser-chrome.rules) * 1:46978 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (browser-chrome.rules) * 1:46979 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office Discovery User-Agent to a potential URL shortener service (indicator-compromise.rules) * 1:46980 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office Discovery User-Agent to a potential URL shortener service (indicator-compromise.rules) * 1:47018 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 __defineGetter__ memory corruption attempt (browser-chrome.rules) * 1:47019 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 __defineGetter__ memory corruption attempt (browser-chrome.rules) * 1:47024 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (indicator-compromise.rules) * 1:47032 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:47033 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:47043 <-> DISABLED <-> INDICATOR-COMPROMISE Atvise SCADA user enumeration attempt (indicator-compromise.rules) * 1:47044 <-> DISABLED <-> INDICATOR-COMPROMISE Atvise SCADA privilege escalation attempt (indicator-compromise.rules) * 1:47059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-image.rules) * 1:47060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-image.rules) * 1:47070 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:47093 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules) * 1:47094 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules) * 1:47095 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules) * 1:47115 <-> DISABLED <-> SERVER-MAIL Zerofont phishing attempt (server-mail.rules) * 1:47116 <-> DISABLED <-> SERVER-MAIL Zerofont phishing attempt (server-mail.rules) * 1:47129 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules) * 1:47130 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules) * 1:47146 <-> DISABLED <-> POLICY-OTHER Siemens SICAM PAS hard coded factory account usage attempt (policy-other.rules) * 1:47153 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47154 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47157 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (file-image.rules) * 1:47158 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (file-image.rules) * 1:47187 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules) * 1:47188 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules) * 1:47195 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47196 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47230 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules) * 1:47231 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules) * 1:47232 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47233 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47251 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47252 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47266 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47267 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47268 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47269 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47274 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47275 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47279 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47280 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47312 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47313 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47314 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (file-image.rules) * 1:47315 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (file-image.rules) * 1:47318 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds write attempt (file-pdf.rules) * 1:47319 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds write attempt (file-pdf.rules) * 1:47328 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:47329 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:47330 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:47331 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:47332 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (file-other.rules) * 1:47333 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (file-other.rules) * 1:47334 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out of bounds write attempt (file-pdf.rules) * 1:47335 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out of bounds write attempt (file-pdf.rules) * 1:47343 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47344 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47350 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47351 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47352 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47353 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47356 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47357 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47359 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47360 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47361 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47362 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47365 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:47366 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:47369 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (file-other.rules) * 1:47370 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (file-other.rules) * 1:47378 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (file-pdf.rules) * 1:47379 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (file-pdf.rules) * 1:47382 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (file-image.rules) * 1:47383 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (file-image.rules) * 1:47384 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47385 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47413 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic T3 inbound connection detected (policy-other.rules) * 1:47422 <-> DISABLED <-> FILE-OTHER SAP GUI ABAP code arbitrary dll-load attempt (file-other.rules) * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (policy-other.rules) * 1:47541 <-> DISABLED <-> SERVER-MAIL EHLO user overflow attempt (server-mail.rules) * 1:47585 <-> DISABLED <-> SERVER-OTHER ntpq decode array buffer overflow attempt (server-other.rules) * 1:47611 <-> DISABLED <-> FILE-OTHER Easy MPEG to DVD Burner buffer overflow attempt (file-other.rules) * 1:47612 <-> DISABLED <-> FILE-OTHER Easy MPEG to DVD Burner buffer overflow attempt (file-other.rules) * 1:47625 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (file-other.rules) * 1:47626 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (file-other.rules) * 1:47639 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling (indicator-obfuscation.rules) * 1:47685 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules) * 1:47686 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules) * 1:47687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules) * 1:47688 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules) * 1:47820 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid Diffie-Hellman parameter NULL pointer dereference attempt (server-other.rules) * 1:47821 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid Diffie-Hellman parameter NULL pointer dereference attempt (server-other.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules) * 1:47838 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules) * 1:47839 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules) * 1:47874 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (file-image.rules) * 1:47875 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (file-image.rules) * 1:47883 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (file-other.rules) * 1:47884 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (file-other.rules) * 1:47885 <-> DISABLED <-> FILE-OTHER Microsoft Windows JET Database Engine out-of-bounds write attempt (file-other.rules) * 1:47886 <-> DISABLED <-> FILE-OTHER Microsoft Windows JET Database Engine out-of-bounds write attempt (file-other.rules) * 1:47889 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:47890 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:47896 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules) * 1:47897 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules) * 1:47907 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules) * 1:47908 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules) * 1:47909 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules) * 1:47910 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules) * 1:47939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules) * 1:47940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules) * 1:47943 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules) * 1:47944 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules) * 1:47961 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules) * 1:47962 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules) * 1:47989 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:47990 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:48029 <-> DISABLED <-> SERVER-MAIL PHPMailer information disclosure attempt (server-mail.rules) * 1:48039 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules) * 1:48040 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules) * 1:48109 <-> DISABLED <-> SERVER-OTHER Aktakom oscilloscope denial of service attempt (server-other.rules) * 1:48114 <-> DISABLED <-> SERVER-OTHER Delta Industrial Automation Robot DRAStudio Arbitrary File Disclosure attempt (server-other.rules) * 1:48121 <-> DISABLED <-> SERVER-OTHER LSIS wXP Denial of Service attempt (server-other.rules) * 1:48127 <-> DISABLED <-> SERVER-OTHER Reliance SCADA Control Server Denial of Service attempt (server-other.rules) * 1:48134 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules) * 1:48135 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules) * 1:48144 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules) * 1:48145 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules) * 1:48146 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip variant runtime detection (malware-backdoor.rules) * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules) * 1:48167 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48168 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48169 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Filter Manager Elevation Of Privilege attempt (os-windows.rules) * 1:48211 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out-of-bounds write attempt (file-pdf.rules) * 1:48212 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out-of-bounds write attempt (file-pdf.rules) * 1:48221 <-> DISABLED <-> SERVER-OTHER Oracle MySQL uninitialized variable remote code execution attempt (server-other.rules) * 1:48222 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantomPDF use after free exploitation attempt (file-pdf.rules) * 1:48223 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantomPDF use after free exploitation attempt (file-pdf.rules) * 1:48224 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox sandbox escape attempt (browser-firefox.rules) * 1:48225 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox sandbox escape attempt (browser-firefox.rules) * 1:48249 <-> DISABLED <-> SERVER-OTHER GP ProEX WinGP Runtime directory traversal attempt (server-other.rules) * 1:48295 <-> DISABLED <-> FILE-OTHER out-of-bounds write attempt with malicious MAR file detected (file-other.rules) * 1:48296 <-> DISABLED <-> FILE-OTHER out-of-bounds write attempt with malicious MAR file detected (file-other.rules) * 1:48309 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48310 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48311 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48312 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48313 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48314 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48315 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48316 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48317 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48318 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48319 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48320 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48321 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48322 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48323 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48324 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48325 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48326 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48327 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48328 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48329 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48330 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48331 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48332 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48333 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48334 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48335 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48336 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48337 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48338 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48339 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48340 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48341 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48342 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48343 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48344 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48345 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48346 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48347 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48348 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48349 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48350 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48351 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48352 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48400 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds read attempt (file-flash.rules) * 1:48401 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds read attempt (file-flash.rules) * 1:48439 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address/location detected (indicator-compromise.rules) * 1:48553 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file download request (file-identify.rules) * 1:48554 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:48555 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:48556 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:48569 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell download (malware-tools.rules) * 1:48570 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell commands sent in X-JEX headers (malware-tools.rules) * 1:48571 <-> DISABLED <-> MALWARE-TOOLS JexBoss User-Agent detected (malware-tools.rules) * 1:48576 <-> DISABLED <-> PROTOCOL-SCADA PNIO-CM Connect Operation (protocol-scada.rules) * 1:48577 <-> DISABLED <-> PROTOCOL-SCADA PNIO-CM Connect Operation (protocol-scada.rules) * 1:48584 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript resolveNode use-after-free attempt (file-pdf.rules) * 1:48585 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript resolveNode use-after-free attempt (file-pdf.rules) * 1:48823 <-> DISABLED <-> POLICY-OTHER C-More Programming Simulator denial of service attempt (policy-other.rules) * 1:48861 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48862 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48863 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48864 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48894 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - Web Open Font Format evasion attempt (policy-spam.rules) * 1:48895 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - Web Open Font Format evasion attempt (policy-spam.rules) * 1:48909 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48910 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48911 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48912 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48913 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48914 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48915 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48916 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48917 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48918 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48919 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48920 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48921 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48922 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48923 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48924 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48925 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48926 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48927 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48928 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48929 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48930 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48931 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48932 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48933 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48934 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48935 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48936 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48965 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:48966 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:48967 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:48968 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:48984 <-> DISABLED <-> PROTOCOL-SCADA PCOM Identification ASCII request (protocol-scada.rules) * 1:48985 <-> DISABLED <-> PROTOCOL-SCADA PCOM Init Device ASCII request (protocol-scada.rules) * 1:48986 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set UnitID ASCII request (protocol-scada.rules) * 1:48987 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get UnitID ASCII request (protocol-scada.rules) * 1:48988 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Inputs ASCII request (protocol-scada.rules) * 1:48989 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set RTC ASCII request (protocol-scada.rules) * 1:48990 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Ouputs ASCII request (protocol-scada.rules) * 1:48991 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Bits ASCII request (protocol-scada.rules) * 1:48992 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Integers ASCII request (protocol-scada.rules) * 1:48993 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Longs ASCII request (protocol-scada.rules) * 1:48994 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Integers ASCII request (protocol-scada.rules) * 1:48995 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Bits ASCII request (protocol-scada.rules) * 1:48996 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Longs ASCII request (protocol-scada.rules) * 1:48997 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Integers ASCII request (protocol-scada.rules) * 1:48998 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Bits ASCII request (protocol-scada.rules) * 1:48999 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Ouputs ASCII request (protocol-scada.rules) * 1:49000 <-> DISABLED <-> PROTOCOL-SCADA PCOM Stop Device ASCII request (protocol-scada.rules) * 1:49001 <-> DISABLED <-> PROTOCOL-SCADA PCOM Start Device ASCII request (protocol-scada.rules) * 1:49002 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Longs ASCII request (protocol-scada.rules) * 1:49003 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get RTC ASCII request (protocol-scada.rules) * 1:49004 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Bits ASCII request (protocol-scada.rules) * 1:49005 <-> DISABLED <-> PROTOCOL-SCADA PCOM Reset Device ASCII request (protocol-scada.rules) * 1:49006 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Longs ASCII request (protocol-scada.rules) * 1:49007 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Integers ASCII request (protocol-scada.rules) * 1:49008 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Operands binary request (protocol-scada.rules) * 1:49009 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set UnitID ASCII reply (protocol-scada.rules) * 1:49010 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get RTC ASCII reply (protocol-scada.rules) * 1:49011 <-> DISABLED <-> PROTOCOL-SCADA PCOM Identification ASCII reply (protocol-scada.rules) * 1:49012 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Data Table binary request (protocol-scada.rules) * 1:49013 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get UnitID ASCII reply (protocol-scada.rules) * 1:49014 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Data Table binary request (protocol-scada.rules) * 1:49015 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get PLC Name binary request (protocol-scada.rules) * 1:49016 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set RTC ASCII reply (protocol-scada.rules) * 1:49017 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Inputs ASCII reply (protocol-scada.rules) * 1:49018 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Bits ASCII reply (protocol-scada.rules) * 1:49019 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Longs ASCII reply (protocol-scada.rules) * 1:49020 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Integers ASCII reply (protocol-scada.rules) * 1:49021 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Ouputs ASCII reply (protocol-scada.rules) * 1:49022 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Bits ASCII reply (protocol-scada.rules) * 1:49023 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Integers ASCII reply (protocol-scada.rules) * 1:49024 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Bits ASCII reply (protocol-scada.rules) * 1:49025 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Integers ASCII reply (protocol-scada.rules) * 1:49026 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Bits ASCII reply (protocol-scada.rules) * 1:49027 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Ouputs ASCII reply (protocol-scada.rules) * 1:49028 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Integers ASCII reply (protocol-scada.rules) * 1:49029 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Longs ASCII reply (protocol-scada.rules) * 1:49030 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Operands binary reply (protocol-scada.rules) * 1:49031 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get PLC Name binary reply (protocol-scada.rules) * 1:49032 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Data Table binary reply (protocol-scada.rules) * 1:49033 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Data Table binary reply (protocol-scada.rules) * 1:49050 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC S7-1500 remote denial of service attempt (protocol-scada.rules) * 1:49051 <-> DISABLED <-> SERVER-OTHER Ewon router default credential login attempt (server-other.rules) * 1:49052 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49053 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49054 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49055 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49056 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49057 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49058 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49059 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49060 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49061 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49062 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49063 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49064 <-> DISABLED <-> SERVER-OTHER Westermo router default credential login attempt (server-other.rules) * 1:49065 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner getSystemState attempt (server-other.rules) * 1:49066 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules) * 1:49067 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:49942 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:49941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant outbound connection attempt (malware-cnc.rules) * 1:49943 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:49940 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules) * 3:49939 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed RecolorInfoAtom out of bounds read attempt (file-office.rules)
* 1:35189 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:35187 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:35186 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules) * 1:10064 <-> DISABLED <-> SERVER-OTHER Peercast URL Parameter overflow attempt (server-other.rules) * 1:10078 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10079 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10080 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10081 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10082 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10083 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10088 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by smtp (malware-other.rules) * 1:10089 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by ftp (malware-other.rules) * 1:10090 <-> DISABLED <-> PUA-ADWARE Trickler zango easymessenger outbound connection (pua-adware.rules) * 1:10091 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool spylply.a runtime detection (malware-tools.rules) * 1:10092 <-> DISABLED <-> MALWARE-OTHER Trackware russian searchbar runtime detection (malware-other.rules) * 1:10093 <-> DISABLED <-> PUA-TOOLBARS Hijacker kuaiso toolbar runtime detection (pua-toolbars.rules) * 1:10094 <-> DISABLED <-> PUA-ADWARE Adware borlan runtime detection (pua-adware.rules) * 1:10095 <-> DISABLED <-> MALWARE-OTHER Trackware bydou runtime detection (malware-other.rules) * 1:10096 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - keylog (malware-other.rules) * 1:10097 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules) * 1:10098 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - get system info (malware-other.rules) * 1:10099 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules) * 1:10100 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - open website (malware-other.rules) * 1:10101 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - delete file (malware-backdoor.rules) * 1:10102 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - chat with victim (malware-backdoor.rules) * 1:10103 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules) * 1:10104 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules) * 1:10105 <-> DISABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection - retrieve pc info (malware-backdoor.rules) * 1:10107 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pslist (malware-backdoor.rules) * 1:10108 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pskill (malware-backdoor.rules) * 1:10109 <-> DISABLED <-> MALWARE-BACKDOOR k-msnrat 1.0.0 runtime detection - init connection (malware-backdoor.rules) * 1:10110 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection (malware-backdoor.rules) * 1:10111 <-> DISABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection - init connection (malware-backdoor.rules) * 1:10112 <-> DISABLED <-> MALWARE-BACKDOOR rix3 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:10115 <-> DISABLED <-> FILE-IMAGE Microsoft Windows WMF denial of service attempt (file-image.rules) * 1:10123 <-> DISABLED <-> PROTOCOL-VOIP PA168 chipset based IP phone default password attempt (protocol-voip.rules) * 1:10124 <-> DISABLED <-> PROTOCOL-VOIP PA168 chipset based IP phone authentication bypass (protocol-voip.rules) * 1:10125 <-> DISABLED <-> SERVER-OTHER bomberclone buffer overflow attempt (server-other.rules) * 1:10131 <-> DISABLED <-> BROWSER-FIREFOX Mozilla compareTo arbitrary code execution attempt (browser-firefox.rules) * 1:10134 <-> DISABLED <-> SERVER-OTHER CA Brightstor discovery service buffer overflow attempt (server-other.rules) * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules) * 1:10164 <-> DISABLED <-> PUA-ADWARE Adware adclicker-ej runtime detection (pua-adware.rules) * 1:10165 <-> DISABLED <-> MALWARE-OTHER Keylogger mybr Keylogger runtime detection (malware-other.rules) * 1:10166 <-> DISABLED <-> MALWARE-OTHER Trackware baigoo runtime detection (malware-other.rules) * 1:10167 <-> DISABLED <-> MALWARE-OTHER Keylogger radar spy 1.0 runtime detection - send html log (malware-other.rules) * 1:10168 <-> DISABLED <-> MALWARE-BACKDOOR one runtime detection (malware-backdoor.rules) * 1:10169 <-> DISABLED <-> MALWARE-BACKDOOR matrix 1.03 by mtronic runtime detection - init connection (malware-backdoor.rules) * 1:10180 <-> DISABLED <-> PUA-TOOLBARS Adware eqiso runtime detection (pua-toolbars.rules) * 1:10181 <-> DISABLED <-> MALWARE-OTHER Keylogger systemsleuth runtime detection (malware-other.rules) * 1:10182 <-> DISABLED <-> PUA-ADWARE Adware newweb runtime detection (pua-adware.rules) * 1:10183 <-> DISABLED <-> MALWARE-OTHER Keylogger activity Keylogger runtime detection (malware-other.rules) * 1:10184 <-> DISABLED <-> MALWARE-BACKDOOR wow 23 runtime detection (malware-backdoor.rules) * 1:10185 <-> DISABLED <-> MALWARE-BACKDOOR x-door runtime detection (malware-backdoor.rules) * 1:10186 <-> DISABLED <-> SERVER-MAIL ClamAV mime parsing directory traversal (server-mail.rules) * 1:10196 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor feed.php code execution (malware-backdoor.rules) * 1:10197 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor theme.php code execution (malware-backdoor.rules) * 1:10285 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP svcctl ChangeServiceConfig2A attempt (netbios.rules) * 1:10408 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD tcp request (protocol-rpc.rules) * 1:10409 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD udp request (protocol-rpc.rules) * 1:10410 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD tcp request (protocol-rpc.rules) * 1:10411 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD udp request (protocol-rpc.rules) * 1:10418 <-> DISABLED <-> OS-SOLARIS Oracle Solaris lpd unlink file attempt (os-solaris.rules) * 1:10435 <-> DISABLED <-> MALWARE-OTHER Trackware admedia runtime detection (malware-other.rules) * 1:10436 <-> DISABLED <-> MALWARE-OTHER Keylogger keyspy runtime detection (malware-other.rules) * 1:10437 <-> DISABLED <-> PUA-ADWARE Hijacker bazookabar outbound connection (pua-adware.rules) * 1:10439 <-> DISABLED <-> PUA-ADWARE Adware mokead runtime detection (pua-adware.rules) * 1:10440 <-> DISABLED <-> MALWARE-OTHER Keylogger pc black box runtime detection (malware-other.rules) * 1:10441 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool statwin runtime detection (malware-tools.rules) * 1:10442 <-> DISABLED <-> MALWARE-BACKDOOR nirvana 2.0 runtime detection - explore c drive (malware-backdoor.rules) * 1:10443 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - sniff info (malware-backdoor.rules) * 1:10444 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - open ftp serice (malware-backdoor.rules) * 1:10445 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get password (malware-backdoor.rules) * 1:10446 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get server info (malware-backdoor.rules) * 1:10448 <-> DISABLED <-> MALWARE-BACKDOOR acessor 2.0 runtime detection - init connection (malware-backdoor.rules) * 1:10449 <-> DISABLED <-> MALWARE-BACKDOOR acid shivers runtime detection - init telnet connection (malware-backdoor.rules) * 1:10450 <-> ENABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules) * 1:10451 <-> DISABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules) * 1:10453 <-> DISABLED <-> MALWARE-BACKDOOR zalivator 1.4.2 pro runtime detection - smtp notification (malware-backdoor.rules) * 1:10454 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:10455 <-> ENABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules) * 1:10456 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules) * 1:10457 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - start keylogger (malware-backdoor.rules) * 1:10458 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 or illusion runtime detection - open file manager (malware-backdoor.rules) * 1:10459 <-> DISABLED <-> MALWARE-BACKDOOR wineggdrop shell pro runtime detection - init connection (malware-backdoor.rules) * 1:10460 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules) * 1:10461 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules) * 1:10462 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules) * 1:10463 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules) * 1:10464 <-> DISABLED <-> PROTOCOL-TELNET kerberos login environment variable authentication bypass attempt (protocol-telnet.rules) * 1:11001 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.delete_refresh_operations buffer overflow attempt (server-oracle.rules) * 1:11002 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.generate_refresh_operations buffer overflow attempt (server-oracle.rules) * 1:11003 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.generate_refresh_operations buffer overflow attempt (server-oracle.rules) * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules) * 1:11073 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss _RemoteGetClassObject attempt (os-windows.rules) * 1:11074 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss _RemoteGetClassObject attempt (os-windows.rules) * 1:11175 <-> DISABLED <-> SERVER-ORACLE dbms_cdc_ipublish.chgtab_cache buffer overflow attempt (server-oracle.rules) * 1:11191 <-> DISABLED <-> SERVER-IIS Microsoft Content Management Server memory corruption (server-iis.rules) * 1:11203 <-> DISABLED <-> SERVER-ORACLE sys.dbms_apply_user_agent.set_registration_handler access attempt (server-oracle.rules) * 1:11205 <-> DISABLED <-> SERVER-ORACLE sys.dbms_upgrade_internal access attempt (server-oracle.rules) * 1:11263 <-> DISABLED <-> SERVER-APACHE Apache mod_ssl non-SSL connection to SSL port denial of service attempt (server-apache.rules) * 1:11264 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server 2000 Server hello buffer overflow attempt (server-mssql.rules) * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules) * 1:11266 <-> DISABLED <-> SERVER-OTHER Kerio Personal Firewall authentication buffer overflow attempt (server-other.rules) * 1:11272 <-> DISABLED <-> SERVER-APACHE Apache newline exploit attempt (server-apache.rules) * 1:11273 <-> DISABLED <-> SERVER-APACHE Apache header parsing space saturation denial of service attempt (server-apache.rules) * 1:11305 <-> DISABLED <-> PUA-ADWARE Snoopware childwebguardian outbound connection - send log through smtp (pua-adware.rules) * 1:11306 <-> DISABLED <-> PUA-ADWARE Snoopware childwebguardian outbound connection - udp broadcast (pua-adware.rules) * 1:11307 <-> DISABLED <-> MALWARE-OTHER Keylogger computer monitor Keylogger runtime detection (malware-other.rules) * 1:11309 <-> DISABLED <-> MALWARE-OTHER Keylogger sskc v2.0 runtime detection (malware-other.rules) * 1:11310 <-> DISABLED <-> PUA-ADWARE Trickler iowa webdownloader - icq notification (pua-adware.rules) * 1:11311 <-> DISABLED <-> MALWARE-OTHER Keylogger pcsentinelsoftware Keylogger runtime detection - upload infor (malware-other.rules) * 1:11312 <-> DISABLED <-> MALWARE-OTHER Trackware uplink runtime detection (malware-other.rules) * 1:11314 <-> DISABLED <-> MALWARE-BACKDOOR shadownet remote spy 2.0 runtime detection (malware-backdoor.rules) * 1:11316 <-> DISABLED <-> MALWARE-BACKDOOR lurker 1.1 runtime detection - init connection (malware-backdoor.rules) * 1:11317 <-> DISABLED <-> MALWARE-BACKDOOR abremote pro 3.1 runtime detection - init connection (malware-backdoor.rules) * 1:11318 <-> DISABLED <-> MALWARE-BACKDOOR boer runtime detection - init connection (malware-backdoor.rules) * 1:11319 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - init connection request (malware-backdoor.rules) * 1:11320 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - reverse mode init connection request (malware-backdoor.rules) * 1:11321 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - udp broadcast (malware-backdoor.rules) * 1:11322 <-> ENABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules) * 1:11323 <-> DISABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules) * 1:11681 <-> DISABLED <-> SERVER-OTHER Openview Omni II command bypass attempt (server-other.rules) * 1:11682 <-> DISABLED <-> SERVER-OTHER niprint_lpd module attack attempt (server-other.rules) * 1:11684 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS overflow attempt (os-windows.rules) * 1:11816 <-> DISABLED <-> NETBIOS Session Service NetDDE attack (netbios.rules) * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:11843 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP spoolss AddPrinter overflow attempt (os-windows.rules) * 1:11945 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11946 <-> DISABLED <-> NETBIOS Datagram Service NetDDE attack (netbios.rules) * 1:11948 <-> DISABLED <-> PUA-TOOLBARS Hijacker snap toolbar runtime detection - cookie (pua-toolbars.rules) * 1:11949 <-> DISABLED <-> MALWARE-BACKDOOR lame rat v1.0 runtime detection (malware-backdoor.rules) * 1:11951 <-> DISABLED <-> MALWARE-BACKDOOR winshadow runtime detection - init connection request (malware-backdoor.rules) * 1:11952 <-> DISABLED <-> MALWARE-BACKDOOR winshadow runtime detection - udp response (malware-backdoor.rules) * 1:11953 <-> ENABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules) * 1:11954 <-> DISABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules) * 1:11955 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11956 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:11959 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11960 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:11961 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11962 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:11968 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules) * 1:11969 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules) * 1:11972 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules) * 1:11973 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules) * 1:11975 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules) * 1:11976 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules) * 1:11977 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules) * 1:11979 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules) * 1:11980 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules) * 1:11981 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules) * 1:11982 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules) * 1:11983 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules) * 1:11984 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules) * 1:11985 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules) * 1:11986 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules) * 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:11988 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:11989 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:11990 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules) * 1:11991 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules) * 1:11992 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules) * 1:11993 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules) * 1:11994 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules) * 1:11995 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules) * 1:11996 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules) * 1:11997 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules) * 1:11998 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules) * 1:11999 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules) * 1:12000 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules) * 1:12001 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules) * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:12005 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules) * 1:12006 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules) * 1:12007 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules) * 1:12009 <-> DISABLED <-> SQL Firebird SQL Fbserver buffer overflow attempt (sql.rules) * 1:12031 <-> DISABLED <-> CONTENT-REPLACE MSN deny in-bound file transfer attempts (content-replace.rules) * 1:12032 <-> DISABLED <-> CONTENT-REPLACE MSN deny out-bound file transfer attempts (content-replace.rules) * 1:12033 <-> DISABLED <-> CONTENT-REPLACE Jabber deny in-bound file transfer attempts (content-replace.rules) * 1:12034 <-> DISABLED <-> CONTENT-REPLACE Jabber deny out-bound file transfer attempts (content-replace.rules) * 1:12035 <-> DISABLED <-> CONTENT-REPLACE IRC deny in-bound file transfer attempts (content-replace.rules) * 1:12036 <-> DISABLED <-> CONTENT-REPLACE IRC deny out-bound file transfer attempts (content-replace.rules) * 1:12037 <-> DISABLED <-> CONTENT-REPLACE AIM deny in-bound file transfer attempts (content-replace.rules) * 1:12038 <-> DISABLED <-> CONTENT-REPLACE AIM deny out-bound file transfer attempts (content-replace.rules) * 1:12039 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny in-bound file transfer attempts (content-replace.rules) * 1:12040 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny out-bound file transfer attempts (content-replace.rules) * 1:12041 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny in-bound file transfer attempts (content-replace.rules) * 1:12042 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny out-bound file transfer attempts (content-replace.rules) * 1:12043 <-> DISABLED <-> SERVER-IIS Microsoft XML parser IIS WebDAV attack attempt (server-iis.rules) * 1:12044 <-> DISABLED <-> SERVER-ORACLE Oracle Web Cache denial of service attempt (server-oracle.rules) * 1:12045 <-> DISABLED <-> SERVER-ORACLE Oracle Web Cache denial of service attempt (server-oracle.rules) * 1:12047 <-> DISABLED <-> PUA-ADWARE Adware yayad runtime detection (pua-adware.rules) * 1:12048 <-> DISABLED <-> MALWARE-OTHER Keylogger computer Keylogger runtime detection (malware-other.rules) * 1:12049 <-> DISABLED <-> MALWARE-OTHER Keylogger apophis spy 1.0 runtime detection (malware-other.rules) * 1:12050 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-greets toolbar runtime detection (pua-toolbars.rules) * 1:12051 <-> DISABLED <-> MALWARE-BACKDOOR ultimate rat 2.1 runtime detection (malware-backdoor.rules) * 1:12052 <-> DISABLED <-> MALWARE-BACKDOOR the[x] 1.2 runtime detection - execute command (malware-backdoor.rules) * 1:12053 <-> DISABLED <-> MALWARE-BACKDOOR trail of destruction 2.0 runtime detection - get system info (malware-backdoor.rules) * 1:12054 <-> ENABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection - flowbit set (malware-backdoor.rules) * 1:12055 <-> DISABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection (malware-backdoor.rules) * 1:12058 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SPNEGO ASN.1 library heap corruption overflow attempt (os-windows.rules) * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:12073 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules) * 1:12074 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules) * 1:12080 <-> DISABLED <-> OS-SOLARIS Oracle Solaris printd arbitrary file deletion vulnerability (os-solaris.rules) * 1:12082 <-> DISABLED <-> SERVER-ORACLE Oracle 9i TNS denial of service attempt (server-oracle.rules) * 1:12112 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules) * 1:12113 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules) * 1:12120 <-> DISABLED <-> PUA-ADWARE Adware pprich runtime detection - version check (pua-adware.rules) * 1:12121 <-> DISABLED <-> PUA-ADWARE Adware pprich runtime detection - udp info sent out (pua-adware.rules) * 1:12122 <-> DISABLED <-> PUA-TOOLBARS Trackware spynova runtime detection (pua-toolbars.rules) * 1:12123 <-> DISABLED <-> PUA-ADWARE Hijacker lookquick outbound connection - hijack ie (pua-adware.rules) * 1:12124 <-> DISABLED <-> PUA-ADWARE Hijacker lookquick outbound connection - monitor and collect user info (pua-adware.rules) * 1:12125 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - hijack ie search assistant (pua-toolbars.rules) * 1:12126 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - collect user information (pua-toolbars.rules) * 1:12127 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - ads (pua-toolbars.rules) * 1:12128 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - init connection (malware-other.rules) * 1:12129 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules) * 1:12130 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules) * 1:12131 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules) * 1:12132 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules) * 1:12133 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules) * 1:12134 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules) * 1:12135 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules) * 1:12136 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules) * 1:12137 <-> DISABLED <-> MALWARE-OTHER Keylogger Keylogger king home 2.3 runtime detection (malware-other.rules) * 1:12138 <-> DISABLED <-> PUA-ADWARE Adware zamingo runtime detection (pua-adware.rules) * 1:12139 <-> DISABLED <-> MALWARE-OTHER Trackware stealth website logger 3.4 runtime detection (malware-other.rules) * 1:12140 <-> DISABLED <-> PUA-ADWARE Hijacker cnnic update outbound connection (pua-adware.rules) * 1:12141 <-> DISABLED <-> MALWARE-OTHER Keylogger logit v1.0 runtime detection (malware-other.rules) * 1:12142 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules) * 1:12143 <-> DISABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules) * 1:12144 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules) * 1:12145 <-> DISABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules) * 1:12146 <-> ENABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules) * 1:12147 <-> DISABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules) * 1:12148 <-> ENABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules) * 1:12149 <-> DISABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules) * 1:12150 <-> ENABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:12151 <-> DISABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection (malware-backdoor.rules) * 1:12152 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - init connection (malware-backdoor.rules) * 1:12153 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12154 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12155 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12156 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12157 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12158 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12159 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - keylogging (malware-backdoor.rules) * 1:12160 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12161 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12162 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12163 <-> ENABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules) * 1:12164 <-> DISABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules) * 1:12167 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules) * 1:12170 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules) * 1:12171 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules) * 1:12172 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules) * 1:12173 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules) * 1:12174 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:12175 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:12176 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:12177 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:12178 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:12179 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:12180 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules) * 1:12181 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules) * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:12209 <-> ENABLED <-> PUA-P2P P2PTv TVAnt udp traffic detected (pua-p2p.rules) * 1:12210 <-> ENABLED <-> PUA-P2P P2PTv TVAnts TCP tracker connect traffic detected (pua-p2p.rules) * 1:12211 <-> ENABLED <-> PUA-P2P P2PTv TVAnts TCP connection traffic detected (pua-p2p.rules) * 1:12220 <-> DISABLED <-> SERVER-OTHER IBM Informix Dynamic Server long username buffer overflow attempt (server-other.rules) * 1:12224 <-> DISABLED <-> PUA-ADWARE Adware enbrowser snackman runtime detection (pua-adware.rules) * 1:12225 <-> DISABLED <-> PUA-TOOLBARS Adware zango2007 toolbar runtime detection (pua-toolbars.rules) * 1:12226 <-> DISABLED <-> MALWARE-OTHER Keylogger overspy runtime detection (malware-other.rules) * 1:12227 <-> DISABLED <-> PUA-TOOLBARS Trackware snap ultrasearch/desktop toolbar runtime detection - search (pua-toolbars.rules) * 1:12228 <-> DISABLED <-> PUA-TOOLBARS Trackware snap ultrasearch/desktop toolbar runtime detection - cookie (pua-toolbars.rules) * 1:12229 <-> DISABLED <-> PUA-ADWARE Adware vroomsearch runtime detection (pua-adware.rules) * 1:12230 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool hippynotify 2.0 runtime detection (malware-tools.rules) * 1:12231 <-> DISABLED <-> PUA-ADWARE Adware vroomsearch runtime detection (pua-adware.rules) * 1:12232 <-> DISABLED <-> PUA-ADWARE Adware errorsafe runtime detection (pua-adware.rules) * 1:12233 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules) * 1:12234 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules) * 1:12235 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules) * 1:12236 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules) * 1:12237 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules) * 1:12238 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules) * 1:12239 <-> DISABLED <-> MALWARE-BACKDOOR webcenter v1.0 Backdoor - init connection (malware-backdoor.rules) * 1:12240 <-> ENABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules) * 1:12241 <-> DISABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules) * 1:12242 <-> ENABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules) * 1:12243 <-> DISABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules) * 1:12244 <-> DISABLED <-> MALWARE-BACKDOOR itadem trojan 3.0 runtime detection (malware-backdoor.rules) * 1:12245 <-> DISABLED <-> MALWARE-BACKDOOR furax 1.0 b3 runtime detection (malware-backdoor.rules) * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:12287 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - ebrss request (pua-toolbars.rules) * 1:12288 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - hijack ie searches (pua-toolbars.rules) * 1:12289 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - get updates (pua-toolbars.rules) * 1:12290 <-> DISABLED <-> PUA-ADWARE Hijacker newdotnet quick! search outbound connection (pua-adware.rules) * 1:12291 <-> DISABLED <-> PUA-TOOLBARS Trackware vmn toolbar runtime detection (pua-toolbars.rules) * 1:12292 <-> DISABLED <-> PUA-TOOLBARS Hijacker morpheus toolbar runtime detection - hijack/search (pua-toolbars.rules) * 1:12293 <-> DISABLED <-> PUA-TOOLBARS Hijacker morpheus toolbar runtime detection - get cfg info (pua-toolbars.rules) * 1:12294 <-> DISABLED <-> PUA-TOOLBARS Hijacker 3search runtime detection - counter (pua-toolbars.rules) * 1:12295 <-> DISABLED <-> PUA-ADWARE Hijacker 3search outbound connection - hijacking (pua-adware.rules) * 1:12296 <-> DISABLED <-> PUA-TOOLBARS Hijacker 3search runtime detection - update (pua-toolbars.rules) * 1:12297 <-> ENABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules) * 1:12298 <-> DISABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules) * 1:12299 <-> DISABLED <-> OS-OTHER Cisco NHRP incorrect packet size (os-other.rules) * 1:12300 <-> DISABLED <-> OS-OTHER Cisco NHRP incorrect packet size (os-other.rules) * 1:12303 <-> DISABLED <-> POLICY-SOCIAL Google Chat web client connection (policy-social.rules) * 1:12304 <-> DISABLED <-> POLICY-SOCIAL AOL Instant Messenger web client connection (policy-social.rules) * 1:12305 <-> DISABLED <-> POLICY-SOCIAL Yahoo Messenger web client connection (policy-social.rules) * 1:12306 <-> DISABLED <-> POLICY-SOCIAL Microsoft Messenger web client connection (policy-social.rules) * 1:12357 <-> DISABLED <-> SERVER-OTHER Apple mDNSresponder excessive HTTP headers (server-other.rules) * 1:12359 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk data length field overflow attempt (protocol-voip.rules) * 1:12361 <-> DISABLED <-> PUA-ADWARE Infostealer.Monstres outbound connection (pua-adware.rules) * 1:12363 <-> DISABLED <-> PUA-ADWARE Other-Technologies malware-stopper outbound connection (pua-adware.rules) * 1:12364 <-> DISABLED <-> PUA-TOOLBARS Hijacker proventactics 3.5 runtime detection - get cfg information (pua-toolbars.rules) * 1:12365 <-> DISABLED <-> PUA-ADWARE Hijacker proventactics 3.5 outbound connection - redirect searches (pua-adware.rules) * 1:12366 <-> DISABLED <-> PUA-TOOLBARS Hijacker proventactics 3.5 runtime detection - toolbar search function (pua-toolbars.rules) * 1:12367 <-> DISABLED <-> PUA-ADWARE Hijacker imesh mediabar outbound connection - hijack ie searches (pua-adware.rules) * 1:12368 <-> DISABLED <-> PUA-ADWARE Hijacker imesh mediabar outbound connection - hijack ie side search (pua-adware.rules) * 1:12369 <-> DISABLED <-> PUA-ADWARE Hijacker imesh mediabar outbound connection - collect user information (pua-adware.rules) * 1:12370 <-> DISABLED <-> PUA-TOOLBARS Hijacker imesh mediabar runtime detection - auto update (pua-toolbars.rules) * 1:12372 <-> DISABLED <-> MALWARE-OTHER Keylogger mg-shadow 2.0 runtime detection (malware-other.rules) * 1:12373 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules) * 1:12374 <-> DISABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules) * 1:12375 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules) * 1:12376 <-> DISABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules) * 1:12377 <-> ENABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules) * 1:12378 <-> DISABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules) * 1:12379 <-> DISABLED <-> MALWARE-OTHER Keylogger PaqKeylogger 5.1 runtime detection - ftp (malware-other.rules) * 1:12390 <-> DISABLED <-> POLICY-SOCIAL Yahoo Webmail client chat applet (policy-social.rules) * 1:12391 <-> DISABLED <-> POLICY-SOCIAL Google Webmail client chat applet (policy-social.rules) * 1:12421 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long transport header (server-other.rules) * 1:12422 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long describe request exploit attempt (server-other.rules) * 1:12425 <-> DISABLED <-> PUA-P2P Ruckus P2P client activity (pua-p2p.rules) * 1:12426 <-> DISABLED <-> PUA-P2P Ruckus P2P broadcast domain probe (pua-p2p.rules) * 1:12427 <-> DISABLED <-> PUA-P2P Ruckus P2P encrypted authentication connection (pua-p2p.rules) * 1:12436 <-> DISABLED <-> POLICY-MULTIMEDIA Youtube video player file request (policy-multimedia.rules) * 1:12437 <-> DISABLED <-> POLICY-MULTIMEDIA Google video player request (policy-multimedia.rules) * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:12455 <-> ENABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules) * 1:12457 <-> DISABLED <-> POLICY-SOCIAL Microsoft Live chat video feed initiation (policy-social.rules) * 1:12458 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt (protocol-rpc.rules) * 1:12464 <-> DISABLED <-> PROTOCOL-NNTP cancel overflow attempt (protocol-nntp.rules) * 1:12465 <-> DISABLED <-> SERVER-APACHE Apache APR memory corruption attempt (server-apache.rules) * 1:12480 <-> ENABLED <-> MALWARE-OTHER Keylogger inside website logger 2.4 runtime detection (malware-other.rules) * 1:12481 <-> DISABLED <-> PUA-TOOLBARS Hijacker 411web toolbar runtime detection (pua-toolbars.rules) * 1:12483 <-> DISABLED <-> PUA-ADWARE Other-Technologies virusprotectpro 3.7 outbound connection (pua-adware.rules) * 1:12484 <-> DISABLED <-> PUA-ADWARE Adware instant buzz runtime detection - ads for members (pua-adware.rules) * 1:12485 <-> DISABLED <-> PUA-ADWARE Adware instant buzz runtime detection - random text ads (pua-adware.rules) * 1:12486 <-> DISABLED <-> PUA-TOOLBARS Hijacker soso toolbar runtime detection - get weather information (pua-toolbars.rules) * 1:12487 <-> DISABLED <-> PUA-TOOLBARS Hijacker soso toolbar runtime detection - hijack ie auto searches / soso toolbar searches requests (pua-toolbars.rules) * 1:12593 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Apple Quicktime chrome exploit (browser-firefox.rules) * 1:12594 <-> DISABLED <-> SERVER-OTHER Oracle TNS Service_CurLoad command (server-other.rules) * 1:12597 <-> DISABLED <-> SERVER-OTHER utf8 filename transfer attempt (server-other.rules) * 1:12608 <-> DISABLED <-> PROTOCOL-RPC portmap walld udp request (protocol-rpc.rules) * 1:12609 <-> DISABLED <-> PROTOCOL-RPC portmap walld udp format string attack attempt (protocol-rpc.rules) * 1:12611 <-> DISABLED <-> POLICY-SOCIAL ebuddy.com login attempt (policy-social.rules) * 1:12619 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange ical/vcal malformed property (server-mail.rules) * 1:12620 <-> DISABLED <-> PUA-ADWARE Adware drive cleaner 1.0.111 runtime detection (pua-adware.rules) * 1:12621 <-> DISABLED <-> PUA-TOOLBARS Trackware extra toolbar 1.0 runtime detection (pua-toolbars.rules) * 1:12622 <-> DISABLED <-> PUA-TOOLBARS Trackware extra toolbar 1.0 runtime detection - file download (pua-toolbars.rules) * 1:12623 <-> DISABLED <-> PUA-ADWARE Hijacker onestepsearch 1.0.118 outbound connection (pua-adware.rules) * 1:12624 <-> DISABLED <-> PUA-ADWARE Hijacker onestepsearch 1.0.118 outbound connection - upgrade (pua-adware.rules) * 1:12625 <-> DISABLED <-> MALWARE-OTHER Keylogger windows family safety 2.0 runtime detection (malware-other.rules) * 1:12626 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmap sadmin port query request attempt (protocol-rpc.rules) * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules) * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules) * 1:12652 <-> DISABLED <-> PUA-ADWARE Hijacker new.net domain 7.2.2 outbound connection - hijack browser (pua-adware.rules) * 1:12653 <-> DISABLED <-> PUA-ADWARE Hijacker new.net domain 7.2.2 outbound connection - download code (pua-adware.rules) * 1:12654 <-> DISABLED <-> PUA-ADWARE Hijacker rabio 4.2 outbound connection - hijack browser (pua-adware.rules) * 1:12655 <-> DISABLED <-> PUA-ADWARE Hijacker rabio 4.2 outbound connection - download updates (pua-adware.rules) * 1:12656 <-> DISABLED <-> PUA-ADWARE Adware icoo loader 2.5 runtime detection 1 (pua-adware.rules) * 1:12657 <-> DISABLED <-> PUA-ADWARE Adware icoo loader 2.5 runtime detection 2 (pua-adware.rules) * 1:12658 <-> DISABLED <-> PUA-ADWARE Adware winantivirus pro 2007 runtime detection (pua-adware.rules) * 1:12659 <-> DISABLED <-> PUA-ADWARE Trickler zlob media codec outbound connection - automatic updates (pua-adware.rules) * 1:12660 <-> DISABLED <-> PUA-ADWARE Trickler zlob media codec outbound connection - download redirect domains (pua-adware.rules) * 1:12672 <-> DISABLED <-> PUA-TOOLBARS Trackware searchmiracle elitebar runtime detection - get ads (pua-toolbars.rules) * 1:12675 <-> DISABLED <-> MALWARE-BACKDOOR Versi TheTheef Detection (malware-backdoor.rules) * 1:12676 <-> DISABLED <-> PUA-ADWARE Conspy Update Checking Detected (pua-adware.rules) * 1:12677 <-> DISABLED <-> PUA-ADWARE Adware ISTBar runtime detection - softwares (pua-adware.rules) * 1:12678 <-> DISABLED <-> PUA-ADWARE SpyTech Realtime Spy Detection (pua-adware.rules) * 1:12679 <-> DISABLED <-> PUA-TOOLBARS Trackware myway speedbar / mywebsearch toolbar user-agent detection (pua-toolbars.rules) * 1:12680 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules) * 1:12681 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules) * 1:12682 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules) * 1:12683 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules) * 1:12684 <-> DISABLED <-> MALWARE-BACKDOOR Sygate Remote Administration Engine (malware-backdoor.rules) * 1:12686 <-> DISABLED <-> POLICY-SOCIAL AIM Express usage (policy-social.rules) * 1:12691 <-> DISABLED <-> PUA-P2P Outbound Joltid PeerEnabler traffic detected (pua-p2p.rules) * 1:12693 <-> DISABLED <-> PUA-ADWARE Hijacker personalweb outbound connection (pua-adware.rules) * 1:12694 <-> DISABLED <-> PUA-ADWARE Adware avsystemcare runtime detection (pua-adware.rules) * 1:12695 <-> DISABLED <-> PUA-ADWARE Adware coopen 3.6.1 runtime detection - initial connection (pua-adware.rules) * 1:12696 <-> DISABLED <-> PUA-ADWARE Adware coopen 3.6.1 runtime detection - automatic upgrade (pua-adware.rules) * 1:12697 <-> DISABLED <-> MALWARE-OTHER Trackware browser accelerator runtime detection - pass user information to server (malware-other.rules) * 1:12698 <-> DISABLED <-> MALWARE-OTHER Keylogger net vizo 5.2 runtime detection (malware-other.rules) * 1:12699 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules) * 1:12700 <-> DISABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules) * 1:12704 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer MIFFILE comment overflow (server-mail.rules) * 1:12705 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer statement overflow (server-mail.rules) * 1:12710 <-> DISABLED <-> SERVER-OTHER ASN.1 constructed bit string (server-other.rules) * 1:12711 <-> DISABLED <-> SERVER-APACHE Apache Tomcat WebDAV system tag remote file disclosure attempt (server-apache.rules) * 1:12712 <-> DISABLED <-> PROTOCOL-SNMP oversized sysName set request (protocol-snmp.rules) * 1:12718 <-> DISABLED <-> PUA-ADWARE Hijacker side find 1.0 outbound connection - initial connection (pua-adware.rules) * 1:12719 <-> DISABLED <-> PUA-ADWARE Hijacker side find 1.0 outbound connection - hijacks search engine (pua-adware.rules) * 1:12720 <-> DISABLED <-> PUA-ADWARE Adware pestbot runtime detection - update (pua-adware.rules) * 1:12721 <-> DISABLED <-> PUA-ADWARE Adware pestbot runtime detection - purchase (pua-adware.rules) * 1:12722 <-> DISABLED <-> PUA-ADWARE Hijacker sexyvideoscreensaver outbound connection (pua-adware.rules) * 1:12724 <-> ENABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules) * 1:12725 <-> DISABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules) * 1:12726 <-> ENABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules) * 1:12727 <-> DISABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules) * 1:12758 <-> ENABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules) * 1:12759 <-> DISABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules) * 1:12760 <-> ENABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules) * 1:12761 <-> DISABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules) * 1:12789 <-> DISABLED <-> PUA-ADWARE Adware sunshine spy 1.0 runtime detection - check update (pua-adware.rules) * 1:12790 <-> DISABLED <-> MALWARE-OTHER Trackware partypoker runtime detection (malware-other.rules) * 1:12791 <-> DISABLED <-> PUA-TOOLBARS Adware gophoria toolbar runtime detection (pua-toolbars.rules) * 1:12792 <-> ENABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules) * 1:12793 <-> DISABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules) * 1:12794 <-> DISABLED <-> PUA-ADWARE Hijacker gralicwrap outbound connection - search frauddb process (pua-adware.rules) * 1:12795 <-> DISABLED <-> PUA-ADWARE Hijacker gralicwrap outbound connection - display frauddb information (pua-adware.rules) * 1:12796 <-> DISABLED <-> PUA-TOOLBARS Trackware happytofind toolbar runtime detection (pua-toolbars.rules) * 1:12797 <-> DISABLED <-> PUA-ADWARE Adware x-con spyware destroyer eh 3.2.8 runtime detection (pua-adware.rules) * 1:12801 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules) * 1:12808 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss OpenPrinter overflow attempt (netbios.rules) * 1:12946 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS SMBv2 protocol negotiation attempt (os-windows.rules) * 1:12947 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB SMBv2 protocol negotiation attempt (os-windows.rules) * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules) * 1:13236 <-> ENABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules) * 1:13237 <-> DISABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules) * 1:13238 <-> DISABLED <-> PUA-ADWARE Adware adult p2p 1.5 runtime detection (pua-adware.rules) * 1:13239 <-> DISABLED <-> PUA-TOOLBARS Hijacker blue wave adult links toolbar runtime detection (pua-toolbars.rules) * 1:13240 <-> DISABLED <-> PUA-ADWARE Adware live protection 2.1 runtime detection - redirects to purchase page (pua-adware.rules) * 1:13241 <-> DISABLED <-> PUA-ADWARE Adware live protection 2.1 runtime detection - application updates (pua-adware.rules) * 1:13242 <-> DISABLED <-> PUA-ADWARE Adware netpumper 1.26 runtime detection (pua-adware.rules) * 1:13243 <-> ENABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules) * 1:13244 <-> DISABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules) * 1:13246 <-> DISABLED <-> MALWARE-BACKDOOR troya 1.4 inbound connection (malware-backdoor.rules) * 1:13247 <-> ENABLED <-> MALWARE-BACKDOOR yuri 1.2 runtime detection - init connection (malware-backdoor.rules) * 1:13277 <-> DISABLED <-> PUA-ADWARE Adware netword agent runtime detection (pua-adware.rules) * 1:13278 <-> ENABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules) * 1:13279 <-> DISABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules) * 1:13280 <-> ENABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules) * 1:13281 <-> DISABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules) * 1:13282 <-> DISABLED <-> PUA-TOOLBARS Adware jily ie toolbar runtime detection (pua-toolbars.rules) * 1:13283 <-> DISABLED <-> PUA-ADWARE Hijacker dreambar outbound connection (pua-adware.rules) * 1:13284 <-> DISABLED <-> PUA-ADWARE Adware netguarder web cleaner runtime detection (pua-adware.rules) * 1:13285 <-> DISABLED <-> PUA-ADWARE Hijacker phazebar outbound connection (pua-adware.rules) * 1:13286 <-> DISABLED <-> PUA-ADWARE Adware 3wplayer 1.7 runtime detection (pua-adware.rules) * 1:13339 <-> DISABLED <-> PUA-TOOLBARS Hijacker direct toolbar runtime detection (pua-toolbars.rules) * 1:13340 <-> DISABLED <-> PUA-ADWARE Hijacker search4top outbound connection - hijack ie searches and error pages (pua-adware.rules) * 1:13341 <-> DISABLED <-> PUA-ADWARE Hijacker search4top outbound connection - popup ads (pua-adware.rules) * 1:13342 <-> DISABLED <-> PUA-TOOLBARS Hijacker ditto toolbar runtime detection (pua-toolbars.rules) * 1:13343 <-> DISABLED <-> PUA-ADWARE Adware 2005-search loader runtime detection (pua-adware.rules) * 1:13344 <-> DISABLED <-> PUA-ADWARE Adware yourprivacyguard runtime detection - presale request (pua-adware.rules) * 1:13345 <-> DISABLED <-> PUA-ADWARE Adware yourprivacyguard runtime detection - update (pua-adware.rules) * 1:13346 <-> ENABLED <-> PUA-ADWARE Snoopware remote desktop inspector outbound connection - init connection (pua-adware.rules) * 1:13347 <-> DISABLED <-> PUA-ADWARE Snoopware remote desktop inspector runtime detection - init connection (pua-adware.rules) * 1:13357 <-> DISABLED <-> SERVER-MYSQL failed Oracle Mysql login attempt (server-mysql.rules) * 1:13358 <-> DISABLED <-> SERVER-MYSQL Oracle Mysql login attempt from unauthorized location (server-mysql.rules) * 1:13359 <-> DISABLED <-> APP-DETECT failed IMAP login attempt - invalid username/password (app-detect.rules) * 1:13360 <-> DISABLED <-> APP-DETECT failed FTP login attempt (app-detect.rules) * 1:13367 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss GetPrinterData attempt (netbios.rules) * 1:13415 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules) * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules) * 1:13471 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher invalid pathname overwrite attempt (file-office.rules) * 1:13477 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.collectEmailInfo exploit attempt - compressed (file-pdf.rules) * 1:13478 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.collectEmailInfo exploit attempt (file-pdf.rules) * 1:13479 <-> ENABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules) * 1:13480 <-> DISABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules) * 1:13481 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - hijacks search engine (pua-toolbars.rules) * 1:13482 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - discloses information (pua-toolbars.rules) * 1:13483 <-> ENABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules) * 1:13484 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules) * 1:13485 <-> DISABLED <-> PUA-TOOLBARS Hijacker sofa toolbar runtime detection - hijacks search engine (pua-toolbars.rules) * 1:13486 <-> DISABLED <-> PUA-TOOLBARS Hijacker sofa toolbar runtime detection - records search information (pua-toolbars.rules) * 1:13487 <-> DISABLED <-> PUA-ADWARE Adware elite protector runtime detection (pua-adware.rules) * 1:13488 <-> DISABLED <-> PUA-TOOLBARS Hijacker people pal toolbar runtime detection - automatic upgrade (pua-toolbars.rules) * 1:13489 <-> DISABLED <-> PUA-TOOLBARS Hijacker people pal toolbar runtime detection - traffic for searching (pua-toolbars.rules) * 1:13490 <-> DISABLED <-> PUA-ADWARE Adware spy shredder 2.1 runtime detection - presale request (pua-adware.rules) * 1:13491 <-> DISABLED <-> PUA-ADWARE Adware spy shredder 2.1 runtime detection - update (pua-adware.rules) * 1:13492 <-> DISABLED <-> PUA-TOOLBARS Hijacker deepdo toolbar runtime detection - redirects search engine (pua-toolbars.rules) * 1:13493 <-> DISABLED <-> PUA-TOOLBARS Hijacker deepdo toolbar runtime detection - automatic update (pua-toolbars.rules) * 1:13494 <-> DISABLED <-> MALWARE-OTHER Keylogger smart pc Keylogger runtime detection (malware-other.rules) * 1:13495 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - initial traffic 1 (pua-toolbars.rules) * 1:13496 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - initial traffic 2 (pua-toolbars.rules) * 1:13497 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - tracking traffic (pua-toolbars.rules) * 1:13498 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - search traffic 1 (pua-adware.rules) * 1:13499 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - search traffic 2 (pua-adware.rules) * 1:13500 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - log information (pua-adware.rules) * 1:13501 <-> DISABLED <-> PUA-ADWARE Adware contravirus runtime detection - presale request (pua-adware.rules) * 1:13502 <-> DISABLED <-> PUA-ADWARE Adware contravirus runtime detection - update (pua-adware.rules) * 1:13503 <-> DISABLED <-> PUA-TOOLBARS Hijacker dealio toolbar runtime detection user-agent detected (pua-toolbars.rules) * 1:13504 <-> DISABLED <-> PUA-ADWARE Adware iedefender runtime detection - presale request (pua-adware.rules) * 1:13505 <-> DISABLED <-> PUA-ADWARE Adware iedefender runtime detection - update (pua-adware.rules) * 1:13506 <-> ENABLED <-> MALWARE-BACKDOOR evilotus 1.3.2 runtime detection - init connection (malware-backdoor.rules) * 1:13515 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules) * 1:13556 <-> DISABLED <-> PUA-ADWARE Hijacker kword interkey outbound connection - search traffic 1 (pua-adware.rules) * 1:13557 <-> DISABLED <-> PUA-ADWARE Hijacker kword interkey outbound connection - search traffic 2 (pua-adware.rules) * 1:13558 <-> DISABLED <-> PUA-ADWARE Hijacker kword interkey outbound connection - log user info (pua-adware.rules) * 1:13559 <-> DISABLED <-> PUA-TOOLBARS Hijacker kompass toolbar runtime detection - initial connection (pua-toolbars.rules) * 1:13560 <-> DISABLED <-> PUA-TOOLBARS Hijacker kompass toolbar runtime detection - search traffic (pua-toolbars.rules) * 1:13561 <-> DISABLED <-> PUA-ADWARE Adware malware alarm runtime detection - presale request (pua-adware.rules) * 1:13562 <-> DISABLED <-> PUA-ADWARE Adware malware alarm runtime detection - update request (pua-adware.rules) * 1:13563 <-> DISABLED <-> PUA-ADWARE Adware system doctor runtime detection - presale request (pua-adware.rules) * 1:13564 <-> DISABLED <-> PUA-ADWARE Adware system doctor runtime detection - update status (pua-adware.rules) * 1:13565 <-> DISABLED <-> PUA-ADWARE Trickler iecodec outbound connection - initial traffic (pua-adware.rules) * 1:13566 <-> DISABLED <-> PUA-ADWARE Trickler iecodec outbound connection - message dialog (pua-adware.rules) * 1:13567 <-> DISABLED <-> MALWARE-OTHER Keylogger msn spy monitor runtime detection (malware-other.rules) * 1:13568 <-> DISABLED <-> MALWARE-OTHER Keylogger sys keylog 1.3 advanced runtime detection (malware-other.rules) * 1:13586 <-> DISABLED <-> APP-DETECT SSH server detected on non-standard port (app-detect.rules) * 1:13589 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via header request misplaced - after terminating newline (protocol-voip.rules) * 1:13590 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules) * 1:13594 <-> DISABLED <-> OS-WINDOWS Microsoft Windows print spooler little endian DoS attempt (os-windows.rules) * 1:13613 <-> DISABLED <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt (os-solaris.rules) * 1:13614 <-> DISABLED <-> SERVER-OTHER CVS Argument overflow attempt (server-other.rules) * 1:13615 <-> DISABLED <-> SERVER-OTHER CVS Argument overflow attempt (server-other.rules) * 1:13616 <-> DISABLED <-> SERVER-OTHER CVS Argument overflow (server-other.rules) * 1:13617 <-> DISABLED <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt (server-oracle.rules) * 1:13618 <-> DISABLED <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt (server-oracle.rules) * 1:13620 <-> DISABLED <-> SERVER-OTHER CA Brightstor discovery service alternate buffer overflow attempt (server-other.rules) * 1:13632 <-> DISABLED <-> SERVER-OTHER Zango adware installation request (server-other.rules) * 1:13635 <-> DISABLED <-> PUA-ADWARE Trickler downloader trojan.gen outbound connection - get malicious link (pua-adware.rules) * 1:13636 <-> DISABLED <-> PUA-ADWARE Trickler downloader trojan.gen outbound connection - download malicious link (pua-adware.rules) * 1:13637 <-> DISABLED <-> PUA-ADWARE Adware virus heat runtime detection - presale request (pua-adware.rules) * 1:13639 <-> DISABLED <-> PUA-TOOLBARS Hijacker locmag toolbar runtime detection - connection to toolbar (pua-toolbars.rules) * 1:13640 <-> DISABLED <-> PUA-TOOLBARS Hijacker locmag toolbar runtime detection - hijacks address bar (pua-toolbars.rules) * 1:13641 <-> DISABLED <-> PUA-TOOLBARS Hijacker eclickz toolbar runtime detection - search traffic (pua-toolbars.rules) * 1:13642 <-> DISABLED <-> MALWARE-OTHER Keylogger easy Keylogger runtime detection (malware-other.rules) * 1:13643 <-> DISABLED <-> PUA-TOOLBARS Hijacker zztoolbar runtime detection - toolbar traffic (pua-toolbars.rules) * 1:13644 <-> DISABLED <-> PUA-TOOLBARS Hijacker zztoolbar runtime detection - search traffic (pua-toolbars.rules) * 1:13645 <-> DISABLED <-> PUA-TOOLBARS Hijacker mxs toolbar runtime detection (pua-toolbars.rules) * 1:13646 <-> DISABLED <-> PUA-ADWARE Adware registry defender runtime detection - presale request (pua-adware.rules) * 1:13647 <-> DISABLED <-> PUA-ADWARE Adware registry defender runtime detection - error report request (pua-adware.rules) * 1:13648 <-> DISABLED <-> PUA-ADWARE Hijacker mysearch bar 2.0.2.28 runtime detection (pua-adware.rules) * 1:13649 <-> DISABLED <-> PUA-ADWARE Adware spyware stop runtime detection - presale request (pua-adware.rules) * 1:13650 <-> DISABLED <-> PUA-ADWARE Adware spyware stop runtime detection - auto updates (pua-adware.rules) * 1:13651 <-> DISABLED <-> MALWARE-OTHER Keylogger family cyber alert runtime detection - smtp traffic for recorded activities (malware-other.rules) * 1:13652 <-> DISABLED <-> PUA-ADWARE Keylogger all in one Keylogger runtime detection (pua-adware.rules) * 1:13653 <-> DISABLED <-> PUA-ADWARE Adware cashfiesta adbar runtime detection - updates traffic (pua-adware.rules) * 1:13694 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long get request exploit attempt (server-other.rules) * 1:13695 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long setup request exploit attempt (server-other.rules) * 1:13697 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation - alternate port (policy-other.rules) * 1:13698 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation - second alternate port (policy-other.rules) * 1:13719 <-> DISABLED <-> SERVER-ORACLE database username buffer overflow (server-oracle.rules) * 1:13762 <-> DISABLED <-> PUA-ADWARE Adware system defender runtime detection (pua-adware.rules) * 1:13764 <-> DISABLED <-> PUA-ADWARE Snoopware xpress remote outbound connection - init connection (pua-adware.rules) * 1:13765 <-> DISABLED <-> PUA-ADWARE Adware winxdefender runtime detection - presale request (pua-adware.rules) * 1:13766 <-> DISABLED <-> PUA-ADWARE Adware winxdefender runtime detection - auto update (pua-adware.rules) * 1:13767 <-> ENABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules) * 1:13768 <-> DISABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules) * 1:13769 <-> DISABLED <-> PUA-TOOLBARS Hijacker searchnine toolbar runtime detection - hijacks address bar (pua-toolbars.rules) * 1:13770 <-> DISABLED <-> PUA-TOOLBARS Hijacker searchnine toolbar runtime detection - redirects search function (pua-toolbars.rules) * 1:13771 <-> DISABLED <-> PUA-TOOLBARS Hijacker music of faith toolbar runtime detection - hijacks search engine traffic #1 (pua-toolbars.rules) * 1:13772 <-> DISABLED <-> PUA-TOOLBARS Hijacker music of faith toolbar runtime detection - hijacks search engine traffic #2 (pua-toolbars.rules) * 1:13774 <-> DISABLED <-> PUA-ADWARE Trickler trojan ecodec outbound connection - initial server connection #1 (pua-adware.rules) * 1:13775 <-> DISABLED <-> PUA-ADWARE Trickler trojan ecodec outbound connection - initial server connection #2 (pua-adware.rules) * 1:13776 <-> DISABLED <-> MALWARE-OTHER Trackware syscleaner runtime detection - presale traffic (malware-other.rules) * 1:13778 <-> DISABLED <-> MALWARE-OTHER Keylogger kgb employee monitor runtime detection (malware-other.rules) * 1:13779 <-> DISABLED <-> PUA-TOOLBARS Trackware proofile toolbar runtime detection (pua-toolbars.rules) * 1:13780 <-> DISABLED <-> PUA-TOOLBARS Hijacker find.fm toolbar runtime detection - automatic updates (pua-toolbars.rules) * 1:13781 <-> DISABLED <-> PUA-TOOLBARS Hijacker find.fm toolbar runtime detection - hijacks address bar (pua-toolbars.rules) * 1:13791 <-> DISABLED <-> INDICATOR-OBFUSCATION oversized cast statement - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:13797 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules) * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules) * 1:13808 <-> DISABLED <-> PUA-ADWARE Adware ie antivirus runtime detection - presale request (pua-adware.rules) * 1:13809 <-> DISABLED <-> PUA-ADWARE Adware ie antivirus runtime detection - update request (pua-adware.rules) * 1:13810 <-> DISABLED <-> PUA-ADWARE Trickler Adware.Win32.Ejik runtime detection - udp payload (pua-adware.rules) * 1:13811 <-> DISABLED <-> PUA-ADWARE Adware xp antivirus runtime detection (pua-adware.rules) * 1:13812 <-> DISABLED <-> MALWARE-OTHER Keylogger refog Keylogger runtime detection (malware-other.rules) * 1:13813 <-> DISABLED <-> PUA-ADWARE Trickler mm.exe outbound connection (pua-adware.rules) * 1:13840 <-> DISABLED <-> SERVER-OTHER Borland Interbase service attach operation buffer overflow (server-other.rules) * 1:13841 <-> DISABLED <-> SERVER-OTHER Borland Interbase create operation buffer overflow (server-other.rules) * 1:13842 <-> DISABLED <-> SERVER-OTHER Borland Interbase operation buffer overflow (server-other.rules) * 1:13844 <-> DISABLED <-> SERVER-MAIL BDAT size longer than contents exploit attempt (server-mail.rules) * 1:13845 <-> DISABLED <-> SERVER-MAIL BDAT size public exploit attempt (server-mail.rules) * 1:13847 <-> DISABLED <-> PUA-ADWARE Adware phoenician casino runtime detection (pua-adware.rules) * 1:13848 <-> DISABLED <-> PUA-ADWARE Trickler zwinky runtime detection (pua-adware.rules) * 1:13849 <-> DISABLED <-> PUA-ADWARE Hijacker rcse 4.4 outbound connection - hijack ie browser (pua-adware.rules) * 1:13850 <-> DISABLED <-> PUA-ADWARE Adware roogoo 2.0 runtime detection - popup ads (pua-adware.rules) * 1:13851 <-> DISABLED <-> PUA-ADWARE Adware roogoo 2.0 runtime detection - upgrade (pua-adware.rules) * 1:13852 <-> DISABLED <-> PUA-ADWARE Hijacker bitroll 5.0 outbound connection (pua-adware.rules) * 1:13853 <-> DISABLED <-> PUA-TOOLBARS Hijacker alot toolbar runtime detection - weather request (pua-toolbars.rules) * 1:13854 <-> DISABLED <-> PUA-TOOLBARS Hijacker alot toolbar runtime detection - auto update (pua-toolbars.rules) * 1:13861 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client avatar control (policy-social.rules) * 1:13862 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client item information download (policy-social.rules) * 1:13863 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client successful login (policy-social.rules) * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Dr. Watson error reporting attempt (policy-other.rules) * 1:13866 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker-fc.gen.a runtime detection - popup ads (malware-other.rules) * 1:13867 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker-fc.gen.a runtime detection (malware-other.rules) * 1:13868 <-> DISABLED <-> PUA-ADWARE Adware antispywaremaster runtime detection - start fake scanning (pua-adware.rules) * 1:13869 <-> DISABLED <-> PUA-ADWARE Adware antispywaremaster runtime detection - sale/register request (pua-adware.rules) * 1:13870 <-> DISABLED <-> PUA-ADWARE Adware coopen 5.0.0.87 runtime detection - init conn (pua-adware.rules) * 1:13871 <-> DISABLED <-> PUA-ADWARE Adware coopen 5.0.0.87 runtime detection - ads (pua-adware.rules) * 1:13872 <-> DISABLED <-> PUA-ADWARE Trickler fushion 1.2.4.17 outbound connection - notice (pua-adware.rules) * 1:13873 <-> DISABLED <-> PUA-ADWARE Trickler fushion 1.2.4.17 outbound connection - underground traffic (pua-adware.rules) * 1:13874 <-> DISABLED <-> PUA-ADWARE Adware malware destructor 4.5 runtime detection - order request (pua-adware.rules) * 1:13875 <-> DISABLED <-> PUA-ADWARE Adware malware destructor 4.5 runtime detection - auto update (pua-adware.rules) * 1:13898 <-> ENABLED <-> APP-DETECT Apple iTunes client request for server info (app-detect.rules) * 1:13899 <-> DISABLED <-> APP-DETECT Apple iTunes client login attempt (app-detect.rules) * 1:13900 <-> DISABLED <-> APP-DETECT Apple iTunes server multicast DNS response (app-detect.rules) * 1:13915 <-> ENABLED <-> FILE-IDENTIFY BAK file download request (file-identify.rules) * 1:13923 <-> DISABLED <-> SERVER-MAIL MailEnable SMTP HELO command denial of service attempt (server-mail.rules) * 1:13930 <-> DISABLED <-> PUA-ADWARE Trickler pc privacy cleaner outbound connection - order/register request (pua-adware.rules) * 1:13933 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - ads (malware-other.rules) * 1:13937 <-> DISABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant runtime detection - call home (pua-adware.rules) * 1:13938 <-> ENABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant outbound connection (pua-adware.rules) * 1:13939 <-> DISABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant runtime detection - auto update (pua-adware.rules) * 1:13940 <-> DISABLED <-> PUA-ADWARE Hijacker win32.bho.bgf outbound connection (pua-adware.rules) * 1:13943 <-> ENABLED <-> PUA-ADWARE Trickler dropper agent.rqg outbound connection (pua-adware.rules) * 1:13970 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules) * 1:13979 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Event System Subscription VBScript access (os-windows.rules) * 1:13983 <-> ENABLED <-> FILE-IDENTIFY EPS file download request (file-identify.rules) * 1:13987 <-> DISABLED <-> INDICATOR-OBFUSCATION oversized convert statement - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:13988 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to ascii function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:13989 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to char function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:13991 <-> DISABLED <-> SQL xp_regaddmultistring attempt (sql.rules) * 1:13992 <-> DISABLED <-> SQL xp_regdeletevalue attempt (sql.rules) * 1:13993 <-> DISABLED <-> SQL xp_regenumkeys attempt (sql.rules) * 1:13994 <-> DISABLED <-> SQL xp_regenumvalues attempt (sql.rules) * 1:13995 <-> DISABLED <-> SQL xp_regremovemultistring attempt (sql.rules) * 1:13996 <-> DISABLED <-> SQL xp_servicecontrol attempt (sql.rules) * 1:13997 <-> DISABLED <-> SQL xp_loginconfig attempt (sql.rules) * 1:13998 <-> DISABLED <-> SQL xp_terminate_process attempt (sql.rules) * 1:14008 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to concat function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules) * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules) * 1:14019 <-> DISABLED <-> FILE-MULTIMEDIA CyberLink PowerDVD playlist file handling stack overflow attempt (file-multimedia.rules) * 1:14020 <-> DISABLED <-> FILE-MULTIMEDIA CyberLink PowerDVD playlist file handling stack overflow attempt (file-multimedia.rules) * 1:14054 <-> DISABLED <-> PUA-ADWARE Adware AdwareALERT runtime detection - auto update (pua-adware.rules) * 1:14055 <-> DISABLED <-> PUA-TOOLBARS Hijacker rediff toolbar runtime detection - hijack ie auto search (pua-toolbars.rules) * 1:14056 <-> DISABLED <-> PUA-TOOLBARS Hijacker rediff toolbar runtime detection - get news info (pua-toolbars.rules) * 1:14058 <-> DISABLED <-> PUA-ADWARE Hijacker cpush 2 outbound connection - pass info to controlling server (pua-adware.rules) * 1:14061 <-> DISABLED <-> PUA-ADWARE Trickler antimalware guard runtime detection - order/register request (pua-adware.rules) * 1:14062 <-> DISABLED <-> PUA-ADWARE Trickler antimalware guard runtime detection - auto update (pua-adware.rules) * 1:14063 <-> DISABLED <-> PUA-ADWARE Hijacker cashon outbound connection - hijack ie searches (pua-adware.rules) * 1:14064 <-> DISABLED <-> PUA-ADWARE Hijacker cashon outbound connection - auto update (pua-adware.rules) * 1:14065 <-> DISABLED <-> MALWARE-OTHER Keylogger emptybase j runtime detection (malware-other.rules) * 1:14066 <-> DISABLED <-> PUA-ADWARE Adware winsecuredisc runtime detection (pua-adware.rules) * 1:14067 <-> DISABLED <-> PUA-ADWARE Adware swizzor runtime detection (pua-adware.rules) * 1:14068 <-> DISABLED <-> PUA-ADWARE Adware rond runtime detection (pua-adware.rules) * 1:14069 <-> DISABLED <-> PUA-ADWARE Adware brave sentry runtime detection - order request (pua-adware.rules) * 1:14070 <-> DISABLED <-> PUA-ADWARE Adware brave sentry runtime detection - self update (pua-adware.rules) * 1:14071 <-> DISABLED <-> PUA-ADWARE Hijacker Adware bho.gen runtime detection - pop-up window traffic #1 (pua-adware.rules) * 1:14072 <-> DISABLED <-> PUA-ADWARE Hijacker Adware bho.gen runtime detection - pop-up window traffic #2 (pua-adware.rules) * 1:14073 <-> DISABLED <-> PUA-ADWARE Hijacker Adware bho.gen runtime detection - prompt download page (pua-adware.rules) * 1:14074 <-> DISABLED <-> MALWARE-OTHER Keylogger spybosspro 4.2 runtime detection (malware-other.rules) * 1:14075 <-> DISABLED <-> MALWARE-OTHER Keylogger ultimate Keylogger pro runtime detection (malware-other.rules) * 1:14076 <-> DISABLED <-> PUA-ADWARE Hijacker Adware win32 mostofate runtime detection - hijack search (pua-adware.rules) * 1:14077 <-> DISABLED <-> PUA-ADWARE Hijacker Adware win32 mostofate runtime detection - redirect search results (pua-adware.rules) * 1:14078 <-> DISABLED <-> PUA-ADWARE Adware winspywareprotect runtime detection - download malicous code (pua-adware.rules) * 1:14079 <-> DISABLED <-> PUA-ADWARE Adware winspywareprotect runtime detection - connection to malicious sites (pua-adware.rules) * 1:14080 <-> DISABLED <-> PUA-ADWARE Adware winspywareprotect runtime detection - connection to malicious server (pua-adware.rules) * 1:14264 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (file-identify.rules) * 1:14265 <-> DISABLED <-> PROTOCOL-SCADA Multiple Schneider Electric SCADA products buffer overflow attempt (protocol-scada.rules) * 1:14600 <-> DISABLED <-> SERVER-OTHER SAP Message Server Heap buffer overflow attempt (server-other.rules) * 1:14602 <-> DISABLED <-> SERVER-OTHER Borland Interbase open_marker_file overflow attempt (server-other.rules) * 1:14608 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt (protocol-voip.rules) * 1:14609 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt (protocol-voip.rules) * 1:14615 <-> DISABLED <-> SERVER-OTHER Oracle Java web console format string attempt (server-other.rules) * 1:14741 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Foundation Service NULL service authentication attempt (server-other.rules) * 1:14777 <-> DISABLED <-> PROTOCOL-DNS single byte encoded name response (protocol-dns.rules) * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules) * 1:15071 <-> DISABLED <-> PROTOCOL-SCADA Modbus exception returned (protocol-scada.rules) * 1:15074 <-> DISABLED <-> PROTOCOL-SCADA Modbus user-defined function code - 65 to 72 (protocol-scada.rules) * 1:15075 <-> DISABLED <-> PROTOCOL-SCADA Modbus user-defined function code - 100 to 110 (protocol-scada.rules) * 1:15076 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple coils - too many outputs (protocol-scada.rules) * 1:15077 <-> DISABLED <-> PROTOCOL-SCADA Modbus read multiple coils - too many inputs (protocol-scada.rules) * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules) * 1:15083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file double free attempt (file-office.rules) * 1:15115 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt (os-windows.rules) * 1:15127 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (os-windows.rules) * 1:15128 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (os-windows.rules) * 1:15129 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (os-windows.rules) * 1:15130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (os-windows.rules) * 1:15131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function andx attempt (os-windows.rules) * 1:15132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function attempt (os-windows.rules) * 1:15133 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode andx attempt (os-windows.rules) * 1:15134 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode attempt (os-windows.rules) * 1:15135 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (os-windows.rules) * 1:15136 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (os-windows.rules) * 1:15137 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (os-windows.rules) * 1:15138 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (os-windows.rules) * 1:15139 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function andx attempt (os-windows.rules) * 1:15140 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function attempt (os-windows.rules) * 1:15141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode andx attempt (os-windows.rules) * 1:15142 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode attempt (os-windows.rules) * 1:15144 <-> DISABLED <-> SERVER-MSSQL sp_replwritetovarbin vulnerable function attempt (server-mssql.rules) * 1:15150 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server login Authentication bypass attempt (pua-other.rules) * 1:15151 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server logout Authentication bypass attempt (pua-other.rules) * 1:15152 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server setup-index Authentication bypass attempt (pua-other.rules) * 1:15154 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server gif Authentication bypass attempt (pua-other.rules) * 1:15155 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server png Authentication bypass attempt (pua-other.rules) * 1:15156 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server serverdown Authentication bypass attempt (pua-other.rules) * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules) * 1:15167 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cn dns query (indicator-compromise.rules) * 1:15168 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .ru dns query (indicator-compromise.rules) * 1:15169 <-> DISABLED <-> POLICY-SOCIAL XBOX Live Kerberos authentication request (policy-social.rules) * 1:15170 <-> DISABLED <-> POLICY-SOCIAL XBOX Netflix client activity (policy-social.rules) * 1:15171 <-> DISABLED <-> POLICY-SOCIAL XBOX Marketplace http request (policy-social.rules) * 1:15172 <-> DISABLED <-> POLICY-SOCIAL XBOX avatar retrieval request (policy-social.rules) * 1:15183 <-> DISABLED <-> POLICY-SOCIAL Yahoo messenger http link transmission attempt (policy-social.rules) * 1:15184 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN messenger http link transmission attempt (policy-social.rules) * 1:15185 <-> DISABLED <-> APP-DETECT Nintendo Wii SSL Server Hello (app-detect.rules) * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules) * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15259 <-> DISABLED <-> PROTOCOL-DNS DNS root query traffic amplification attempt (protocol-dns.rules) * 1:15260 <-> DISABLED <-> PROTOCOL-DNS DNS root query response traffic amplification attempt (protocol-dns.rules) * 1:15292 <-> DISABLED <-> POLICY-SOCIAL QQ protocol detected - version 2006 (policy-social.rules) * 1:15293 <-> DISABLED <-> POLICY-SOCIAL QQ protocol detected - version 2008 (policy-social.rules) * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules) * 1:15319 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules) * 1:15320 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules) * 1:15321 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules) * 1:15322 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules) * 1:15323 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules) * 1:15324 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules) * 1:15325 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules) * 1:15326 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules) * 1:15361 <-> ENABLED <-> FILE-PDF pdf file sent via email (file-pdf.rules) * 1:15363 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential obfuscated javascript eval unescape attack attempt (indicator-obfuscation.rules) * 1:15385 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules) * 1:15389 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area write attempt (protocol-scada.rules) * 1:15390 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area fill attempt (protocol-scada.rules) * 1:15391 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area transfer attempt (protocol-scada.rules) * 1:15392 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS parameter area write attempt (protocol-scada.rules) * 1:15393 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS parameter area clear attempt (protocol-scada.rules) * 1:15394 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect attempt (protocol-scada.rules) * 1:15395 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect clear attempt (protocol-scada.rules) * 1:15396 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area write attempt (protocol-scada.rules) * 1:15397 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area clear attempt (protocol-scada.rules) * 1:15398 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS RUN attempt (protocol-scada.rules) * 1:15399 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS STOP attempt (protocol-scada.rules) * 1:15400 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS clock write attempt (protocol-scada.rules) * 1:15401 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS access right acquire attempt (protocol-scada.rules) * 1:15402 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS access right forced acquire attempt (protocol-scada.rules) * 1:15403 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS single file write attempt (protocol-scada.rules) * 1:15404 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS file delete attempt (protocol-scada.rules) * 1:15405 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS forced set/reset attempt (protocol-scada.rules) * 1:15406 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS forced set/reset cancel attempt (protocol-scada.rules) * 1:15407 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS file memory write attempt (protocol-scada.rules) * 1:15408 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS data link table write attempt (protocol-scada.rules) * 1:15409 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS RESET attempt (protocol-scada.rules) * 1:15410 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS name delete attempt (protocol-scada.rules) * 1:15411 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory card format attempt (protocol-scada.rules) * 1:15412 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area write overflow attempt (protocol-scada.rules) * 1:15413 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area fill overflow attempt (protocol-scada.rules) * 1:15414 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect clear brute force attempt (protocol-scada.rules) * 1:15415 <-> DISABLED <-> CONTENT-REPLACE AIM or ICQ deny unencrypted login connection (content-replace.rules) * 1:15416 <-> DISABLED <-> CONTENT-REPLACE ICQ deny http proxy login (content-replace.rules) * 1:15417 <-> DISABLED <-> CONTENT-REPLACE AIM deny server certificate for encrypted login (content-replace.rules) * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:15418 <-> DISABLED <-> POLICY-SOCIAL AIM server certificate for encrypted login (policy-social.rules) * 1:15420 <-> DISABLED <-> CONTENT-REPLACE MSN deny login (content-replace.rules) * 1:15426 <-> ENABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules) * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules) * 1:15429 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny outbound login attempt (content-replace.rules) * 1:15435 <-> DISABLED <-> SERVER-OTHER IBM Director CIM server consumer name handling denial of service attempt (server-other.rules) * 1:15438 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny udp login (content-replace.rules) * 1:15439 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:15440 <-> DISABLED <-> CONTENT-REPLACE QQ 2008 deny udp login (content-replace.rules) * 1:15441 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:15442 <-> DISABLED <-> SERVER-MYSQL XML Functions ExtractValue Scalar XPath denial of service attempt (server-mysql.rules) * 1:15444 <-> ENABLED <-> FILE-IDENTIFY Core Audio Format file download request (file-identify.rules) * 1:15448 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrShareEnum null policy handle attempt (netbios.rules) * 1:15456 <-> DISABLED <-> SERVER-OTHER WinHTTP SSL/TLS impersonation attempt (server-other.rules) * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15470 <-> DISABLED <-> FILE-EXECUTABLE IIS ASP/ASP.NET potentially malicious file upload attempt (file-executable.rules) * 1:15475 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ISA Server cross-site scripting attempt (os-windows.rules) * 1:15476 <-> DISABLED <-> PUA-ADWARE Waledac spam bot HTTP POST request (pua-adware.rules) * 1:15480 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie record invalid version number exploit attempt (file-multimedia.rules) * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:15487 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime SMIL qtnext redirect file execution attempt (file-multimedia.rules) * 1:15501 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint ParaBuildAtom memory corruption attempt (file-office.rules) * 1:15502 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint DiagramBuildContainer memory corruption attempt (file-office.rules) * 1:15512 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:15513 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules) * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules) * 1:15522 <-> DISABLED <-> SERVER-OTHER Active Directory invalid OID denial of service attempt (server-other.rules) * 1:15528 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DCERPC NCACN-IP-TCP spoolss RpcSetPrinterDataEx attempt (os-windows.rules) * 1:15560 <-> DISABLED <-> POLICY-SOCIAL Yahoo Messenger web client activity (policy-social.rules) * 1:15561 <-> DISABLED <-> POLICY-SOCIAL AOL Aimexpress web client login (policy-social.rules) * 1:15562 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt (file-pdf.rules) * 1:15566 <-> DISABLED <-> PUA-ADWARE Gumblar HTTP GET request attempt (pua-adware.rules) * 1:15567 <-> DISABLED <-> PUA-ADWARE Martuz HTTP GET request attempt (pua-adware.rules) * 1:15568 <-> DISABLED <-> POLICY-SOCIAL AIM encrypted login attempt (policy-social.rules) * 1:15569 <-> DISABLED <-> POLICY-SOCIAL Yahoo encrypted login attempt (policy-social.rules) * 1:15570 <-> DISABLED <-> CONTENT-REPLACE Google Talk deny login (content-replace.rules) * 1:15572 <-> DISABLED <-> SERVER-OTHER Curse of Silence Nokia SMS DoS attempt (server-other.rules) * 1:15574 <-> DISABLED <-> SERVER-MAIL MAIL FROM command overflow attempt (server-mail.rules) * 1:15576 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web client login (policy-social.rules) * 1:15577 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web client activity (policy-social.rules) * 1:15578 <-> DISABLED <-> MALWARE-TOOLS Slowloris http DoS tool (malware-tools.rules) * 1:15579 <-> DISABLED <-> SERVER-OTHER Squid NTLM fakeauth_auth Helper denial of service attempt (server-other.rules) * 1:15581 <-> DISABLED <-> SERVER-SAMBA Samba wildcard filename matching denial of service attempt (server-samba.rules) * 1:15582 <-> ENABLED <-> FILE-IDENTIFY ARJ format file download request (file-identify.rules) * 1:15583 <-> DISABLED <-> FILE-OTHER F-Secure AntiVirus library heap overflow attempt (file-other.rules) * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:15680 <-> DISABLED <-> OS-WINDOWS Microsoft DirectShow QuickTime file atom size parsing heap corruption attempt (os-windows.rules) * 1:15683 <-> DISABLED <-> SERVER-OTHER ISA Server OTP-based Forms-authorization fallback policy bypass attempt (server-other.rules) * 1:15699 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3.5 unicode stack overflow attempt (browser-firefox.rules) * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules) * 1:15713 <-> DISABLED <-> PROTOCOL-SCADA DNP3 device trouble (protocol-scada.rules) * 1:15714 <-> DISABLED <-> PROTOCOL-SCADA DNP3 corrupt configuration (protocol-scada.rules) * 1:15715 <-> DISABLED <-> PROTOCOL-SCADA DNP3 event buffer overflow error (protocol-scada.rules) * 1:15716 <-> DISABLED <-> PROTOCOL-SCADA DNP3 parameter error (protocol-scada.rules) * 1:15717 <-> DISABLED <-> PROTOCOL-SCADA DNP3 unknown object error (protocol-scada.rules) * 1:15718 <-> DISABLED <-> PROTOCOL-SCADA DNP3 unsupported function code error (protocol-scada.rules) * 1:15719 <-> DISABLED <-> PROTOCOL-SCADA DNP3 link service not supported (protocol-scada.rules) * 1:15728 <-> DISABLED <-> FILE-PDF Possible Adobe Acrobat Reader ActionScript byte_array heap spray attempt (file-pdf.rules) * 1:15729 <-> DISABLED <-> FILE-FLASH Possible Adobe Flash Player ActionScript byte_array heap spray attempt (file-flash.rules) * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules) * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules) * 1:15873 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox location spoofing attempt via invalid window.open characters (browser-firefox.rules) * 1:15882 <-> DISABLED <-> SERVER-OTHER McAfee E-Business Server remote preauth code execution attempt (server-other.rules) * 1:15883 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x01 command buffer overflow attempt (server-other.rules) * 1:15884 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x02 command buffer overflow attempt (server-other.rules) * 1:15885 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x03 command buffer overflow attempt (server-other.rules) * 1:15886 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x04 command buffer overflow attempt (server-other.rules) * 1:15887 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x05 command buffer overflow attempt (server-other.rules) * 1:15888 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x31 command buffer overflow attempt (server-other.rules) * 1:15889 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x32 command buffer overflow attempt (server-other.rules) * 1:15890 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x33 command buffer overflow attempt (server-other.rules) * 1:15891 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x34 command buffer overflow attempt (server-other.rules) * 1:15892 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x53 command denial of service attempt (server-other.rules) * 1:15893 <-> DISABLED <-> FILE-OTHER fCreateShellLink function use - potential attack (file-other.rules) * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules) * 1:15903 <-> DISABLED <-> INDICATOR-SHELLCODE x86 PoC CVE-2003-0605 (indicator-shellcode.rules) * 1:15913 <-> DISABLED <-> OS-WINDOWS Microsoft Windows javascript arguments keyword override rce attempt (os-windows.rules) * 1:15921 <-> ENABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules) * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:15932 <-> DISABLED <-> PROTOCOL-FTP LIST globbing denial of service attack (protocol-ftp.rules) * 1:15934 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 172.16/12 address detected (protocol-dns.rules) * 1:15935 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 192.168/16 address detected (protocol-dns.rules) * 1:15936 <-> DISABLED <-> SERVER-MAIL Sendmail identd command parsing vulnerability (server-mail.rules) * 1:15937 <-> DISABLED <-> SERVER-OTHER protos h323 buffer overflow (server-other.rules) * 1:15939 <-> DISABLED <-> SERVER-OTHER MSN Messenger IRC bot calling home attempt (server-other.rules) * 1:15945 <-> ENABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules) * 1:15963 <-> DISABLED <-> OS-LINUX Red Hat Enterprise Linux DNS resolver buffer overflow attempt (os-linux.rules) * 1:15964 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange OWA XSS and spoofing attempt (server-mail.rules) * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules) * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules) * 1:15967 <-> DISABLED <-> SERVER-OTHER ICQ SRV_MULTI/SRV_META_USER overflow attempt (server-other.rules) * 1:15969 <-> DISABLED <-> SERVER-OTHER Symantec Multiple Products ISAKMPd denial of service attempt (server-other.rules) * 1:15970 <-> DISABLED <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt (server-other.rules) * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules) * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules) * 1:15979 <-> DISABLED <-> SERVER-OTHER Check Point VPN-1 ASN.1 Decoding heap overflow attempt (server-other.rules) * 1:15980 <-> DISABLED <-> SERVER-APACHE Apache mod_ssl hook functions format string attempt (server-apache.rules) * 1:15981 <-> DISABLED <-> FILE-OTHER zlib Denial of Service (file-other.rules) * 1:15983 <-> DISABLED <-> SERVER-SAMBA Samba arbitrary file access exploit attempt (server-samba.rules) * 1:15984 <-> DISABLED <-> SERVER-SAMBA Samba Printer Change Notification Request DoS attempt (server-samba.rules) * 1:15985 <-> DISABLED <-> OS-WINDOWS Microsoft ASP.NET canonicalization exploit attempt (os-windows.rules) * 1:15986 <-> DISABLED <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt (server-samba.rules) * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules) * 1:15988 <-> DISABLED <-> OS-WINDOWS Microsoft ISA Server DNS spoofing attempt (os-windows.rules) * 1:15989 <-> DISABLED <-> SERVER-OTHER Squid ASN.1 header parsing denial of service attempt (server-other.rules) * 1:15996 <-> DISABLED <-> OS-WINDOWS Microsoft Negotiate SSP buffer overflow attempt (os-windows.rules) * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules) * 1:16025 <-> DISABLED <-> SERVER-MAIL MailEnable SMTP service SPF lookup buffer overflow attempt (server-mail.rules) * 1:16038 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Thunderbird WYSIWYG engine filtering IFRAME JavaScript execution attempt (browser-firefox.rules) * 1:16040 <-> DISABLED <-> SERVER-OTHER SpamAssassin spamd vpopmail and paranoid options code execution attempt (server-other.rules) * 1:16044 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox CSS Letter-Spacing overflow attempt (browser-firefox.rules) * 1:16051 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 conversion library code execution attempt (file-office.rules) * 1:16053 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules) * 1:16057 <-> DISABLED <-> SERVER-MAIL Sendmail smtp timeout buffer overflow attempt (server-mail.rules) * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules) * 1:16062 <-> DISABLED <-> FILE-OTHER ACD Systems ACDSee Products XPM values section buffer overflow attempt (file-other.rules) * 1:16076 <-> DISABLED <-> SERVER-OTHER Tripwire format string vulnerability nfs exploit attempt (server-other.rules) * 1:16077 <-> DISABLED <-> SERVER-OTHER Tripwire format string vulnerability ftp exploit attempt (server-other.rules) * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules) * 1:16092 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.delf.jwh runtime detection (malware-backdoor.rules) * 1:16114 <-> DISABLED <-> PUA-TOOLBARS Hijacker cramtoolbar runtime detection - hijack (pua-toolbars.rules) * 1:16115 <-> DISABLED <-> PUA-TOOLBARS Hijacker cramtoolbar runtime detection - search (pua-toolbars.rules) * 1:16116 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - pass user info to remote server (malware-other.rules) * 1:16117 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - ads (malware-other.rules) * 1:16118 <-> DISABLED <-> PUA-ADWARE Adware winreanimator runtime detection - register request (pua-adware.rules) * 1:16119 <-> DISABLED <-> PUA-ADWARE Adware winreanimator runtime detection - daily update (pua-adware.rules) * 1:16120 <-> DISABLED <-> PUA-TOOLBARS Trackware 6sq toolbar runtime detection (pua-toolbars.rules) * 1:16121 <-> DISABLED <-> PUA-ADWARE Hijacker weatherstudio outbound connection (pua-adware.rules) * 1:16122 <-> DISABLED <-> PUA-ADWARE rogue antivirus xp 2008 runtime detection - buy (pua-adware.rules) * 1:16123 <-> DISABLED <-> PUA-ADWARE rogue antivirus xp 2008 runtime detection - update (pua-adware.rules) * 1:16125 <-> DISABLED <-> MALWARE-OTHER Keylogger spyyahoo v2.2 runtime detection (malware-other.rules) * 1:16126 <-> DISABLED <-> PUA-ADWARE Trickler virusremover 2008 outbound connection (pua-adware.rules) * 1:16127 <-> DISABLED <-> PUA-ADWARE Adware superiorads runtime detection (pua-adware.rules) * 1:16129 <-> DISABLED <-> MALWARE-OTHER Keylogger kamyab Keylogger v.3 runtime detection (malware-other.rules) * 1:16130 <-> DISABLED <-> MALWARE-OTHER Keylogger lord spy pro 1.4 runtime detection (malware-other.rules) * 1:16131 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker trojan zlob.dnz runtime detection - ads (malware-other.rules) * 1:16132 <-> DISABLED <-> MALWARE-OTHER Trackware owlforce runtime detection - remote server #1 (malware-other.rules) * 1:16133 <-> DISABLED <-> MALWARE-OTHER Trackware owlforce runtime detection - remote server #2 (malware-other.rules) * 1:16134 <-> DISABLED <-> PUA-ADWARE Adware spyware guard 2008 runtime detection - contacts remote server (pua-adware.rules) * 1:16135 <-> DISABLED <-> PUA-ADWARE Adware spyware guard 2008 runtime detection - purchase page (pua-adware.rules) * 1:16136 <-> DISABLED <-> PUA-ADWARE Hijacker xp antispyware 2009 runtime detection - pre-sale webpage (pua-adware.rules) * 1:16137 <-> DISABLED <-> MALWARE-OTHER Keylogger cheat monitor runtime detection (malware-other.rules) * 1:16138 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool 0desa msn pass stealer 8.5 runtime detection (malware-tools.rules) * 1:16141 <-> DISABLED <-> SERVER-OTHER Kaspersky Online Scanner trojaned Dll download attempt (server-other.rules) * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:16153 <-> DISABLED <-> FILE-IMAGE Microsoft Windows malformed WMF meta escape record memory corruption attempt (file-image.rules) * 1:16154 <-> DISABLED <-> FILE-EXECUTABLE GDI+ .NET image property parsing memory corruption (file-executable.rules) * 1:16156 <-> DISABLED <-> FILE-MULTIMEDIA Windows Media Player ASF marker object memory corruption attempt (file-multimedia.rules) * 1:16157 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed ASF voice codec memory corruption attempt (os-windows.rules) * 1:16158 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Runtime malformed ASF codec memory corruption attempt (os-windows.rules) * 1:16167 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSASS integer wrap denial of service attempt (os-windows.rules) * 1:16168 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 integer overflow denial of service attempt (os-windows.rules) * 1:16173 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D progressive mesh continuation pointer overwrite attempt (file-pdf.rules) * 1:16174 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D progressive mesh continuation off by one index attempt (file-pdf.rules) * 1:16175 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.removeStateModel denial of service attempt (file-pdf.rules) * 1:16176 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.addStateModel remote corruption attempt (file-pdf.rules) * 1:16177 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word GDI+ Office Art Property Table remote code execution attempt (file-office.rules) * 1:16178 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel GDI+ Office Art Property Table remote code execution attempt (file-office.rules) * 1:16179 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET MSIL CLR interface multiple instantiation attempt (file-executable.rules) * 1:16181 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI ASN.1 integer overflow attempt (os-windows.rules) * 1:16182 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET MSIL stack corruption attempt (file-executable.rules) * 1:16183 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows .NET MSIL CombineImpl suspicious usage attempt (file-executable.rules) * 1:16184 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:16185 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ compressed TIFF file parsing remote code execution attempt (os-windows.rules) * 1:16186 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ interlaced PNG file parsing heap overflow attempt (file-image.rules) * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules) * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:16220 <-> DISABLED <-> FILE-OTHER Adobe Shockwave director file malformed lcsr block memory corruption attempt (file-other.rules) * 1:16223 <-> DISABLED <-> FILE-OTHER Adobe Shockwave tSAC pointer overwrite attempt (file-other.rules) * 1:16224 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes invalid tref box exploit attempt (file-multimedia.rules) * 1:16225 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Flash arbitrary memory access attempt (file-other.rules) * 1:16226 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel integer field in row record improper validation remote code execution attempt (file-office.rules) * 1:16227 <-> DISABLED <-> SERVER-OTHER Web Service on Devices API WSDAPI URL processing buffer corruption attempt (server-other.rules) * 1:16228 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed StartObject record arbitrary code execution attempt (file-office.rules) * 1:16229 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel oversized ib memory corruption attempt (file-office.rules) * 1:16233 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel oversized ptgFuncVar cparams value buffer overflow attempt (file-office.rules) * 1:16234 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules) * 1:16235 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SXDB record exploit attempt (file-office.rules) * 1:16236 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SxView record exploit attempt (file-office.rules) * 1:16237 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory NTDSA stack space exhaustion attempt (server-other.rules) * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules) * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules) * 1:16240 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file Window/Pane record exploit attempt (file-office.rules) * 1:16241 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FeatHdr BIFF record remote code execution attempt (file-office.rules) * 1:16244 <-> DISABLED <-> PUA-ADWARE rogue software xp police antivirus runtime detection - purchase (pua-adware.rules) * 1:16245 <-> DISABLED <-> PUA-ADWARE rogue software xp police antivirus install-timedetection (pua-adware.rules) * 1:16246 <-> DISABLED <-> PUA-ADWARE rogue software spyware protect 2009 outbound connection - purchase request (pua-adware.rules) * 1:16247 <-> DISABLED <-> PUA-ADWARE rogue software spyware protect 2009 outbound connection - block (pua-adware.rules) * 1:16248 <-> DISABLED <-> PUA-ADWARE rogue software ms antispyware 2009 runtime detection - start (pua-adware.rules) * 1:16249 <-> DISABLED <-> PUA-ADWARE rogue software ms antispyware 2009 runtime detection - pay (pua-adware.rules) * 1:16250 <-> DISABLED <-> PUA-ADWARE rogue software win pc defender outbound connection (pua-adware.rules) * 1:16251 <-> DISABLED <-> PUA-ADWARE rogue software win pc defender outbound connection (pua-adware.rules) * 1:16252 <-> DISABLED <-> PUA-ADWARE rogue software pro antispyware 2009 runtime detection - purchase (pua-adware.rules) * 1:16253 <-> DISABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules) * 1:16254 <-> ENABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules) * 1:16255 <-> DISABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules) * 1:16256 <-> DISABLED <-> PUA-ADWARE rogue software coreguard antivirus 2009 runtime detection (pua-adware.rules) * 1:16257 <-> DISABLED <-> PUA-ADWARE rogue software perfect defender 2009 outbound connection - update (pua-adware.rules) * 1:16258 <-> DISABLED <-> PUA-ADWARE rogue software perfect defender 2009 outbound connection - purchase (pua-adware.rules) * 1:16259 <-> DISABLED <-> PUA-ADWARE rogue software antivirusdoktor2009 runtime detection (pua-adware.rules) * 1:16260 <-> DISABLED <-> PUA-ADWARE rogue software xp antivirus protection runtime detection - installation (pua-adware.rules) * 1:16261 <-> DISABLED <-> PUA-ADWARE rogue software xp antivirus protection runtime detection - runtime (pua-adware.rules) * 1:16262 <-> DISABLED <-> PUA-ADWARE rogue software xp-shield outbound connection (pua-adware.rules) * 1:16263 <-> DISABLED <-> PUA-ADWARE rogue software xp-shield outbound connection - installation (pua-adware.rules) * 1:16264 <-> DISABLED <-> PUA-ADWARE rogue software 007 anti-spyware runtime detection - update (pua-adware.rules) * 1:16265 <-> DISABLED <-> PUA-ADWARE rogue software 007 anti-spyware runtime detection - register (pua-adware.rules) * 1:16266 <-> DISABLED <-> PUA-ADWARE rogue software pc antispyware 2010 runtime detection - buy (pua-adware.rules) * 1:16267 <-> DISABLED <-> PUA-ADWARE rogue software pc antispyware 2010 runtime detection - files (pua-adware.rules) * 1:16276 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl outbound connection (pua-adware.rules) * 1:16277 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl outbound connection - downloads malicious files (pua-adware.rules) * 1:16278 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl installime detection - updates remote server (pua-adware.rules) * 1:16279 <-> DISABLED <-> PUA-ADWARE rogue-software windows antivirus 2008 runtime detection - pre-sale page (pua-adware.rules) * 1:16280 <-> DISABLED <-> PUA-ADWARE rogue-software windows antivirus 2008 runtime detection - registration and payment page (pua-adware.rules) * 1:16281 <-> DISABLED <-> PUA-P2P BitTorrent scrape request (pua-p2p.rules) * 1:16282 <-> DISABLED <-> PUA-P2P Bittorrent uTP peer request (pua-p2p.rules) * 1:16285 <-> DISABLED <-> PROTOCOL-RPC AIX ttdbserv function 15 buffer overflow attempt (protocol-rpc.rules) * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules) * 1:16287 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt (os-windows.rules) * 1:16290 <-> DISABLED <-> SERVER-ORACLE Oracle database server CREATE_TABLES SQL injection attempt (server-oracle.rules) * 1:16293 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Flash memory corruption attempt (file-other.rules) * 1:16294 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP stack zero window size exploit attempt (os-windows.rules) * 1:16309 <-> DISABLED <-> SERVER-ORACLE auth_sesskey buffer overflow attempt (server-oracle.rules) * 1:16312 <-> DISABLED <-> SERVER-IIS ADFS custom header arbitrary code execution attempt (server-iis.rules) * 1:16313 <-> DISABLED <-> FILE-EXECUTABLE download of executable content (file-executable.rules) * 1:16314 <-> DISABLED <-> FILE-OFFICE Microsoft Windows WordPad and Office text converter integer overflow attempt (file-office.rules) * 1:16315 <-> DISABLED <-> FILE-FLASH Adobe Flash PlugIn check if file exists attempt (file-flash.rules) * 1:16316 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed getPropertyLate actioncode attempt (file-flash.rules) * 1:16320 <-> DISABLED <-> FILE-IMAGE Adobe PNG empty sPLT exploit attempt (file-image.rules) * 1:16321 <-> DISABLED <-> FILE-IMAGE Adobe tiff oversized image length attempt (file-image.rules) * 1:16322 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader oversized object width attempt (file-pdf.rules) * 1:16323 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2k uninitialized QCC memory corruption attempt (file-pdf.rules) * 1:16324 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader doc.export arbitrary file write attempt (file-pdf.rules) * 1:16325 <-> DISABLED <-> FILE-PDF Adobe JPEG2k uninitialized QCC memory corruption attempt (file-pdf.rules) * 1:16327 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ TIFF RLE compressed data buffer overflow attempt (os-windows.rules) * 1:16328 <-> DISABLED <-> FILE-OFFICE Microsoft Office Project file parsing arbitrary memory access attempt (file-office.rules) * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt (server-other.rules) * 1:16335 <-> DISABLED <-> FILE-PDF XPDF ObjectStream integer overflow (file-pdf.rules) * 1:16336 <-> DISABLED <-> FILE-PDF Blackberry Server PDF JBIG2 numnewsyms remote code execution attempt (file-pdf.rules) * 1:16337 <-> DISABLED <-> FILE-FLASH Adobe Flash Player directory traversal attempt (file-flash.rules) * 1:16345 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file HostList processing stack buffer overflow attempt (file-other.rules) * 1:16346 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file InformixServerList processing stack buffer overflow attempt (file-other.rules) * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:16348 <-> DISABLED <-> SERVER-MYSQL database PROCEDURE ANALYSE denial of service attempt - 1 (server-mysql.rules) * 1:16349 <-> DISABLED <-> SERVER-MYSQL database Procedure Analyse denial of service attempt - 2 (server-mysql.rules) * 1:16350 <-> DISABLED <-> SERVER-OTHER ntp mode 7 denial of service attempt (server-other.rules) * 1:16354 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader start-of-file alternate header obfuscation (file-pdf.rules) * 1:16355 <-> DISABLED <-> FILE-PDF Xpdf Splash DrawImage integer overflow attempt (file-pdf.rules) * 1:16356 <-> DISABLED <-> SERVER-IIS multiple extension code execution attempt (server-iis.rules) * 1:16357 <-> DISABLED <-> PROTOCOL-FTP multiple extension code execution attempt (protocol-ftp.rules) * 1:16361 <-> DISABLED <-> FILE-OFFICE Microsoft Office BMP header biClrUsed integer overflow attempt (file-office.rules) * 1:16363 <-> DISABLED <-> FILE-EXECUTABLE potentially executable file upload via FTP (file-executable.rules) * 1:16365 <-> DISABLED <-> PUA-ADWARE OnlineGames download attempt (pua-adware.rules) * 1:16366 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded OpenType font engine LZX decompression buffer overflow attempt (os-windows.rules) * 1:16374 <-> DISABLED <-> SERVER-OTHER Oracle Internet Directory heap corruption attempt (server-other.rules) * 1:16381 <-> ENABLED <-> NETBIOS SMB session negotiation request (netbios.rules) * 1:16385 <-> DISABLED <-> SERVER-MYSQL yaSSL library cert parsing stack overflow attempt (server-mysql.rules) * 1:16390 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader alternate file magic obfuscation (file-pdf.rules) * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16410 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint file LinkedSlide10Atom record parsing heap corruption attempt (file-office.rules) * 1:16434 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.51-v0.61 packed file magic detected (file-identify.rules) * 1:16436 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v2.90 v2.93-v3.00 packed file magic detected (file-identify.rules) * 1:16437 <-> DISABLED <-> SERVER-OTHER CVS Entry line flag remote heap overflow attempt (server-other.rules) * 1:16443 <-> DISABLED <-> POLICY-SOCIAL deny Gmail chat DNS request (policy-social.rules) * 1:16454 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt - empty SMB 2 (os-windows.rules) * 1:16455 <-> DISABLED <-> MALWARE-OTHER Keylogger egyspy keylogger 1.13 runtime detection (malware-other.rules) * 1:16456 <-> DISABLED <-> PUA-ADWARE Rogue-Software ang antivirus 09 runtime detection (pua-adware.rules) * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules) * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:16476 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (file-identify.rules) * 1:16477 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (file-identify.rules) * 1:16478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (file-identify.rules) * 1:16479 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer exploit attempt - public shell code (server-apache.rules) * 1:16480 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer exploit attempt (server-apache.rules) * 1:16486 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - command execution attempt (malware-backdoor.rules) * 1:16487 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - yes command attempt (malware-backdoor.rules) * 1:16488 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - write file attempt (malware-backdoor.rules) * 1:16494 <-> DISABLED <-> PUA-ADWARE Cutwail spambot server communication attempt (pua-adware.rules) * 1:16498 <-> DISABLED <-> PUA-ADWARE PC Antispyware 2010 FakeAV download/update attempt (pua-adware.rules) * 1:16513 <-> DISABLED <-> SQL Jive Software Openfire Jabber Server SQL injection attempt (sql.rules) * 1:16525 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web login attempt (policy-social.rules) * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16535 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio improper attribute code execution attempt (file-office.rules) * 1:16536 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio off-by-one in array index code execution attempt (file-office.rules) * 1:16538 <-> ENABLED <-> NETBIOS NT QUERY SECURITY DESC flowbit (netbios.rules) * 1:16539 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 BytesNeeded ring0 buffer overflow attempt (os-windows.rules) * 1:16546 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader/Acrobat Pro CFF font parsing heap overflow attempt (file-pdf.rules) * 1:16550 <-> DISABLED <-> FILE-OTHER Oracle JRE Java Platform SE and Java Deployment Toolkit plugins code execution attempt - java-deployment-toolkit (file-other.rules) * 1:16552 <-> DISABLED <-> FILE-IDENTIFY Adobe .pfb file download request (file-identify.rules) * 1:16553 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ptg index parsing code execution attempt (file-office.rules) * 1:16556 <-> ENABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm get request attempt (file-other.rules) * 1:16557 <-> DISABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm inbound communication attempt (file-other.rules) * 1:16562 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 2 (file-image.rules) * 1:16563 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 3 (file-image.rules) * 1:16564 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 4 (file-image.rules) * 1:16577 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 compound request DoS attempt (os-windows.rules) * 1:16579 <-> DISABLED <-> PUA-OTHER mIRC IRC URL buffer overflow attempt (pua-other.rules) * 1:16582 <-> DISABLED <-> FILE-OTHER Un4seen Developments XMPlay crafted ASX file buffer overflow attempt (file-other.rules) * 1:16586 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules) * 1:16592 <-> DISABLED <-> BROWSER-OTHER Opera asynchronous document modifications attempted memory corruption (browser-other.rules) * 1:16594 <-> ENABLED <-> PROTOCOL-POP STAT command (protocol-pop.rules) * 1:16598 <-> DISABLED <-> SERVER-OTHER Green Dam URL handling overflow attempt (server-other.rules) * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules) * 1:16611 <-> DISABLED <-> SERVER-APACHE Apache 413 error HTTP request method cross-site scripting attack (server-apache.rules) * 1:16612 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox oversized SOCKS5 DNS reply memory corruption attempt (browser-firefox.rules) * 1:16613 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - cmd (indicator-compromise.rules) * 1:16614 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - search (indicator-compromise.rules) * 1:16615 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - upload (indicator-compromise.rules) * 1:16616 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - about (indicator-compromise.rules) * 1:16617 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - encoder (indicator-compromise.rules) * 1:16618 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - bind (indicator-compromise.rules) * 1:16619 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ps_aux (indicator-compromise.rules) * 1:16620 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ftpquickbrute (indicator-compromise.rules) * 1:16621 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - security (indicator-compromise.rules) * 1:16622 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - sql (indicator-compromise.rules) * 1:16623 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - eval (indicator-compromise.rules) * 1:16624 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - feedback (indicator-compromise.rules) * 1:16625 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - selfremove (indicator-compromise.rules) * 1:16626 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - fsbuff (indicator-compromise.rules) * 1:16627 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ls (indicator-compromise.rules) * 1:16628 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - phpinfo (indicator-compromise.rules) * 1:16630 <-> ENABLED <-> FILE-IDENTIFY DAT file download request (file-identify.rules) * 1:16655 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lbl record stack overflow attempt (file-office.rules) * 1:16680 <-> DISABLED <-> APP-DETECT Tandberg VCS SSH default key (app-detect.rules) * 1:16686 <-> DISABLED <-> SERVER-OTHER IBM WebSphere application server cross site scripting attempt (server-other.rules) * 1:16689 <-> DISABLED <-> SERVER-OTHER Palo Alto Networks Firewall editUser.esp XSS attempt (server-other.rules) * 1:16691 <-> ENABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules) * 1:16696 <-> DISABLED <-> FILE-OTHER Astonsoft Deepburner db file path buffer overflow attempt (file-other.rules) * 1:16697 <-> DISABLED <-> PROTOCOL-FTP httpdx USER null byte denial of service (protocol-ftp.rules) * 1:16698 <-> DISABLED <-> PROTOCOL-FTP httpdx PASS null byte denial of service (protocol-ftp.rules) * 1:16707 <-> DISABLED <-> SERVER-MYSQL mysql_log COM_CREATE_DB format string vulnerability exploit attempt (server-mysql.rules) * 1:16708 <-> DISABLED <-> SERVER-MYSQL mysql_log COM_DROP_DB format string vulnerability exploit attempt (server-mysql.rules) * 1:16718 <-> DISABLED <-> PUA-OTHER Skype URI handler input validation exploit attempt (pua-other.rules) * 1:16726 <-> DISABLED <-> FILE-OTHER gAlan malformed file stack overflow attempt (file-other.rules) * 1:16727 <-> DISABLED <-> FILE-OTHER IDEAL Administration IPJ file handling stack overflow attempt (file-other.rules) * 1:16730 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules) * 1:16731 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules) * 1:16732 <-> DISABLED <-> FILE-OTHER SafeNet SoftRemote multiple policy file local overflow attempt (file-other.rules) * 1:16733 <-> DISABLED <-> FILE-OTHER UltraISO CCD file handling overflow attempt (file-other.rules) * 1:16734 <-> DISABLED <-> FILE-OTHER multiple products malformed CUE file buffer overflow attempt (file-other.rules) * 1:16735 <-> DISABLED <-> FILE-OTHER URSoft W32Dasm Import/Export function buffer overflow attempt (file-other.rules) * 1:16736 <-> DISABLED <-> FILE-OTHER VariCAD multiple products DWB file handling overflow attempt (file-other.rules) * 1:16737 <-> DISABLED <-> FILE-MULTIMEDIA Xenorate Media Player XPL file handling overflow attempt - 1 (file-multimedia.rules) * 1:16738 <-> DISABLED <-> FILE-MULTIMEDIA Xenorate Media Player XPL file handling overflow attempt - 2 (file-multimedia.rules) * 1:16739 <-> DISABLED <-> FILE-MULTIMEDIA Multiple audio players playlist file handling heap overflow attempt (file-multimedia.rules) * 1:16742 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file download request (file-identify.rules) * 1:16743 <-> DISABLED <-> FILE-OTHER Cain & Abel Remote Desktop Protocol file handling buffer overflow attempt (file-other.rules) * 1:16744 <-> DISABLED <-> FILE-MULTIMEDIA Worldweaver DX Studio Player plug-in command injection attempt (file-multimedia.rules) * 1:16787 <-> DISABLED <-> FILE-OTHER Symantec multiple products AeXNSConsoleUtilities RunCMD buffer overflow attempt (file-other.rules) * 1:16795 <-> DISABLED <-> BROWSER-CHROME Google Chrome FTP handling out-of-bounds array index denial of service attempt (browser-chrome.rules) * 1:16799 <-> DISABLED <-> SERVER-MAIL Eureka Mail 2.2q server error response overflow attempt (server-mail.rules) * 1:16801 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll remote memory corruption denial of service attempt (file-pdf.rules) * 1:16934 <-> DISABLED <-> POLICY-SPAM pku-edp.cn known spam email attempt (policy-spam.rules) * 1:16935 <-> DISABLED <-> POLICY-SPAM sjtu-edp.cn known spam email attempt (policy-spam.rules) * 1:16936 <-> DISABLED <-> POLICY-SPAM xoposuhop.cn xoposuhop.cn known spam email attempt (policy-spam.rules) * 1:16937 <-> DISABLED <-> POLICY-SPAM bestdrug-store.com known spam email attempt (policy-spam.rules) * 1:16938 <-> DISABLED <-> POLICY-SPAM pharmrik66y.ru known spam email attempt (policy-spam.rules) * 1:16939 <-> DISABLED <-> POLICY-SPAM refillleonardo59y.ru known spam email attempt (policy-spam.rules) * 1:16940 <-> DISABLED <-> POLICY-SPAM medfreddie55a.ru known spam email attempt (policy-spam.rules) * 1:16941 <-> DISABLED <-> POLICY-SPAM drugshershel38w.ru known spam email attempt (policy-spam.rules) * 1:16942 <-> DISABLED <-> POLICY-SPAM drugshayyim77n.ru known spam email attempt (policy-spam.rules) * 1:16943 <-> DISABLED <-> POLICY-SPAM erectguthry99c.ru known spam email attempt (policy-spam.rules) * 1:16944 <-> DISABLED <-> POLICY-SPAM pilldory92n.ru known spam email attempt (policy-spam.rules) * 1:16945 <-> DISABLED <-> POLICY-SPAM tabwinn77t.ru known spam email attempt (policy-spam.rules) * 1:16946 <-> DISABLED <-> POLICY-SPAM pillrenault15j.ru known spam email attempt (policy-spam.rules) * 1:16947 <-> DISABLED <-> POLICY-SPAM pharmrolland95h.ru known spam email attempt (policy-spam.rules) * 1:16948 <-> DISABLED <-> POLICY-SPAM onlineheindrick60i.ru known spam email attempt (policy-spam.rules) * 1:16949 <-> DISABLED <-> POLICY-SPAM erectnormie71a.ru known spam email attempt (policy-spam.rules) * 1:16950 <-> DISABLED <-> POLICY-SPAM tabscotti71i.ru known spam email attempt (policy-spam.rules) * 1:16951 <-> DISABLED <-> POLICY-SPAM drugsjudd45f.ru known spam email attempt (policy-spam.rules) * 1:16952 <-> DISABLED <-> POLICY-SPAM pharmharman55y.ru known spam email attempt (policy-spam.rules) * 1:16953 <-> DISABLED <-> POLICY-SPAM medgaultiero11e.ru known spam email attempt (policy-spam.rules) * 1:16954 <-> DISABLED <-> POLICY-SPAM pillgaylor21n.ru known spam email attempt (policy-spam.rules) * 1:16955 <-> DISABLED <-> POLICY-SPAM drugspenn84f.ru known spam email attempt (policy-spam.rules) * 1:16956 <-> DISABLED <-> POLICY-SPAM medebeneser68c.ru known spam email attempt (policy-spam.rules) * 1:16957 <-> DISABLED <-> POLICY-SPAM tabmario94r.ru known spam email attempt (policy-spam.rules) * 1:16958 <-> DISABLED <-> POLICY-SPAM tablennard88q.ru known spam email attempt (policy-spam.rules) * 1:16959 <-> DISABLED <-> POLICY-SPAM medforster79j.ru known spam email attempt (policy-spam.rules) * 1:16960 <-> DISABLED <-> POLICY-SPAM erectvincent21v.ru known spam email attempt (policy-spam.rules) * 1:16961 <-> DISABLED <-> POLICY-SPAM drugsdemott21o.ru known spam email attempt (policy-spam.rules) * 1:16962 <-> DISABLED <-> POLICY-SPAM onlinelovell30p.ru known spam email attempt (policy-spam.rules) * 1:16963 <-> DISABLED <-> POLICY-SPAM erecttaylor49i.ru known spam email attempt (policy-spam.rules) * 1:16964 <-> DISABLED <-> POLICY-SPAM smellexact.ru known spam email attempt (policy-spam.rules) * 1:16965 <-> DISABLED <-> POLICY-SPAM givehome.ru known spam email attempt (policy-spam.rules) * 1:16966 <-> DISABLED <-> POLICY-SPAM thingpath.ru known spam email attempt (policy-spam.rules) * 1:16967 <-> DISABLED <-> POLICY-SPAM wereif.ru known spam email attempt (policy-spam.rules) * 1:16968 <-> DISABLED <-> POLICY-SPAM bassmax.ru known spam email attempt (policy-spam.rules) * 1:16969 <-> DISABLED <-> POLICY-SPAM steadfig.ru known spam email attempt (policy-spam.rules) * 1:16970 <-> DISABLED <-> POLICY-SPAM drugsmayne5a.ru known spam email attempt (policy-spam.rules) * 1:16971 <-> DISABLED <-> POLICY-SPAM mystick.ru known spam email attempt (policy-spam.rules) * 1:16972 <-> DISABLED <-> POLICY-SPAM drugsrey95a.ru known spam email attempt (policy-spam.rules) * 1:16973 <-> DISABLED <-> POLICY-SPAM milklowly.ru known spam email attempt (policy-spam.rules) * 1:16974 <-> DISABLED <-> POLICY-SPAM numberenough.ru known spam email attempt (policy-spam.rules) * 1:16975 <-> DISABLED <-> POLICY-SPAM oldsheer.ru known spam email attempt (policy-spam.rules) * 1:16976 <-> DISABLED <-> POLICY-SPAM logzest.ru known spam email attempt (policy-spam.rules) * 1:16977 <-> DISABLED <-> POLICY-SPAM energypotent.ru known spam email attempt (policy-spam.rules) * 1:16978 <-> DISABLED <-> POLICY-SPAM outhave.ru known spam email attempt (policy-spam.rules) * 1:16979 <-> DISABLED <-> POLICY-SPAM solvecalm.ru known spam email attempt (policy-spam.rules) * 1:16980 <-> DISABLED <-> POLICY-SPAM stillvisit.ru known spam email attempt (policy-spam.rules) * 1:16981 <-> DISABLED <-> POLICY-SPAM livelycall.ru known spam email attempt (policy-spam.rules) * 1:16982 <-> DISABLED <-> POLICY-SPAM 64.com1.ru known spam email attempt (policy-spam.rules) * 1:16983 <-> DISABLED <-> POLICY-SPAM heatsettle.ru known spam email attempt (policy-spam.rules) * 1:16984 <-> DISABLED <-> POLICY-SPAM freshmuch.ru known spam email attempt (policy-spam.rules) * 1:16985 <-> DISABLED <-> POLICY-SPAM extoleye.ru known spam email attempt (policy-spam.rules) * 1:16987 <-> DISABLED <-> POLICY-SPAM tabemmerich86b.ru known spam email attempt (policy-spam.rules) * 1:16988 <-> DISABLED <-> POLICY-SPAM moderneight.ru known spam email attempt (policy-spam.rules) * 1:16989 <-> DISABLED <-> POLICY-SPAM tabferd49a.ru known spam email attempt (policy-spam.rules) * 1:16990 <-> DISABLED <-> POLICY-SPAM nextmail.ru known spam email attempt (policy-spam.rules) * 1:16991 <-> DISABLED <-> POLICY-SPAM fruitone.ru known spam email attempt (policy-spam.rules) * 1:16992 <-> DISABLED <-> POLICY-SPAM liquideat.ru known spam email attempt (policy-spam.rules) * 1:16993 <-> DISABLED <-> POLICY-SPAM tabwinn2a.ru known spam email attempt (policy-spam.rules) * 1:16994 <-> DISABLED <-> POLICY-SPAM abletool.ru known spam email attempt (policy-spam.rules) * 1:16995 <-> DISABLED <-> POLICY-SPAM miltyrefil.ru known spam email attempt (policy-spam.rules) * 1:16996 <-> DISABLED <-> POLICY-SPAM quincytab.ru known spam email attempt (policy-spam.rules) * 1:16997 <-> DISABLED <-> POLICY-SPAM giacoporx.ru known spam email attempt (policy-spam.rules) * 1:16998 <-> DISABLED <-> POLICY-SPAM drugsnevile.ru known spam email attempt (policy-spam.rules) * 1:16999 <-> DISABLED <-> POLICY-SPAM jasemed.ru known spam email attempt (policy-spam.rules) * 1:17000 <-> DISABLED <-> POLICY-SPAM ximenezdrug.ru known spam email attempt (policy-spam.rules) * 1:17001 <-> DISABLED <-> POLICY-SPAM dillonline.ru known spam email attempt (policy-spam.rules) * 1:17002 <-> DISABLED <-> POLICY-SPAM swellliquid.ru known spam email attempt (policy-spam.rules) * 1:17003 <-> DISABLED <-> POLICY-SPAM younglaugh.ru known spam email attempt (policy-spam.rules) * 1:17004 <-> DISABLED <-> POLICY-SPAM 2047757.kaskad-travel.ru known spam email attempt (policy-spam.rules) * 1:17005 <-> DISABLED <-> POLICY-SPAM paintwater.ru known spam email attempt (policy-spam.rules) * 1:17006 <-> DISABLED <-> POLICY-SPAM lovingover.ru known spam email attempt (policy-spam.rules) * 1:17007 <-> DISABLED <-> POLICY-SPAM pharmerastus.ru known spam email attempt (policy-spam.rules) * 1:17008 <-> DISABLED <-> POLICY-SPAM hisoffer.ru known spam email attempt (policy-spam.rules) * 1:17009 <-> DISABLED <-> POLICY-SPAM butleft.ru known spam email attempt (policy-spam.rules) * 1:17010 <-> DISABLED <-> POLICY-SPAM starknow.ru known spam email attempt (policy-spam.rules) * 1:17011 <-> DISABLED <-> POLICY-SPAM beginwisdom.ru known spam email attempt (policy-spam.rules) * 1:17012 <-> DISABLED <-> POLICY-SPAM oneus.ru known spam email attempt (policy-spam.rules) * 1:17013 <-> DISABLED <-> POLICY-SPAM reapcomfy.ru known spam email attempt (policy-spam.rules) * 1:17014 <-> DISABLED <-> POLICY-SPAM rowsay.ru known spam email attempt (policy-spam.rules) * 1:17015 <-> DISABLED <-> POLICY-SPAM pamperletter.ru known spam email attempt (policy-spam.rules) * 1:17016 <-> DISABLED <-> POLICY-SPAM boxdouble.ru known spam email attempt (policy-spam.rules) * 1:17017 <-> DISABLED <-> POLICY-SPAM beatmoon.ru known spam email attempt (policy-spam.rules) * 1:17018 <-> DISABLED <-> POLICY-SPAM ensureequate.ru known spam email attempt (policy-spam.rules) * 1:17020 <-> DISABLED <-> POLICY-SPAM sheerwheel.ru known spam email attempt (policy-spam.rules) * 1:17021 <-> DISABLED <-> POLICY-SPAM nearpass.ru known spam email attempt (policy-spam.rules) * 1:17022 <-> DISABLED <-> POLICY-SPAM thatmile.ru known spam email attempt (policy-spam.rules) * 1:17023 <-> DISABLED <-> POLICY-SPAM hillfoot.ru known spam email attempt (policy-spam.rules) * 1:17024 <-> DISABLED <-> POLICY-SPAM writeobject.ru known spam email attempt (policy-spam.rules) * 1:17025 <-> DISABLED <-> POLICY-SPAM thoughthese.ru known spam email attempt (policy-spam.rules) * 1:17026 <-> DISABLED <-> POLICY-SPAM redlead.ru known spam email attempt (policy-spam.rules) * 1:17027 <-> DISABLED <-> POLICY-SPAM scoreenjoy.ru known spam email attempt (policy-spam.rules) * 1:17029 <-> DISABLED <-> POLICY-SPAM tenderpower.ru known spam email attempt (policy-spam.rules) * 1:17030 <-> DISABLED <-> POLICY-SPAM fewvalley.ru known spam email attempt (policy-spam.rules) * 1:17031 <-> DISABLED <-> POLICY-SPAM burnshy.ru known spam email attempt (policy-spam.rules) * 1:17032 <-> DISABLED <-> POLICY-SPAM centtry.ru known spam email attempt (policy-spam.rules) * 1:17033 <-> DISABLED <-> POLICY-SPAM signpearl.ru known spam email attempt (policy-spam.rules) * 1:17041 <-> DISABLED <-> SERVER-OTHER ISA Server OTP-based Forms-authorization fallback policy bypass attempt (server-other.rules) * 1:17044 <-> ENABLED <-> SQL WinCC DB default password security bypass attempt (sql.rules) * 1:17059 <-> DISABLED <-> PROTOCOL-FTP Vermillion 1.31 vftpd port command memory corruption (protocol-ftp.rules) * 1:17104 <-> DISABLED <-> FILE-OTHER FeedDemon OPML file handling buffer overflow attempt (file-other.rules) * 1:17105 <-> DISABLED <-> FILE-OTHER FeedDemon unicode OPML file handling buffer overflow attempt (file-other.rules) * 1:17109 <-> DISABLED <-> SERVER-ORACLE Oracle Java Web Console logging functionality format string exploit attempt (server-oracle.rules) * 1:17110 <-> DISABLED <-> APP-DETECT VxWorks remote debugging agent login attempt (app-detect.rules) * 1:17112 <-> DISABLED <-> OS-WINDOWS DCERPC rpcss2 _RemoteGetClassObject attempt (os-windows.rules) * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules) * 1:17118 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET CreateDelegate method arbitrary code execution attempt (file-executable.rules) * 1:17125 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 MaxDataCount overflow attempt (os-windows.rules) * 1:17126 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB large session length with small packet (os-windows.rules) * 1:17141 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid data precision arbitrary code execution exploit attempt (file-flash.rules) * 1:17142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF ActionScript exploit attempt (file-flash.rules) * 1:17151 <-> ENABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (netbios.rules) * 1:17180 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM record exploit attempt (file-other.rules) * 1:17181 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM record exploit attempt (file-other.rules) * 1:17182 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC record exploit attempt (file-other.rules) * 1:17183 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC record exploit attempt (file-other.rules) * 1:17184 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC record exploit attempt (file-other.rules) * 1:17185 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17186 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17187 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17188 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17189 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17190 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:17192 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:17193 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:17196 <-> DISABLED <-> FILE-OTHER Adobe Director file exploit attempt (file-other.rules) * 1:17197 <-> DISABLED <-> FILE-OTHER Adobe Director file exploit attempt (file-other.rules) * 1:17198 <-> DISABLED <-> FILE-OTHER Adobe Director file exploit attempt (file-other.rules) * 1:17199 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director file lRTX overflow attempt (file-other.rules) * 1:17200 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM overflow attempt (file-other.rules) * 1:17201 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director file LsCM overflow attempt (file-other.rules) * 1:17203 <-> DISABLED <-> FILE-OTHER Adobe Director file file rcsL overflow attempt (file-other.rules) * 1:17204 <-> DISABLED <-> FILE-OTHER Adobe Director file mmap overflow attempt (file-other.rules) * 1:17216 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari TABLE tag with large CELLSPACING attribute exploit attempt (browser-webkit.rules) * 1:17217 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari invalid FRAME tag remote code execution attempt (browser-webkit.rules) * 1:17218 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari LI tag with large VALUE attribute exploit attempt (browser-webkit.rules) * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:17240 <-> DISABLED <-> SERVER-MAIL Multiple IMAP server literal CREATE command buffer overflow attempt (server-mail.rules) * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules) * 1:17249 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSASS integer overflow attempt (os-windows.rules) * 1:17257 <-> DISABLED <-> FILE-FLASH Adobe Flash Player and Reader remote code execution attempt (file-flash.rules) * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules) * 1:17267 <-> DISABLED <-> FILE-OTHER Multiple vendor malformed ZIP archive Antivirus detection bypass attempt (file-other.rules) * 1:17277 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (file-other.rules) * 1:17278 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (file-other.rules) * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules) * 1:17319 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MCAtom remote code execution attempt (file-office.rules) * 1:17320 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MCAtom remote code execution attempt (file-office.rules) * 1:17327 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules) * 1:17332 <-> ENABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules) * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules) * 1:17364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules) * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules) * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules) * 1:17396 <-> ENABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules) * 1:17417 <-> DISABLED <-> SERVER-ORACLE Database Intermedia Denial of Service Attempt (server-oracle.rules) * 1:17418 <-> ENABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules) * 1:17426 <-> ENABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules) * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules) * 1:17445 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:17503 <-> DISABLED <-> SERVER-MAIL MailEnable IMAP Service Invalid Command Buffer Overlow LOGIN (server-mail.rules) * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules) * 1:17537 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel unspecified memory corruption attempt (file-office.rules) * 1:17539 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel unspecified memory corruption attempt (file-office.rules) * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules) * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules) * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules) * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules) * 1:17667 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Pragmatic General Multicast Protocol memory consumption denial of service attempt (os-windows.rules) * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules) * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules) * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules) * 1:17745 <-> ENABLED <-> NETBIOS SMB TRANS2 Find_First2 request attempt (netbios.rules) * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules) * 1:17754 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word bookmark bound check remote code execution attempt (file-office.rules) * 1:17755 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unchecked index value remote code execution attempt (file-office.rules) * 1:17763 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel GhostRw record exploit attempt (file-office.rules) * 1:17773 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player Firefox plugin memory corruption attempt (file-multimedia.rules) * 1:17776 <-> DISABLED <-> FILE-JAVA Oracle Java HsbParser.getSoundBank stack buffer overflow attempt (file-java.rules) * 1:17782 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple registers from external source (protocol-scada.rules) * 1:17783 <-> DISABLED <-> PROTOCOL-SCADA Modbus write single register from external source (protocol-scada.rules) * 1:17784 <-> DISABLED <-> PROTOCOL-SCADA Modbus write single coil from external source (protocol-scada.rules) * 1:17785 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple coils from external source (protocol-scada.rules) * 1:17786 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record from external source (protocol-scada.rules) * 1:17787 <-> DISABLED <-> PROTOCOL-SCADA Modbus read discrete inputs from external source (protocol-scada.rules) * 1:17788 <-> DISABLED <-> PROTOCOL-SCADA Modbus read coils from external source (protocol-scada.rules) * 1:17789 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input register from external source (protocol-scada.rules) * 1:17790 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding registers from external source (protocol-scada.rules) * 1:17791 <-> DISABLED <-> PROTOCOL-SCADA Modbus read/write multiple registers from external source (protocol-scada.rules) * 1:17792 <-> DISABLED <-> PROTOCOL-SCADA Modbus read fifo queue from external source (protocol-scada.rules) * 1:17793 <-> DISABLED <-> PROTOCOL-SCADA Modbus read file record from external source (protocol-scada.rules) * 1:17794 <-> DISABLED <-> PROTOCOL-SCADA Modbus read exception status from external source (protocol-scada.rules) * 1:17795 <-> DISABLED <-> PROTOCOL-SCADA Modbus initiate diagnostic from external source (protocol-scada.rules) * 1:17796 <-> DISABLED <-> PROTOCOL-SCADA Modbus get com event counter from external source (protocol-scada.rules) * 1:17797 <-> DISABLED <-> PROTOCOL-SCADA Modbus get com event log from external source (protocol-scada.rules) * 1:17798 <-> DISABLED <-> PROTOCOL-SCADA Modbus report slave id from external source (protocol-scada.rules) * 1:17799 <-> DISABLED <-> PROTOCOL-SCADA Modbus read device identification from external source (protocol-scada.rules) * 1:17800 <-> DISABLED <-> PROTOCOL-SCADA Modbus mask write register from external source (protocol-scada.rules) * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules) * 1:17810 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of server32.exe (indicator-compromise.rules) * 1:17812 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of iexplore.exe (indicator-compromise.rules) * 1:17813 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of iprinp.dll (indicator-compromise.rules) * 1:17814 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of winzf32.dll (indicator-compromise.rules) * 1:17817 <-> DISABLED <-> SERVER-OTHER Thinkpoint fake antivirus binary download (server-other.rules) * 1:17918 <-> DISABLED <-> POLICY-SPAM aaof.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17919 <-> DISABLED <-> POLICY-SPAM akiq.onlinetommie54y.ru known spam email attempt (policy-spam.rules) * 1:17920 <-> DISABLED <-> POLICY-SPAM aobuii.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17921 <-> DISABLED <-> POLICY-SPAM argue.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:17922 <-> DISABLED <-> POLICY-SPAM ava.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17923 <-> DISABLED <-> POLICY-SPAM axoseb.medicdrugsxck.ru known spam email attempt (policy-spam.rules) * 1:17924 <-> DISABLED <-> POLICY-SPAM azo.onlinetommie54y.ru known spam email attempt (policy-spam.rules) * 1:17925 <-> DISABLED <-> POLICY-SPAM back.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:17926 <-> DISABLED <-> POLICY-SPAM by.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:17927 <-> DISABLED <-> POLICY-SPAM cardinals.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:17928 <-> DISABLED <-> POLICY-SPAM chemist.onlineruggiero33q.ru known spam email attempt (policy-spam.rules) * 1:17929 <-> DISABLED <-> POLICY-SPAM chula.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:17930 <-> DISABLED <-> POLICY-SPAM classification.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17931 <-> DISABLED <-> POLICY-SPAM compensate.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:17932 <-> DISABLED <-> POLICY-SPAM cswjlxey.ru known spam email attempt (policy-spam.rules) * 1:17933 <-> DISABLED <-> POLICY-SPAM current.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17934 <-> DISABLED <-> POLICY-SPAM cyacaz.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17935 <-> DISABLED <-> POLICY-SPAM deepcenter.ru known spam email attempt (policy-spam.rules) * 1:17936 <-> DISABLED <-> POLICY-SPAM delegate.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17937 <-> DISABLED <-> POLICY-SPAM diet.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:17938 <-> DISABLED <-> POLICY-SPAM direct.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17939 <-> DISABLED <-> POLICY-SPAM divyo.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:17940 <-> DISABLED <-> POLICY-SPAM drugsgeorge65g.ru known spam email attempt (policy-spam.rules) * 1:17941 <-> DISABLED <-> POLICY-SPAM dux.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17942 <-> DISABLED <-> POLICY-SPAM dypoh.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:17943 <-> DISABLED <-> POLICY-SPAM eaihar.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17944 <-> DISABLED <-> POLICY-SPAM eeez.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:17945 <-> DISABLED <-> POLICY-SPAM egi.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17946 <-> DISABLED <-> POLICY-SPAM ehyw.cumedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:17947 <-> DISABLED <-> POLICY-SPAM eka.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:17948 <-> DISABLED <-> POLICY-SPAM election.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17949 <-> DISABLED <-> POLICY-SPAM elik.drugslevy46b.ru known spam email attempt (policy-spam.rules) * 1:17950 <-> DISABLED <-> POLICY-SPAM epeno.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17951 <-> DISABLED <-> POLICY-SPAM erectgodart30s.ru known spam email attempt (policy-spam.rules) * 1:17952 <-> DISABLED <-> POLICY-SPAM erol.camedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:17953 <-> DISABLED <-> POLICY-SPAM exa.drugslevy46b.ru known spam email attempt (policy-spam.rules) * 1:17954 <-> DISABLED <-> POLICY-SPAM eyu.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:17955 <-> DISABLED <-> POLICY-SPAM fashionchannel.ru known spam email attempt (policy-spam.rules) * 1:17956 <-> DISABLED <-> POLICY-SPAM fauxy.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:17957 <-> DISABLED <-> POLICY-SPAM food.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17958 <-> DISABLED <-> POLICY-SPAM generality.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:17959 <-> DISABLED <-> POLICY-SPAM goyry.ramedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:17960 <-> DISABLED <-> POLICY-SPAM gueepa.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17961 <-> DISABLED <-> POLICY-SPAM has.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17962 <-> DISABLED <-> POLICY-SPAM have.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:17963 <-> DISABLED <-> POLICY-SPAM headtest.ru known spam email attempt (policy-spam.rules) * 1:17964 <-> DISABLED <-> POLICY-SPAM huhuh.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17965 <-> DISABLED <-> POLICY-SPAM hyem.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17966 <-> DISABLED <-> POLICY-SPAM icysa.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17967 <-> DISABLED <-> POLICY-SPAM iiy.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17968 <-> DISABLED <-> POLICY-SPAM iki.onlinetommie54y.ru known spam email attempt (policy-spam.rules) * 1:17969 <-> DISABLED <-> POLICY-SPAM iner.medicdrugsxdl.ru known spam email attempt (policy-spam.rules) * 1:17970 <-> DISABLED <-> POLICY-SPAM in.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:17971 <-> DISABLED <-> POLICY-SPAM intelpost.ru known spam email attempt (policy-spam.rules) * 1:17972 <-> DISABLED <-> POLICY-SPAM inunuw.medicdrugsxpo.ru known spam email attempt (policy-spam.rules) * 1:17973 <-> DISABLED <-> POLICY-SPAM ipiig.drugslevy46b.ru known spam email attempt (policy-spam.rules) * 1:17974 <-> DISABLED <-> POLICY-SPAM iqor.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17975 <-> DISABLED <-> POLICY-SPAM is.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:17976 <-> DISABLED <-> POLICY-SPAM itaca.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17977 <-> DISABLED <-> POLICY-SPAM ive.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17978 <-> DISABLED <-> POLICY-SPAM iweqyz.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:17979 <-> DISABLED <-> POLICY-SPAM iycyde.medicdrugsxco.ru known spam email attempt (policy-spam.rules) * 1:17980 <-> DISABLED <-> POLICY-SPAM iyw.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17981 <-> DISABLED <-> POLICY-SPAM jaecoh.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17982 <-> DISABLED <-> POLICY-SPAM jael.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:17983 <-> DISABLED <-> POLICY-SPAM jex.remedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:17984 <-> DISABLED <-> POLICY-SPAM john.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:17985 <-> DISABLED <-> POLICY-SPAM joseph.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17986 <-> DISABLED <-> POLICY-SPAM jyn.medicdrugsxdl.ru known spam email attempt (policy-spam.rules) * 1:17987 <-> DISABLED <-> POLICY-SPAM jyzyv.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17988 <-> DISABLED <-> POLICY-SPAM koosaf.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17989 <-> DISABLED <-> POLICY-SPAM lybah.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17990 <-> DISABLED <-> POLICY-SPAM manila.onlinephilbert42f.ru known spam email attempt (policy-spam.rules) * 1:17991 <-> DISABLED <-> POLICY-SPAM masa.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:17992 <-> DISABLED <-> POLICY-SPAM medpenny17j.ru known spam email attempt (policy-spam.rules) * 1:17993 <-> DISABLED <-> POLICY-SPAM minionspre.ru known spam email attempt (policy-spam.rules) * 1:17994 <-> DISABLED <-> POLICY-SPAM nazuwu.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17995 <-> DISABLED <-> POLICY-SPAM negotiations.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:17996 <-> DISABLED <-> POLICY-SPAM niqiv.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:17997 <-> DISABLED <-> POLICY-SPAM odimys.medicdrugsxlb.ru known spam email attempt (policy-spam.rules) * 1:17998 <-> DISABLED <-> POLICY-SPAM odoog.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17999 <-> DISABLED <-> POLICY-SPAM oekaka.aimedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:18000 <-> DISABLED <-> POLICY-SPAM oeqio.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:18001 <-> DISABLED <-> POLICY-SPAM of.onlinephilbert42f.ru known spam email attempt (policy-spam.rules) * 1:18002 <-> DISABLED <-> POLICY-SPAM of.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:18003 <-> DISABLED <-> POLICY-SPAM of.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:18004 <-> DISABLED <-> POLICY-SPAM oipek.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18005 <-> DISABLED <-> POLICY-SPAM oji.medicdrugsxto.ru known spam email attempt (policy-spam.rules) * 1:18006 <-> DISABLED <-> POLICY-SPAM onotye.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:18007 <-> DISABLED <-> POLICY-SPAM opy.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:18008 <-> DISABLED <-> POLICY-SPAM orderbuzz.ru known spam email attempt (policy-spam.rules) * 1:18009 <-> DISABLED <-> POLICY-SPAM ouu.almedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:18010 <-> DISABLED <-> POLICY-SPAM oxuc.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18011 <-> DISABLED <-> POLICY-SPAM pillrolfe64l.ru known spam email attempt (policy-spam.rules) * 1:18012 <-> DISABLED <-> POLICY-SPAM recently.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:18013 <-> DISABLED <-> POLICY-SPAM records.onlinephilbert42f.ru known spam email attempt (policy-spam.rules) * 1:18014 <-> DISABLED <-> POLICY-SPAM reobaj.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18015 <-> DISABLED <-> POLICY-SPAM research.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:18016 <-> DISABLED <-> POLICY-SPAM returning.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:18017 <-> DISABLED <-> POLICY-SPAM right.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:18018 <-> DISABLED <-> POLICY-SPAM riwaro.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:18019 <-> DISABLED <-> POLICY-SPAM ruuav.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:18020 <-> DISABLED <-> POLICY-SPAM ryhux.medicdrugsxpa.ru known spam email attempt (policy-spam.rules) * 1:18021 <-> DISABLED <-> POLICY-SPAM software-buyshop-7.ru known spam email attempt (policy-spam.rules) * 1:18022 <-> DISABLED <-> POLICY-SPAM specialyou.ru known spam email attempt (policy-spam.rules) * 1:18023 <-> DISABLED <-> POLICY-SPAM starring.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:18024 <-> DISABLED <-> POLICY-SPAM store-softwarebuy-7.ru known spam email attempt (policy-spam.rules) * 1:18025 <-> DISABLED <-> POLICY-SPAM sya.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18026 <-> DISABLED <-> POLICY-SPAM tabdarin80s.ru known spam email attempt (policy-spam.rules) * 1:18027 <-> DISABLED <-> POLICY-SPAM tabgordan13n.ru known spam email attempt (policy-spam.rules) * 1:18028 <-> DISABLED <-> POLICY-SPAM tablangston19a.ru known spam email attempt (policy-spam.rules) * 1:18029 <-> DISABLED <-> POLICY-SPAM tabwebster77c.ru known spam email attempt (policy-spam.rules) * 1:18030 <-> DISABLED <-> POLICY-SPAM tanuen.dimedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:18031 <-> DISABLED <-> POLICY-SPAM the.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:18032 <-> DISABLED <-> POLICY-SPAM the.onlineruggiero33q.ru known spam email attempt (policy-spam.rules) * 1:18033 <-> DISABLED <-> POLICY-SPAM to.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:18034 <-> DISABLED <-> POLICY-SPAM trails.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:18035 <-> DISABLED <-> POLICY-SPAM trusting-me.ru known spam email attempt (policy-spam.rules) * 1:18036 <-> DISABLED <-> POLICY-SPAM twodays.ru known spam email attempt (policy-spam.rules) * 1:18037 <-> DISABLED <-> POLICY-SPAM tyqaja.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:18038 <-> DISABLED <-> POLICY-SPAM uboi.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18039 <-> DISABLED <-> POLICY-SPAM uf.drugslevy46b.ru known spam email attempt (policy-spam.rules) * 1:18040 <-> DISABLED <-> POLICY-SPAM uielij.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18041 <-> DISABLED <-> POLICY-SPAM unasu.medicdrugsxto.ru known spam email attempt (policy-spam.rules) * 1:18042 <-> DISABLED <-> POLICY-SPAM upazo.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:18043 <-> DISABLED <-> POLICY-SPAM utuqaj.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18044 <-> DISABLED <-> POLICY-SPAM uuji.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:18045 <-> DISABLED <-> POLICY-SPAM variation.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:18046 <-> DISABLED <-> POLICY-SPAM via.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:18047 <-> DISABLED <-> POLICY-SPAM voiceless.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:18048 <-> DISABLED <-> POLICY-SPAM was.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:18049 <-> DISABLED <-> POLICY-SPAM word.onlinephilbert42f.ru known spam email attempt (policy-spam.rules) * 1:18050 <-> DISABLED <-> POLICY-SPAM world.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:18051 <-> DISABLED <-> POLICY-SPAM www.buhni.ru known spam email attempt (policy-spam.rules) * 1:18052 <-> DISABLED <-> POLICY-SPAM www.visitcover.ru known spam email attempt (policy-spam.rules) * 1:18053 <-> DISABLED <-> POLICY-SPAM xob.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:18054 <-> DISABLED <-> POLICY-SPAM ygy.onlinetommie54y.ru known spam email attempt (policy-spam.rules) * 1:18055 <-> DISABLED <-> POLICY-SPAM yit.medicdrugsxor.ru known spam email attempt (policy-spam.rules) * 1:18056 <-> DISABLED <-> POLICY-SPAM ylum.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:18057 <-> DISABLED <-> POLICY-SPAM ymyuto.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:18058 <-> DISABLED <-> POLICY-SPAM yomy.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18059 <-> DISABLED <-> POLICY-SPAM yzugez.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18060 <-> DISABLED <-> POLICY-SPAM zeroprices.ru known spam email attempt (policy-spam.rules) * 1:18061 <-> DISABLED <-> POLICY-SPAM zueuz.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18070 <-> DISABLED <-> FILE-OFFICE Microsoft Office pptimpconv.dll dll-load exploit attempt (file-office.rules) * 1:18071 <-> DISABLED <-> FILE-OFFICE Microsoft Office pptimpconv.dll dll-load exploit attempt (file-office.rules) * 1:18072 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG external redirect attempt (os-windows.rules) * 1:18073 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG arbitrary embedded scripting attempt (os-windows.rules) * 1:18074 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Forefront UAG URL XSS attempt (os-windows.rules) * 1:18077 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules) * 1:18078 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules) * 1:18096 <-> DISABLED <-> SERVER-APACHE Apache Tomcat username enumeration attempt (server-apache.rules) * 1:18132 <-> DISABLED <-> INDICATOR-OBFUSCATION malware-associated JavaScript obfuscation function (indicator-obfuscation.rules) * 1:18170 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox and SeaMonkey onUnload event handler memory corruption attempt (browser-firefox.rules) * 1:18176 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (browser-firefox.rules) * 1:18177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (browser-firefox.rules) * 1:18178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (browser-firefox.rules) * 1:18179 <-> DISABLED <-> INDICATOR-SCAN Proxyfire.net anonymous proxy scan (indicator-scan.rules) * 1:18180 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript remote code execution attempt (file-flash.rules) * 1:18181 <-> DISABLED <-> PROTOCOL-FTP ProFTPd 1.3.3c backdoor activity (protocol-ftp.rules) * 1:18182 <-> DISABLED <-> PROTOCOL-FTP ProFTPd 1.3.3c backdoor help access attempt (protocol-ftp.rules) * 1:18186 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products -moz-grid and -moz-grid-group display styles code execution attempt (browser-firefox.rules) * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules) * 1:18188 <-> DISABLED <-> BROWSER-FIREFOX Multiple browser marquee tag denial of service attempt (browser-firefox.rules) * 1:18195 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt (os-windows.rules) * 1:18202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Address Book smmscrpt.dll malicious DLL load (os-windows.rules) * 1:18203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Address Book smmscrpt.dll malicious DLL load (os-windows.rules) * 1:18208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet peerdist.dll dll-load exploit attempt (os-windows.rules) * 1:18209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet peerdist.dll dll-load exploit attempt (os-windows.rules) * 1:18210 <-> DISABLED <-> OS-WINDOWS Microsoft Movie Maker hhctrl.ocx dll-load attempt (os-windows.rules) * 1:18211 <-> DISABLED <-> OS-WINDOWS Microsoft Movie Maker hhctrl.ocx dll-load attempt (os-windows.rules) * 1:18213 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher column and row remote code execution attempt (file-office.rules) * 1:18214 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 97 conversion remote code execution attempt (file-office.rules) * 1:18215 <-> DISABLED <-> OS-WINDOWS NETAPI RPC interface reboot attempt (os-windows.rules) * 1:18220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malformed character glyph remote code execution attempt (os-windows.rules) * 1:18222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (os-windows.rules) * 1:18224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (os-windows.rules) * 1:18227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18229 <-> DISABLED <-> FILE-IMAGE Microsoft FlashPix tile length overflow attempt (file-image.rules) * 1:18230 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules) * 1:18231 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher oversized oti length attempt (file-office.rules) * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:18236 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFFIM32.FLT filter memory corruption attempt (file-office.rules) * 1:18246 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Fax Services Cover Page Editor overflow attempt (os-windows.rules) * 1:18249 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Route Information stack buffer overflow attempt (protocol-icmp.rules) * 1:18261 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript engine String.toSource memory corruption attempt (browser-firefox.rules) * 1:18262 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript engine function arguments memory corruption attempt (browser-firefox.rules) * 1:18263 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript deleted frame or window reference attempt (browser-firefox.rules) * 1:18264 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript deleted frame or window reference attempt (browser-firefox.rules) * 1:18266 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:18267 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:18273 <-> ENABLED <-> FILE-IDENTIFY BAT file download request (file-identify.rules) * 1:18274 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules) * 1:18276 <-> DISABLED <-> FILE-OTHER Microsoft Data Access Components library attempt (file-other.rules) * 1:18286 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products element style change memory corruption code execution attempt (browser-firefox.rules) * 1:18298 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript large regex memory corruption attempt (browser-firefox.rules) * 1:18301 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox GeckoActiveXObject memory corruption attempt (browser-firefox.rules) * 1:18302 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox new function garbage collection remote code execution attempt (browser-firefox.rules) * 1:18312 <-> DISABLED <-> SERVER-OTHER Subversion 1.0.2 get-dated-rev buffer overflow attempt (server-other.rules) * 1:18315 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrValidateName2 overflow attempt (os-windows.rules) * 1:18320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt (os-windows.rules) * 1:18326 <-> DISABLED <-> PROTOCOL-FTP ProFTPD mod_site_misc module directory traversal attempt (protocol-ftp.rules) * 1:18327 <-> DISABLED <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt (protocol-scada.rules) * 1:18332 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JS Web Worker arbitrary code execution attempt (browser-firefox.rules) * 1:18396 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hypervisor OS-WINDOWS vfd download attempt (os-windows.rules) * 1:18397 <-> DISABLED <-> SERVER-OTHER HP DDMI Agent spoofing - command execution (server-other.rules) * 1:18400 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CRSS local process allowed to persist through logon or logoff attempt (os-windows.rules) * 1:18405 <-> ENABLED <-> OS-WINDOWS Microsoft Windows LSASS domain name buffer overflow attempt (os-windows.rules) * 1:18406 <-> DISABLED <-> FILE-OTHER Microsoft Windows Server 2003 update service principal name spn dos executable attempt (file-other.rules) * 1:18407 <-> DISABLED <-> FILE-OTHER Microsoft Windows Server 2003 update service principal name spn dos attempt (file-other.rules) * 1:18408 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WMI tracing api integer truncation attempt (os-windows.rules) * 1:18409 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys write message to dead thread code execution attempt (os-windows.rules) * 1:18410 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys write message to dead thread code execution attempt (os-windows.rules) * 1:18411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules) * 1:18412 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules) * 1:18413 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WMI tracing api integer truncation attempt (os-windows.rules) * 1:18414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos auth downgrade to DES MITM attempt (os-windows.rules) * 1:18415 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio deserialization double free attempt (file-office.rules) * 1:18418 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript apply function memory corruption attempt (file-flash.rules) * 1:18419 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader field flags exploit attempt (file-pdf.rules) * 1:18420 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript ASnative function remote code execution attempt (file-flash.rules) * 1:18421 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript beginGradientFill memory corruption attempt (file-flash.rules) * 1:18426 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin sqlite.dll dll-load exploit attempt (file-other.rules) * 1:18431 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin sqlite.dll dll-load exploit attempt (file-pdf.rules) * 1:18432 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader d3dref9.dll dll-load exploit attempt (file-pdf.rules) * 1:18433 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader d3dref9.dll dll-load exploit attempt (file-other.rules) * 1:18434 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin ace.dll dll-load exploit attempt (file-other.rules) * 1:18435 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin agm.dll dll-load exploit attempt (file-other.rules) * 1:18436 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin bibutils.dll dll-load exploit attempt (file-other.rules) * 1:18437 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin cooltype.dll dll-load exploit attempt (file-other.rules) * 1:18438 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin cryptocme2.dll dll-load exploit attempt (file-other.rules) * 1:18439 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin ace.dll dll-load exploit attempt (file-pdf.rules) * 1:18440 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin agm.dll dll-load exploit attempt (file-pdf.rules) * 1:18441 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin bibutils.dll dll-load exploit attempt (file-pdf.rules) * 1:18442 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin cooltype.dll dll-load exploit attempt (file-pdf.rules) * 1:18443 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin cryptocme2.dll dll-load exploit attempt (file-pdf.rules) * 1:18444 <-> DISABLED <-> FILE-FLASH Adobe Flash Player forged atom type attempt (file-flash.rules) * 1:18445 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player nvapi.dll dll-load exploit attempt (file-flash.rules) * 1:18446 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player nvapi.dll dll-load exploit attempt (file-flash.rules) * 1:18447 <-> DISABLED <-> FILE-FLASH Adobe OpenAction crafted URI action thru Firefox attempt (file-flash.rules) * 1:18449 <-> DISABLED <-> FILE-OTHER Adobe Acrobat font definition memory corruption attempt (file-other.rules) * 1:18452 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:18455 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed jpeg2000 superbox attempt (file-pdf.rules) * 1:18456 <-> DISABLED <-> FILE-PDF Adobe Acrobat XML entity escape attempt (file-pdf.rules) * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules) * 1:18473 <-> DISABLED <-> PROTOCOL-ICMP ICMPv6 Echo Reply (protocol-icmp.rules) * 1:18474 <-> DISABLED <-> PROTOCOL-ICMP ICMPv6 Echo Request (protocol-icmp.rules) * 1:18477 <-> DISABLED <-> SERVER-MAIL Lotus Notes MIF viewer statement data overflow 2 (server-mail.rules) * 1:18485 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript handler race condition memory corruption attempt (browser-firefox.rules) * 1:18486 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript handler race condition memory corruption attempt (browser-firefox.rules) * 1:18488 <-> DISABLED <-> FILE-OTHER Adobe Photoshop wintab32.dll dll-load exploit attempt (file-other.rules) * 1:18489 <-> DISABLED <-> FILE-OTHER Adobe Photoshop request for wintab32.dll over SMB attempt (file-other.rules) * 1:18493 <-> DISABLED <-> INDICATOR-OBFUSCATION generic PHP code obfuscation attempt (indicator-obfuscation.rules) * 1:18501 <-> DISABLED <-> OS-WINDOWS Microsoft Malware Protection Engine elevation of privilege attempt (os-windows.rules) * 1:18502 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Actionlf out of range negative offset attempt (file-flash.rules) * 1:18503 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript flash.geom.Point constructor memory corruption attempt (file-flash.rules) * 1:18504 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionConstantPool overflow attempt (file-flash.rules) * 1:18505 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionPush overflow attempt (file-flash.rules) * 1:18508 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit ParentStyleSheet exploit attempt (browser-webkit.rules) * 1:18509 <-> DISABLED <-> SERVER-OTHER PeerCast format string exploit attempt (server-other.rules) * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:18529 <-> DISABLED <-> FILE-OTHER Adobe Premiere Pro ibfs32.dll dll-load exploit attempt (file-other.rules) * 1:18530 <-> DISABLED <-> FILE-OTHER Adobe Premier Pro ibfs32.dll dll-load exploit attempt (file-other.rules) * 1:18550 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint with embedded Flash file attachment (file-office.rules) * 1:18565 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for mail.google.com detected (indicator-compromise.rules) * 1:18566 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for www.google.com detected (indicator-compromise.rules) * 1:18567 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (indicator-compromise.rules) * 1:18568 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (indicator-compromise.rules) * 1:18569 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (indicator-compromise.rules) * 1:18570 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.skype.com detected (indicator-compromise.rules) * 1:18571 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for addons.mozilla.org detected (indicator-compromise.rules) * 1:18572 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.live.com detected (indicator-compromise.rules) * 1:18573 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for global trustee detected (indicator-compromise.rules) * 1:18576 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate from usertrust.com detected (indicator-compromise.rules) * 1:18580 <-> DISABLED <-> PROTOCOL-FTP ACCT overflow attempt (protocol-ftp.rules) * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules) * 1:18598 <-> DISABLED <-> SERVER-OTHER GoodTech SSH Server SFTP Processing Buffer Overflow (server-other.rules) * 1:18604 <-> DISABLED <-> MALWARE-OTHER lizamoon script injection (malware-other.rules) * 1:18605 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService path overflow attempt (protocol-scada.rules) * 1:18606 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService file access attempt (protocol-scada.rules) * 1:18607 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService file information access attempt (protocol-scada.rules) * 1:18608 <-> DISABLED <-> APP-DETECT Dropbox desktop software in use (app-detect.rules) * 1:18609 <-> DISABLED <-> APP-DETECT Dropbox desktop software in use (app-detect.rules) * 1:18610 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink vrn.exe opcode 9 or 10 string parsing overflow attempt (protocol-scada.rules) * 1:18614 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink vrn.exe file access attempt (protocol-scada.rules) * 1:18617 <-> DISABLED <-> SERVER-OTHER Tecnomatix FactoryLink CSService null pointer attempt (server-other.rules) * 1:18619 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc40.dll dll-load exploit attempt (os-windows.rules) * 1:18620 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc42.dll dll-load exploit attempt (os-windows.rules) * 1:18621 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc80.dll dll-load exploit attempt (os-windows.rules) * 1:18622 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc90.dll dll-load exploit attempt (os-windows.rules) * 1:18623 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc100.dll dll-load exploit attempt (os-windows.rules) * 1:18624 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET framework optimizer escalation attempt (os-windows.rules) * 1:18625 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc40.dll dll-load exploit attempt (os-windows.rules) * 1:18626 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc42.dll dll-load exploit attempt (os-windows.rules) * 1:18627 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc80.dll dll-load exploit attempt (os-windows.rules) * 1:18628 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc90.dll dll-load exploit attempt (os-windows.rules) * 1:18629 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc100.dll dll-load exploit attempt (os-windows.rules) * 1:18631 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:18633 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules) * 1:18634 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Workspace file FontCount record memory corruption attempt (file-office.rules) * 1:18636 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint SlideAtom record exploit attempt (file-office.rules) * 1:18637 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint OfficeArt atom memory corruption attempt (file-office.rules) * 1:18641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record invalid cmo.ot exploit attempt (file-office.rules) * 1:18642 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules) * 1:18644 <-> DISABLED <-> FILE-OTHER Microsoft Windows OpenType Fonts CompactFontFormat FontMatrix tranform memory corruption attempt (file-other.rules) * 1:18645 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ arbitrary code execution attempt (file-image.rules) * 1:18652 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template operation overflow attempt (protocol-scada.rules) * 1:18658 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CONNECT_FCS_LOGIN overflow attempt (protocol-scada.rules) * 1:18660 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 write packet buffer overflow attempt (os-windows.rules) * 1:18661 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18662 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18663 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18664 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18666 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18667 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:18684 <-> DISABLED <-> FILE-PDF PDF file with embedded PDF object (file-pdf.rules) * 1:18685 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules) * 1:18691 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AFD.SYS null write attempt (os-windows.rules) * 1:18721 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1C84 integer overflow attempt (protocol-scada.rules) * 1:18722 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1C84 integer overflow attempt (protocol-scada.rules) * 1:18725 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 heap overflow attempt (protocol-scada.rules) * 1:18726 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B2 heap overflow attempt (protocol-scada.rules) * 1:18727 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 heap overflow attempt (protocol-scada.rules) * 1:18728 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DAE heap overflow attempt (protocol-scada.rules) * 1:18729 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBC heap overflow attempt (protocol-scada.rules) * 1:18730 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x089A integer overflow attempt (protocol-scada.rules) * 1:18731 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0453 integer overflow attempt (protocol-scada.rules) * 1:18732 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18733 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18734 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18735 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18736 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18737 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18738 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B2 integer overflow attempt (protocol-scada.rules) * 1:18744 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN vlc player subtitle buffer overflow attempt (file-multimedia.rules) * 1:18746 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CTAGLIST_FCS_XTAG overflow attempt (protocol-scada.rules) * 1:18747 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_BINFILE_FCS_xFILE overflow attempt (protocol-scada.rules) * 1:18748 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_MISC_FCS_MSGx overflow attempt (protocol-scada.rules) * 1:18749 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CTAGLIST_FCS_XTAG overflow attempt (protocol-scada.rules) * 1:18750 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_SCRIPT_FCS_STARTPROG overflow attempt (protocol-scada.rules) * 1:18752 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_INFOTAG_SET_CONTROL overflow attempt (protocol-scada.rules) * 1:18758 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Visual Basic script file download request (file-identify.rules) * 1:18763 <-> DISABLED <-> SERVER-OTHER ActFax Server LPD/LPR Remote Buffer Overflow (server-other.rules) * 1:18765 <-> DISABLED <-> SERVER-MAIL Majordomo2 smtp directory traversal attempt (server-mail.rules) * 1:18778 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 integer overflow attempt (protocol-scada.rules) * 1:18779 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 integer overflow attempt (protocol-scada.rules) * 1:18780 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x07D0 integer overflow attempt (protocol-scada.rules) * 1:18781 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x07D0 integer overflow attempt (protocol-scada.rules) * 1:18783 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DAE integer overflow attempt (protocol-scada.rules) * 1:18784 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DB0 integer overflow attempt (protocol-scada.rules) * 1:18785 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0FA4 integer overflow attempt (protocol-scada.rules) * 1:18786 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0FA7 integer overflow attempt (protocol-scada.rules) * 1:18787 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBC integer overflow attempt (protocol-scada.rules) * 1:18788 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBD integer overflow attempt (protocol-scada.rules) * 1:18789 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x26AC integer overflow attempt (protocol-scada.rules) * 1:18805 <-> DISABLED <-> FILE-FLASH Adobe Flash Player undefined tag exploit attempt (file-flash.rules) * 1:18811 <-> DISABLED <-> FILE-IDENTIFY .ade attachment file type blocked by Outlook detected (file-identify.rules) * 1:18812 <-> DISABLED <-> FILE-IDENTIFY .adp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18813 <-> DISABLED <-> FILE-IDENTIFY .app attachment file type blocked by Outlook detected (file-identify.rules) * 1:18814 <-> DISABLED <-> FILE-IDENTIFY .asp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18815 <-> DISABLED <-> FILE-IDENTIFY .bas attachment file type blocked by Outlook detected (file-identify.rules) * 1:18816 <-> DISABLED <-> FILE-IDENTIFY .bat attachment file type blocked by Outlook detected (file-identify.rules) * 1:18817 <-> DISABLED <-> FILE-IDENTIFY .cer attachment file type blocked by Outlook detected (file-identify.rules) * 1:18818 <-> DISABLED <-> FILE-IDENTIFY .chm attachment file type blocked by Outlook detected (file-identify.rules) * 1:18819 <-> DISABLED <-> FILE-IDENTIFY .cmd attachment file type blocked by Outlook detected (file-identify.rules) * 1:18820 <-> DISABLED <-> FILE-IDENTIFY .cnt attachment file type blocked by Outlook detected (file-identify.rules) * 1:18821 <-> DISABLED <-> FILE-IDENTIFY .com attachment file type blocked by Outlook detected (file-identify.rules) * 1:18822 <-> DISABLED <-> FILE-IDENTIFY .cpl attachment file type blocked by Outlook detected (file-identify.rules) * 1:18823 <-> DISABLED <-> FILE-IDENTIFY .crt attachment file type blocked by Outlook detected (file-identify.rules) * 1:18824 <-> DISABLED <-> FILE-IDENTIFY .csh attachment file type blocked by Outlook detected (file-identify.rules) * 1:18825 <-> DISABLED <-> FILE-IDENTIFY .der attachment file type blocked by Outlook detected (file-identify.rules) * 1:18826 <-> DISABLED <-> FILE-IDENTIFY .exe attachment file type blocked by Outlook detected (file-identify.rules) * 1:18827 <-> DISABLED <-> FILE-IDENTIFY .fxp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18828 <-> DISABLED <-> FILE-IDENTIFY .gadget attachment file type blocked by Outlook detected (file-identify.rules) * 1:18829 <-> DISABLED <-> FILE-IDENTIFY .hlp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18830 <-> DISABLED <-> FILE-IDENTIFY .hpj attachment file type blocked by Outlook detected (file-identify.rules) * 1:18831 <-> DISABLED <-> FILE-IDENTIFY .hta attachment file type blocked by Outlook detected (file-identify.rules) * 1:18832 <-> DISABLED <-> FILE-IDENTIFY .inf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18833 <-> DISABLED <-> FILE-IDENTIFY .ins attachment file type blocked by Outlook detected (file-identify.rules) * 1:18834 <-> DISABLED <-> FILE-IDENTIFY .isp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18835 <-> DISABLED <-> FILE-IDENTIFY .its attachment file type blocked by Outlook detected (file-identify.rules) * 1:18836 <-> DISABLED <-> FILE-IDENTIFY .js attachment file type blocked by Outlook detected (file-identify.rules) * 1:18837 <-> DISABLED <-> FILE-IDENTIFY .jse attachment file type blocked by Outlook detected (file-identify.rules) * 1:18838 <-> DISABLED <-> FILE-IDENTIFY .ksh attachment file type blocked by Outlook detected (file-identify.rules) * 1:18839 <-> DISABLED <-> FILE-IDENTIFY .lnk attachment file type blocked by Outlook detected (file-identify.rules) * 1:18840 <-> DISABLED <-> FILE-IDENTIFY .mad attachment file type blocked by Outlook detected (file-identify.rules) * 1:18841 <-> DISABLED <-> FILE-IDENTIFY .maf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18842 <-> DISABLED <-> FILE-IDENTIFY .mag attachment file type blocked by Outlook detected (file-identify.rules) * 1:18843 <-> DISABLED <-> FILE-IDENTIFY .mam attachment file type blocked by Outlook detected (file-identify.rules) * 1:18844 <-> DISABLED <-> FILE-IDENTIFY .maq attachment file type blocked by Outlook detected (file-identify.rules) * 1:18845 <-> DISABLED <-> FILE-IDENTIFY .mar attachment file type blocked by Outlook detected (file-identify.rules) * 1:18846 <-> DISABLED <-> FILE-IDENTIFY .mas attachment file type blocked by Outlook detected (file-identify.rules) * 1:18847 <-> DISABLED <-> FILE-IDENTIFY .mat attachment file type blocked by Outlook detected (file-identify.rules) * 1:18848 <-> DISABLED <-> FILE-IDENTIFY .mau attachment file type blocked by Outlook detected (file-identify.rules) * 1:18849 <-> DISABLED <-> FILE-IDENTIFY .mav attachment file type blocked by Outlook detected (file-identify.rules) * 1:18850 <-> DISABLED <-> FILE-IDENTIFY .maw attachment file type blocked by Outlook detected (file-identify.rules) * 1:18851 <-> DISABLED <-> FILE-IDENTIFY .mda attachment file type blocked by Outlook detected (file-identify.rules) * 1:18852 <-> DISABLED <-> FILE-IDENTIFY .mdb attachment file type blocked by Outlook detected (file-identify.rules) * 1:18853 <-> DISABLED <-> FILE-IDENTIFY .mde attachment file type blocked by Outlook detected (file-identify.rules) * 1:18854 <-> DISABLED <-> FILE-IDENTIFY .mdt attachment file type blocked by Outlook detected (file-identify.rules) * 1:18855 <-> DISABLED <-> FILE-IDENTIFY .mdw attachment file type blocked by Outlook detected (file-identify.rules) * 1:18856 <-> DISABLED <-> FILE-IDENTIFY .mdz attachment file type blocked by Outlook detected (file-identify.rules) * 1:18857 <-> DISABLED <-> FILE-IDENTIFY .msc attachment file type blocked by Outlook detected (file-identify.rules) * 1:18858 <-> DISABLED <-> FILE-IDENTIFY .msh attachment file type blocked by Outlook detected (file-identify.rules) * 1:18859 <-> DISABLED <-> FILE-IDENTIFY .msh1 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18860 <-> DISABLED <-> FILE-IDENTIFY .msh2 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18861 <-> DISABLED <-> FILE-IDENTIFY .mshxml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18862 <-> DISABLED <-> FILE-IDENTIFY .msh1xml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18863 <-> DISABLED <-> FILE-IDENTIFY .msh2xml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18864 <-> DISABLED <-> FILE-IDENTIFY .msi attachment file type blocked by Outlook detected (file-identify.rules) * 1:18865 <-> DISABLED <-> FILE-IDENTIFY .msp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18866 <-> DISABLED <-> FILE-IDENTIFY .mst attachment file type blocked by Outlook detected (file-identify.rules) * 1:18867 <-> DISABLED <-> FILE-IDENTIFY .ops attachment file type blocked by Outlook detected (file-identify.rules) * 1:18868 <-> DISABLED <-> FILE-IDENTIFY .osd attachment file type blocked by Outlook detected (file-identify.rules) * 1:18869 <-> DISABLED <-> FILE-IDENTIFY .pcd attachment file type blocked by Outlook detected (file-identify.rules) * 1:18870 <-> DISABLED <-> FILE-IDENTIFY .pif attachment file type blocked by Outlook detected (file-identify.rules) * 1:18871 <-> DISABLED <-> FILE-IDENTIFY .plg attachment file type blocked by Outlook detected (file-identify.rules) * 1:18872 <-> DISABLED <-> FILE-IDENTIFY .prf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18873 <-> DISABLED <-> FILE-IDENTIFY .prg attachment file type blocked by Outlook detected (file-identify.rules) * 1:18874 <-> DISABLED <-> FILE-IDENTIFY .pst attachment file type blocked by Outlook detected (file-identify.rules) * 1:18875 <-> DISABLED <-> FILE-IDENTIFY .reg attachment file type blocked by Outlook detected (file-identify.rules) * 1:18876 <-> DISABLED <-> FILE-IDENTIFY .scf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18877 <-> DISABLED <-> FILE-IDENTIFY .scr attachment file type blocked by Outlook detected (file-identify.rules) * 1:18878 <-> DISABLED <-> FILE-IDENTIFY .sct attachment file type blocked by Outlook detected (file-identify.rules) * 1:18879 <-> DISABLED <-> FILE-IDENTIFY .shb attachment file type blocked by Outlook detected (file-identify.rules) * 1:18880 <-> DISABLED <-> FILE-IDENTIFY .shs attachment file type blocked by Outlook detected (file-identify.rules) * 1:18881 <-> DISABLED <-> FILE-IDENTIFY .ps1 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18882 <-> DISABLED <-> FILE-IDENTIFY .ps1xml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18883 <-> DISABLED <-> FILE-IDENTIFY .ps2 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18884 <-> DISABLED <-> FILE-IDENTIFY .ps2xml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18885 <-> DISABLED <-> FILE-IDENTIFY .psc1 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18886 <-> DISABLED <-> FILE-IDENTIFY .psc2 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18887 <-> DISABLED <-> FILE-IDENTIFY .tmp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18888 <-> DISABLED <-> FILE-IDENTIFY .url attachment file type blocked by Outlook detected (file-identify.rules) * 1:18889 <-> DISABLED <-> FILE-IDENTIFY .vb attachment file type blocked by Outlook detected (file-identify.rules) * 1:18890 <-> DISABLED <-> FILE-IDENTIFY .vbe attachment file type blocked by Outlook detected (file-identify.rules) * 1:18891 <-> DISABLED <-> FILE-IDENTIFY .vbp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18892 <-> DISABLED <-> FILE-IDENTIFY .vbs attachment file type blocked by Outlook detected (file-identify.rules) * 1:18893 <-> DISABLED <-> FILE-IDENTIFY .vsmacros attachment file type blocked by Outlook detected (file-identify.rules) * 1:18894 <-> DISABLED <-> FILE-IDENTIFY .vsw attachment file type blocked by Outlook detected (file-identify.rules) * 1:18895 <-> DISABLED <-> FILE-IDENTIFY .ws attachment file type blocked by Outlook detected (file-identify.rules) * 1:18896 <-> DISABLED <-> FILE-IDENTIFY .wsc attachment file type blocked by Outlook detected (file-identify.rules) * 1:18897 <-> DISABLED <-> FILE-IDENTIFY .wsf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18898 <-> DISABLED <-> FILE-IDENTIFY .wsh attachment file type blocked by Outlook detected (file-identify.rules) * 1:18899 <-> DISABLED <-> FILE-IDENTIFY .xnk attachment file type blocked by Outlook detected (file-identify.rules) * 1:18931 <-> DISABLED <-> SERVER-APACHE Apache Struts OGNL parameter interception bypass command execution attempt (server-apache.rules) * 1:18933 <-> DISABLED <-> SERVER-OTHER SolarWinds TFTP Server Read request denial of service attempt (server-other.rules) * 1:18950 <-> DISABLED <-> OS-WINDOWS Microsoft WINS service oversize payload exploit attempt (os-windows.rules) * 1:18963 <-> DISABLED <-> FILE-FLASH Adobe ActionScript 3 addEventListener exploit attempt (file-flash.rules) * 1:18964 <-> DISABLED <-> FILE-FLASH Adobe Flash file DefineFont4 remote code execution attempt (file-flash.rules) * 1:18965 <-> DISABLED <-> FILE-FLASH Adobe Flash file ActionScript 2 ActionJump remote code execution attempt (file-flash.rules) * 1:18966 <-> DISABLED <-> FILE-FLASH Adobe Flash file DefineFont4 remote code execution attempt (file-flash.rules) * 1:18967 <-> DISABLED <-> FILE-FLASH Adobe ActionScript argumentCount download attempt (file-flash.rules) * 1:18968 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript3 stack integer overflow attempt (file-flash.rules) * 1:18969 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript ActionIf integer overflow attempt (file-flash.rules) * 1:18970 <-> DISABLED <-> FILE-FLASH Adobe Flash Player null pointer dereference attempt (file-flash.rules) * 1:18971 <-> DISABLED <-> FILE-FLASH Adobe Flash beginGradientfill improper color validation attempt (file-flash.rules) * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules) * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules) * 1:19015 <-> DISABLED <-> POLICY-SPAM visiopharm-3d.eu known spam email attempt (policy-spam.rules) * 1:19020 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cc dns query (indicator-compromise.rules) * 1:19026 <-> DISABLED <-> PUA-ADWARE Smart Protector outbound connection (pua-adware.rules) * 1:19043 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.BestBoan outbound connection (pua-adware.rules) * 1:19044 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.ThinkPoint outbound connection (pua-adware.rules) * 1:19046 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.Winwebsec outbound connection (pua-adware.rules) * 1:19059 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.SystemDefragmenter outbound connection (pua-adware.rules) * 1:19061 <-> DISABLED <-> PUA-ADWARE Adware.Win32.Cashtitan contact to server attempt (pua-adware.rules) * 1:19067 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19068 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19069 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19070 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19075 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript uuencoded eval statement (indicator-obfuscation.rules) * 1:19106 <-> DISABLED <-> MALWARE-OTHER Keylogger Ardamax keylogger runtime detection - http (malware-other.rules) * 1:19122 <-> DISABLED <-> POLICY-SPAM appledownload.com known spam email attempt (policy-spam.rules) * 1:19125 <-> DISABLED <-> PROTOCOL-DNS ISC BIND DNSSEC authority response record overflow attempt (protocol-dns.rules) * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:19135 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Buterat Checkin (malware-backdoor.rules) * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:19178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site request forgery attempt (file-flash.rules) * 1:19179 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site request forgery attempt (file-flash.rules) * 1:19185 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET ArraySegment escape exploit attempt (os-windows.rules) * 1:19188 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (os-windows.rules) * 1:19189 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans2 Distributed File System response PathConsumed integer overflow attempt (os-windows.rules) * 1:19190 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System GET_DFS_REFERRAL request (netbios.rules) * 1:19191 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 zero length write attempt (os-windows.rules) * 1:19199 <-> DISABLED <-> OS-WINDOWS Smb2Create_Finalize malformed EndOfFile field exploit attempt (os-windows.rules) * 1:19200 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff exploit attempt (file-office.rules) * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules) * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules) * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules) * 1:19229 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules) * 1:19230 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules) * 1:19231 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Series record exploit attempt (file-office.rules) * 1:19232 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel XF record exploit attempt (file-office.rules) * 1:19233 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Visual Studio DISCO file download request (file-identify.rules) * 1:19234 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio information disclosure attempt (os-windows.rules) * 1:19247 <-> DISABLED <-> FILE-IMAGE Adobe jpeg 2000 image exploit attempt (file-image.rules) * 1:19248 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D texture continuation integer overflow attempt (file-pdf.rules) * 1:19249 <-> DISABLED <-> FILE-FLASH Adobe Universal3D meshes.removeItem exploit attempt (file-flash.rules) * 1:19250 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D file include overflow attempt (file-pdf.rules) * 1:19251 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CIDFont dictionary glyph width corruption attempt (file-pdf.rules) * 1:19252 <-> ENABLED <-> FILE-IDENTIFY language.engtesselate.ln file download request (file-identify.rules) * 1:19253 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious language.engtesselate.ln file download attempt (file-pdf.rules) * 1:19254 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript in PDF go-to actions exploit attempt (file-pdf.rules) * 1:19255 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC ProfileDescriptionTag overflow attempt (file-pdf.rules) * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:19261 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF8 invalid Selection.cref exploit attempt (file-office.rules) * 1:19289 <-> ENABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules) * 1:19297 <-> ENABLED <-> SERVER-OTHER sidename.js script injection (server-other.rules) * 1:19298 <-> ENABLED <-> SERVER-OTHER cssminibar.js script injection (server-other.rules) * 1:19299 <-> ENABLED <-> SERVER-OTHER banner.txt access - possible compromised multi-mesh injection server (server-other.rules) * 1:19300 <-> DISABLED <-> FILE-OTHER probable multi-mesh injection attack (file-other.rules) * 1:19301 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules) * 1:19302 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules) * 1:19309 <-> DISABLED <-> PUA-ADWARE hijacker starware videos outbound connection (pua-adware.rules) * 1:19311 <-> DISABLED <-> PUA-ADWARE Keylogger aspy v2.12 runtime detection (pua-adware.rules) * 1:19318 <-> DISABLED <-> MALWARE-OTHER Dos.Tool.LOIC UDP default U dun goofed attack (malware-other.rules) * 1:19319 <-> DISABLED <-> MALWARE-OTHER Dos.Tool.LOIC TCP default U dun goofed attack (malware-other.rules) * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:19324 <-> ENABLED <-> MALWARE-OTHER Keylogger WL-Keylogger inbound connection (malware-other.rules) * 1:19325 <-> DISABLED <-> MALWARE-OTHER Keylogger WL-Keylogger outbound connection (malware-other.rules) * 1:19326 <-> ENABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules) * 1:19327 <-> DISABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules) * 1:19333 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules) * 1:19334 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules) * 1:19335 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules) * 1:19336 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules) * 1:19337 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules) * 1:19338 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules) * 1:19354 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Agent.bhxn variant outbound connection (malware-backdoor.rules) * 1:19362 <-> DISABLED <-> MALWARE-OTHER generic IRC botnet connection (malware-other.rules) * 1:19364 <-> DISABLED <-> PROTOCOL-VOIP Time Stop header invalid value (protocol-voip.rules) * 1:19365 <-> DISABLED <-> PROTOCOL-VOIP Time Stop Header invalid value (protocol-voip.rules) * 1:19373 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules) * 1:19374 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules) * 1:19375 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules) * 1:19376 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules) * 1:19377 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules) * 1:19378 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules) * 1:19379 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules) * 1:19380 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules) * 1:19381 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules) * 1:19382 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules) * 1:19383 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules) * 1:19384 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules) * 1:19385 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules) * 1:19386 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules) * 1:19387 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules) * 1:19388 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules) * 1:19391 <-> DISABLED <-> PUA-ADWARE Lost Door v3.0 (pua-adware.rules) * 1:19392 <-> ENABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules) * 1:19393 <-> DISABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules) * 1:19409 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules) * 1:19410 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules) * 1:19416 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPad download attempt (os-mobile.rules) * 1:19417 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPad download attempt (os-mobile.rules) * 1:19418 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPhone download attempt (os-mobile.rules) * 1:19419 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPod download attempt (os-mobile.rules) * 1:19422 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:19423 <-> ENABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules) * 1:19424 <-> ENABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules) * 1:19425 <-> ENABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules) * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules) * 1:19453 <-> DISABLED <-> PUA-ADWARE Sus.BancDI-B trojan outbound connection (pua-adware.rules) * 1:19460 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRSS multiple consoles on a single process attempt (os-windows.rules) * 1:19461 <-> DISABLED <-> OS-WINDOWS Microsoft CSRSS NULL Fontface pointer attempt (os-windows.rules) * 1:19462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRSS negative array index code execution attempt (os-windows.rules) * 1:19463 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRSS double free attempt (os-windows.rules) * 1:19464 <-> DISABLED <-> OS-WINDOWS Microsoft CSRSS integer overflow attempt (os-windows.rules) * 1:19465 <-> DISABLED <-> OS-WINDOWS Visio mfc71 dll-load attempt (os-windows.rules) * 1:19466 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio mfc71 dll-load exploit attempt (file-office.rules) * 1:19467 <-> DISABLED <-> OS-WINDOWS Microsoft CSRSS NULL Fontface pointer attempt (os-windows.rules) * 1:19468 <-> DISABLED <-> OS-WINDOWS Microsoft stale data code execution attempt (os-windows.rules) * 1:19469 <-> DISABLED <-> OS-WINDOWS Microsoft invalid message kernel-mode memory disclosure attempt (os-windows.rules) * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (policy-other.rules) * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (policy-other.rules) * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (policy-other.rules) * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (policy-other.rules) * 1:19486 <-> DISABLED <-> PUA-ADWARE W32.Fiala.A outbound connection (pua-adware.rules) * 1:19551 <-> DISABLED <-> MALWARE-OTHER self-signed SSL certificate with default Internet Widgits Pty Ltd organization name (malware-other.rules) * 1:19566 <-> DISABLED <-> PUA-ADWARE W32.Ackantta.C.mm mass-mailer outbound connection (pua-adware.rules) * 1:19567 <-> DISABLED <-> PUA-ADWARE W32.Ackantta.C.mm mass-mailer outbound connection (pua-adware.rules) * 1:19571 <-> DISABLED <-> PUA-ADWARE Antivirus Agent Pro outbound connection (pua-adware.rules) * 1:19576 <-> DISABLED <-> PUA-ADWARE Antivirus Pro 2010 outbound connection (pua-adware.rules) * 1:19578 <-> DISABLED <-> PUA-ADWARE Personal Guard 2009 outbound connection (pua-adware.rules) * 1:19594 <-> DISABLED <-> PUA-ADWARE Win32.Fruspam outbound connection (pua-adware.rules) * 1:19595 <-> DISABLED <-> MALWARE-OTHER known malicious email string - You have received a Hallmark E-Card (malware-other.rules) * 1:19598 <-> DISABLED <-> PUA-ADWARE Infostealer.Gampass outbound connection (pua-adware.rules) * 1:19601 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspotrc file load exploit attempt (server-other.rules) * 1:19602 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (server-other.rules) * 1:19603 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment .hotspotrc file load exploit attempt (file-java.rules) * 1:19604 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (file-java.rules) * 1:19605 <-> DISABLED <-> SERVER-ORACLE Glass Fish Server malformed username cross site scripting attempt (server-oracle.rules) * 1:19606 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word STSH record parsing memory corruption (file-office.rules) * 1:19607 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word STSH record parsing memory corruption (file-office.rules) * 1:19609 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management upload directory traversal attempt (server-other.rules) * 1:19617 <-> DISABLED <-> FILE-OTHER Adobe Audition assist.dll dll-load exploit attempt (file-other.rules) * 1:19619 <-> DISABLED <-> FILE-OTHER Adobe Audition assist.dll dll-load exploit attempt (file-other.rules) * 1:19621 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (file-multimedia.rules) * 1:19646 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:19647 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:19648 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:19661 <-> DISABLED <-> SERVER-OTHER Alucar php shell download attempt (server-other.rules) * 1:19665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop web access cross site scripting attempt - GET request (os-windows.rules) * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules) * 1:19673 <-> DISABLED <-> OS-WINDOWS Microsoft Data Access Components bidlab.dll dll-load exploit attempt (os-windows.rules) * 1:19674 <-> DISABLED <-> OS-WINDOWS Microsoft Data Access Components bidlab.dll dll-load exploit attempt (os-windows.rules) * 1:19676 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid UMLDTOptions object exploit attempt (file-office.rules) * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules) * 1:19678 <-> DISABLED <-> SERVER-OTHER multiple products blacknurse ICMP denial of service attempt (server-other.rules) * 1:19679 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows NDISTAPI Driver code execution attempt (file-executable.rules) * 1:19680 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows CSRSS SrvDeviceEvent exploit attempt (file-executable.rules) * 1:19681 <-> DISABLED <-> OS-WINDOWS Microsoft Report Viewer reflect XSS attempt (os-windows.rules) * 1:19683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 buffer overflow attempt (file-flash.rules) * 1:19684 <-> DISABLED <-> FILE-OTHER Adobe CFF font storage memory corruption attempt (file-other.rules) * 1:19685 <-> DISABLED <-> FILE-FLASH Adobe Flash regular expression grouping depth buffer overflow attempt (file-flash.rules) * 1:19686 <-> DISABLED <-> FILE-FLASH Adobe Flash uninitialized bitmap structure memory corruption attempt (file-flash.rules) * 1:19688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript BitmapData buffer overflow attempt (file-flash.rules) * 1:19689 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript dynamic calculation double-free attempt (file-flash.rules) * 1:19690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript duplicateDoorInputArguments stack overwrite (file-flash.rules) * 1:19691 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript File reference buffer overflow attempt (file-flash.rules) * 1:19692 <-> DISABLED <-> FILE-FLASH Adobe Flash cross-site request forgery attempt (file-flash.rules) * 1:19709 <-> DISABLED <-> SERVER-APACHE Apache APR apr_fn match infinite loop denial of service attempt (server-apache.rules) * 1:19717 <-> DISABLED <-> PUA-ADWARE Virus.Win32.Virut.ce outbound connection (pua-adware.rules) * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (policy-other.rules) * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (policy-other.rules) * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (policy-other.rules) * 1:19741 <-> DISABLED <-> MALWARE-OTHER PWS.Win32.Scofted keylogger runtime detection (malware-other.rules) * 1:19747 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.GGDoor.22 variant outbound connection (malware-backdoor.rules) * 1:19775 <-> DISABLED <-> PUA-ADWARE PWS.Win32.Ldpinch.gen outbound connection (pua-adware.rules) * 1:19777 <-> DISABLED <-> PUA-ADWARE Fast Antivirus 2009 outbound connection (pua-adware.rules) * 1:19779 <-> DISABLED <-> INDICATOR-SCAN sqlmap SQL injection scan attempt (indicator-scan.rules) * 1:19780 <-> DISABLED <-> POLICY-OTHER logmein.com connection attempt (policy-other.rules) * 1:19806 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit SVG memory corruption attempt (browser-webkit.rules) * 1:19807 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit SVG memory corruption attempt (browser-webkit.rules) * 1:19816 <-> ENABLED <-> NETBIOS Juniper NeoterisSetupService named pipe access attempt (netbios.rules) * 1:19817 <-> DISABLED <-> NETBIOS Juniper Odyssey Access Client DSSETUPSERVICE_CMD_UNINSTALL overflow attempt (netbios.rules) * 1:19823 <-> DISABLED <-> PUA-ADWARE Downloader.Banload.AKBB outbound connection (pua-adware.rules) * 1:19827 <-> DISABLED <-> PUA-ADWARE PWS-QQGame outbound connection (pua-adware.rules) * 1:19835 <-> DISABLED <-> PUA-ADWARE Delphi-Piette Windows (pua-adware.rules) * 1:19837 <-> DISABLED <-> PUA-ADWARE Spyware Guard 2008 outbound connection (pua-adware.rules) * 1:19838 <-> DISABLED <-> PUA-ADWARE Spyware Guard 2008 outbound connection (pua-adware.rules) * 1:19839 <-> DISABLED <-> PUA-ADWARE Antivirus XP 2008 runtime detection (pua-adware.rules) * 1:19840 <-> DISABLED <-> PUA-ADWARE XP Antispyware 2009 outbound connection (pua-adware.rules) * 1:19841 <-> DISABLED <-> PUA-ADWARE 0desa MSN password stealer (pua-adware.rules) * 1:19842 <-> DISABLED <-> PUA-ADWARE Windows Antivirus 2008 (pua-adware.rules) * 1:19843 <-> DISABLED <-> PUA-ADWARE Windows Antivirus 2008 (pua-adware.rules) * 1:19848 <-> DISABLED <-> PUA-ADWARE Adware.Virtumonde runtime detection (pua-adware.rules) * 1:19849 <-> DISABLED <-> PUA-ADWARE Adware.Virtumonde runtime detection (pua-adware.rules) * 1:19853 <-> DISABLED <-> PUA-ADWARE Wowpa KI outbound connection (pua-adware.rules) * 1:19859 <-> DISABLED <-> PUA-ADWARE XP Deluxe Protector outbound connection (pua-adware.rules) * 1:19860 <-> DISABLED <-> PUA-ADWARE Trust Warrior outbound connection (pua-adware.rules) * 1:19868 <-> DISABLED <-> INDICATOR-OBFUSCATION hidden 1x1 div tag - potential malware obfuscation (indicator-obfuscation.rules) * 1:19869 <-> DISABLED <-> MALWARE-TOOLS Anonymous PHP RefRef DoS tool (malware-tools.rules) * 1:19870 <-> DISABLED <-> MALWARE-TOOLS Anonymous Perl RefRef DoS tool (malware-tools.rules) * 1:19883 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player libdirectx_plugin.dll AMV parsing buffer overflow attempt (file-multimedia.rules) * 1:19896 <-> DISABLED <-> PUA-ADWARE Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 Install Detection (pua-adware.rules) * 1:19897 <-> DISABLED <-> PUA-TOOLBARS Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 Runtime Detection (pua-toolbars.rules) * 1:19899 <-> ENABLED <-> MALWARE-OTHER Tong Keylogger outbound connectiooutbound connection (malware-other.rules) * 1:19900 <-> DISABLED <-> MALWARE-OTHER Tong Keylogger outbound connection (malware-other.rules) * 1:19901 <-> DISABLED <-> MALWARE-OTHER Tong Keylogger outbound connection (malware-other.rules) * 1:19902 <-> DISABLED <-> PUA-ADWARE Targetedbanner.biz Adrotator outbound connection (pua-adware.rules) * 1:19903 <-> DISABLED <-> PUA-ADWARE Win32.Agent.vvm outbound connection (pua-adware.rules) * 1:19904 <-> DISABLED <-> PUA-ADWARE WinReanimator outbound connection (pua-adware.rules) * 1:19906 <-> DISABLED <-> PUA-TOOLBARS 6SQ Toolbar runtime detection (pua-toolbars.rules) * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:19927 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19928 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19929 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19930 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19933 <-> DISABLED <-> INDICATOR-SCAN DirBuster brute forcing tool detected (indicator-scan.rules) * 1:19939 <-> DISABLED <-> PUA-ADWARE WeatherStudio outbound connection (pua-adware.rules) * 1:19984 <-> DISABLED <-> PUA-ADWARE Antivirus 2010 outbound connection (pua-adware.rules) * 1:19985 <-> DISABLED <-> PUA-ADWARE AntivirusPC2009 runtime traffic detected (pua-adware.rules) * 1:19986 <-> DISABLED <-> PUA-ADWARE AntivirusPC2009 install-time traffic detected (pua-adware.rules) * 1:19987 <-> DISABLED <-> PUA-ADWARE PCLiveGuard outbound connection (pua-adware.rules) * 1:19989 <-> DISABLED <-> PUA-ADWARE Total Protect 2009 outbound connection (pua-adware.rules) * 1:19990 <-> DISABLED <-> PUA-ADWARE Total Protect 2009 outbound connection (pua-adware.rules) * 1:19994 <-> DISABLED <-> PUA-ADWARE Antivirus 360 outbound connection (pua-adware.rules) * 1:19998 <-> ENABLED <-> PUA-ADWARE IP address disclosure to advertisement sites attempt (pua-adware.rules) * 1:19999 <-> DISABLED <-> PUA-ADWARE ThreatNuker outbound connection (pua-adware.rules) * 1:20000 <-> DISABLED <-> POLICY-OTHER Achievement Unlocked (Billion Dollar Company -- policy-other.rules) * 1:20007 <-> DISABLED <-> PUA-ADWARE Cinmus.asaq outbound connection (pua-adware.rules) * 1:20025 <-> DISABLED <-> PUA-ADWARE VirusBye outbound connection (pua-adware.rules) * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules) * 1:20041 <-> DISABLED <-> PUA-ADWARE Adware.BB outbound connection (pua-adware.rules) * 1:20045 <-> DISABLED <-> SQL PHPSESSID SQL injection attempt (sql.rules) * 1:20046 <-> DISABLED <-> SQL PHPSESSID SQL injection attempt (sql.rules) * 1:20047 <-> DISABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules) * 1:20048 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager CasLogDirectInsertHandler.cs cross site request forgery attempt (server-other.rules) * 1:20049 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules) * 1:20050 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory consumption vulnerability (file-flash.rules) * 1:20051 <-> DISABLED <-> SERVER-OTHER SAP MaxDB malformed handshake request buffer overflow attempt (server-other.rules) * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules) * 1:20053 <-> DISABLED <-> SERVER-MYSQL Database SELECT subquery denial of service attempt (server-mysql.rules) * 1:20054 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager denial of service attempt (server-other.rules) * 1:20055 <-> DISABLED <-> FILE-JAVA Oracle Java runtime JPEGImageReader overflow attempt (file-java.rules) * 1:20058 <-> DISABLED <-> SERVER-OTHER VMWare authorization service user credential parsing DoS attempt (server-other.rules) * 1:20059 <-> DISABLED <-> FILE-IMAGE Apple Quicktime PictureViewer GIF rendering vulnerability (file-image.rules) * 1:20060 <-> DISABLED <-> SERVER-OTHER CVS annotate command buffer overflow attempt (server-other.rules) * 1:20063 <-> DISABLED <-> PUA-ADWARE SecurityTool outbound connection (pua-adware.rules) * 1:20084 <-> DISABLED <-> SERVER-OTHER ALTAP Salamander PE Viewer PDB Filename Buffer Overflow (server-other.rules) * 1:20089 <-> DISABLED <-> INDICATOR-COMPROMISE IRC nick change on non-standard port (indicator-compromise.rules) * 1:20090 <-> DISABLED <-> INDICATOR-COMPROMISE IRC DCC file transfer request on non-standard port (indicator-compromise.rules) * 1:20091 <-> DISABLED <-> INDICATOR-COMPROMISE IRC DCC chat request on non-standard port (indicator-compromise.rules) * 1:20092 <-> DISABLED <-> INDICATOR-COMPROMISE IRC channel join on non-standard port (indicator-compromise.rules) * 1:20093 <-> DISABLED <-> INDICATOR-COMPROMISE IRC channel notice on non-standard port (indicator-compromise.rules) * 1:20094 <-> DISABLED <-> INDICATOR-COMPROMISE IRC message on non-standard port (indicator-compromise.rules) * 1:20095 <-> DISABLED <-> INDICATOR-COMPROMISE IRC dns request on non-standard port (indicator-compromise.rules) * 1:20100 <-> DISABLED <-> PUA-ADWARE Adware Arcade Web - installation/update (pua-adware.rules) * 1:20101 <-> DISABLED <-> PUA-ADWARE Adware Arcade Web - User-Agent (pua-adware.rules) * 1:20102 <-> DISABLED <-> PUA-ADWARE Adware Arcade Web - X-Arcadeweb header (pua-adware.rules) * 1:20103 <-> DISABLED <-> PUA-ADWARE Adware playsushi - User-Agent (pua-adware.rules) * 1:20118 <-> DISABLED <-> OS-WINDOWS Microsoft Windows shell extensions deskpan.dll dll-load exploit attempt (os-windows.rules) * 1:20119 <-> DISABLED <-> OS-WINDOWS Microsoft Windows shell extensions deskpan.dll dll-load exploit attempt (os-windows.rules) * 1:20120 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS internal communications on network exploit attempt (os-windows.rules) * 1:20123 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ShrFmla record use after free attempt (file-office.rules) * 1:20125 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:20126 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:20129 <-> DISABLED <-> FILE-OFFICE Microsoft Office BpscBulletProof uninitialized pointer dereference attempt (file-office.rules) * 1:20132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vista SMB2 zero length write attempt (os-windows.rules) * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (policy-other.rules) * 1:20138 <-> DISABLED <-> SERVER-OTHER Nortel Networks Multiple UNIStim VoIP Products Remote Eavesdrop Attempt (server-other.rules) * 1:20142 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader app.openDoc path vulnerability (file-pdf.rules) * 1:20143 <-> DISABLED <-> PUA-ADWARE Adware mightymagoo/playpickle/livingplay - User-Agent (pua-adware.rules) * 1:20144 <-> DISABLED <-> FILE-PDF Adobe Acrobat embedded TIFF DotRange structure memory corruption attempt (file-pdf.rules) * 1:20145 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PICT parsing corruption attempt (file-pdf.rules) * 1:20146 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded PICT image (file-pdf.rules) * 1:20147 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PICT parsing corruption attempt (file-pdf.rules) * 1:20148 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PICT parsing corruption attempt (file-pdf.rules) * 1:20149 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded IFF file RGBA chunk memory corruption attempt (file-pdf.rules) * 1:20150 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PCX parsing corruption attempt (file-pdf.rules) * 1:20151 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded PCX image (file-pdf.rules) * 1:20152 <-> DISABLED <-> FILE-PDF Adobe Acrobat GDI object leak memory corruption attempt (file-pdf.rules) * 1:20153 <-> DISABLED <-> FILE-PDF Adobe Acrobat embedded JPEG file APP0 chunk memory corruption attempt (file-pdf.rules) * 1:20156 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getCosObj file overwrite attempt (file-pdf.rules) * 1:20157 <-> DISABLED <-> SERVER-ORACLE Oracle GlassFish Server war file upload attempt (server-oracle.rules) * 1:20162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader sandbox disable attempt (file-pdf.rules) * 1:20169 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP parsing corruption attempt (file-pdf.rules) * 1:20170 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP parsing corruption attempt (file-pdf.rules) * 1:20171 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP parsing corruption attempt (file-pdf.rules) * 1:20172 <-> DISABLED <-> FILE-IDENTIFY Metastock mwl file magic detected (file-identify.rules) * 1:20173 <-> DISABLED <-> PROTOCOL-SCADA Cogent DataHub server-side information disclosure (protocol-scada.rules) * 1:20174 <-> DISABLED <-> PROTOCOL-SCADA Cogent DataHub server-side information disclosure (protocol-scada.rules) * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules) * 1:20178 <-> DISABLED <-> PROTOCOL-SCADA RSLogix rna protocol denial of service attempt (protocol-scada.rules) * 1:20181 <-> DISABLED <-> FILE-FLASH Adobe Flash Speex-encoded audio buffer underflow attempt (file-flash.rules) * 1:20182 <-> DISABLED <-> FILE-FLASH Adobe Flash Player viewSource blacklist exclusion attempt (file-flash.rules) * 1:20183 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setInterval use attempt (file-flash.rules) * 1:20184 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit php meterpreter stub .php file upload (indicator-shellcode.rules) * 1:20185 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_fs_method request/response attempt (indicator-shellcode.rules) * 1:20186 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_sys_process_method request/response attempt (indicator-shellcode.rules) * 1:20187 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_sys_eventlog_method request/response attempt (indicator-shellcode.rules) * 1:20189 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_ui_method request/response attempt (indicator-shellcode.rules) * 1:20190 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_registry_method request/response attempt (indicator-shellcode.rules) * 1:20192 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter incognito_method request/response attempt (indicator-shellcode.rules) * 1:20193 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter webcam_method request/response attempt (indicator-shellcode.rules) * 1:20194 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter sniffer_method request/response attempt (indicator-shellcode.rules) * 1:20195 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter priv_method request/response attempt (indicator-shellcode.rules) * 1:20196 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter lanattacks_method request/response attempt (indicator-shellcode.rules) * 1:20197 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter espia_method request/response attempt (indicator-shellcode.rules) * 1:20198 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter networkpug_method request/response attempt (indicator-shellcode.rules) * 1:20199 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_railgun_method request/response attempt (indicator-shellcode.rules) * 1:20206 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcre ActionScript under allocation (file-flash.rules) * 1:20207 <-> DISABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules) * 1:20208 <-> DISABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules) * 1:20209 <-> DISABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules) * 1:20211 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursive stack overflow attempt (file-flash.rules) * 1:20212 <-> DISABLED <-> SERVER-OTHER SSL CBC encryption mode weakness brute force attempt (server-other.rules) * 1:20220 <-> DISABLED <-> PUA-ADWARE Adware.Wizpop outbound connection (pua-adware.rules) * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules) * 1:20224 <-> DISABLED <-> FILE-MULTIMEDIA MPlayer SMI file buffer overflow attempt (file-multimedia.rules) * 1:20225 <-> ENABLED <-> FILE-OTHER SMI file download request (file-other.rules) * 1:20226 <-> DISABLED <-> FILE-OTHER MPlayer SMI file buffer overflow attempt (file-other.rules) * 1:20227 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC webm memory corruption attempt (file-multimedia.rules) * 1:20237 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Jukebox playlist file handling heap overflow attempt (file-multimedia.rules) * 1:20238 <-> DISABLED <-> SERVER-OTHER Oracle Java calendar deserialize vulnerability (server-other.rules) * 1:20239 <-> DISABLED <-> FILE-JAVA Oracle Java GIF LZW minimum code size overflow attempt (file-java.rules) * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules) * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (policy-other.rules) * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (policy-other.rules) * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (policy-other.rules) * 1:20248 <-> DISABLED <-> PROTOCOL-RPC IBM AIX and Oracle Solaris nfsd v4 nfs_portmon security bypass attempt (protocol-rpc.rules) * 1:20249 <-> DISABLED <-> SERVER-OTHER Oracle Java Web Start BasicService arbitrary command execution attempt (server-other.rules) * 1:20251 <-> DISABLED <-> SERVER-OTHER PointBase 4.6 database DoS (server-other.rules) * 1:20253 <-> DISABLED <-> OS-WINDOWS Microsoft products oleacc.dll dll-load exploit attempt (os-windows.rules) * 1:20254 <-> DISABLED <-> OS-WINDOWS Microsoft products oleacc.dll dll-load exploit attempt (os-windows.rules) * 1:20256 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG http response splitting attempt (os-windows.rules) * 1:20257 <-> DISABLED <-> OS-WINDOWS Microsoft ForeFront UAG ExcelTable.asp XSS attempt (os-windows.rules) * 1:20260 <-> ENABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules) * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules) * 1:20270 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows afd.sys kernel-mode memory corruption attempt (file-executable.rules) * 1:20271 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Host Integration Server SNA length dos attempt (os-windows.rules) * 1:20272 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Forefront UAG NLSessionS cookie overflow attempt (os-windows.rules) * 1:20274 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP NetShareEnumAll request (netbios.rules) * 1:20282 <-> ENABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules) * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules) * 1:20296 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules) * 1:20297 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules) * 1:20298 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules) * 1:20299 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules) * 1:20300 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules) * 1:20301 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules) * 1:20302 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules) * 1:20303 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules) * 1:20304 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules) * 1:20305 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules) * 1:20306 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules) * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules) * 1:20308 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules) * 1:20309 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules) * 1:20310 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules) * 1:20311 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules) * 1:20312 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules) * 1:20313 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules) * 1:20314 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:20315 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules) * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules) * 1:20317 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules) * 1:20318 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:20319 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules) * 1:20320 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules) * 1:20321 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules) * 1:20323 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:20324 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules) * 1:20325 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules) * 1:20326 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules) * 1:20327 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules) * 1:20328 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules) * 1:20329 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules) * 1:20330 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules) * 1:20331 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules) * 1:20332 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules) * 1:20333 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules) * 1:20334 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules) * 1:20335 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules) * 1:20336 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules) * 1:20337 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules) * 1:20338 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules) * 1:20339 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules) * 1:20340 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules) * 1:20341 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules) * 1:20342 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules) * 1:20343 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules) * 1:20344 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules) * 1:20345 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules) * 1:20346 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules) * 1:20347 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules) * 1:20348 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules) * 1:20349 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules) * 1:20350 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules) * 1:20351 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules) * 1:20352 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules) * 1:20353 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules) * 1:20354 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20355 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules) * 1:20356 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules) * 1:20357 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules) * 1:20358 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20359 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20360 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules) * 1:20361 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules) * 1:20362 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules) * 1:20363 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules) * 1:20364 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules) * 1:20365 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules) * 1:20366 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules) * 1:20367 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules) * 1:20370 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules) * 1:20371 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules) * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules) * 1:20373 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules) * 1:20374 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules) * 1:20375 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules) * 1:20376 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules) * 1:20377 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules) * 1:20378 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules) * 1:20379 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules) * 1:20380 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules) * 1:20382 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules) * 1:20383 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules) * 1:20384 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules) * 1:20385 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules) * 1:20386 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules) * 1:20387 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt (protocol-voip.rules) * 1:20388 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt (protocol-voip.rules) * 1:20389 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules) * 1:20393 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:20394 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:20396 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood attempt (protocol-voip.rules) * 1:20397 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood (protocol-voip.rules) * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:20399 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:20401 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:20403 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:20404 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules) * 1:20405 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules) * 1:20406 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules) * 1:20407 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:20408 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:20409 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:20410 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules) * 1:20411 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules) * 1:20412 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules) * 1:20413 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules) * 1:20414 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules) * 1:20415 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules) * 1:20416 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:20417 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:20418 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:20419 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules) * 1:20420 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules) * 1:20421 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:20422 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via field request misplaced - after terminating newline (protocol-voip.rules) * 1:20423 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules) * 1:20424 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules) * 1:20426 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules) * 1:20427 <-> DISABLED <-> PROTOCOL-VOIP OpenSBC VIA header denial of service attempt (protocol-voip.rules) * 1:20430 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start BasicServiceImpl security policy bypass attempt (file-java.rules) * 1:20431 <-> DISABLED <-> FILE-OTHER Wireshark DECT packet dissector overflow attempt (file-other.rules) * 1:20433 <-> DISABLED <-> PUA-ADWARE XP Guardian 2010 anutayadokalug host outbound connection (pua-adware.rules) * 1:20434 <-> DISABLED <-> PUA-ADWARE XP Guardian 2010 proantivirus21 host runtime traffic detection (pua-adware.rules) * 1:20436 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (malware-tools.rules) * 1:20437 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (malware-tools.rules) * 1:20438 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (malware-tools.rules) * 1:20439 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (malware-tools.rules) * 1:20440 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules) * 1:20441 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules) * 1:20442 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules) * 1:20443 <-> DISABLED <-> APP-DETECT Apple OSX Remote Mouse usage (app-detect.rules) * 1:20445 <-> DISABLED <-> FILE-PDF Foxit Reader title overflow attempt (file-pdf.rules) * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:20453 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules) * 1:20454 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules) * 1:20455 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules) * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:20458 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules) * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:20460 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20461 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules) * 1:20462 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules) * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:20474 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules) * 1:20475 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules) * 1:20476 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:20477 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:20478 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:20479 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules) * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:20484 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules) * 1:20485 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules) * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:20487 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules) * 1:20488 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules) * 1:20489 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:20490 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules) * 1:20491 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules) * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:20495 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20511 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules) * 1:20512 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules) * 1:20513 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules) * 1:20514 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:20515 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules) * 1:20516 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules) * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules) * 1:20519 <-> ENABLED <-> FILE-IDENTIFY vmd file download request (file-identify.rules) * 1:20520 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules) * 1:20521 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:20522 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:20529 <-> DISABLED <-> FILE-JAVA Oracle Java trusted method chaining attempt (file-java.rules) * 1:20534 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:20535 <-> DISABLED <-> BROWSER-OTHER Opera Config File script access attempt (browser-other.rules) * 1:20540 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document with embedded TrueType font (file-office.rules) * 1:20543 <-> DISABLED <-> OS-WINDOWS Microsoft Windows IppRateLimitIcmp integer overflow exploit attempt (os-windows.rules) * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules) * 1:20545 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF embedded font null pointer attempt (file-flash.rules) * 1:20547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overlapping record overflow attempt (file-flash.rules) * 1:20548 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursive doaction stack exhaustion (file-flash.rules) * 1:20549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion attempt (file-flash.rules) * 1:20550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Mover3D clipping exploit (file-flash.rules) * 1:20551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Stage 3D texture format overflow attempt (file-flash.rules) * 1:20553 <-> DISABLED <-> FILE-MULTIMEDIA Un4seen Developments XMPlay crafted ASX file buffer overflow attempt (file-multimedia.rules) * 1:20556 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PlaceObjectX null pointer dereference attempt (file-flash.rules) * 1:20557 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionDefineFunction2 length overflow attempt (file-flash.rules) * 1:20558 <-> ENABLED <-> EXPLOIT-KIT URI request for known malicious URI /stat2.php (exploit-kit.rules) * 1:20559 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp MIDI file buffer overflow attempt (file-multimedia.rules) * 1:20560 <-> DISABLED <-> FILE-FLASH Adobe Flash Player salign null javascript access attempt (file-flash.rules) * 1:20563 <-> ENABLED <-> FILE-IDENTIFY amf file download request (file-identify.rules) * 1:20564 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules) * 1:20565 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp AMF file buffer overflow attempt (file-other.rules) * 1:20566 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp AMF file buffer overflow attempt (file-other.rules) * 1:20567 <-> DISABLED <-> FILE-FLASH Adobe Flash SWF AVM2 namespace lookup deref exploit (file-flash.rules) * 1:20568 <-> DISABLED <-> FILE-FLASH Adobe Flash SWF ActionScript 3 ByteArray class vulnerability (file-flash.rules) * 1:20572 <-> DISABLED <-> FILE-OTHER Microsoft Windows Font Library file buffer overflow attempt (file-other.rules) * 1:20578 <-> DISABLED <-> SERVER-MAIL Qualcomm Eudora url buffer overflow attempt (server-mail.rules) * 1:20581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:20582 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:20583 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple location headers malicious redirect attempt (browser-firefox.rules) * 1:20584 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple content-type headers malicious redirect attempt (browser-firefox.rules) * 1:20585 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple content-length headers malicious redirect attempt (browser-firefox.rules) * 1:20586 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple content-disposition headers malicious redirect attempt (browser-firefox.rules) * 1:20588 <-> ENABLED <-> FILE-IDENTIFY CDR file download request (file-identify.rules) * 1:20589 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules) * 1:20594 <-> DISABLED <-> SERVER-ORACLE Outside In CorelDRAW file parser integer overflow attempt (server-oracle.rules) * 1:20601 <-> DISABLED <-> PROTOCOL-SERVICES rlogin nobody (protocol-services.rules) * 1:20602 <-> DISABLED <-> PROTOCOL-SERVICES rlogin guest (protocol-services.rules) * 1:20603 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RSH daemon buffer overflow attempt (os-windows.rules) * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:20609 <-> DISABLED <-> SERVER-OTHER Sunway ForceControl SNMP NetDBServer stack buffer overflow attempt (server-other.rules) * 1:20610 <-> DISABLED <-> FILE-FLASH Adobe Shockwave Flash Flex authoring tool XSS exploit attempt (file-flash.rules) * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules) * 1:20612 <-> DISABLED <-> SERVER-APACHE Apache Tomcat Java AJP connector invalid header timeout DOS attempt (server-apache.rules) * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules) * 1:20616 <-> DISABLED <-> SERVER-OTHER Peercast Basic HTTP authentication buffer overflow attempt (server-other.rules) * 1:20618 <-> DISABLED <-> SERVER-OTHER Sage SalesLogix database credential disclosure attempt (server-other.rules) * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules) * 1:20638 <-> DISABLED <-> PROTOCOL-SCADA Progea Movicon/PowerHMI EIDP over HTTP memory corruption attempt (protocol-scada.rules) * 1:20653 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player ASX file ref href buffer overflow attempt (file-multimedia.rules) * 1:20655 <-> DISABLED <-> PUA-OTHER Yahoo Messenger iframe injection status change attempt (pua-other.rules) * 1:20658 <-> DISABLED <-> POLICY-OTHER HP Printer firmware update attempt (policy-other.rules) * 1:20660 <-> DISABLED <-> SERVER-OTHER sl.php script injection (server-other.rules) * 1:20662 <-> DISABLED <-> SERVER-OTHER Dameware Mini Remote Control username buffer overflow (server-other.rules) * 1:20664 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (server-iis.rules) * 1:20665 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (server-iis.rules) * 1:20666 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Thunderbird / SeaMonkey Content-Type header buffer overflow attempt (browser-firefox.rules) * 1:20667 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Thunderbird / SeaMonkey Content-Type header buffer overflow attempt (browser-firefox.rules) * 1:20668 <-> DISABLED <-> EXPLOIT-KIT URI request for known malicious URI - /content/v1.jar (exploit-kit.rules) * 1:20669 <-> DISABLED <-> EXPLOIT-KIT URI request for known malicious URI - w.php?f= (exploit-kit.rules) * 1:20670 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk data length field overflow attempt (protocol-voip.rules) * 1:20673 <-> DISABLED <-> FILE-MULTIMEDIA invalid VLC media player SMB URI download attempt (file-multimedia.rules) * 1:20675 <-> DISABLED <-> SERVER-IIS Microsoft Active Directory Federation Services code execution attempt (server-iis.rules) * 1:20690 <-> DISABLED <-> SERVER-OTHER Quest NetVault SmartDisk libnvbasics.dll denial of service attempt (server-other.rules) * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules) * 1:20698 <-> DISABLED <-> FILE-OTHER Telnet protocol specifier command injection attempt (file-other.rules) * 1:20717 <-> DISABLED <-> FILE-OFFICE Microsoft Windows OLE versioned stream missing data stream (file-office.rules) * 1:20718 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules) * 1:20719 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Opltc memory corruption attempt (file-office.rules) * 1:20721 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher PLC object memory corruption attempt (file-office.rules) * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules) * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (os-solaris.rules) * 1:20727 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox user interface event dispatcher dos attempt (browser-firefox.rules) * 1:20729 <-> DISABLED <-> BROWSER-FIREFOX Mozilla XBL object init code execution attempt (browser-firefox.rules) * 1:20730 <-> DISABLED <-> BROWSER-FIREFOX Mozilla XBL.method memory corruption attempt (browser-firefox.rules) * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules) * 1:20735 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (file-other.rules) * 1:20736 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari x-man-page URI terminal escape attempt (browser-webkit.rules) * 1:20738 <-> DISABLED <-> SERVER-OTHER Check Point vpn-1 ISAKMP buffer overflow attempt (server-other.rules) * 1:20739 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Object.watch parent access attempt (browser-firefox.rules) * 1:20741 <-> DISABLED <-> SERVER-OTHER SpamAssassin GTube string denial of service attempt (server-other.rules) * 1:20742 <-> DISABLED <-> BROWSER-FIREFOX Mozilla PLUGINSPAGE javascript execution attempt (browser-firefox.rules) * 1:20743 <-> DISABLED <-> BROWSER-OTHER Multiple web browser window injection attempt (browser-other.rules) * 1:20745 <-> DISABLED <-> SERVER-OTHER Ethereal Netflow dissector buffer overflow attempt (server-other.rules) * 1:20746 <-> DISABLED <-> SERVER-OTHER Ethereal IGAP Dissector Buffer Overflow attempt (server-other.rules) * 1:20747 <-> DISABLED <-> SERVER-OTHER Ethereal IGAP Dissector Buffer Overflow attempt (server-other.rules) * 1:20748 <-> DISABLED <-> SERVER-OTHER Yahoo Messenger possible file transfer spoofing (server-other.rules) * 1:20750 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules) * 1:20751 <-> ENABLED <-> FILE-IDENTIFY webm file download request (file-identify.rules) * 1:20752 <-> DISABLED <-> PUA-ADWARE Win32.GameVance outbound connection (pua-adware.rules) * 1:20753 <-> DISABLED <-> PUA-ADWARE Win32.GamePlayLabs outbound connection (pua-adware.rules) * 1:20758 <-> DISABLED <-> POLICY-OTHER Progrea Movicon TCPUploadServer.exe unauthenticated access attempt (policy-other.rules) * 1:20761 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:20768 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20769 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20770 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20771 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20772 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20773 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20774 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20775 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20776 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20802 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PRC file MarkupLinkedItem arbitrary code execution attempt (file-pdf.rules) * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules) * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules) * 1:20814 <-> DISABLED <-> BROWSER-FIREFOX Mozilla favicon href javascript execution attempt (browser-firefox.rules) * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules) * 1:20821 <-> DISABLED <-> SERVER-APACHE Apache APR header memory corruption attempt (server-apache.rules) * 1:20831 <-> ENABLED <-> FILE-JAVA Oracle Java Applet Rhino script engine remote code execution attempt (file-java.rules) * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules) * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules) * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules) * 1:20848 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules) * 1:20849 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules) * 1:20852 <-> ENABLED <-> FILE-IDENTIFY DAZ Studio script download request (file-identify.rules) * 1:20853 <-> DISABLED <-> FILE-OTHER DAZ Studio dangerous scripting method attempt (file-other.rules) * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20856 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20857 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20858 <-> DISABLED <-> FILE-JAVA Oracle Java getSoundBank overflow Attempt malicious jar file (file-java.rules) * 1:20859 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya embedded language script download request (file-identify.rules) * 1:20860 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules) * 1:20861 <-> DISABLED <-> FILE-OTHER Autodesk Maya dangerous scripting method attempt (file-other.rules) * 1:20869 <-> ENABLED <-> FILE-IDENTIFY Autodesk 3D Studio Maxscript download request (file-identify.rules) * 1:20870 <-> DISABLED <-> FILE-OTHER Autodesk 3D Studio Maxscript dangerous scripting method attempt (file-other.rules) * 1:20873 <-> DISABLED <-> POLICY-OTHER TRACE attempt (policy-other.rules) * 1:20874 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (server-other.rules) * 1:20876 <-> DISABLED <-> SERVER-OTHER IBM solidDB solid.exe authentication bypass attempt (server-other.rules) * 1:20880 <-> DISABLED <-> FILE-OFFICE Microsoft DirectShow Line 21 decoder exploit attempt (file-office.rules) * 1:20885 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (file-office.rules) * 1:20886 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (file-office.rules) * 1:20887 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (file-office.rules) * 1:20888 <-> ENABLED <-> FILE-IDENTIFY Video Spirit visprj download attempt (file-identify.rules) * 1:20889 <-> DISABLED <-> FILE-OTHER Video Spirit visprj buffer overflow (file-other.rules) * 1:20893 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules) * 1:20894 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules) * 1:20895 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules) * 1:20896 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules) * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20902 <-> DISABLED <-> FILE-OTHER Microsoft Windows OpenType font parsing stack overflow attempt (file-other.rules) * 1:20904 <-> DISABLED <-> FILE-OTHER Microsoft Windows OpenType font parsing stack overflow attempt (file-other.rules) * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20911 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules) * 1:20912 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules) * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20915 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules) * 1:20916 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules) * 1:20917 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules) * 1:20918 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules) * 1:20919 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader BMP color unused corruption (file-pdf.rules) * 1:20920 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DCT dequantizer memory corruption attempt (file-pdf.rules) * 1:20921 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP colors used integer overflow attempt (file-pdf.rules) * 1:20922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP bit count integer overflow attempt (file-pdf.rules) * 1:20923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP bit count integer overflow attempt (file-pdf.rules) * 1:20924 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20928 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20960 <-> ENABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules) * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules) * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules) * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules) * 1:20964 <-> ENABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules) * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20968 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules) * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules) * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules) * 1:20972 <-> ENABLED <-> FILE-IDENTIFY M4V file magic request (file-identify.rules) * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules) * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules) * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules) * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules) * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules) * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20989 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic single_static_bit encoder (indicator-shellcode.rules) * 1:20990 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic avoid_utf8_tolower encoder (indicator-shellcode.rules) * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:20992 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:20997 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit Display box rendering corruption attempt (browser-webkit.rules) * 1:20998 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript submitform memory corruption attempt (file-pdf.rules) * 1:21000 <-> DISABLED <-> PROTOCOL-SCADA Microsys PROMOTIC ActiveX clsid access (protocol-scada.rules) * 1:21001 <-> DISABLED <-> PROTOCOL-SCADA Microsys PROMOTIC ActiveX function call access (protocol-scada.rules) * 1:21007 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:21008 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file download request (file-identify.rules) * 1:21009 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules) * 1:21010 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules) * 1:21011 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:21012 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules) * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21015 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:21016 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules) * 1:21017 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules) * 1:21018 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules) * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21040 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules) * 1:21052 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file download request (file-identify.rules) * 1:21053 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules) * 1:21054 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules) * 1:21056 <-> DISABLED <-> FILE-JAVA Oracle Java attempt to write in system32 (file-java.rules) * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules) * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21075 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor (server-apache.rules) * 1:21078 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow GraphEdt closed captioning memory corruption (file-multimedia.rules) * 1:21079 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC HMI Administrator cookie detected (protocol-scada.rules) * 1:21082 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel window2 record use after free attempt (file-office.rules) * 1:21083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel window2 record use after free attempt (file-office.rules) * 1:21088 <-> DISABLED <-> OS-WINDOWS Microsoft Windows remote desktop denial of service attempt (os-windows.rules) * 1:21089 <-> DISABLED <-> OS-WINDOWS Microsoft Windows remote desktop oversized cookie attempt (os-windows.rules) * 1:21090 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp player mp4 memory corruption attempt (file-multimedia.rules) * 1:21091 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp player mp4 memory corruption attempt (file-multimedia.rules) * 1:21092 <-> ENABLED <-> MALWARE-TOOLS JavaScript LOIC attack (malware-tools.rules) * 1:21093 <-> DISABLED <-> FILE-MULTIMEDIA A-PDF Wav to mp3 converter buffer overfow (file-multimedia.rules) * 1:21095 <-> DISABLED <-> FILE-PDF Foxit Reader malicious pdf file write access (file-pdf.rules) * 1:21102 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:21103 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:21104 <-> ENABLED <-> MALWARE-TOOLS slowhttptest DoS tool (malware-tools.rules) * 1:21105 <-> DISABLED <-> SERVER-OTHER Avaya WinPDM Unite host router buffer overflow attempt (server-other.rules) * 1:21107 <-> DISABLED <-> FILE-MULTIMEDIA MJM Quickplayer s3m buffer overflow (file-multimedia.rules) * 1:21108 <-> DISABLED <-> EXPLOIT-KIT unknown exploit kit obfuscated landing page (exploit-kit.rules) * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules) * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:21117 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell (indicator-compromise.rules) * 1:21118 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell security information display (indicator-compromise.rules) * 1:21119 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell interactive file system information display (indicator-compromise.rules) * 1:21120 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell interactive console display (indicator-compromise.rules) * 1:21121 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell interactive SQL display (indicator-compromise.rules) * 1:21129 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell (indicator-compromise.rules) * 1:21130 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell enumeration page (indicator-compromise.rules) * 1:21131 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell domain lookup page (indicator-compromise.rules) * 1:21132 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell sql interaction page (indicator-compromise.rules) * 1:21133 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell encoder page (indicator-compromise.rules) * 1:21134 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell security information page (indicator-compromise.rules) * 1:21135 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell password cracking page (indicator-compromise.rules) * 1:21136 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell security bypass page (indicator-compromise.rules) * 1:21137 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell tools page (indicator-compromise.rules) * 1:21138 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell database parsing page (indicator-compromise.rules) * 1:21139 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell spread shell page (indicator-compromise.rules) * 1:21140 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell kill shell page (indicator-compromise.rules) * 1:21146 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules) * 1:21147 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules) * 1:21148 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules) * 1:21149 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules) * 1:21150 <-> DISABLED <-> PROTOCOL-VOIP Grandstream networks denial of service (protocol-voip.rules) * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products floating point buffer overflow attempt (browser-firefox.rules) * 1:21155 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products floating point buffer overflow attempt (browser-firefox.rules) * 1:21160 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (server-iis.rules) * 1:21162 <-> DISABLED <-> FILE-PDF Adobe Acrobat file extension overflow attempt (file-pdf.rules) * 1:21164 <-> DISABLED <-> SERVER-SAMBA Samba username map script command injection attempt (server-samba.rules) * 1:21165 <-> DISABLED <-> FILE-OTHER multiple products GeckoActiveX COM object recon attempt (file-other.rules) * 1:21166 <-> DISABLED <-> BROWSER-CHROME Google Chrome https spoofing attempt (browser-chrome.rules) * 1:21168 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:21169 <-> DISABLED <-> PUA-ADWARE Apperhand SDK advertising data request - Counterclank (pua-adware.rules) * 1:21171 <-> DISABLED <-> APP-DETECT Thunder p2p application activity detection (app-detect.rules) * 1:21172 <-> DISABLED <-> APP-DETECT Thunder p2p application activity detection (app-detect.rules) * 1:21173 <-> DISABLED <-> FILE-EXECUTABLE APP-CONTROL Thunder p2p application download detection (file-executable.rules) * 1:21174 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules) * 1:21176 <-> DISABLED <-> PUA-ADWARE Win32.WindowsOptimizationAndSecurity outbound connection (pua-adware.rules) * 1:21184 <-> DISABLED <-> PUA-ADWARE Internet Security 2010 outbound connection (pua-adware.rules) * 1:21189 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari innerHTML use after free exploit attempt (browser-webkit.rules) * 1:21232 <-> DISABLED <-> SERVER-OTHER Remote Desktop Protocol brute force attempt (server-other.rules) * 1:21244 <-> DISABLED <-> FILE-IDENTIFY New Executable binary file magic detected (file-identify.rules) * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules) * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules) * 1:21254 <-> DISABLED <-> FILE-PDF Foxit Reader createDataObject file write attempt (file-pdf.rules) * 1:21255 <-> ENABLED <-> MALWARE-OTHER known malicious FTP login banner - 0wns j0 (malware-other.rules) * 1:21256 <-> ENABLED <-> MALWARE-OTHER known malicious FTP quit banner - Goodbye happy r00ting (malware-other.rules) * 1:21261 <-> DISABLED <-> SERVER-OTHER Xitami if-modified-since header buffer overflow attempt (server-other.rules) * 1:21262 <-> DISABLED <-> OS-WINDOWS DCERPC ISystemActivate flood attempt (os-windows.rules) * 1:21263 <-> DISABLED <-> SERVER-OTHER Embarcadero Interbase connect request buffer overflow attempt (server-other.rules) * 1:21265 <-> DISABLED <-> INDICATOR-SHELLCODE Piecemeal exploit and shellcode construction (indicator-shellcode.rules) * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (policy-other.rules) * 1:21281 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (os-windows.rules) * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules) * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules) * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules) * 1:21291 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid row option attempt (file-office.rules) * 1:21293 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio corrupted compressed data memory corruption attempt (file-office.rules) * 1:21295 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules) * 1:21296 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules) * 1:21315 <-> DISABLED <-> SERVER-OTHER Quest NetVault SmartDisk libnvbasics.dll DOS attempt (server-other.rules) * 1:21317 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:21319 <-> DISABLED <-> FILE-OTHER Multiple products request for version.dll over SMB attempt (file-other.rules) * 1:21320 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player request for atl.dll over SMB attempt (file-flash.rules) * 1:21321 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player request for uxtheme.dll over SMB attempt (file-flash.rules) * 1:21322 <-> DISABLED <-> FILE-OTHER Multiple products version.dll dll-load exploit attempt (file-other.rules) * 1:21323 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player atl.dll dll-load exploit attempt (file-flash.rules) * 1:21324 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player uxtheme.dll dll-load exploit attempt (file-flash.rules) * 1:21325 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross site request forgery attempt (file-flash.rules) * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (file-flash.rules) * 1:21328 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format server integer overflow attempt (server-other.rules) * 1:21329 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format client integer overflow attempt (server-other.rules) * 1:21330 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format server integer overflow attempt (server-other.rules) * 1:21331 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format client integer overflow attempt (server-other.rules) * 1:21332 <-> ENABLED <-> APP-DETECT Synergy network kvm usage detected (app-detect.rules) * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (file-flash.rules) * 1:21337 <-> DISABLED <-> SERVER-APACHE Apache XML HMAC truncation authentication bypass attempt (server-apache.rules) * 1:21349 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:21350 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:21356 <-> DISABLED <-> SERVER-APACHE Apache URI directory traversal attempt (server-apache.rules) * 1:21357 <-> DISABLED <-> OS-WINDOWS Microsoft Windows OLEAUT32.DLL malicious WMF file remote code execution attempt (os-windows.rules) * 1:21370 <-> DISABLED <-> SERVER-SAMBA Samba name mangling buffer overflow attempt (server-samba.rules) * 1:21387 <-> DISABLED <-> FILE-JAVA Oracle Java runtime RMIConnectionImpl deserialization execution attempt (file-java.rules) * 1:21393 <-> DISABLED <-> FILE-MULTIMEDIA Magix Musik Maker 16 buffer overflow attempt (file-multimedia.rules) * 1:21394 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox null byte file remote code execution attempt (browser-firefox.rules) * 1:21395 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:21396 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:21397 <-> DISABLED <-> FILE-MULTIMEDIA MicroP mppl stack buffer overflow (file-multimedia.rules) * 1:21398 <-> ENABLED <-> FILE-IDENTIFY MPPL file download request (file-identify.rules) * 1:21399 <-> DISABLED <-> BROWSER-OTHER Opera Web Browser History Search Input validation vulnerability (browser-other.rules) * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules) * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules) * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21413 <-> DISABLED <-> FILE-OTHER PeaZip command injection attempt (file-other.rules) * 1:21417 <-> DISABLED <-> FILE-PDF hostile PDF associated with Laik exploit kit (file-pdf.rules) * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules) * 1:21431 <-> DISABLED <-> FILE-PDF Possible malicious pdf - new pdf exploit (file-pdf.rules) * 1:21432 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules) * 1:21433 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules) * 1:21437 <-> DISABLED <-> FILE-OTHER WordPerfect WP3TablesGroup heap overflow attempt (file-other.rules) * 1:21439 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ arbitrary code execution attempt (file-image.rules) * 1:21445 <-> DISABLED <-> SERVER-OTHER vsFTPd denial of service attempt (server-other.rules) * 1:21446 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileSystemObject clsid access (browser-chrome.rules) * 1:21459 <-> ENABLED <-> MALWARE-TOOLS Havij advanced SQL injection tool user-agent string (malware-tools.rules) * 1:21480 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21483 <-> DISABLED <-> PROTOCOL-SCADA Moxa Device Manager buffer overflow attempt (protocol-scada.rules) * 1:21485 <-> DISABLED <-> SERVER-OTHER EMC RepliStor denial of service attempt (server-other.rules) * 1:21488 <-> DISABLED <-> APP-DETECT User-Agent known user agent - GetRight (app-detect.rules) * 1:21489 <-> DISABLED <-> FILE-OTHER Microsoft Windows chm file malware related exploit (file-other.rules) * 1:21490 <-> DISABLED <-> PROTOCOL-SCADA General Electric d20me configuration retrieval attempt (protocol-scada.rules) * 1:21491 <-> DISABLED <-> PROTOCOL-SCADA Sielco Sistemi Winlog Pro stack buffer overflow attempt (protocol-scada.rules) * 1:21494 <-> DISABLED <-> PROTOCOL-SCADA General Electric D20ME backdoor attempt (protocol-scada.rules) * 1:21498 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21501 <-> DISABLED <-> FILE-JAVA Oracle JavaScript file upload keystroke hijack attempt (file-java.rules) * 1:21503 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB memory corruption (file-office.rules) * 1:21509 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit rhino jar request (exploit-kit.rules) * 1:21510 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit logo transfer (exploit-kit.rules) * 1:21512 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zegost.B runtime detection (malware-backdoor.rules) * 1:21513 <-> ENABLED <-> MALWARE-TOOLS HOIC http denial of service attack (malware-tools.rules) * 1:21515 <-> DISABLED <-> SERVER-APACHE Apache Tomcat Web Application Manager access (server-apache.rules) * 1:21519 <-> DISABLED <-> INDICATOR-OBFUSCATION Dadongs obfuscated javascript (indicator-obfuscation.rules) * 1:21524 <-> DISABLED <-> FILE-OFFICE Microsoft Windows object packager dialogue code execution attempt (file-office.rules) * 1:21530 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action script 3 bitmap malicious rectangle attempt (file-flash.rules) * 1:21531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action script 3 bitmap malicious rectangle attempt (file-flash.rules) * 1:21532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action script 3 bitmap malicious rectangle attempt (file-flash.rules) * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21550 <-> ENABLED <-> MALWARE-BACKDOOR ToolsPack PHP Backdoor access (malware-backdoor.rules) * 1:21555 <-> DISABLED <-> MALWARE-OTHER Horde javascript.php href backdoor (malware-other.rules) * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (policy-other.rules) * 1:21557 <-> DISABLED <-> FILE-OTHER Apple OSX ZIP archive shell script execution attempt (file-other.rules) * 1:21573 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file download request (file-identify.rules) * 1:21574 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules) * 1:21575 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules) * 1:21576 <-> DISABLED <-> FILE-OTHER Microsoft Windows Visual Studio .addin file access (file-other.rules) * 1:21577 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - charcode (indicator-obfuscation.rules) * 1:21578 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - eval (indicator-obfuscation.rules) * 1:21579 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - fromCharCode (indicator-obfuscation.rules) * 1:21580 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - fromCharCode (indicator-obfuscation.rules) * 1:21582 <-> DISABLED <-> FILE-PDF PDF obfuscation attempt (file-pdf.rules) * 1:21583 <-> DISABLED <-> FILE-PDF Possible malicious pdf detection - qwe123 (file-pdf.rules) * 1:21584 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file download request (file-identify.rules) * 1:21585 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules) * 1:21586 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules) * 1:21587 <-> DISABLED <-> FILE-OTHER VisiWave VWR file parsing code execution attempt (file-other.rules) * 1:21595 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D initialization request detection (os-mobile.rules) * 1:21596 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D initialization response detection (os-mobile.rules) * 1:21597 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D sms logging request detection (os-mobile.rules) * 1:21598 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D sms logging response detection (os-mobile.rules) * 1:21599 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21600 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21601 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21602 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21603 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21604 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21605 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21606 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21607 <-> DISABLED <-> FILE-OTHER IBM Installation Manager iim uri code execution attempt (file-other.rules) * 1:21608 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 call number denial of service (protocol-voip.rules) * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21629 <-> DISABLED <-> FILE-OTHER ELF file parsing in different antivirus evasion attempt (file-other.rules) * 1:21630 <-> DISABLED <-> FILE-OTHER ELF file parsing in different antivirus evasion attempt (file-other.rules) * 1:21637 <-> DISABLED <-> POLICY-SPAM local user attempted to fill out paypal phishing form (policy-spam.rules) * 1:21641 <-> DISABLED <-> MALWARE-OTHER Possible banking trojan with known banking strings (malware-other.rules) * 1:21642 <-> DISABLED <-> MALWARE-OTHER Possible malicious jar file download page (malware-other.rules) * 1:21644 <-> DISABLED <-> PUA-ADWARE Adware.MediaGetInstaller inbound connection - destination ip infected (pua-adware.rules) * 1:21645 <-> DISABLED <-> PUA-ADWARE Adware.MediaGetInstaller outbound connection - source ip infected (pua-adware.rules) * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules) * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:21662 <-> DISABLED <-> SERVER-OTHER Blue Coat Systems WinProxy telnet denial of service attempt (server-other.rules) * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (exploit-kit.rules) * 1:21669 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk missing SIP version denial of service attempt (protocol-voip.rules) * 1:21672 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP capabilities response message capabilities count overflow attempt (protocol-voip.rules) * 1:21673 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP overly large mem copy attempt (protocol-voip.rules) * 1:21674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules) * 1:21675 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules) * 1:21676 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules) * 1:21677 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules) * 1:21678 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21679 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call attempt (exploit-kit.rules) * 1:21680 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21681 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21682 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21683 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21684 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21685 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21686 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:21708 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21711 <-> ENABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules) * 1:21712 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21715 <-> ENABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules) * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21718 <-> ENABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules) * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21721 <-> ENABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules) * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21724 <-> ENABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules) * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21727 <-> ENABLED <-> FILE-IDENTIFY ANI file magic detection (file-identify.rules) * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21748 <-> ENABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules) * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21751 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:21759 <-> DISABLED <-> FILE-OTHER Ultra Shareware Office HttpUpload buffer overflow attempt (file-other.rules) * 1:21763 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve Backup denial of service attempt (server-other.rules) * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules) * 1:21765 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF subroutine pointer attempt (file-pdf.rules) * 1:21767 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 Channel Driver DoS attempt (protocol-voip.rules) * 1:21768 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 Channel Driver DoS attempt (protocol-voip.rules) * 1:21777 <-> DISABLED <-> SQL waitfor delay function in POST - possible SQL injection attempt (sql.rules) * 1:21779 <-> DISABLED <-> SQL parameter ending in encoded comment characters - possible sql injection attempt - POST (sql.rules) * 1:21780 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded waitfor delay function in POST - possible sql injection attempt (indicator-obfuscation.rules) * 1:21781 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded union select function in POST - possible sql injection attempt (indicator-obfuscation.rules) * 1:21782 <-> DISABLED <-> INDICATOR-OBFUSCATION script tag in POST parameters - likely cross-site scripting (indicator-obfuscation.rules) * 1:21783 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded script tag in POST parameters - likely cross-site scripting (indicator-obfuscation.rules) * 1:21784 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded script tag in POST parameters - likely cross-site scripting (indicator-obfuscation.rules) * 1:21785 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript escape function in POST parameters - likely javascript injection (indicator-obfuscation.rules) * 1:21786 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded javascript escape function in POST parameters - likely javascript injection (indicator-obfuscation.rules) * 1:21787 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded javascript escape function in POST parameters - likely javascript injection (indicator-obfuscation.rules) * 1:21788 <-> DISABLED <-> SQL or kic = kic - known SQL injection routine (sql.rules) * 1:21789 <-> DISABLED <-> SQL or kic = kic - known SQL injection routine (sql.rules) * 1:21802 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file download request (file-identify.rules) * 1:21803 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules) * 1:21804 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules) * 1:21805 <-> DISABLED <-> FILE-MULTIMEDIA HT-MP3Player file parsing boundary buffer overflow attempt (file-multimedia.rules) * 1:21807 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules) * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21810 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:21811 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules) * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21814 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21817 <-> DISABLED <-> PROTOCOL-DNS excessive queries of type ANY - potential DoS (protocol-dns.rules) * 1:21845 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - redirect received (malware-other.rules) * 1:21848 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - page redirecting to a SutraTDS (malware-other.rules) * 1:21849 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - HTTP header redirecting to a SutraTDS (malware-other.rules) * 1:21850 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - request hi.cgi (malware-other.rules) * 1:21851 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - redirect received (malware-other.rules) * 1:21853 <-> DISABLED <-> APP-DETECT ptunnel icmp proxy (app-detect.rules) * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21858 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader msiexec.exe file load exploit attempt (file-pdf.rules) * 1:21859 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader msiexec.exe file load exploit attempt (file-pdf.rules) * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21863 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21864 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21881 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21907 <-> DISABLED <-> FILE-OFFICE Microsoft Office rtf document generic exploit indicator (file-office.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21920 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In CorelDRAW file parser buffer overflow attempt (server-oracle.rules) * 1:21921 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In CorelDRAW file parser buffer overflow attempt (server-oracle.rules) * 1:21923 <-> DISABLED <-> SERVER-APACHE Apache Tomcat PUT request remote file deployment attempt (server-apache.rules) * 1:21924 <-> DISABLED <-> PUA-ADWARE Adware.Downware variant outbound connection attempt (pua-adware.rules) * 1:21929 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules) * 1:21930 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules) * 1:21934 <-> DISABLED <-> PUA-ADWARE 888Poker install outbound connection attempt (pua-adware.rules) * 1:21938 <-> DISABLED <-> PROTOCOL-TELNET RuggedCom default backdoor login attempt (protocol-telnet.rules) * 1:21939 <-> ENABLED <-> PROTOCOL-TELNET RuggedCom telnet initial banner (protocol-telnet.rules) * 1:21941 <-> DISABLED <-> INDICATOR-COMPROMISE Wordpress Request for php file in fgallery directory (indicator-compromise.rules) * 1:21949 <-> ENABLED <-> MALWARE-OTHER nikjju script injection (malware-other.rules) * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules) * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules) * 1:21967 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip.A runtime detection (malware-backdoor.rules) * 1:21968 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Rebhip.A variant outbound connection type A (malware-backdoor.rules) * 1:21969 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Rebhip.A variant outbound connection type B (malware-backdoor.rules) * 1:21970 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zlob.P variant outbound connection (malware-backdoor.rules) * 1:21971 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zlob.P variant inbound connection (malware-backdoor.rules) * 1:21972 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.ZZSlash variant outbound connection (malware-backdoor.rules) * 1:21973 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.ZZSlash runtime detection (malware-backdoor.rules) * 1:21977 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Pinit variant outbound connection (malware-backdoor.rules) * 1:21978 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nervos variant outbound connection (malware-backdoor.rules) * 1:21979 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nervos variant inbound connection (malware-backdoor.rules) * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (file-identify.rules) * 1:22002 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Basic v6.0 - additional file magic detected (file-identify.rules) * 1:22013 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file download request (file-identify.rules) * 1:22014 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules) * 1:22015 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules) * 1:22016 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules) * 1:22017 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file download request (file-identify.rules) * 1:22018 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules) * 1:22019 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules) * 1:22020 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules) * 1:22021 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file download request (file-identify.rules) * 1:22022 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules) * 1:22023 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules) * 1:22024 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules) * 1:22025 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file download request (file-identify.rules) * 1:22026 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules) * 1:22027 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules) * 1:22028 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules) * 1:22029 <-> DISABLED <-> FILE-OTHER Visual Studio DBP file handling buffer overflow attempt (file-other.rules) * 1:22030 <-> DISABLED <-> FILE-OTHER Visual Studio PKP file handling buffer overflow attempt (file-other.rules) * 1:22031 <-> DISABLED <-> FILE-OTHER Visual Studio SLN file handling buffer overflow attempt (file-other.rules) * 1:22032 <-> DISABLED <-> FILE-OTHER Visual Studio VAP file handling buffer overflow attempt (file-other.rules) * 1:22043 <-> ENABLED <-> FILE-IDENTIFY XM file download request (file-identify.rules) * 1:22044 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules) * 1:22045 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules) * 1:22046 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules) * 1:22061 <-> ENABLED <-> MALWARE-OTHER Alureon - Malicious IFRAME load attempt (malware-other.rules) * 1:22071 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - eval (indicator-obfuscation.rules) * 1:22072 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - fromCharCode (indicator-obfuscation.rules) * 1:22073 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - unescape (indicator-obfuscation.rules) * 1:22074 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - charCode (indicator-obfuscation.rules) * 1:22079 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework EvidenceBase class remote code execution attempt (os-windows.rules) * 1:22085 <-> DISABLED <-> FILE-OFFICE Microsoft Office GDI+ incorrect index validation of malformed EMF image attempt (file-office.rules) * 1:22086 <-> DISABLED <-> FILE-OFFICE Microsoft Office GDI+ incorrect index validation of malformed EMF image attempt (file-office.rules) * 1:22087 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font maxComponentPoints overflow attempt (file-other.rules) * 1:22090 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework malicious XBAP attempt (os-windows.rules) * 1:22095 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Agent variant outbound connection (malware-backdoor.rules) * 1:22098 <-> DISABLED <-> INDICATOR-COMPROMISE hex-encoded create_function detected (indicator-compromise.rules) * 1:22110 <-> DISABLED <-> SERVER-MAIL Metamail format string exploit attempt (server-mail.rules) * 1:22111 <-> DISABLED <-> SERVER-MAIL Metamail format string exploit attempt (server-mail.rules) * 1:22112 <-> DISABLED <-> SERVER-MAIL Metamail format string exploit attempt (server-mail.rules) * 1:22113 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (server-mail.rules) * 1:22114 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (server-mail.rules) * 1:22115 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (server-mail.rules) * 1:22917 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - cmd (indicator-compromise.rules) * 1:22918 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - search (indicator-compromise.rules) * 1:22919 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - upload (indicator-compromise.rules) * 1:22920 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - about (indicator-compromise.rules) * 1:22921 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - encoder (indicator-compromise.rules) * 1:22922 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - bind (indicator-compromise.rules) * 1:22923 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ps_aux (indicator-compromise.rules) * 1:22924 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ftpquickbrute (indicator-compromise.rules) * 1:22925 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - security (indicator-compromise.rules) * 1:22926 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - sql (indicator-compromise.rules) * 1:22927 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - eval (indicator-compromise.rules) * 1:22928 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - feedback (indicator-compromise.rules) * 1:22929 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - selfremove (indicator-compromise.rules) * 1:22930 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - fsbuff (indicator-compromise.rules) * 1:22931 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ls (indicator-compromise.rules) * 1:22932 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - phpinfo (indicator-compromise.rules) * 1:22933 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - tools (indicator-compromise.rules) * 1:22940 <-> DISABLED <-> INDICATOR-COMPROMISE Win32.Virut web propagation detection (indicator-compromise.rules) * 1:22941 <-> DISABLED <-> FILE-PDF Possible malicious PDF detection - qweqwe= (file-pdf.rules) * 1:22943 <-> ENABLED <-> FILE-IDENTIFY NAB file download request (file-identify.rules) * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22946 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:22948 <-> DISABLED <-> PROTOCOL-VOIP Avaya WinPDM header buffer overflow attempt (protocol-voip.rules) * 1:22953 <-> DISABLED <-> MALWARE-TOOLS Hulk denial of service attempt (malware-tools.rules) * 1:22955 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules) * 1:22956 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules) * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22967 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules) * 1:22968 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules) * 1:22969 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules) * 1:22970 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules) * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (file-identify.rules) * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (file-identify.rules) * 1:22973 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules) * 1:22974 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules) * 1:22975 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules) * 1:22976 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules) * 1:22977 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules) * 1:22978 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules) * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22981 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules) * 1:22982 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules) * 1:22983 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules) * 1:22984 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules) * 1:22985 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:22986 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:22987 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules) * 1:22988 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules) * 1:22989 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules) * 1:22990 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules) * 1:22991 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules) * 1:22992 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules) * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22997 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22998 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22999 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23002 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules) * 1:23003 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules) * 1:23004 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:23005 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:23006 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:23007 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:23011 <-> ENABLED <-> FILE-IDENTIFY Collada file download request (file-identify.rules) * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23016 <-> DISABLED <-> INDICATOR-COMPROMISE base64-encoded c99shell download (indicator-compromise.rules) * 1:23017 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell comment (indicator-compromise.rules) * 1:23043 <-> DISABLED <-> FILE-PDF Unknown malicious PDF - CreationDate (file-pdf.rules) * 1:23044 <-> DISABLED <-> FILE-PDF Unknown malicious PDF - CreationDate (file-pdf.rules) * 1:23045 <-> DISABLED <-> FILE-PDF Unknown malicious PDF - Title (file-pdf.rules) * 1:23054 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nSSVGValue memory corruption attempt (browser-firefox.rules) * 1:23055 <-> DISABLED <-> PROTOCOL-FTP Multiple Products FTP MKD buffer overflow attempt (protocol-ftp.rules) * 1:23058 <-> ENABLED <-> MALWARE-OTHER NeoSploit Malvertising - URI Requested (malware-other.rules) * 1:23085 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - join (indicator-obfuscation.rules) * 1:23086 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - push (indicator-obfuscation.rules) * 1:23087 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - xval (indicator-obfuscation.rules) * 1:23088 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - qweqwe (indicator-obfuscation.rules) * 1:23089 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript strings - obfuscation pattern (indicator-obfuscation.rules) * 1:23090 <-> DISABLED <-> SERVER-OTHER known malicious SSL certificate derived from Microsoft CA detected (server-other.rules) * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (policy-other.rules) * 1:23106 <-> ENABLED <-> EXPLOIT-KIT SET java applet load attempt (exploit-kit.rules) * 1:23107 <-> DISABLED <-> INDICATOR-COMPROMISE BeEF javascript hook.js download attempt (indicator-compromise.rules) * 1:23110 <-> DISABLED <-> FILE-IMAGE Microsoft Windows graphics rendering engine buffer overflow attempt (file-image.rules) * 1:23113 <-> DISABLED <-> INDICATOR-OBFUSCATION eval gzinflate base64_decode call - likely malicious (indicator-obfuscation.rules) * 1:23114 <-> DISABLED <-> INDICATOR-OBFUSCATION GIF header with PHP tags - likely malicious (indicator-obfuscation.rules) * 1:23115 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB client authentication bypass attempt (server-mysql.rules) * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (file-flash.rules) * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (file-flash.rules) * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (file-flash.rules) * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (file-flash.rules) * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (file-flash.rules) * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (file-flash.rules) * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (file-flash.rules) * 1:23140 <-> DISABLED <-> FILE-PDF Unknown Malicious PDF - CreationDate (file-pdf.rules) * 1:23141 <-> ENABLED <-> EXPLOIT-KIT Fake transaction redirect page to exploit kit (exploit-kit.rules) * 1:23147 <-> ENABLED <-> EXPLOIT-KIT Suspicious taskkill script - StrReverse (exploit-kit.rules) * 1:23148 <-> ENABLED <-> EXPLOIT-KIT Suspicious StrReverse - Shell (exploit-kit.rules) * 1:23149 <-> ENABLED <-> EXPLOIT-KIT Suspicious StrReverse - Scripting.FileSystemObject (exploit-kit.rules) * 1:23160 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - fromCharCode (indicator-obfuscation.rules) * 1:23161 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - eval (indicator-obfuscation.rules) * 1:23166 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XDP encoded download attempt (file-pdf.rules) * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules) * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23171 <-> DISABLED <-> INDICATOR-COMPROMISE Wordpress Request for html file in fgallery directory (indicator-compromise.rules) * 1:23173 <-> DISABLED <-> OS-MOBILE Android Zitmo trojan command and control channel traffic (os-mobile.rules) * 1:23178 <-> DISABLED <-> PROTOCOL-ICMP IPv6 router advertisement flood attempt (protocol-icmp.rules) * 1:23179 <-> DISABLED <-> INDICATOR-COMPROMISE script before DOCTYPE possible malicious redirect attempt (indicator-compromise.rules) * 1:23188 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23189 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23203 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23204 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23208 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (protocol-voip.rules) * 1:23217 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic avoid_utf8_tolower javascript encoder (indicator-shellcode.rules) * 1:23226 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript error suppression routine (indicator-obfuscation.rules) * 1:23230 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST client identifier overflow attempt (os-windows.rules) * 1:23231 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST hostname overflow attempt (os-windows.rules) * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules) * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules) * 1:23239 <-> DISABLED <-> SERVER-OTHER Wireshark console.lua file load exploit attempt (server-other.rules) * 1:23246 <-> DISABLED <-> PUA-ADWARE Wajam Monitizer url outbound connection - post install (pua-adware.rules) * 1:23247 <-> DISABLED <-> PUA-ADWARE Wajam Monitizer outbound connection - post install (pua-adware.rules) * 1:23309 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:23310 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:23311 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:23312 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:23313 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:23315 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word request for imeshare.dll over SMB attempt (file-office.rules) * 1:23316 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word imeshare.dll dll-load exploit attempt (file-office.rules) * 1:23318 <-> DISABLED <-> FILE-OTHER ELF multiple antivirus evasion attempts (file-other.rules) * 1:23319 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules) * 1:23320 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules) * 1:23321 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules) * 1:23322 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules) * 1:23323 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23324 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23325 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23326 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23327 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23328 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23329 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23330 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:23338 <-> DISABLED <-> MALWARE-BACKDOOR Spindest.A runtime detection - initial connection (malware-backdoor.rules) * 1:23347 <-> ENABLED <-> FILE-IDENTIFY Lotus file download request (file-identify.rules) * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23350 <-> DISABLED <-> MALWARE-OTHER potential clickjacking via css pointer-events attempt (malware-other.rules) * 1:23351 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23356 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office text converters integer underflow attempt (file-office.rules) * 1:23357 <-> DISABLED <-> FILE-OTHER ELF multiple antivirus evasion attempts (file-other.rules) * 1:23358 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23359 <-> DISABLED <-> SERVER-OTHER Multiple Vendors SOAP large array parameter DoS attempt (server-other.rules) * 1:23360 <-> DISABLED <-> SERVER-IIS tilde character file name discovery attempt (server-iis.rules) * 1:23361 <-> DISABLED <-> SERVER-IIS tilde character file name discovery attempt (server-iis.rules) * 1:23362 <-> DISABLED <-> SERVER-IIS tilde character file name discovery attempt (server-iis.rules) * 1:23369 <-> DISABLED <-> PUA-ADWARE Adware.Phono post infection download attempt (pua-adware.rules) * 1:23381 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Thoper.C runtime detection (malware-backdoor.rules) * 1:23393 <-> ENABLED <-> SQL IBM SolidDB initial banner (sql.rules) * 1:23397 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services stack buffer overflow attempt (server-other.rules) * 1:23404 <-> DISABLED <-> SERVER-MAIL Mortal Universe POP Peeper date header overflow attempt (server-mail.rules) * 1:23408 <-> DISABLED <-> OS-WINDOWS Microsoft Windows large image resize denial of service attempt (os-windows.rules) * 1:23435 <-> DISABLED <-> SERVER-MAIL Alt-N MDaemon file attachment directory traversal attempt (server-mail.rules) * 1:23436 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX IDirectPlay4 denial of service attempt (os-windows.rules) * 1:23437 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX IDirectPlay4 denial of service attempt (os-windows.rules) * 1:23438 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell initialization attempt (indicator-compromise.rules) * 1:23439 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell upload attempt (indicator-compromise.rules) * 1:23440 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell upload attempt (indicator-compromise.rules) * 1:23441 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell upload attempt (indicator-compromise.rules) * 1:23442 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command injection attempt (indicator-compromise.rules) * 1:23443 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell failed remote command injection attempt (indicator-compromise.rules) * 1:23445 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox use-after free remote code execution attempt (browser-firefox.rules) * 1:23471 <-> DISABLED <-> BROWSER-CHROME Google Chrome net-internals uri fragment identifier XSS attempt (browser-chrome.rules) * 1:23472 <-> DISABLED <-> PUA-ADWARE FakeAV landing page request (pua-adware.rules) * 1:23474 <-> ENABLED <-> FILE-IDENTIFY PLP file download request (file-identify.rules) * 1:23475 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules) * 1:23476 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules) * 1:23477 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules) * 1:23478 <-> DISABLED <-> FILE-OTHER ACDSee FotoSlate PLP file buffer overflow attempt (file-other.rules) * 1:23479 <-> DISABLED <-> FILE-OTHER ACDSee FotoSlate PLP file buffer overflow attempt (file-other.rules) * 1:23481 <-> DISABLED <-> INDICATOR-OBFUSCATION hex escaped characters in setTimeout call (indicator-obfuscation.rules) * 1:23482 <-> DISABLED <-> INDICATOR-OBFUSCATION hex escaped characters in addEventListener call (indicator-obfuscation.rules) * 1:23483 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Georbot file download (malware-backdoor.rules) * 1:23484 <-> DISABLED <-> INDICATOR-COMPROMISE Wordpress Invit0r plugin non-image file upload attempt (indicator-compromise.rules) * 1:23486 <-> ENABLED <-> FILE-IDENTIFY JOB file download request (file-identify.rules) * 1:23487 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:23488 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (file-other.rules) * 1:23490 <-> DISABLED <-> FILE-MULTIMEDIA Oracle Java MixerSequencer RMF MIDI structure handling exploit attempt (file-multimedia.rules) * 1:23496 <-> ENABLED <-> FILE-IDENTIFY CUR file download request (file-identify.rules) * 1:23497 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23498 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23513 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:23514 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:23515 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:23516 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:23525 <-> DISABLED <-> FILE-OFFICE Microsoft Office BMP header biClrUsed integer overflow attempt (file-office.rules) * 1:23531 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:23532 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:23533 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:23540 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word GDI+ Office Art Property Table remote code execution attempt (file-office.rules) * 1:23541 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel GDI+ Office Art Property Table remote code execution attempt (file-office.rules) * 1:23542 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel integer field in row record improper validation remote code execution attempt (file-office.rules) * 1:23543 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SxView record exploit attempt (file-office.rules) * 1:23557 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office text converters integer underflow attempt (file-office.rules) * 1:23564 <-> DISABLED <-> FILE-OTHER Adobe Illustrator DSC comment overflow attempt (file-other.rules) * 1:23578 <-> DISABLED <-> FILE-OTHER Microsoft Windows malformed ASF voice codec memory corruption attempt (file-other.rules) * 1:23589 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:23590 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:23596 <-> DISABLED <-> INDICATOR-COMPROMISE iframe before DOCTYPE possible malicious redirect attempt (indicator-compromise.rules) * 1:23601 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan default agent string (indicator-scan.rules) * 1:23602 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan Firefox agent string (indicator-scan.rules) * 1:23603 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan MSIE agent string (indicator-scan.rules) * 1:23604 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan iPhone agent string (indicator-scan.rules) * 1:23616 <-> ENABLED <-> APP-DETECT Amazon Kindle 3.0 User-Agent string requested (app-detect.rules) * 1:23617 <-> DISABLED <-> APP-DETECT Amazon Kindle chrome-scriptable-plugin attempt (app-detect.rules) * 1:23618 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection attempt (malware-other.rules) * 1:23620 <-> ENABLED <-> MALWARE-OTHER Malvertising network attempted redirect (malware-other.rules) * 1:23621 <-> DISABLED <-> INDICATOR-OBFUSCATION known packer routine with secondary obfuscation (indicator-obfuscation.rules) * 1:23624 <-> DISABLED <-> SERVER-OTHER Ubisoft Uplay browser plugin backdoor attempt (server-other.rules) * 1:23625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox resource URL handling directory traversal attempt (browser-firefox.rules) * 1:23636 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript built-in function parseInt appears obfuscated - likely packer or encoder (indicator-obfuscation.rules) * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:23642 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules) * 1:23643 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules) * 1:23644 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules) * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:23646 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules) * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:23648 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23649 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules) * 1:23650 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules) * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:23660 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules) * 1:23661 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules) * 1:23662 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:23663 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:23664 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:23665 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules) * 1:23666 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:23668 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules) * 1:23669 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules) * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:23671 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules) * 1:23672 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules) * 1:23673 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:23674 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules) * 1:23675 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules) * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:23679 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23688 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules) * 1:23689 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules) * 1:23690 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules) * 1:23691 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:23692 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules) * 1:23693 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules) * 1:23694 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules) * 1:23695 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:23696 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:23698 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:23702 <-> DISABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules) * 1:23703 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:23704 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.51-v0.61 packed file magic detected (file-identify.rules) * 1:23705 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.62-v1.22 packed file magic detected (file-identify.rules) * 1:23706 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v2.90 v2.93-v3.00 packed file magic detected (file-identify.rules) * 1:23707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:23709 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules) * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:23713 <-> DISABLED <-> FILE-IDENTIFY Metastock mwl file magic detected (file-identify.rules) * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:23722 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Address Book file magic detected (file-identify.rules) * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:23726 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules) * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:23728 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:23730 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules) * 1:23731 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules) * 1:23732 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules) * 1:23733 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules) * 1:23734 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules) * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:23736 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:23737 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:23749 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:23750 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:23751 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:23752 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:23756 <-> DISABLED <-> FILE-IDENTIFY New Executable binary file magic detected (file-identify.rules) * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23760 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:23762 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:23763 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:23764 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:23765 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:23768 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Basic v6.0 - additional file magic detected (file-identify.rules) * 1:23769 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules) * 1:23770 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules) * 1:23771 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules) * 1:23772 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules) * 1:23773 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules) * 1:23774 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:23776 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules) * 1:23779 <-> DISABLED <-> SERVER-APACHE Apache WebDAV mod_dav nested entity reference DoS attempt (server-apache.rules) * 1:23798 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection page (malware-other.rules) * 1:23807 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23810 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23813 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23816 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23819 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23822 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23823 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23829 <-> DISABLED <-> INDICATOR-COMPROMISE Loaderz Web Shell (indicator-compromise.rules) * 1:23830 <-> DISABLED <-> INDICATOR-COMPROMISE Alsa3ek Web Shell (indicator-compromise.rules) * 1:23831 <-> DISABLED <-> INDICATOR-OBFUSCATION non-alphanumeric javascript detected (indicator-obfuscation.rules) * 1:23832 <-> DISABLED <-> INDICATOR-OBFUSCATION non-alphanumeric javascript detected (indicator-obfuscation.rules) * 1:23833 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection campaign - blackmuscat (malware-other.rules) * 1:23846 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Terminal server RDP freed memory write attempt (os-windows.rules) * 1:23851 <-> DISABLED <-> FILE-PDF Blackhole exploit kit related malicious file detection (file-pdf.rules) * 1:23852 <-> DISABLED <-> FILE-PDF Blackhole exploit kit related malicious file detection (file-pdf.rules) * 1:23863 <-> DISABLED <-> PUA-ADWARE LiveSecurityPlatinum.A outbound connection - initial connection (pua-adware.rules) * 1:23864 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid font WeightVector attempt (file-pdf.rules) * 1:23865 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid font WeightVector attempt (file-pdf.rules) * 1:23866 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23867 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23868 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23869 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23870 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23871 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23874 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader postscript font execution malformed subroutine entries attempt (file-pdf.rules) * 1:23875 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader postscript font execution malformed subroutine entries attempt (file-pdf.rules) * 1:23881 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23882 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23883 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 encoding invalid symbol in dictionary segment (file-pdf.rules) * 1:23884 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 encoding invalid symbol in dictionary segment (file-pdf.rules) * 1:23891 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23892 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23898 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.collectEmailInfo exploit attempt (file-pdf.rules) * 1:23899 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (file-pdf.rules) * 1:23900 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (file-pdf.rules) * 1:23901 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (file-pdf.rules) * 1:23902 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (file-pdf.rules) * 1:23905 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23906 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23907 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23908 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23909 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23910 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23911 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23912 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23913 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23914 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23915 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23916 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23917 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23918 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23919 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23920 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23921 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23922 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23923 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23924 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23925 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23926 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23927 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23928 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23929 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23930 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23931 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23932 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23933 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules) * 1:23947 <-> DISABLED <-> SQL IBM System Storage DS storage manager profiler sql injection attempt (sql.rules) * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules) * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules) * 1:23952 <-> DISABLED <-> MALWARE-TOOLS Tors Hammer slow post flood attempt (malware-tools.rules) * 1:23954 <-> DISABLED <-> OS-MOBILE Android SMSZombie APK file download attempt (os-mobile.rules) * 1:23964 <-> DISABLED <-> PROTOCOL-SCADA BroadWin WebAccess Client format string exploit attempt (protocol-scada.rules) * 1:23965 <-> DISABLED <-> PROTOCOL-SCADA BroadWin WebAccess Client arbitrary memory corruption attempt (protocol-scada.rules) * 1:23966 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk invite malformed SDP denial of service attempt (protocol-voip.rules) * 1:23969 <-> ENABLED <-> OS-MOBILE Android SMSZombie APK file download (os-mobile.rules) * 1:23979 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23980 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23981 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23982 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23983 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23990 <-> DISABLED <-> POLICY-SOCIAL Apple Messages client side certificate request attempt (policy-social.rules) * 1:23991 <-> DISABLED <-> POLICY-SOCIAL Apple Messages service server request attempt (policy-social.rules) * 1:23998 <-> DISABLED <-> SERVER-OTHER DHCP discover broadcast flood attempt (server-other.rules) * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24008 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool (policy-other.rules) * 1:24017 <-> ENABLED <-> MALWARE-OTHER Possible malicious redirect - rebots.php (malware-other.rules) * 1:24020 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24021 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24022 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24023 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24024 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24025 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24027 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24028 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24036 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24037 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24038 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24045 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file download request (file-identify.rules) * 1:24046 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules) * 1:24047 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules) * 1:24048 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file download request (file-identify.rules) * 1:24049 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules) * 1:24050 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules) * 1:24051 <-> DISABLED <-> FILE-OTHER Winamp skin file arbitrary code execution attempt (file-other.rules) * 1:24052 <-> DISABLED <-> FILE-OTHER Winamp skin file arbitrary code execution attempt (file-other.rules) * 1:24055 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24056 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24057 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24058 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24064 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24065 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24066 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24067 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 buffer over-read attempt (file-other.rules) * 1:24068 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 bufer over-read attempt (file-other.rules) * 1:24069 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 buffer over-read attempt (file-other.rules) * 1:24070 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 buffer over-read attempt (file-other.rules) * 1:24074 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24084 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24085 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24086 <-> DISABLED <-> PUA-ADWARE Adware.AdultAds outbound connection (pua-adware.rules) * 1:24089 <-> ENABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (os-windows.rules) * 1:24094 <-> DISABLED <-> APP-DETECT Teamviewer control server ping (app-detect.rules) * 1:24095 <-> DISABLED <-> APP-DETECT Teamviewer installer download attempt (app-detect.rules) * 1:24096 <-> DISABLED <-> APP-DETECT Teamviewer remote connection attempt (app-detect.rules) * 1:24097 <-> DISABLED <-> APP-DETECT Teamviewer remote connection attempt (app-detect.rules) * 1:24098 <-> DISABLED <-> APP-DETECT Teamviewer remote connection attempt (app-detect.rules) * 1:24099 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection attempt (malware-other.rules) * 1:24100 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:24101 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:24103 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPG file (malware-other.rules) * 1:24104 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPEG file (malware-other.rules) * 1:24105 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a GIF file (malware-other.rules) * 1:24106 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a PNG file (malware-other.rules) * 1:24107 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a BMP file (malware-other.rules) * 1:24108 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a RAR file (malware-other.rules) * 1:24109 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a ZIP file (malware-other.rules) * 1:24110 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to an MP3 file (malware-other.rules) * 1:24114 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic avoid_underscore_tolower encoder (indicator-shellcode.rules) * 1:24115 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24116 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24117 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24118 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24119 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24120 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24121 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24122 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24123 <-> DISABLED <-> MALWARE-BACKDOOR Virus.Win32.Xpaj.A variant outbound connection (malware-backdoor.rules) * 1:24125 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24126 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24127 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - QUERY_PATH_INFO csrss.exe (indicator-compromise.rules) * 1:24128 <-> DISABLED <-> OS-WINDOWS Microsoft SCCM ReportChart xss attempt (os-windows.rules) * 1:24129 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel catLabel pointer manipulation attempt (file-office.rules) * 1:24130 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel catLabel pointer manipulation attempt (file-office.rules) * 1:24131 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24132 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24133 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24134 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24135 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24136 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24137 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24143 <-> ENABLED <-> MALWARE-OTHER Dorifel/Quervar/XDocCrypt query for machine name KASPERSKY (malware-other.rules) * 1:24144 <-> ENABLED <-> MALWARE-OTHER Dorifel/Quervar/XDocCrypt download (malware-other.rules) * 1:24145 <-> ENABLED <-> MALWARE-OTHER Dorifel/Quervar/XDocCrypt sent over email (malware-other.rules) * 1:24148 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious charstring stream attempt (file-pdf.rules) * 1:24149 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious charstring stream attempt (file-pdf.rules) * 1:24152 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF bytecode memory corruption attempt (file-pdf.rules) * 1:24153 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF bytecode memory corruption attempt (file-pdf.rules) * 1:24154 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader free text annotation invalid IT value denial of service attempt (file-pdf.rules) * 1:24155 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader free text annotation invalid IT value denial of service attempt (file-pdf.rules) * 1:24159 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24160 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24161 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24162 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24163 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24164 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24165 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24166 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24167 <-> DISABLED <-> INDICATOR-OBFUSCATION document write of unescaped value with remote script (indicator-obfuscation.rules) * 1:24168 <-> DISABLED <-> INDICATOR-OBFUSCATION hidden iframe - potential include of malicious content (indicator-obfuscation.rules) * 1:24173 <-> DISABLED <-> MALWARE-BACKDOOR Trojan-Downloader.Win32.Doneltart.A runtime detection (malware-backdoor.rules) * 1:24176 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24177 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24178 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24179 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24180 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24181 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24190 <-> ENABLED <-> FILE-IDENTIFY X PixMap file magic detected (file-identify.rules) * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules) * 1:24209 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow (file-other.rules) * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24218 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:24219 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:24221 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24222 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24223 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24225 <-> ENABLED <-> MALWARE-OTHER malicious redirection attempt (malware-other.rules) * 1:24229 <-> DISABLED <-> FILE-OTHER RealNetworks Netzip Classic zip archive long filename buffer overflow attempt (file-other.rules) * 1:24230 <-> DISABLED <-> FILE-OTHER RealNetworks Netzip Classic zip archive long filename buffer overflow attempt (file-other.rules) * 1:24231 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit redirection attempt (exploit-kit.rules) * 1:24232 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit outbound connection (exploit-kit.rules) * 1:24233 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit outbound connection (exploit-kit.rules) * 1:24234 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit outbound connection (exploit-kit.rules) * 1:24250 <-> DISABLED <-> SERVER-OTHER telephone URI to USSD code for factory reset (server-other.rules) * 1:24251 <-> DISABLED <-> OS-MOBILE Android/Fakelash.A!tr.spy trojan command and control channel traffic (os-mobile.rules) * 1:24253 <-> DISABLED <-> INDICATOR-COMPROMISE IP only webpage redirect attempt (indicator-compromise.rules) * 1:24254 <-> DISABLED <-> INDICATOR-COMPROMISE IP only webpage redirect attempt (indicator-compromise.rules) * 1:24256 <-> ENABLED <-> MALWARE-BACKDOOR phpMyAdmin server_sync.php backdoor access attempt (malware-backdoor.rules) * 1:24257 <-> ENABLED <-> MALWARE-OTHER mygeeksmail.dll download (malware-other.rules) * 1:24258 <-> ENABLED <-> MALWARE-OTHER mygeeksmail.dll download (malware-other.rules) * 1:24259 <-> ENABLED <-> MALWARE-OTHER PwDump7.exe download (malware-other.rules) * 1:24260 <-> ENABLED <-> MALWARE-OTHER PwDump7.exe download (malware-other.rules) * 1:24261 <-> ENABLED <-> MALWARE-OTHER Lanman2.dll download (malware-other.rules) * 1:24262 <-> ENABLED <-> MALWARE-OTHER Lanman2.dll download (malware-other.rules) * 1:24264 <-> DISABLED <-> FILE-PDF Overly large CreationDate within a pdf - likely malicious (file-pdf.rules) * 1:24265 <-> ENABLED <-> MALWARE-OTHER Malicious UA detected on non-standard port (malware-other.rules) * 1:24266 <-> DISABLED <-> FILE-PDF xpdf ObjectStream integer overflow (file-pdf.rules) * 1:24270 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk RTP comfort noise denial of service attempt (protocol-voip.rules) * 1:24283 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC webm memory corruption attempt (file-multimedia.rules) * 1:24290 <-> DISABLED <-> SERVER-OTHER Fortinet FortiOS appliedTags field cross site scripting attempt (server-other.rules) * 1:24294 <-> DISABLED <-> PROTOCOL-ICMP IPv6 neighbor advertisement flood attempt (protocol-icmp.rules) * 1:24295 <-> DISABLED <-> PROTOCOL-ICMP suspicious IPv6 router advertisement attempt (protocol-icmp.rules) * 1:24296 <-> DISABLED <-> PROTOCOL-ICMP IPv6 router advertisement invalid prefix option attempt (protocol-icmp.rules) * 1:24297 <-> DISABLED <-> PROTOCOL-ICMP IPv6 oversized ICMP ping attempt (protocol-icmp.rules) * 1:24298 <-> DISABLED <-> PROTOCOL-ICMP IPv6 0xdeadbeef ICMP ping attempt (protocol-icmp.rules) * 1:24299 <-> DISABLED <-> PROTOCOL-ICMP IPv6 invalid router advertisement attempt (protocol-icmp.rules) * 1:24301 <-> DISABLED <-> PROTOCOL-ICMP IPv6 MLD multicast listener query attempt (protocol-icmp.rules) * 1:24302 <-> DISABLED <-> PROTOCOL-ICMP IPv6 multicast neighbor delete attempt (protocol-icmp.rules) * 1:24304 <-> DISABLED <-> PROTOCOL-DNS dead alive6 DNS attempt (protocol-dns.rules) * 1:24305 <-> DISABLED <-> PROTOCOL-ICMP invalid ICMPv6 header attempt (protocol-icmp.rules) * 1:24306 <-> DISABLED <-> SERVER-APACHE HP Operations Dashboard Apache Tomcat default admin account access attempt (server-apache.rules) * 1:24311 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Downloader download (malware-other.rules) * 1:24312 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Downloader inbound email (malware-other.rules) * 1:24344 <-> ENABLED <-> EXPLOIT-KIT Unknown exploit kit redirection page (exploit-kit.rules) * 1:24348 <-> DISABLED <-> SERVER-APACHE Apache mod_rpaf X-Forwarded-For header denial of service attempt (server-apache.rules) * 1:24355 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server Reporting Services cross site scripting attempt (server-mssql.rules) * 1:24356 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server Reporting Services cross site scripting attempt (server-mssql.rules) * 1:24359 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules) * 1:24360 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Kerberos NULL session denial of service attempt (os-windows.rules) * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24370 <-> DISABLED <-> OS-LINUX Linux kernel IA32 out-of-bounds system call attempt (os-linux.rules) * 1:24371 <-> DISABLED <-> OS-LINUX Linux kernel IA32 out-of-bounds system call attempt (os-linux.rules) * 1:24372 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules) * 1:24376 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.Delf.KDV runtime detection (malware-backdoor.rules) * 1:24377 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.FakeAV.FakeAlert runtime detection (malware-backdoor.rules) * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules) * 1:24379 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules) * 1:24386 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products xdomain object information disclosure attempt (browser-firefox.rules) * 1:24387 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products xdomain object information disclosure attempt (browser-firefox.rules) * 1:24388 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro file upload (indicator-compromise.rules) * 1:24389 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro status check (indicator-compromise.rules) * 1:24390 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro start perl (indicator-compromise.rules) * 1:24391 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro start php (indicator-compromise.rules) * 1:24392 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro write file (indicator-compromise.rules) * 1:24393 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro stop attack (indicator-compromise.rules) * 1:24394 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro start attack (indicator-compromise.rules) * 1:24395 <-> DISABLED <-> MALWARE-OTHER itsoknoproblembro TCP flood (malware-other.rules) * 1:24396 <-> DISABLED <-> MALWARE-OTHER itsoknoproblembro UDP flood (malware-other.rules) * 1:24397 <-> DISABLED <-> APP-DETECT Steam game URI handler (app-detect.rules) * 1:24400 <-> DISABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Protos.A runtime detection (malware-backdoor.rules) * 1:24401 <-> DISABLED <-> OS-WINDOWS PCT Client_Hello overflow attempt (os-windows.rules) * 1:24402 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO install time detection (malware-backdoor.rules) * 1:24403 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (malware-backdoor.rules) * 1:24404 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (malware-backdoor.rules) * 1:24408 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Miniflame download attempt (malware-other.rules) * 1:24409 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Miniflame download attempt (malware-other.rules) * 1:24410 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gauss download attempt (malware-other.rules) * 1:24411 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gauss download attempt (malware-other.rules) * 1:24412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules) * 1:24413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules) * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24421 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL injection attempt (protocol-scada.rules) * 1:24422 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL injection attempt (protocol-scada.rules) * 1:24423 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL hard coded user login attempt (protocol-scada.rules) * 1:24424 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL hard coded user login attempt (protocol-scada.rules) * 1:24425 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi command injection attempt (protocol-scada.rules) * 1:24426 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot class download (malware-other.rules) * 1:24427 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot jar download (malware-other.rules) * 1:24432 <-> DISABLED <-> BROWSER-OTHER HTML5 canvas element heap spray attempt (browser-other.rules) * 1:24433 <-> DISABLED <-> BROWSER-OTHER HTML5 canvas element heap spray attempt (browser-other.rules) * 1:24434 <-> DISABLED <-> INDICATOR-COMPROMISE fx29shell.php connection attempt (indicator-compromise.rules) * 1:24453 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules) * 1:24454 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules) * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24459 <-> ENABLED <-> FILE-IDENTIFY PSD file download request (file-identify.rules) * 1:24460 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules) * 1:24461 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules) * 1:24462 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules) * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:24466 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules) * 1:24467 <-> ENABLED <-> FILE-IDENTIFY XCF file download request (file-identify.rules) * 1:24468 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules) * 1:24469 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules) * 1:24470 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules) * 1:24471 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules) * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24474 <-> DISABLED <-> BROWSER-OTHER Puffin Browser usage detected (browser-other.rules) * 1:24476 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:24477 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:24478 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:24479 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:24481 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24488 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI common name spoofing attempt (os-windows.rules) * 1:24489 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI common name spoofing attempt (os-windows.rules) * 1:24490 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI common name spoofing attempt (os-windows.rules) * 1:24498 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules) * 1:24499 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules) * 1:24506 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader null pointer dereference attempt (file-pdf.rules) * 1:24510 <-> DISABLED <-> FILE-JAVA Oracle Java XGetSamplePtrFromSnd memory corruption attempt (file-java.rules) * 1:24511 <-> DISABLED <-> FILE-JAVA Oracle Java XGetSamplePtrFromSnd memory corruption attempt (file-java.rules) * 1:24512 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules) * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules) * 1:24515 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Lucuis malware file download (malware-other.rules) * 1:24516 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Lucuis malware file download (malware-other.rules) * 1:24522 <-> DISABLED <-> SERVER-OTHER VxWorks RPC request to MGCP service attempt (server-other.rules) * 1:24524 <-> DISABLED <-> SERVER-MAIL Novell GroupWise internet agent iCalendar parsing denial of service attempt (server-mail.rules) * 1:24530 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.Ransomlock runtime detection (malware-backdoor.rules) * 1:24536 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules) * 1:24537 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules) * 1:24538 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules) * 1:24540 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Spy.Heur variant outbound connection attempt (malware-backdoor.rules) * 1:24545 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client response (malware-backdoor.rules) * 1:24551 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:24552 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:24553 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24580 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:24581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:24582 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:24583 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:24584 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:24585 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:24589 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24590 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24591 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24592 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24594 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.MiniFlame C&C command response attempt (malware-other.rules) * 1:24598 <-> DISABLED <-> POLICY-SPAM 1.usa.gov URL in email, possible spam redirect (policy-spam.rules) * 1:24600 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24601 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24602 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24603 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24604 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24605 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24606 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24607 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24609 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24610 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24611 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24612 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24613 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24614 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24615 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24616 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24617 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24618 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24619 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24620 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24621 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24622 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24625 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules) * 1:24626 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules) * 1:24627 <-> DISABLED <-> SERVER-OTHER Quest NetVault SmartDisk libnvbasics.dll denial of service attempt (server-other.rules) * 1:24648 <-> DISABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules) * 1:24649 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:24650 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:24651 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file download request (file-identify.rules) * 1:24652 <-> DISABLED <-> FILE-OTHER Microsoft proxy autoconfig script system library import attempt (file-other.rules) * 1:24655 <-> DISABLED <-> OS-WINDOWS Microsoft .NET fully qualified System.Data.dll assembly name exploit attempt (os-windows.rules) * 1:24656 <-> DISABLED <-> OS-WINDOWS Microsoft .NET fully qualified System.Data.dll assembly name exploit attempt (os-windows.rules) * 1:24658 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record code execution attempt (file-office.rules) * 1:24659 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record code execution attempt (file-office.rules) * 1:24664 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET blacklisted method reflection sandbox bypass attempt (file-executable.rules) * 1:24665 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET blacklisted method reflection sandbox bypass attempt (file-executable.rules) * 1:24673 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SST record invalid length memory corruption attempt (file-office.rules) * 1:24674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SST record invalid length memory corruption attempt (file-office.rules) * 1:24708 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file download request (file-identify.rules) * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24721 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader empty object page tree node reference attempt (file-pdf.rules) * 1:24722 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader empty object page tree node reference attempt (file-pdf.rules) * 1:24727 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules) * 1:24763 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules) * 1:24764 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules) * 1:24770 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24785 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit possible redirection attempt (exploit-kit.rules) * 1:24786 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java Exploit request structure (exploit-kit.rules) * 1:24787 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java Exploit download (exploit-kit.rules) * 1:24788 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit PDF Exploit request structure (exploit-kit.rules) * 1:24789 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit PDF Exploit download attempt (exploit-kit.rules) * 1:24790 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Portable Executable request (exploit-kit.rules) * 1:24791 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Portable Executable download (exploit-kit.rules) * 1:24799 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.Imuler suspicious download (malware-other.rules) * 1:24800 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.Imuler suspicious download (malware-other.rules) * 1:24805 <-> DISABLED <-> SERVER-OTHER lighthttpd connection header denial of service attempt (server-other.rules) * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24814 <-> DISABLED <-> PROTOCOL-SNMP Samsung printer default community string (protocol-snmp.rules) * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24818 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24819 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (file-identify.rules) * 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24824 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file download request (file-identify.rules) * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24866 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (server-iis.rules) * 1:24867 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (server-iis.rules) * 1:24868 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint bad text header txttype attempt (file-office.rules) * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24883 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules) * 1:24884 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules) * 1:24888 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules) * 1:24889 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:24891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action InitArray stack overflow attempt (file-flash.rules) * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24894 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24897 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL grant file long database name stack overflow attempt (server-mysql.rules) * 1:24899 <-> ENABLED <-> MALWARE-OTHER Compromised Website response - leads to Exploit Kit (malware-other.rules) * 1:24900 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules) * 1:24901 <-> ENABLED <-> FILE-IDENTIFY JNLP file download request (file-identify.rules) * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24908 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL user enumeration attempt (server-mysql.rules) * 1:24909 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL select UpdateXML nested xml elements denial of service attempt (server-mysql.rules) * 1:24910 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL MDL free corrupted pointer heap overflow attempt (server-mysql.rules) * 1:24912 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In Excel file parsing integer overflow attempt (server-oracle.rules) * 1:24955 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:24972 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 find file and directory info request (netbios.rules) * 1:24977 <-> ENABLED <-> EXPLOIT-KIT ProPack exploit kit outbound connection attempt (exploit-kit.rules) * 1:24978 <-> ENABLED <-> EXPLOIT-KIT ProPack exploit kit outbound payload request (exploit-kit.rules) * 1:24979 <-> ENABLED <-> EXPLOIT-KIT ProPack exploit kit outbound connection (exploit-kit.rules) * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24988 <-> DISABLED <-> MALWARE-OTHER itsoknoproblembro v2 UDP flood attempt (malware-other.rules) * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:25001 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Narilam variant outbound connection (malware-other.rules) * 1:25002 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Narilam variant inbound attachemtn (malware-other.rules) * 1:25012 <-> DISABLED <-> FILE-OTHER Sophos CAB CFDATA cbData overflow attempt (file-other.rules) * 1:25013 <-> DISABLED <-> FILE-OTHER Sophos CAB CFDATA cbData overflow attempt (file-other.rules) * 1:25014 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file magic detected (file-identify.rules) * 1:25015 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - NOP command attempt (malware-backdoor.rules) * 1:25018 <-> ENABLED <-> MALWARE-OTHER connection to malware sinkhole (malware-other.rules) * 1:25020 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules) * 1:25031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent variant outbound connection (malware-other.rules) * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (file-identify.rules) * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25039 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules) * 1:25040 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules) * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (exploit-kit.rules) * 1:25046 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java V6 exploit download (exploit-kit.rules) * 1:25047 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java V7 exploit download (exploit-kit.rules) * 1:25048 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit PDF Library exploit download (exploit-kit.rules) * 1:25057 <-> DISABLED <-> PROTOCOL-SCADA Tridium Niagara directory traversal config.bog access attempt (protocol-scada.rules) * 1:25058 <-> DISABLED <-> SERVER-OTHER IBM Director CIM server alert indication request dll injection attempt (server-other.rules) * 1:25059 <-> DISABLED <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt (server-other.rules) * 1:25060 <-> DISABLED <-> INDICATOR-OBFUSCATION ActiveX multiple adjacent object tags (indicator-obfuscation.rules) * 1:25080 <-> DISABLED <-> APP-DETECT Apple Messages push.apple.com DNS TXT request attempt (app-detect.rules) * 1:25081 <-> DISABLED <-> APP-DETECT Apple Messages courier.push.apple.com DNS TXT request attempt (app-detect.rules) * 1:25082 <-> DISABLED <-> APP-DETECT Apple Messages client side certificate request attempt (app-detect.rules) * 1:25083 <-> DISABLED <-> APP-DETECT Apple Messages service server request attempt (app-detect.rules) * 1:25084 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25085 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25086 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25087 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25088 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25089 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25090 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25091 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25092 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool variant outbound connection (malware-other.rules) * 1:25094 <-> ENABLED <-> MALWARE-OTHER PERL.Exploit.C99 suspicious file download (malware-other.rules) * 1:25095 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules) * 1:25096 <-> ENABLED <-> MALWARE-OTHER PHP.Exploit.C99 suspicious file download (malware-other.rules) * 1:25097 <-> ENABLED <-> MALWARE-OTHER PHP.Exploit.C99 suspicious file download (malware-other.rules) * 1:25101 <-> DISABLED <-> SERVER-OTHER Cisco IOS syslog message flood denial of service attempt (server-other.rules) * 1:25102 <-> DISABLED <-> SERVER-OTHER Zabbix Agent net.tcp.listen command injection attempt (server-other.rules) * 1:25103 <-> DISABLED <-> SERVER-OTHER Zabbix Server arbitrary command execution attempt (server-other.rules) * 1:25106 <-> DISABLED <-> MALWARE-BACKDOOR UnrealIRCd backdoor command execution attempt (malware-backdoor.rules) * 1:25227 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox iframe and xul element reload crash attempt (browser-firefox.rules) * 1:25228 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox iframe and xul element reload crash attempt (browser-firefox.rules) * 1:25247 <-> DISABLED <-> FILE-OTHER Lattice PAC Designer symbol value buffer overflow attempt (file-other.rules) * 1:25248 <-> DISABLED <-> FILE-OTHER Lattice PAC Designer symbol value buffer overflow attempt (file-other.rules) * 1:25266 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion Admin API arbitrary command execution attempt (server-other.rules) * 1:25267 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion Admin API arbitrary command execution attempt (server-other.rules) * 1:25270 <-> ENABLED <-> FILE-OTHER overly large XML file MSXML heap overflow attempt (file-other.rules) * 1:25274 <-> DISABLED <-> SERVER-IIS Microsoft Windows Server 2012 IIS OData protocol nested replace filter dos attempt (server-iis.rules) * 1:25275 <-> ENABLED <-> FILE-OTHER MSXML dynamic pointer casting arbitrary code execution attempt (file-other.rules) * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules) * 1:25277 <-> ENABLED <-> MALWARE-OTHER Request for a non-legit postal receipt (malware-other.rules) * 1:25278 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - listen (malware-backdoor.rules) * 1:25279 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - slave (malware-backdoor.rules) * 1:25280 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - tran (malware-backdoor.rules) * 1:25281 <-> DISABLED <-> MALWARE-BACKDOOR Htran banner (malware-backdoor.rules) * 1:25282 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - listen (malware-backdoor.rules) * 1:25283 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - slave (malware-backdoor.rules) * 1:25284 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - tran (malware-backdoor.rules) * 1:25285 <-> DISABLED <-> SERVER-OTHER Ruby on Rails authlogic session cookie SQL injection attempt (server-other.rules) * 1:25289 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules) * 1:25290 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules) * 1:25291 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules) * 1:25292 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules) * 1:25294 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules) * 1:25295 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules) * 1:25296 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules) * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (file-identify.rules) * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (file-identify.rules) * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25358 <-> ENABLED <-> APP-DETECT Acunetix web vulnerability scan attempt (app-detect.rules) * 1:25359 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner probe attempt (app-detect.rules) * 1:25360 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner authentication attempt (app-detect.rules) * 1:25361 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner RFI attempt (app-detect.rules) * 1:25362 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner base64 XSS attempt (app-detect.rules) * 1:25363 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner URI injection attempt (app-detect.rules) * 1:25364 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner prompt XSS attempt (app-detect.rules) * 1:25365 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner XSS attempt (app-detect.rules) * 1:25369 <-> DISABLED <-> OS-WINDOWS NVIDIA graphics driver nvsr named pipe buffer overflow attempt (os-windows.rules) * 1:25370 <-> DISABLED <-> SERVER-OTHER CakePHP unserialize method vulnerability exploitation attempt (server-other.rules) * 1:25373 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file download request (file-identify.rules) * 1:25374 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules) * 1:25375 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules) * 1:25376 <-> DISABLED <-> FILE-IMAGE Apple QuickTime Targa image file buffer overflow attempt (file-image.rules) * 1:25378 <-> DISABLED <-> FILE-IMAGE Apple QuickTime Targa image file buffer overflow attempt (file-image.rules) * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Forefront Threat Management Gateway remote code execution attempt (server-other.rules) * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:25449 <-> ENABLED <-> FILE-PDF Javascript openDoc UNC network request attempt (file-pdf.rules) * 1:25450 <-> ENABLED <-> FILE-PDF Javascript openDoc UNC network request attempt (file-pdf.rules) * 1:25451 <-> ENABLED <-> INDICATOR-OBFUSCATION GIF header followed by PDF header (indicator-obfuscation.rules) * 1:25452 <-> ENABLED <-> INDICATOR-OBFUSCATION PNG header followed by PDF header (indicator-obfuscation.rules) * 1:25453 <-> ENABLED <-> INDICATOR-OBFUSCATION JPEG header followed by PDF header (indicator-obfuscation.rules) * 1:25454 <-> ENABLED <-> INDICATOR-OBFUSCATION DOC header followed by PDF header (indicator-obfuscation.rules) * 1:25455 <-> ENABLED <-> INDICATOR-OBFUSCATION GIF header followed by PDF header (indicator-obfuscation.rules) * 1:25456 <-> ENABLED <-> INDICATOR-OBFUSCATION PNG header followed by PDF header (indicator-obfuscation.rules) * 1:25457 <-> ENABLED <-> INDICATOR-OBFUSCATION JPEG header followed by PDF header (indicator-obfuscation.rules) * 1:25458 <-> ENABLED <-> INDICATOR-OBFUSCATION DOC header followed by PDF header (indicator-obfuscation.rules) * 1:25461 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules) * 1:25462 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules) * 1:25463 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules) * 1:25464 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules) * 1:25466 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules) * 1:25467 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules) * 1:25468 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules) * 1:25469 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules) * 1:25474 <-> DISABLED <-> SERVER-OTHER Citrix Access Gateway legacy authentication attempt (server-other.rules) * 1:25478 <-> DISABLED <-> POLICY-SOCIAL IRC G-line active (policy-social.rules) * 1:25479 <-> DISABLED <-> POLICY-SOCIAL IRC K-line active (policy-social.rules) * 1:25512 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSsend variant outbound connection (os-mobile.rules) * 1:25518 <-> DISABLED <-> OS-MOBILE Apple iPod User-Agent detected (os-mobile.rules) * 1:25519 <-> DISABLED <-> OS-MOBILE Apple iPad User-Agent detected (os-mobile.rules) * 1:25520 <-> DISABLED <-> OS-MOBILE Apple iPhone User-Agent detected (os-mobile.rules) * 1:25521 <-> DISABLED <-> OS-MOBILE Android User-Agent detected (os-mobile.rules) * 1:25522 <-> DISABLED <-> OS-MOBILE Nokia User-Agent detected (os-mobile.rules) * 1:25523 <-> DISABLED <-> OS-MOBILE Samsung User-Agent detected (os-mobile.rules) * 1:25524 <-> DISABLED <-> OS-MOBILE Kindle User-Agent detected (os-mobile.rules) * 1:25525 <-> DISABLED <-> OS-OTHER Nintendo User-Agent detected (os-other.rules) * 1:25536 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF parsing bad cmap format attempt (file-pdf.rules) * 1:25537 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF parsing bad cmap format attempt (file-pdf.rules) * 1:25552 <-> DISABLED <-> SERVER-OTHER Rails JSON to YAML parsing deserialization attempt (server-other.rules) * 1:25556 <-> DISABLED <-> SERVER-OTHER RaySharp CCTV derivative user credential retrieval attempt (server-other.rules) * 1:25557 <-> DISABLED <-> SERVER-OTHER RaySharp CCTV derivative command injection attempt (server-other.rules) * 1:25558 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit redirection (exploit-kit.rules) * 1:25559 <-> ENABLED <-> EXPLOIT-KIT JDB exploit kit landing page retrieval (exploit-kit.rules) * 1:25560 <-> ENABLED <-> EXPLOIT-KIT JDB exploit kit landing page (exploit-kit.rules) * 1:25561 <-> ENABLED <-> EXPLOIT-KIT JDB exploit kit landing page (exploit-kit.rules) * 1:25563 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader heap-based buffer overflow attempt (file-pdf.rules) * 1:25564 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader heap-based buffer overflow attempt (file-pdf.rules) * 1:25567 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop web access cross site scripting attempt - POST request (os-windows.rules) * 1:25578 <-> ENABLED <-> MALWARE-OTHER Fake postal receipt HTTP Response phishing attack (malware-other.rules) * 1:25579 <-> ENABLED <-> MALWARE-OTHER Fake bookinginfo HTTP Response phishing attack (malware-other.rules) * 1:25580 <-> ENABLED <-> MALWARE-OTHER Fake bookingdetails HTTP Response phishing attack (malware-other.rules) * 1:25589 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25601 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25602 <-> ENABLED <-> SERVER-OTHER Sybase Open Server TDS login request (server-other.rules) * 1:25604 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file download request (file-identify.rules) * 1:25605 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules) * 1:25606 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules) * 1:25607 <-> DISABLED <-> FILE-OTHER cSounds.com Csound hetro audio file buffer overflow attempt (file-other.rules) * 1:25608 <-> DISABLED <-> FILE-OTHER cSounds.com Csound hetro audio file buffer overflow attempt (file-other.rules) * 1:25612 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25615 <-> DISABLED <-> OS-MOBILE Apple iOS 6.x jailbreak download attempt (os-mobile.rules) * 1:25616 <-> DISABLED <-> OS-MOBILE Apple iOS 6.x jailbreak download attempt (os-mobile.rules) * 1:25617 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25618 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25619 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25620 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25621 <-> DISABLED <-> BROWSER-OTHER Opera use after free attempt (browser-other.rules) * 1:25622 <-> DISABLED <-> BROWSER-OTHER Opera use after free attempt (browser-other.rules) * 1:25630 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules) * 1:25631 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules) * 1:25633 <-> DISABLED <-> FILE-OTHER ELF file parsing in different antivirus evasion attempt (file-other.rules) * 1:25635 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25637 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25638 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25641 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25642 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25643 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25653 <-> DISABLED <-> BROWSER-OTHER Opera browser window null pointer dereference attempt (browser-other.rules) * 1:25654 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25655 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25656 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25657 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations directory traversal attempt (server-other.rules) * 1:25658 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations directory traversal attempt (server-other.rules) * 1:25664 <-> DISABLED <-> SERVER-OTHER MiniUPnPd SSDP request buffer overflow attempt (server-other.rules) * 1:25683 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:25767 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt (file-pdf.rules) * 1:25768 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unchecked index value remote code execution attempt (file-office.rules) * 1:25780 <-> ENABLED <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt (server-other.rules) * 1:25782 <-> DISABLED <-> MALWARE-OTHER WIN.Trojan.Nap Malicious executable file download from webroot (malware-other.rules) * 1:25783 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to char function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:25795 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow MPEG heap overflow attempt (file-multimedia.rules) * 1:25796 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow MPEG heap overflow attempt (file-multimedia.rules) * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules) * 1:25814 <-> DISABLED <-> FILE-FLASH Adobe Flash Player nested SWF cross domain clickjacking attempt (file-flash.rules) * 1:25815 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules) * 1:25816 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules) * 1:25821 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit possible plugin detection attempt (exploit-kit.rules) * 1:25822 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit malicious PDF retrieval (exploit-kit.rules) * 1:25823 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java V5 exploit download (exploit-kit.rules) * 1:25824 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit malicious payload retrieval (exploit-kit.rules) * 1:25825 <-> DISABLED <-> SERVER-OTHER TLSv1.0 plaintext recovery attempt (server-other.rules) * 1:25826 <-> DISABLED <-> SERVER-OTHER TLSv1.1 plaintext recovery attempt (server-other.rules) * 1:25827 <-> DISABLED <-> SERVER-OTHER TLSv1.2 plaintext recovery attempt (server-other.rules) * 1:25828 <-> DISABLED <-> SERVER-OTHER SSLv3 plaintext recovery attempt (server-other.rules) * 1:25836 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Virtuallythere (indicator-compromise.rules) * 1:25837 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 IBM (indicator-compromise.rules) * 1:25838 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Webmail (indicator-compromise.rules) * 1:25839 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Alpha (indicator-compromise.rules) * 1:25840 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Email (indicator-compromise.rules) * 1:25841 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Lame (indicator-compromise.rules) * 1:25842 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 NS (indicator-compromise.rules) * 1:25843 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Server (indicator-compromise.rules) * 1:25844 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Sur (indicator-compromise.rules) * 1:25845 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 AOL (indicator-compromise.rules) * 1:25846 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Yahoo (indicator-compromise.rules) * 1:25847 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Moon-Night (indicator-compromise.rules) * 1:25848 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 No-Name (indicator-compromise.rules) * 1:25864 <-> DISABLED <-> OS-MOBILE Android AngryBirdsRioUnlocker initial device info send (os-mobile.rules) * 1:25868 <-> DISABLED <-> OS-MOBILE Android.Trojan.Rus.SMS outbound communication attempt (os-mobile.rules) * 1:25869 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25870 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25871 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25872 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25873 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25874 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25875 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25876 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25877 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25878 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25879 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25880 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25881 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25882 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25883 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25884 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25885 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25886 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25887 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25888 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25889 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25890 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25891 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25892 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25893 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25894 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25895 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25896 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25897 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25898 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25899 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25900 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25901 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25902 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25903 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25904 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25905 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25906 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25908 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25909 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25910 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25911 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25912 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25913 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25914 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25915 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25916 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25917 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25918 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25919 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25920 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25921 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25922 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25923 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25924 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25925 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25926 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25927 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25928 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25929 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25930 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25931 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25932 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25933 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25934 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25935 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25936 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25937 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25938 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25939 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25940 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25941 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25942 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25943 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25944 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25945 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25947 <-> DISABLED <-> APP-DETECT Ammyy remote access tool (app-detect.rules) * 1:25948 <-> ENABLED <-> EXPLOIT-KIT redirection to driveby download (exploit-kit.rules) * 1:25975 <-> ENABLED <-> POLICY-OTHER Adobe ColdFusion admin interface access attempt (policy-other.rules) * 1:25976 <-> ENABLED <-> POLICY-OTHER Adobe ColdFusion admin API access attempt (policy-other.rules) * 1:25977 <-> ENABLED <-> POLICY-OTHER Adobe ColdFusion component browser access attempt (policy-other.rules) * 1:25981 <-> DISABLED <-> APP-DETECT Chocoplayer successful installation (app-detect.rules) * 1:25983 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS tunneling attempt (indicator-obfuscation.rules) * 1:25997 <-> DISABLED <-> OS-MOBILE Android jSMSHider initial encrypted device info send (os-mobile.rules) * 1:25998 <-> DISABLED <-> OS-MOBILE Android ADRD encrypted information leak (os-mobile.rules) * 1:25999 <-> DISABLED <-> OS-MOBILE Android ADRD encrypted information leak (os-mobile.rules) * 1:26000 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26001 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26002 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26003 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26004 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26005 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26006 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26007 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26008 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF-based shellcode download attempt (file-flash.rules) * 1:26009 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF-based shellcode download attempt (file-flash.rules) * 1:26015 <-> DISABLED <-> OS-MOBILE Android Lovetrap initial connection (os-mobile.rules) * 1:26016 <-> DISABLED <-> OS-MOBILE Android GGTracker server communication (os-mobile.rules) * 1:26017 <-> DISABLED <-> OS-MOBILE Android GGTracker leak of device phone number (os-mobile.rules) * 1:26018 <-> DISABLED <-> OS-MOBILE Android GGTracker installation call out (os-mobile.rules) * 1:26020 <-> ENABLED <-> EXPLOIT-KIT Sibhost exploit kit (exploit-kit.rules) * 1:26026 <-> DISABLED <-> OS-MOBILE Android Gmaster device information send (os-mobile.rules) * 1:26027 <-> DISABLED <-> FILE-OTHER Adobe Director file file rcsL overflow attempt (file-other.rules) * 1:26028 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk memory corruption attempt (file-other.rules) * 1:26029 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:26034 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - stats access (exploit-kit.rules) * 1:26035 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - java on (exploit-kit.rules) * 1:26036 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Java Exploit (exploit-kit.rules) * 1:26040 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Portable Executable download attempt (exploit-kit.rules) * 1:26041 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Portable Executable download attempt (exploit-kit.rules) * 1:26042 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - stats loaded (exploit-kit.rules) * 1:26043 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Portable Executable download attempt (exploit-kit.rules) * 1:26044 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - redirection attempt (exploit-kit.rules) * 1:26045 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - setup (exploit-kit.rules) * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (file-identify.rules) * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:26059 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:26060 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:26061 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:26062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:26070 <-> ENABLED <-> FILE-EXECUTABLE Ichitaro JSMISC32.dll dll-load exploit attempt (file-executable.rules) * 1:26071 <-> ENABLED <-> FILE-EXECUTABLE Ichitaro JSMISC32.dll dll-load exploit attempt (file-executable.rules) * 1:26073 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Message Server buffer overflow attempt (server-other.rules) * 1:26074 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Message Server buffer overflow attempt (server-other.rules) * 1:26079 <-> DISABLED <-> FILE-PDF PDF file with embedded PDF object (file-pdf.rules) * 1:26082 <-> DISABLED <-> FILE-PDF Nuance PDF reader launch overflow attempt (file-pdf.rules) * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:26087 <-> DISABLED <-> OS-MOBILE Android GoneIn60Seconds data upload (os-mobile.rules) * 1:26093 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules) * 1:26102 <-> DISABLED <-> OS-MOBILE Android GoldDream device registration (os-mobile.rules) * 1:26104 <-> DISABLED <-> OS-MOBILE Android KMin imei imsi leakage (os-mobile.rules) * 1:26107 <-> DISABLED <-> SERVER-OTHER HP Linux Imaging and Printing Project hpssd daemon command injection attempt (server-other.rules) * 1:26108 <-> DISABLED <-> SERVER-OTHER HP Linux Imaging and Printing Project hpssd daemon command injection attempt (server-other.rules) * 1:26114 <-> DISABLED <-> OS-MOBILE Android Zitmo trojan intercepted sms upload (os-mobile.rules) * 1:26122 <-> DISABLED <-> FILE-OTHER Lattice Semiconductor ispXCF version attribute overflow attempt (file-other.rules) * 1:26123 <-> DISABLED <-> FILE-OTHER Lattice Semiconductor ispXCF version attribute overflow attempt (file-other.rules) * 1:26126 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file download request (file-identify.rules) * 1:26127 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules) * 1:26128 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules) * 1:26163 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSheet code execution attempt (file-office.rules) * 1:26164 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSheet code execution attempt (file-office.rules) * 1:26170 <-> DISABLED <-> FILE-OFFICE Microsoft Office OneNote 2010 buffer overread info disclosure attempt (file-office.rules) * 1:26171 <-> DISABLED <-> FILE-OFFICE Microsoft Office OneNote 2010 buffer overread info disclosure attempt (file-office.rules) * 1:26172 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sortOn heap overflow attempt (file-flash.rules) * 1:26173 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sortOn heap overflow attempt (file-flash.rules) * 1:26176 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB memory corruption attempt (file-office.rules) * 1:26177 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB memory corruption attempt (file-office.rules) * 1:26180 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt (server-other.rules) * 1:26188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3.5 unicode stack overflow attempt (browser-firefox.rules) * 1:26189 <-> DISABLED <-> OS-MOBILE Android YZHC device registration (os-mobile.rules) * 1:26190 <-> DISABLED <-> OS-MOBILE Android YZHC device registration (os-mobile.rules) * 1:26192 <-> DISABLED <-> OS-MOBILE Android CruseWind imei leakage (os-mobile.rules) * 1:26195 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:26196 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib LookupOp integer overflow attempt (file-java.rules) * 1:26197 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt (file-java.rules) * 1:26198 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:26199 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib LookupOp integer overflow attempt (file-java.rules) * 1:26200 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt (file-java.rules) * 1:26205 <-> DISABLED <-> OS-MOBILE Android Fakenetflix email password upload (os-mobile.rules) * 1:26206 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file download request (file-identify.rules) * 1:26207 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules) * 1:26208 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules) * 1:26209 <-> DISABLED <-> FILE-OTHER CyberLink Power2Go name parameter overflow attempt (file-other.rules) * 1:26210 <-> DISABLED <-> FILE-OTHER CyberLink Power2Go name parameter overflow attempt (file-other.rules) * 1:26226 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit redirection attempt (exploit-kit.rules) * 1:26242 <-> DISABLED <-> FILE-MULTIMEDIA CCMPlayer m3u buffer overflow attempt (file-multimedia.rules) * 1:26243 <-> DISABLED <-> FILE-MULTIMEDIA CCMPlayer m3u buffer overflow attempt (file-multimedia.rules) * 1:26246 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.PremiumSMS APK file download attempt (os-mobile.rules) * 1:26247 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.PremiumSMS APK file download attempt (os-mobile.rules) * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:26257 <-> DISABLED <-> OS-MOBILE Android ANDR-WIN.MSIL variant PC-USB Malicious executable file download (os-mobile.rules) * 1:26258 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari SVG Markers Memory Use-After-Free attempt (browser-webkit.rules) * 1:26259 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari SVG Markers Memory Use-After-Free attempt (browser-webkit.rules) * 1:26261 <-> ENABLED <-> MALWARE-OTHER Fake postal receipt HTTP Response phishing attack (malware-other.rules) * 1:26262 <-> DISABLED <-> SERVER-OTHER MongoDB nativeHelper.apply method command injection attempt (server-other.rules) * 1:26272 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Chuli APK file download attempt (os-mobile.rules) * 1:26273 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Chuli APK file download attempt (os-mobile.rules) * 1:26286 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search.dnssearch.org (app-detect.rules) * 1:26287 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search.namequery.com (app-detect.rules) * 1:26290 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.RootSmart outbound communication attempt (os-mobile.rules) * 1:26291 <-> DISABLED <-> OS-MOBILE Android Ksapp device registration (os-mobile.rules) * 1:26292 <-> ENABLED <-> EXPLOIT-KIT Oracle Java Jar file downloaded when zip is defined (exploit-kit.rules) * 1:26293 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit request (exploit-kit.rules) * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules) * 1:26299 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules) * 1:26300 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules) * 1:26301 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules) * 1:26302 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules) * 1:26303 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules) * 1:26304 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules) * 1:26305 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules) * 1:26306 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules) * 1:26307 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules) * 1:26308 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules) * 1:26309 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules) * 1:26310 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules) * 1:26311 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules) * 1:26312 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules) * 1:26313 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules) * 1:26314 <-> DISABLED <-> SERVER-OTHER Coppermine Photo Gallery picEditor.php command execution attempt (server-other.rules) * 1:26315 <-> DISABLED <-> SERVER-OTHER Coppermine Photo Gallery picEditor.php command execution attempt (server-other.rules) * 1:26316 <-> DISABLED <-> SERVER-OTHER Coppermine Photo Gallery picEditor.php command execution attempt (server-other.rules) * 1:26317 <-> DISABLED <-> FILE-MULTIMEDIA Cool Player Plus M3U buffer overflow attempt (file-multimedia.rules) * 1:26318 <-> DISABLED <-> FILE-MULTIMEDIA Cool Player Plus M3U buffer overflow attempt (file-multimedia.rules) * 1:26321 <-> DISABLED <-> NETBIOS SMB named pipe bruteforce attempt (netbios.rules) * 1:26323 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit redirection page (exploit-kit.rules) * 1:26324 <-> DISABLED <-> PROTOCOL-DNS ISC BIND NAPTR record regular expression handling denial of service attempt (protocol-dns.rules) * 1:26326 <-> ENABLED <-> MALWARE-BACKDOOR DarkSeoul related wiper (malware-backdoor.rules) * 1:26328 <-> ENABLED <-> MALWARE-BACKDOOR Windows vernot download (malware-backdoor.rules) * 1:26332 <-> ENABLED <-> MALWARE-BACKDOOR Jokra dropper download (malware-backdoor.rules) * 1:26333 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra diag request buffer overflow attempt (server-other.rules) * 1:26334 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra diag request buffer overflow attempt (server-other.rules) * 1:26336 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra snmp request buffer overflow attempt (server-other.rules) * 1:26340 <-> DISABLED <-> FILE-OTHER Corel WordPerfect document parsing buffer overflow attempt (file-other.rules) * 1:26353 <-> DISABLED <-> INDICATOR-COMPROMISE IP address check to dyndns.org detected (indicator-compromise.rules) * 1:26366 <-> DISABLED <-> EXPLOIT-KIT Egypack exploit kit landing page (exploit-kit.rules) * 1:26367 <-> DISABLED <-> EXPLOIT-KIT Egypack exploit kit outbound connection (exploit-kit.rules) * 1:26368 <-> DISABLED <-> EXPLOIT-KIT Egypack exploit kit landing page (exploit-kit.rules) * 1:26369 <-> ENABLED <-> MALWARE-OTHER Double HTTP Server declared (malware-other.rules) * 1:26379 <-> DISABLED <-> SERVER-OTHER Squid proxy Accept-Language denial of service attempt (server-other.rules) * 1:26380 <-> DISABLED <-> MALWARE-OTHER UTF-8 BOM in zip file attachment detected (malware-other.rules) * 1:26381 <-> DISABLED <-> MALWARE-OTHER UTF-8 BOM in zip file attachment detected (malware-other.rules) * 1:26382 <-> DISABLED <-> MALWARE-OTHER UTF-8 BOM in zip file attachment detected (malware-other.rules) * 1:26385 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows executable file save onto SMB share attempt (file-executable.rules) * 1:26386 <-> DISABLED <-> SERVER-OTHER Polycom HDX authorization bypass attempt (server-other.rules) * 1:26387 <-> DISABLED <-> OS-MOBILE Android Stels initial server contact (os-mobile.rules) * 1:26388 <-> DISABLED <-> OS-MOBILE Android Stels server response (os-mobile.rules) * 1:26391 <-> DISABLED <-> PROTOCOL-POP libcurl MD5 digest buffer overflow attempt (protocol-pop.rules) * 1:26394 <-> DISABLED <-> SERVER-OTHER Bopup Communications server buffer overflow attempt (server-other.rules) * 1:26395 <-> DISABLED <-> APP-DETECT Ufasoft bitcoin miner possible data upload (app-detect.rules) * 1:26397 <-> DISABLED <-> INDICATOR-COMPROMISE IP address check to myip.dnsomatic.com detected (indicator-compromise.rules) * 1:26410 <-> DISABLED <-> INDICATOR-COMPROMISE IP address check to j.maxmind.com detected (indicator-compromise.rules) * 1:26411 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot folder snkb0ptz creation attempt SMB (malware-other.rules) * 1:26412 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot executable snkb0ptz.exe creation attempt SMB (malware-other.rules) * 1:26413 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot Desktop.ini snkb0ptz.exe creation attempt SMB (malware-other.rules) * 1:26425 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP SDP header parsing stack buffer overflow attempt (protocol-voip.rules) * 1:26426 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP SDP header parsing stack buffer overflow attempt (protocol-voip.rules) * 1:26427 <-> DISABLED <-> PROTOCOL-DNS ISC libdns client NAPTR record regular expression handling denial of service attempt (protocol-dns.rules) * 1:26429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules) * 1:26430 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules) * 1:26432 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:26433 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:26437 <-> DISABLED <-> PUA-OTHER Bitcoin inbound response attempt (pua-other.rules) * 1:26438 <-> DISABLED <-> PUA-OTHER Bitcoin outbound request attempt (pua-other.rules) * 1:26439 <-> DISABLED <-> FILE-JAVA Oracle Java known malicious jar file download - specific structure (file-java.rules) * 1:26440 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript/html generated by myobfuscate.com detected (indicator-obfuscation.rules) * 1:26442 <-> DISABLED <-> OS-MOBILE Android MDK encrypted information leak (os-mobile.rules) * 1:26443 <-> DISABLED <-> OS-MOBILE Android MDK encrypted information leak (os-mobile.rules) * 1:26451 <-> DISABLED <-> INDICATOR-OBFUSCATION g01pack Javascript substr function wrapper attempt (indicator-obfuscation.rules) * 1:26454 <-> DISABLED <-> SERVER-OTHER UltraVNC Listening mode stack buffer overflow attempt (server-other.rules) * 1:26455 <-> DISABLED <-> SERVER-OTHER UltraVNC Listening mode stack buffer overflow attempt (server-other.rules) * 1:26456 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (file-identify.rules) * 1:26457 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (file-identify.rules) * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (file-identify.rules) * 1:26459 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules) * 1:26460 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules) * 1:26461 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules) * 1:26462 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules) * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:26468 <-> DISABLED <-> SERVER-ORACLE Oracle WebCenter FatWire Satellite Server header injection on blobheadername2 attempt (server-oracle.rules) * 1:26469 <-> DISABLED <-> SERVER-ORACLE Oracle WebCenter FatWire Satellite Server header injection on blobheadername2 attempt (server-oracle.rules) * 1:26470 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Zeus Spam 2013 dated zip/exe HTTP Response - potential malware download (malware-other.rules) * 1:26471 <-> DISABLED <-> PROTOCOL-FTP VanDyke AbsoluteFTP LIST command stack buffer overflow attempt (protocol-ftp.rules) * 1:26489 <-> ENABLED <-> BROWSER-OTHER Novell Messenger Client nim URI handler buffer overflow attempt (browser-other.rules) * 1:26490 <-> ENABLED <-> BROWSER-OTHER Novell Messenger Client nim URI handler buffer overflow attempt (browser-other.rules) * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (file-identify.rules) * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:26514 <-> ENABLED <-> FILE-IDENTIFY maplet file download attempt (file-identify.rules) * 1:26515 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules) * 1:26516 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules) * 1:26517 <-> ENABLED <-> FILE-IDENTIFY maplet bin file download attempt (file-identify.rules) * 1:26520 <-> DISABLED <-> FILE-OTHER Maple Maplet File Creation and Command Execution attempt (file-other.rules) * 1:26521 <-> DISABLED <-> FILE-OTHER Maple Maplet File Creation and Command Execution attempt (file-other.rules) * 1:26527 <-> ENABLED <-> EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt (exploit-kit.rules) * 1:26528 <-> DISABLED <-> INDICATOR-COMPROMISE Unix.Backdoor.Cdorked redirect attempt (indicator-compromise.rules) * 1:26529 <-> DISABLED <-> MALWARE-BACKDOOR Unix.Backdoor.Cdorked backdoor command attempt (malware-backdoor.rules) * 1:26530 <-> DISABLED <-> INDICATOR-COMPROMISE Unix.Backdoor.Cdorked redirected URI attempt (indicator-compromise.rules) * 1:26531 <-> ENABLED <-> MALWARE-OTHER Unix.Backdoor.Cdorked download attempt (malware-other.rules) * 1:26532 <-> ENABLED <-> MALWARE-OTHER Unix.Backdoor.Cdorked download attempt (malware-other.rules) * 1:26542 <-> DISABLED <-> SERVER-OTHER Autonomy Ultraseek cs.html url parameter with url - possible malicious redirection attempt (server-other.rules) * 1:26553 <-> DISABLED <-> PUA-ADWARE Win.Adware.BProtector browser hijacker dll list download attempt (pua-adware.rules) * 1:26559 <-> DISABLED <-> OS-OTHER DLink IP camera remote command execution vulnerability - access to vulnerable rtpd.cgi (os-other.rules) * 1:26562 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit Spoofed Host Header .com- requests (exploit-kit.rules) * 1:26565 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded nop sled detected (indicator-obfuscation.rules) * 1:26567 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded nop sled detected (indicator-obfuscation.rules) * 1:26585 <-> DISABLED <-> INDICATOR-COMPROMISE config.inc.php in iframe (indicator-compromise.rules) * 1:26586 <-> DISABLED <-> SERVER-OTHER PostgreSQL database name command line injection attempt (server-other.rules) * 1:26591 <-> ENABLED <-> EXPLOIT-KIT unknown exploit kit script injection attempt (exploit-kit.rules) * 1:26594 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Management Interface HTTP digest authentication stack buffer overflow attempt (protocol-voip.rules) * 1:26597 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules) * 1:26598 <-> DISABLED <-> FILE-OTHER .tar multiple antivirus evasion attempt (file-other.rules) * 1:26610 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Dulevco.A runtime detection (malware-backdoor.rules) * 1:26611 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Dulevco.A runtime detection (malware-backdoor.rules) * 1:26615 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript substr rename attempt (indicator-obfuscation.rules) * 1:26616 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript indexOf rename attempt (indicator-obfuscation.rules) * 1:26619 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple comment tags used in embedded RTF object - potentially malicious (indicator-obfuscation.rules) * 1:26620 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple comment tags used in embedded RTF object - potentially malicious (indicator-obfuscation.rules) * 1:26621 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion adminapi information disclosure attempt (server-other.rules) * 1:26626 <-> DISABLED <-> FILE-OFFICE XML parameter entity reference local file disclosure attempt (file-office.rules) * 1:26627 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio SVG external entity local file disclosure attempt (file-office.rules) * 1:26628 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio SVG external entity local file disclosure attempt (file-office.rules) * 1:26644 <-> ENABLED <-> SERVER-OTHER SSL TLS DEFLATE compression detected (server-other.rules) * 1:26645 <-> DISABLED <-> SERVER-OTHER SSL TLS deflate compression weakness brute force attempt (server-other.rules) * 1:26650 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript regex embedded sandbox escape attempt (file-pdf.rules) * 1:26655 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.PCRat data upload (malware-backdoor.rules) * 1:26658 <-> DISABLED <-> BROWSER-WEBKIT Possible Google Chrome Plugin install from non-trusted source (browser-webkit.rules) * 1:26659 <-> DISABLED <-> BROWSER-FIREFOX Possible Mozilla Firefox Plugin install from non-Mozilla source (browser-firefox.rules) * 1:26660 <-> ENABLED <-> MALWARE-OTHER Fake delivery information phishing attack (malware-other.rules) * 1:26662 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:26670 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.KitM file download (malware-other.rules) * 1:26671 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.KitM file download (malware-other.rules) * 1:26687 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:26688 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:26689 <-> DISABLED <-> OS-MOBILE Android Denofow phone information exfiltration (os-mobile.rules) * 1:26693 <-> DISABLED <-> OS-MOBILE Android Antammi device information exfiltration (os-mobile.rules) * 1:26694 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader dll injection sandbox escape (file-pdf.rules) * 1:26698 <-> ENABLED <-> MALWARE-OTHER Compromised Website response - leads to Exploit Kit (malware-other.rules) * 1:26699 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:26700 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:26701 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:26705 <-> DISABLED <-> OS-MOBILE Android Ewalls device information exfiltration (os-mobile.rules) * 1:26716 <-> ENABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:26717 <-> ENABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:26755 <-> DISABLED <-> FILE-PDF Adobe Acrobat file extension overflow attempt (file-pdf.rules) * 1:26759 <-> DISABLED <-> SERVER-OTHER MIT Kerberos libkdb_ldap principal name handling denial of service attempt (server-other.rules) * 1:26760 <-> DISABLED <-> OS-MOBILE Android Fakeinst device information leakage (os-mobile.rules) * 1:26768 <-> DISABLED <-> OS-MOBILE Android Fakedoc device information leakage (os-mobile.rules) * 1:26769 <-> DISABLED <-> SERVER-OTHER MIT Kerberos kpasswd process_chpw_request denial of service attempt (server-other.rules) * 1:26772 <-> ENABLED <-> SERVER-OTHER Apache Struts2 skillName remote code execution attempt (server-other.rules) * 1:26773 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.Midwgif.A runtime detection (malware-backdoor.rules) * 1:26778 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Kazy download attempt (malware-other.rules) * 1:26783 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Opfake APK file download (os-mobile.rules) * 1:26788 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:26789 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:26795 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.ZertSecurity apk download (os-mobile.rules) * 1:26796 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.ZertSecurity encrypted information leak (malware-other.rules) * 1:26802 <-> DISABLED <-> MALWARE-OTHER WIN.Worm.Beagle.AZ SMTP propagation detection (malware-other.rules) * 1:26803 <-> ENABLED <-> MALWARE-OTHER DNS data exfiltration attempt (malware-other.rules) * 1:26814 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit Initial Gate from Linked-In Mailing Campaign (exploit-kit.rules) * 1:26817 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript regex embedded sandbox escape attempt (file-pdf.rules) * 1:26823 <-> DISABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Neshgai.A runtime detection (malware-backdoor.rules) * 1:26826 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Opfake credential theft attempt (os-mobile.rules) * 1:26827 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Opfake device information disclosure attempt (os-mobile.rules) * 1:26833 <-> DISABLED <-> FILE-OFFICE Microsoft Office MSComctlLib.Toolbar ActiveX control exploit attempt (file-office.rules) * 1:26838 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit Initial Gate from NatPay Mailing Campaign (exploit-kit.rules) * 1:26842 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Boda Malware Checkin (malware-backdoor.rules) * 1:26881 <-> DISABLED <-> MALWARE-OTHER HTML.Dropper.Agent uri scheme detected (malware-other.rules) * 1:26891 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit executable download (exploit-kit.rules) * 1:26892 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit jar file download (exploit-kit.rules) * 1:26893 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit landing page (exploit-kit.rules) * 1:26894 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit Java V6 exploit download (exploit-kit.rules) * 1:26895 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit Java V7 exploit download (exploit-kit.rules) * 1:26896 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit Plugin detection response (exploit-kit.rules) * 1:26897 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit malware download (exploit-kit.rules) * 1:26902 <-> ENABLED <-> FILE-IDENTIFY Android APK download request (file-identify.rules) * 1:26903 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules) * 1:26904 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules) * 1:26906 <-> DISABLED <-> SERVER-OTHER Foswiki/Twiki MAKETEXT command execution attempt (server-other.rules) * 1:26909 <-> DISABLED <-> FILE-IMAGE Microsoft Windows WMF denial of service attempt (file-image.rules) * 1:26921 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Kazy download attempt (malware-other.rules) * 1:26922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:26926 <-> DISABLED <-> FILE-OTHER Multiple products ZIP archive virus detection bypass attempt (file-other.rules) * 1:26933 <-> ENABLED <-> MALWARE-OTHER Clickserver ad harvesting redirection attempt (malware-other.rules) * 1:26934 <-> ENABLED <-> MALWARE-OTHER Clickserver ad harvesting redirection attempt (malware-other.rules) * 1:26938 <-> DISABLED <-> OS-MOBILE Android Tetus device information leakage (os-mobile.rules) * 1:26939 <-> DISABLED <-> OS-MOBILE Android Tetus device information leakage variant (os-mobile.rules) * 1:26949 <-> ENABLED <-> EXPLOIT-KIT DotkaChef/Rmayana/DotCache exploit kit landing page (exploit-kit.rules) * 1:26951 <-> ENABLED <-> EXPLOIT-KIT DotkaChef/Rmayana/DotCache exploit kit Malvertising Campaign URI request (exploit-kit.rules) * 1:26956 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 1 (exploit-kit.rules) * 1:26957 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 2 (exploit-kit.rules) * 1:26958 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 3 (exploit-kit.rules) * 1:26959 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 4 (exploit-kit.rules) * 1:26960 <-> ENABLED <-> EXPLOIT-KIT Zuponcic exploit kit landing page (exploit-kit.rules) * 1:26961 <-> ENABLED <-> EXPLOIT-KIT Flim exploit kit landing page (exploit-kit.rules) * 1:26962 <-> ENABLED <-> EXPLOIT-KIT Flim exploit kit portable executable download (exploit-kit.rules) * 1:26963 <-> DISABLED <-> EXPLOIT-KIT Flim exploit kit outbound jar request (exploit-kit.rules) * 1:26964 <-> DISABLED <-> EXPLOIT-KIT Flim exploit kit outbound jnlp request (exploit-kit.rules) * 1:26982 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules) * 1:26983 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules) * 1:26985 <-> ENABLED <-> EXPLOIT-KIT Rawin exploit kit outbound java retrieval (exploit-kit.rules) * 1:26989 <-> DISABLED <-> FILE-OTHER Multiple products ZIP archive virus detection bypass attempt (file-other.rules) * 1:27005 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Portable Executable downloaded when mp3 is declared (exploit-kit.rules) * 1:27016 <-> DISABLED <-> OS-MOBILE Android AnserverBot initial contact (os-mobile.rules) * 1:27024 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Netweird.A file download attempt (malware-other.rules) * 1:27025 <-> DISABLED <-> MALWARE-OTHER UNIX.Trojan.Netweird.A file download attempt (malware-other.rules) * 1:27026 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit landing page (exploit-kit.rules) * 1:27031 <-> DISABLED <-> OS-MOBILE Android Satfi device information leakage (os-mobile.rules) * 1:27032 <-> DISABLED <-> OS-MOBILE Android Walkinwat / Wandt information leakage generic (os-mobile.rules) * 1:27034 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.Transhell file download (malware-other.rules) * 1:27035 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.Transhell file download (malware-other.rules) * 1:27037 <-> DISABLED <-> OS-MOBILE Android Vidro / EClips sms send instructions (os-mobile.rules) * 1:27038 <-> DISABLED <-> OS-MOBILE Android Vidro / EClips device information leakage (os-mobile.rules) * 1:27046 <-> DISABLED <-> APP-DETECT iodine dns tunneling handshake server ACK (app-detect.rules) * 1:27047 <-> DISABLED <-> INDICATOR-COMPROMISE Unknown ?1 redirect (indicator-compromise.rules) * 1:27050 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Dokstormac file download (malware-other.rules) * 1:27051 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Dokstormac file download (malware-other.rules) * 1:27052 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.JVDrop.A jar file download attempt (malware-other.rules) * 1:27053 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.JVDrop.A jar file download attempt (malware-other.rules) * 1:27055 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Yakes download attempt (malware-other.rules) * 1:27056 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Yakes download attempt (malware-other.rules) * 1:27059 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.HackBack file download attempt (malware-other.rules) * 1:27060 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.HackBack file upload attempt (malware-other.rules) * 1:27064 <-> DISABLED <-> OS-MOBILE Android Spy2Mobile device information leakage (os-mobile.rules) * 1:27068 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious jar file download (exploit-kit.rules) * 1:27069 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious portable executable download (exploit-kit.rules) * 1:27078 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit landing page - specific structure (exploit-kit.rules) * 1:27079 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit landing page stage 2 (exploit-kit.rules) * 1:27080 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit Firefox exploit download - autopwn (exploit-kit.rules) * 1:27084 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit rhino remote code execution exploit download - autopwn (exploit-kit.rules) * 1:27085 <-> ENABLED <-> EXPLOIT-KIT Unknown Malvertising exploit kit Hostile Jar pipe.class (exploit-kit.rules) * 1:27086 <-> ENABLED <-> EXPLOIT-KIT Unknown Malvertising exploit kit stage-1 redirect (exploit-kit.rules) * 1:27089 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules) * 1:27090 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules) * 1:27094 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeToken information disclosure attempt (os-mobile.rules) * 1:27095 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeToken APK file download attempt (os-mobile.rules) * 1:27096 <-> DISABLED <-> FILE-OTHER XML exponential entity expansion attack attempt (file-other.rules) * 1:27097 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSSilence APK file download attempt (os-mobile.rules) * 1:27098 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSSilence unsolicited sms attempt (os-mobile.rules) * 1:27099 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSSilence device information disclosure attempt (os-mobile.rules) * 1:27102 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime enof atom parsing heap buffer overflow attempt (file-multimedia.rules) * 1:27103 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime enof atom parsing heap buffer overflow attempt (file-multimedia.rules) * 1:27106 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious jar download (exploit-kit.rules) * 1:27107 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious jar download (exploit-kit.rules) * 1:27108 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit malicious jar file downloaded when exe is declared (exploit-kit.rules) * 1:27109 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit malicious jar download (exploit-kit.rules) * 1:27115 <-> ENABLED <-> MALWARE-OTHER DirtJumper denial of service attack traffic (malware-other.rules) * 1:27116 <-> DISABLED <-> OS-MOBILE Android Androrat device information leakage (os-mobile.rules) * 1:27117 <-> DISABLED <-> OS-MOBILE Android Androrat sms message leakage (os-mobile.rules) * 1:27118 <-> DISABLED <-> OS-MOBILE Android Androrat contact list leakage (os-mobile.rules) * 1:27119 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple plugin version detection attempt (indicator-obfuscation.rules) * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:27136 <-> ENABLED <-> OS-WINDOWS Microsoft Windows .NET CLR mutlidimensional array handling remote code execution attempt (os-windows.rules) * 1:27139 <-> ENABLED <-> OS-WINDOWS Microsoft Windows .NET CLR mutlidimensional array handling remote code execution attempt (os-windows.rules) * 1:27193 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules) * 1:27194 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules) * 1:27195 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules) * 1:27197 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Pintsized file download attempt (malware-other.rules) * 1:27198 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Pintsized file download attempt (malware-other.rules) * 1:27203 <-> DISABLED <-> INDICATOR-COMPROMISE Apache auto_prepend_file a.control.bin C2 traffic (indicator-compromise.rules) * 1:27210 <-> ENABLED <-> SERVER-OTHER IPMI RAKP cipher zero remote authentication bypass attempt (server-other.rules) * 1:27224 <-> ENABLED <-> SERVER-OTHER Adobe ColdFusion websocket invoke method access (server-other.rules) * 1:27225 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion JRun error page getWriter denial of service attempt (server-other.rules) * 1:27228 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.Janicab file download attempt (malware-other.rules) * 1:27229 <-> ENABLED <-> MALWARE-OTHER IFRAMEr Tool code injection attack (malware-other.rules) * 1:27231 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:27234 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory LDAP search denial of service attempt (server-other.rules) * 1:27236 <-> DISABLED <-> SERVER-OTHER Citrix XenApp password buffer overflow attempt (server-other.rules) * 1:27237 <-> DISABLED <-> SERVER-OTHER IPMI default username - root (server-other.rules) * 1:27238 <-> DISABLED <-> SERVER-OTHER IPMI default username - admin (server-other.rules) * 1:27239 <-> DISABLED <-> SERVER-OTHER IPMI default username - USERID (server-other.rules) * 1:27240 <-> DISABLED <-> SERVER-OTHER multiple vendors IPMI RAKP username brute force attempt (server-other.rules) * 1:27241 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page detected (exploit-kit.rules) * 1:27242 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:27246 <-> ENABLED <-> MALWARE-OTHER Mac OSX FBI ransomware (malware-other.rules) * 1:27249 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:27255 <-> DISABLED <-> INDICATOR-COMPROMISE All Numbers .EXE file name from abnormally ordered HTTP headers - Potential Yakes Trojan Download (indicator-compromise.rules) * 1:27258 <-> DISABLED <-> INDICATOR-OBFUSCATION eval large block of fromCharCode (indicator-obfuscation.rules) * 1:27259 <-> DISABLED <-> INDICATOR-OBFUSCATION eval large block of fromCharCode (indicator-obfuscation.rules) * 1:27265 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap buffer overflow attempt (file-flash.rules) * 1:27266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap buffer overflow attempt (file-flash.rules) * 1:27267 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript user-supplied PCM resampling integer overflow attempt (file-flash.rules) * 1:27268 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript user-supplied PCM resampling integer overflow attempt (file-flash.rules) * 1:27269 <-> DISABLED <-> SERVER-OTHER GuildFTPd CWD command heap overflow attempt (server-other.rules) * 1:27270 <-> DISABLED <-> SERVER-OTHER GuildFTPd LIST command heap overflow attempt (server-other.rules) * 1:27273 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit iframe redirection (exploit-kit.rules) * 1:27274 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java Exploit request structure (exploit-kit.rules) * 1:27275 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:27276 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:27277 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file download request (file-identify.rules) * 1:27278 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (file-other.rules) * 1:27279 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (file-other.rules) * 1:27280 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (file-other.rules) * 1:27281 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (file-other.rules) * 1:27525 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:27526 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:27527 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:27528 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:27529 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:27530 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:27532 <-> DISABLED <-> SERVER-MAIL Exim and Dovecot mail from remote command execution attempt (server-mail.rules) * 1:27536 <-> DISABLED <-> APP-DETECT TCP over DNS response attempt (app-detect.rules) * 1:27538 <-> DISABLED <-> MALWARE-OTHER self-signed SSL certificate with default MyCompany Ltd organization name (malware-other.rules) * 1:27540 <-> DISABLED <-> APP-DETECT OzymanDNS dns tunneling up attempt (app-detect.rules) * 1:27541 <-> DISABLED <-> APP-DETECT OzymanDNS dns tunneling down attempt (app-detect.rules) * 1:27542 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:27543 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:27550 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules) * 1:27552 <-> DISABLED <-> OS-MOBILE Android Exploit Extra_Field APK file download attempt (os-mobile.rules) * 1:27565 <-> ENABLED <-> MALWARE-OTHER HideMeBetter spam injection variant (malware-other.rules) * 1:27569 <-> DISABLED <-> FILE-IMAGE JPEG parser multipacket heap overflow attempt (file-image.rules) * 1:27572 <-> ENABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:27573 <-> ENABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:27574 <-> ENABLED <-> SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt (server-apache.rules) * 1:27575 <-> ENABLED <-> SERVER-APACHE Apache Struts arbitrary OGNL remote code execution attempt (server-apache.rules) * 1:27576 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font maxComponentPoints overflow attempt (file-other.rules) * 1:27578 <-> DISABLED <-> SERVER-OTHER OpenX POST to known backdoored file (server-other.rules) * 1:27579 <-> DISABLED <-> SERVER-OTHER Sybase Open Server function pointer array code execution attempt (server-other.rules) * 1:27593 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split (indicator-obfuscation.rules) * 1:27594 <-> ENABLED <-> MALWARE-OTHER Fake Adobe Flash Player update warning enticing clicks to malware payload (malware-other.rules) * 1:27595 <-> ENABLED <-> MALWARE-OTHER Fake Adobe Flash Player malware binary requested (malware-other.rules) * 1:27602 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:27603 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:27604 <-> DISABLED <-> POLICY-SPAM FedEX spam campaign outbound connection (policy-spam.rules) * 1:27609 <-> DISABLED <-> POLICY-OTHER Microsoft ADFS endpoint information disclosure attempt (policy-other.rules) * 1:27610 <-> DISABLED <-> PROTOCOL-ICMP Truncated ICMPv6 denial of service attempt (protocol-icmp.rules) * 1:27611 <-> DISABLED <-> PROTOCOL-ICMP Truncated ICMPv6 denial of service attempt (protocol-icmp.rules) * 1:27623 <-> DISABLED <-> SERVER-OTHER Joomla media.php arbitrary file upload attempt (server-other.rules) * 1:27624 <-> DISABLED <-> OS-WINDOWS Microsoft ICMPv6 mismatched prefix length and length field denial of service attempt (os-windows.rules) * 1:27668 <-> DISABLED <-> APP-DETECT Heyoka initial outbound connection attempt (app-detect.rules) * 1:27669 <-> DISABLED <-> APP-DETECT Heyoka outbound communication attempt (app-detect.rules) * 1:27689 <-> DISABLED <-> FILE-PDF Foxit PDF Reader authentication bypass attempt (file-pdf.rules) * 1:27690 <-> DISABLED <-> FILE-PDF Foxit PDF Reader authentication bypass attempt (file-pdf.rules) * 1:27693 <-> DISABLED <-> FILE-JAVA Oracle Java 2D ImagingLib BytePackedRaster signed integer overflow attempt (file-java.rules) * 1:27694 <-> DISABLED <-> FILE-JAVA Oracle Java 2D ImagingLib BytePackedRaster signed integer overflow attempt (file-java.rules) * 1:27700 <-> DISABLED <-> APP-DETECT NSTX DNS tunnel outbound connection attempt (app-detect.rules) * 1:27712 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection injection (exploit-kit.rules) * 1:27713 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection injection (exploit-kit.rules) * 1:27715 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page (exploit-kit.rules) * 1:27721 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .su dns query (indicator-compromise.rules) * 1:27723 <-> DISABLED <-> SQL McAfee ePolicy Orchestrator timing based SQL injection attempt (sql.rules) * 1:27724 <-> DISABLED <-> SQL McAfee ePolicy Orchestrator timing based SQL injection attempt (sql.rules) * 1:27725 <-> DISABLED <-> OS-MOBILE Android SMSAgent.C outbound SMTP communication (os-mobile.rules) * 1:27729 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /Silic.jsp (indicator-compromise.rules) * 1:27730 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /css3.jsp (indicator-compromise.rules) * 1:27731 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /inback.jsp (indicator-compromise.rules) * 1:27732 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /jspspy.jsp (indicator-compromise.rules) * 1:27733 <-> DISABLED <-> EXPLOIT-KIT IFRAMEr Tool embedded javascript attack method - generic structure (exploit-kit.rules) * 1:27734 <-> ENABLED <-> EXPLOIT-KIT IFRAMEr Tool embedded javascript attack method - specific structure (exploit-kit.rules) * 1:27738 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit landing page (exploit-kit.rules) * 1:27739 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit redirection page (exploit-kit.rules) * 1:27754 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:27755 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:27764 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:27765 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:27783 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit plugin detection page (exploit-kit.rules) * 1:27786 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:27787 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:27810 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit redirection (exploit-kit.rules) * 1:27818 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint denial of service attempt (server-other.rules) * 1:27819 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint denial of service attempt (server-other.rules) * 1:27820 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel PtgMemFunc zero-value cce-field read access violation attempt (file-office.rules) * 1:27821 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel PtgMemFunc zero-value cce-field read access violation attempt (file-office.rules) * 1:27824 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid external defined names read AV attempt (file-office.rules) * 1:27825 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid external defined names read AV attempt (file-office.rules) * 1:27850 <-> ENABLED <-> FILE-OFFICE Microsoft Office SDTI signed integer underflow attempt (file-office.rules) * 1:27851 <-> ENABLED <-> FILE-OFFICE Microsoft Office SDTI signed integer underflow attempt (file-office.rules) * 1:27852 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word invalid number of cells memory corruption attempt (file-office.rules) * 1:27853 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word invalid number of cells memory corruption attempt (file-office.rules) * 1:27854 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (file-office.rules) * 1:27855 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (file-office.rules) * 1:27856 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (file-office.rules) * 1:27857 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (file-office.rules) * 1:27858 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word malformed OCXINFO element EoP attempt (file-office.rules) * 1:27859 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word malformed OCXINFO element EoP attempt (file-office.rules) * 1:27860 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt (os-windows.rules) * 1:27861 <-> DISABLED <-> SERVER-ORACLE Oracle Enterprise Manager Database Control directory traversal attempt (server-oracle.rules) * 1:27879 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Acrobat Reader 8 (exploit-kit.rules) * 1:27880 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Acrobat Reader 9 (exploit-kit.rules) * 1:27882 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Flash Player (exploit-kit.rules) * 1:27887 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27888 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27889 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27890 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit secondary payload (exploit-kit.rules) * 1:27891 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit secondary payload (exploit-kit.rules) * 1:27899 <-> DISABLED <-> PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt (protocol-voip.rules) * 1:27900 <-> DISABLED <-> PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt (protocol-voip.rules) * 1:27901 <-> DISABLED <-> PROTOCOL-VOIP Ghost call attack attempt (protocol-voip.rules) * 1:27902 <-> DISABLED <-> PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt (protocol-voip.rules) * 1:27903 <-> DISABLED <-> PROTOCOL-VOIP Ghost call attack attempt (protocol-voip.rules) * 1:27904 <-> DISABLED <-> PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt (protocol-voip.rules) * 1:27907 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit payload download attempt (exploit-kit.rules) * 1:27911 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit landing page (exploit-kit.rules) * 1:27912 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit landing page (exploit-kit.rules) * 1:27913 <-> DISABLED <-> PUA-ADWARE Vittalia adware - get ads (pua-adware.rules) * 1:27914 <-> DISABLED <-> PUA-ADWARE Vittalia adware - post install (pua-adware.rules) * 1:27915 <-> DISABLED <-> PUA-ADWARE Vittalia adware outbound connection - pre install (pua-adware.rules) * 1:27916 <-> DISABLED <-> PUA-TOOLBARS Vittalia adware outbound connection - Eazel toolbar install (pua-toolbars.rules) * 1:27917 <-> DISABLED <-> PUA-TOOLBARS Vittalia adware outbound connection - offers (pua-toolbars.rules) * 1:27922 <-> DISABLED <-> APP-DETECT Splashtop outbound connection attempt (app-detect.rules) * 1:27923 <-> DISABLED <-> APP-DETECT Splashtop connection negotiation attempt (app-detect.rules) * 1:27924 <-> DISABLED <-> APP-DETECT Splashtop Streamer download attempt (app-detect.rules) * 1:27925 <-> DISABLED <-> APP-DETECT Splashtop Personal download attempt (app-detect.rules) * 1:27926 <-> DISABLED <-> APP-DETECT Splashtop Streamer certificate server connect attempt (app-detect.rules) * 1:27927 <-> DISABLED <-> APP-DETECT Splashtop inbound connection negotiation attempt (app-detect.rules) * 1:27928 <-> DISABLED <-> APP-DETECT Splashtop connection attempt (app-detect.rules) * 1:27929 <-> DISABLED <-> APP-DETECT Splashtop communication attempt (app-detect.rules) * 1:27930 <-> DISABLED <-> APP-DETECT DNS request for Splashtop domain splashtop.com (app-detect.rules) * 1:27931 <-> DISABLED <-> APP-DETECT DNS request for Splashtop domain splashtop.net (app-detect.rules) * 1:27932 <-> DISABLED <-> APP-DETECT DNS request for Splashtop domain devicevm.com (app-detect.rules) * 1:27933 <-> DISABLED <-> APP-DETECT Splashtop streamer download attempt (app-detect.rules) * 1:27934 <-> DISABLED <-> APP-DETECT Splashtop personal download attempt (app-detect.rules) * 1:27935 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit landing page (exploit-kit.rules) * 1:27936 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit portable executable download (exploit-kit.rules) * 1:27938 <-> DISABLED <-> PROTOCOL-DNS IPv6 host name enumeration (protocol-dns.rules) * 1:27956 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit download attempt (malware-other.rules) * 1:27957 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit download attempt (malware-other.rules) * 1:27958 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit download attempt (malware-other.rules) * 1:27959 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit upload attempt (malware-other.rules) * 1:27960 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit upload attempt (malware-other.rules) * 1:27961 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit upload attempt (malware-other.rules) * 1:27982 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application executable download attempt (app-detect.rules) * 1:27983 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application zip download attempt (app-detect.rules) * 1:27984 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dfgvx.com (app-detect.rules) * 1:27985 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain hjuyv.com (app-detect.rules) * 1:27986 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain rfvcd.com (app-detect.rules) * 1:27987 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain vfrtg.com (app-detect.rules) * 1:27988 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dongtaiwang.com (app-detect.rules) * 1:27989 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain mjuyh.com (app-detect.rules) * 1:27990 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain umikl.com (app-detect.rules) * 1:27991 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain ziyouforever.com (app-detect.rules) * 1:27992 <-> DISABLED <-> APP-DETECT DNS response for Dynamic Internet Technology domain ziyouforever.com (app-detect.rules) * 1:27993 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain xcder.com (app-detect.rules) * 1:27994 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dit-inc.us (app-detect.rules) * 1:27995 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain ewsxz.com (app-detect.rules) * 1:27996 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain nbgtr.com (app-detect.rules) * 1:27997 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dongtaiwang.net (app-detect.rules) * 1:27998 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain washingtonchinareview.org (app-detect.rules) * 1:27999 <-> DISABLED <-> APP-DETECT Possible Dynamic Internet Technology Frontgate application PING (app-detect.rules) * 1:28000 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application executable download attempt (app-detect.rules) * 1:28001 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application zip download attempt (app-detect.rules) * 1:28002 <-> DISABLED <-> INDICATOR-SCAN UPnP WANPPPConnection (indicator-scan.rules) * 1:28003 <-> DISABLED <-> INDICATOR-SCAN UPnP WANIPConnection (indicator-scan.rules) * 1:28006 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kuluoz outbound download request (malware-other.rules) * 1:28015 <-> ENABLED <-> EXPLOIT-KIT g01pack exploit kit redirection attempt (exploit-kit.rules) * 1:28016 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28017 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28018 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28019 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28020 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28021 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28022 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - IFRAMEr injection tool (exploit-kit.rules) * 1:28026 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:28028 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit exploit download attempt (exploit-kit.rules) * 1:28038 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit successful redirection (exploit-kit.rules) * 1:28043 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:28046 <-> DISABLED <-> OS-MOBILE Android fake iMessage app download (os-mobile.rules) * 1:28054 <-> ENABLED <-> MALWARE-OTHER VBScript potential executable write attempt (malware-other.rules) * 1:28055 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV outbound communication attempt (os-mobile.rules) * 1:28056 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV APK file download attempt (os-mobile.rules) * 1:28057 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV APK file download attempt (os-mobile.rules) * 1:28068 <-> DISABLED <-> APP-DETECT 360.cn Safeguard runtime outbound communication (app-detect.rules) * 1:28069 <-> DISABLED <-> APP-DETECT DNS request for potential malware SafeGuard to domain 360.cn (app-detect.rules) * 1:28070 <-> DISABLED <-> APP-DETECT DNS request for potential malware SafeGuard to domain 360safe.com (app-detect.rules) * 1:28071 <-> DISABLED <-> APP-DETECT 360.cn SafeGuard local HTTP management console access attempt (app-detect.rules) * 1:28081 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Malapp APK file download attempt (os-mobile.rules) * 1:28082 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Malapp APK file download attempt (os-mobile.rules) * 1:28086 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SmsSpy APK file download attempt (os-mobile.rules) * 1:28087 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SmsSpy APK file download attempt (os-mobile.rules) * 1:28088 <-> DISABLED <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt (policy-social.rules) * 1:28089 <-> DISABLED <-> POLICY-SOCIAL multiple chat protocols link to local file attempt (policy-social.rules) * 1:28090 <-> DISABLED <-> POLICY-SOCIAL multiple chat protocols link to local file attempt (policy-social.rules) * 1:28098 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS reGenerateReports/DeleteReports SQL injection attempt (server-other.rules) * 1:28099 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS reGenerateReports/DeleteReports SQL injection attempt (server-other.rules) * 1:28100 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS deleteReportFilter SQL injection attempt (server-other.rules) * 1:28101 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS reGenerateReports/DeleteReports SQL injection attempt (server-other.rules) * 1:28102 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS ReportFilterID/reportTemplateID SQL injection attempt (server-other.rules) * 1:28103 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Workspace file FontCount record memory corruption attempt (file-office.rules) * 1:28137 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ShrFmla record use after free attempt (file-office.rules) * 1:28138 <-> ENABLED <-> EXPLOIT-KIT DotkaChef/Rmayana exploit kit redirection attempt (exploit-kit.rules) * 1:28140 <-> DISABLED <-> PUA-ADWARE Win.Adware.Schmidti outbound communication attempt (pua-adware.rules) * 1:28149 <-> DISABLED <-> SERVER-OTHER Quest Software Big Brother attempted arbitrary file deletion (server-other.rules) * 1:28150 <-> DISABLED <-> SERVER-OTHER Quest Software Big Brother attempted arbitrary file upload (server-other.rules) * 1:28156 <-> DISABLED <-> PUA-ADWARE Linkury outbound time check (pua-adware.rules) * 1:28161 <-> DISABLED <-> FILE-OTHER Microsoft .NET XML digital signature denial of service attempt (file-other.rules) * 1:28162 <-> DISABLED <-> FILE-OTHER Microsoft .NET XML digital signature denial of service attempt (file-other.rules) * 1:28165 <-> DISABLED <-> PROTOCOL-VOIP attempted DOS detected (protocol-voip.rules) * 1:28190 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cc dns query (indicator-compromise.rules) * 1:28194 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit landing page (exploit-kit.rules) * 1:28195 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit post java exploit download attempt (exploit-kit.rules) * 1:28201 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint XSS attempt (server-other.rules) * 1:28202 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules) * 1:28203 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules) * 1:28205 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2003 macro byte opcode large data structure arbitrary code execution attempt (file-office.rules) * 1:28206 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2003 macro byte opcode large data structure arbitrary code execution attempt (file-office.rules) * 1:28213 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit redirection received (exploit-kit.rules) * 1:28233 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit payload download attempt (exploit-kit.rules) * 1:28238 <-> DISABLED <-> EXPLOIT-KIT Multiple exploit kits malicious pdf download (exploit-kit.rules) * 1:28245 <-> DISABLED <-> APP-DETECT Bizhi Sogou Wallpaper application outbound connection attempt (app-detect.rules) * 1:28246 <-> DISABLED <-> APP-DETECT Bizhi Sogou Wallpaper application download schema response (app-detect.rules) * 1:28264 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit java compromise successful (exploit-kit.rules) * 1:28265 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page attempt (exploit-kit.rules) * 1:28279 <-> ENABLED <-> PUA-ADWARE Wajam outbound connection - post install (pua-adware.rules) * 1:28280 <-> ENABLED <-> PUA-ADWARE Wajam outbound connection - post install (pua-adware.rules) * 1:28286 <-> ENABLED <-> FILE-OTHER overly large XML file MSXML heap overflow attempt (file-other.rules) * 1:28291 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit exploit download attempt (exploit-kit.rules) * 1:28292 <-> DISABLED <-> PROTOCOL-ICMP IPv6 0xfacebabe ICMP ping attempt (protocol-icmp.rules) * 1:28301 <-> DISABLED <-> INDICATOR-SCAN User-Agent known malicious user-agent Masscan (indicator-scan.rules) * 1:28308 <-> ENABLED <-> EXPLOIT-KIT Himan exploit kit payload - Adobe Reader compromise (exploit-kit.rules) * 1:28310 <-> ENABLED <-> EXPLOIT-KIT Himan exploit kit payload - Oracle Java compromise (exploit-kit.rules) * 1:28324 <-> ENABLED <-> PUA-ADWARE FakeAV runtime detection (pua-adware.rules) * 1:28344 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to chr function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:28347 <-> DISABLED <-> MALWARE-OTHER SimpleTDS - page redirecting to a SimpleTDS (malware-other.rules) * 1:28348 <-> DISABLED <-> MALWARE-OTHER SimpleTDS - request to go.php (malware-other.rules) * 1:28365 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Stoberox outbound communication attempt (malware-other.rules) * 1:28367 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:28368 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:28369 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:28370 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:28371 <-> ENABLED <-> PUA-ADWARE UpdateStar CIS file retrieval attempt (pua-adware.rules) * 1:28372 <-> ENABLED <-> PUA-ADWARE UpdateStar encapsulated installer outbound connection (pua-adware.rules) * 1:28382 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index file download request (file-identify.rules) * 1:28383 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules) * 1:28384 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules) * 1:28386 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTML Help security zone bypass attempt (os-windows.rules) * 1:28387 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTML Help security zone bypass attempt (os-windows.rules) * 1:28390 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:28391 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:28392 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (file-multimedia.rules) * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules) * 1:28423 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit single digit exe detection (exploit-kit.rules) * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:28450 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retrieve attempt (exploit-kit.rules) * 1:28483 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Magitart outbound communication attempt (malware-other.rules) * 1:28497 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules) * 1:28498 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:28499 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:28500 <-> DISABLED <-> FILE-OTHER WordPerfect file magic with .doc extension (file-other.rules) * 1:28501 <-> DISABLED <-> FILE-OTHER WordPerfect file magic with .doc extension (file-other.rules) * 1:28502 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:28503 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:28521 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:28530 <-> DISABLED <-> PUA-TOOLBARS Babylon toolbar outbound connection (pua-toolbars.rules) * 1:28531 <-> DISABLED <-> PUA-ADWARE FreePDS installer outbound connection (pua-adware.rules) * 1:28532 <-> DISABLED <-> MALWARE-TOOLS PyLoris http DoS tool (malware-tools.rules) * 1:28534 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28535 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28536 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28537 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28544 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules) * 1:28545 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules) * 1:28546 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules) * 1:28549 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:28550 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:28552 <-> DISABLED <-> INDICATOR-SCAN inbound probing for IPTUX messenger port (indicator-scan.rules) * 1:28555 <-> DISABLED <-> MALWARE-OTHER SQL Slammer worm propagation attempt inbound (malware-other.rules) * 1:28567 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free race condition (file-flash.rules) * 1:28568 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules) * 1:28569 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules) * 1:28570 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:28571 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:28572 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:28573 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:28574 <-> ENABLED <-> FILE-IDENTIFY FDF file download request (file-identify.rules) * 1:28575 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader FDF submitForm cross-site scripting attempt (file-other.rules) * 1:28576 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader FDF submitForm cross-site scripting attempt (file-other.rules) * 1:28577 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader memory disclosure attempt (file-pdf.rules) * 1:28578 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader memory disclosure attempt (file-pdf.rules) * 1:28587 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GlyphOffset memory disclosure attempt (file-flash.rules) * 1:28588 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GlyphOffset memory disclosure attempt (file-flash.rules) * 1:28589 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28590 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28591 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF remote code execution attempt (file-pdf.rules) * 1:28592 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF remote code execution attempt (file-pdf.rules) * 1:28593 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit payload download (exploit-kit.rules) * 1:28594 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit Microsoft Internet Explorer vulnerability request (exploit-kit.rules) * 1:28597 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader field dictionary null pointer dereference attempt (file-pdf.rules) * 1:28598 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader field dictionary null pointer dereference attempt (file-pdf.rules) * 1:28600 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (file-pdf.rules) * 1:28601 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (file-pdf.rules) * 1:28602 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (file-pdf.rules) * 1:28603 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (file-pdf.rules) * 1:28608 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit Atomic exploit download - specific-structure (exploit-kit.rules) * 1:28609 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit obfuscated exploit payload download (exploit-kit.rules) * 1:28610 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retreive attempt (exploit-kit.rules) * 1:28617 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDSElementGetPageRangeList recursive call denial of service attempt (file-pdf.rules) * 1:28618 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDSElementGetPageRangeList recursive call denial of service attempt (file-pdf.rules) * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:28796 <-> ENABLED <-> EXPLOIT-KIT iFRAMEr successful cnt.php redirection (exploit-kit.rules) * 1:28797 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit binkey xored binary download attempt (exploit-kit.rules) * 1:28798 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit possibly malicious iframe embedded into a webpage (exploit-kit.rules) * 1:28818 <-> DISABLED <-> FILE-OTHER 7-Zip ARJ archive handling buffer overflow attempt (file-other.rules) * 1:28819 <-> DISABLED <-> FILE-OTHER 7-Zip ARJ archive handling buffer overflow attempt (file-other.rules) * 1:28821 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28822 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28823 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28824 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28825 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28826 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28827 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28831 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro d2d1.dll dll-load exploit attempt (file-other.rules) * 1:28833 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules) * 1:28834 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules) * 1:28835 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules) * 1:28836 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wintab32.dll dll-load exploit attempt (file-other.rules) * 1:28837 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro d2d1.dll dll-load exploit attempt (file-other.rules) * 1:28839 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules) * 1:28840 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules) * 1:28841 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules) * 1:28842 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wintab32.dll dll-load exploit attempt (file-other.rules) * 1:28847 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Tavdig download attempt (malware-other.rules) * 1:28848 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Tavdig download attempt (malware-other.rules) * 1:28867 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28871 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28872 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28883 <-> ENABLED <-> PUA-ADWARE Apponic CIS file retrieval attempt (pua-adware.rules) * 1:28884 <-> ENABLED <-> PUA-ADWARE Apponic encapsulated installer outbound connection (pua-adware.rules) * 1:28885 <-> ENABLED <-> PUA-ADWARE Apponic encapsulated installer outbound connection (pua-adware.rules) * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (file-identify.rules) * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (file-identify.rules) * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28908 <-> DISABLED <-> SERVER-OTHER Nagios core config manager tfpassword sql injection attempt (server-other.rules) * 1:28913 <-> DISABLED <-> MALWARE-BACKDOOR Zollard variant outbound connection attempt (malware-backdoor.rules) * 1:28917 <-> DISABLED <-> PROTOCOL-SCADA Microsys Promotic directory traversal attempt (protocol-scada.rules) * 1:28926 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:28927 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:28929 <-> ENABLED <-> PUA-ADWARE Amonetize installer outbound connection attempt (pua-adware.rules) * 1:28934 <-> DISABLED <-> PUA-ADWARE InstallBrain software download attempt (pua-adware.rules) * 1:28935 <-> DISABLED <-> PUA-ADWARE InstallBrain software download attempt (pua-adware.rules) * 1:28945 <-> DISABLED <-> INDICATOR-COMPROMISE exe.exe download (indicator-compromise.rules) * 1:28963 <-> ENABLED <-> EXPLOIT-KIT HiMan exploit kit Flash Exploit landing page (exploit-kit.rules) * 1:28966 <-> ENABLED <-> EXPLOIT-KIT HiMan exploit kit outbound POST connection (exploit-kit.rules) * 1:28968 <-> ENABLED <-> EXPLOIT-KIT HiMan exploit kit outbound flash exploit retrieval attempt (exploit-kit.rules) * 1:28978 <-> DISABLED <-> FILE-OTHER CHM LZX compression reset interval anti-virus evasion attempt (file-other.rules) * 1:28979 <-> DISABLED <-> FILE-OTHER CHM LZX compression reset interval anti-virus evasion attempt (file-other.rules) * 1:28993 <-> DISABLED <-> PROTOCOL-VOIP Sipvicious User-Agent detected (protocol-voip.rules) * 1:28998 <-> DISABLED <-> OS-LINUX Linux kernel ARM put_user write outside process address space privilege escalation attempt (os-linux.rules) * 1:28999 <-> DISABLED <-> OS-LINUX Linux kernel ARM put_user write outside process address space privilege escalation attempt (os-linux.rules) * 1:29001 <-> ENABLED <-> EXPLOIT-KIT SPL2 exploit kit landing page detection (exploit-kit.rules) * 1:29002 <-> ENABLED <-> EXPLOIT-KIT SPL2 exploit kit Silverlight plugin outbound connection attempt (exploit-kit.rules) * 1:29006 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules) * 1:29007 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules) * 1:29008 <-> ENABLED <-> FILE-IDENTIFY XWD image file download request (file-identify.rules) * 1:29009 <-> DISABLED <-> FILE-OTHER GIMP XWD file heap buffer overflow attempt (file-other.rules) * 1:29010 <-> DISABLED <-> FILE-OTHER GIMP XWD file heap buffer overflow attempt (file-other.rules) * 1:29012 <-> ENABLED <-> MALWARE-OTHER Possible Win.Trojan.Zbot variant outbound connection (malware-other.rules) * 1:29013 <-> ENABLED <-> MALWARE-OTHER Possible Win.Trojan.Zbot variant outbound connection (malware-other.rules) * 1:29014 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded OpenType font engine LZX decompression buffer overflow attempt (os-windows.rules) * 1:29023 <-> ENABLED <-> MALWARE-OTHER multi-hop iframe campaign client-side exploit attempt (malware-other.rules) * 1:29024 <-> ENABLED <-> MALWARE-OTHER multi-hop iframe campaign client-side exploit attempt (malware-other.rules) * 1:29025 <-> ENABLED <-> MALWARE-OTHER multi-hop iframe campaign client-side exploit attempt (malware-other.rules) * 1:29028 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server TDS packet fragment handling remote denial of service attempt (server-mssql.rules) * 1:29029 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server TDS packet fragment handling remote denial of service attempt (server-mssql.rules) * 1:29047 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29048 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29049 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29050 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29051 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29052 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29053 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29054 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29055 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Descrantol variant data exfiltration attempt (malware-backdoor.rules) * 1:29061 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:29062 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed JBIG2 decode segment null pointer crash attempt (file-pdf.rules) * 1:29063 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed JBIG2 decode segment null pointer crash attempt (file-pdf.rules) * 1:29094 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.Shatekrat variant initial outbound connection (malware-backdoor.rules) * 1:29096 <-> ENABLED <-> MALWARE-TOOLS Browser Password Decryptor - Password List sent via FTP (malware-tools.rules) * 1:29124 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.InstallMonster variant outbound connection (malware-other.rules) * 1:29162 <-> ENABLED <-> FILE-IDENTIFY CIS file download request (file-identify.rules) * 1:29164 <-> DISABLED <-> EXPLOIT-KIT CritX exploit kit outbound flash request (exploit-kit.rules) * 1:29182 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29183 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29184 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29185 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29186 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound connection (exploit-kit.rules) * 1:29188 <-> DISABLED <-> EXPLOIT-KIT Magnitude exploit kit embedded open type font file request (exploit-kit.rules) * 1:29194 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding registers - too many inputs (protocol-scada.rules) * 1:29195 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input register - too many inputs (protocol-scada.rules) * 1:29196 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input status - too many inputs (protocol-scada.rules) * 1:29197 <-> DISABLED <-> PROTOCOL-SCADA Modbus read write multiple registers - too many writes (protocol-scada.rules) * 1:29198 <-> DISABLED <-> PROTOCOL-SCADA Modbus read write multiple registers - too many writes (protocol-scada.rules) * 1:29199 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple registers - too many registers (protocol-scada.rules) * 1:29200 <-> DISABLED <-> PROTOCOL-SCADA Modbus write single coil - invalid state (protocol-scada.rules) * 1:29201 <-> DISABLED <-> PROTOCOL-SCADA Modbus read coil status response - too many coils (protocol-scada.rules) * 1:29202 <-> DISABLED <-> PROTOCOL-SCADA Modbus read coil status response - too many coils (protocol-scada.rules) * 1:29203 <-> DISABLED <-> PROTOCOL-SCADA Modbus read fifo response invalid byte count (protocol-scada.rules) * 1:29204 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding register response - invalid byte count (protocol-scada.rules) * 1:29205 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input registers response invalid byte count (protocol-scada.rules) * 1:29206 <-> DISABLED <-> PROTOCOL-SCADA Modbus read write register response - invalid byte count (protocol-scada.rules) * 1:29207 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29208 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29209 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29210 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29211 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29212 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29214 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules) * 1:29215 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules) * 1:29218 <-> ENABLED <-> FILE-JAVA Oracle Java and JavaFX JPEGImageReader memory corruption attempt (file-java.rules) * 1:29219 <-> ENABLED <-> FILE-JAVA Oracle Java and JavaFX JPEGImageReader memory corruption attempt (file-java.rules) * 1:29266 <-> DISABLED <-> SERVER-OTHER Cisco Prime Data Center Network Manager arbitrary file read attempt (server-other.rules) * 1:29268 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules) * 1:29269 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules) * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (file-identify.rules) * 1:29282 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29283 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29284 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29286 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29287 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29288 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29314 <-> DISABLED <-> PROTOCOL-SCADA Modbus function scan (protocol-scada.rules) * 1:29315 <-> DISABLED <-> PROTOCOL-SCADA Modbus list scan (protocol-scada.rules) * 1:29316 <-> DISABLED <-> PROTOCOL-SCADA Modbus value scan (protocol-scada.rules) * 1:29317 <-> DISABLED <-> PROTOCOL-SCADA Modbus invalid exception message (protocol-scada.rules) * 1:29318 <-> DISABLED <-> PROTOCOL-SCADA Modbus invalid encapsulated interface response (protocol-scada.rules) * 1:29319 <-> DISABLED <-> PROTOCOL-SCADA Modbus invalid encapsulated interface request (protocol-scada.rules) * 1:29320 <-> DISABLED <-> APP-DETECT Baidu IME download attempt (app-detect.rules) * 1:29321 <-> DISABLED <-> APP-DETECT Baidu IME download attempt (app-detect.rules) * 1:29322 <-> DISABLED <-> APP-DETECT Baidu IME runtime detection - remote sync (app-detect.rules) * 1:29354 <-> DISABLED <-> APP-DETECT Foca file scanning attempt (app-detect.rules) * 1:29357 <-> DISABLED <-> PUA-P2P Vuze BitTorrent client outbound connection (pua-p2p.rules) * 1:29360 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit encrypted binary download (exploit-kit.rules) * 1:29361 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules) * 1:29362 <-> DISABLED <-> SERVER-OTHER Novell NetWare AFP denial of service attempt (server-other.rules) * 1:29364 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Esjey outbound communication attempt (malware-other.rules) * 1:29381 <-> DISABLED <-> APP-DETECT VPN Over DNS outbound traffic attempt (app-detect.rules) * 1:29382 <-> DISABLED <-> APP-DETECT VPN Over DNS application download attempt (app-detect.rules) * 1:29383 <-> DISABLED <-> APP-DETECT VPN Over DNS application download attempt (app-detect.rules) * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (file-identify.rules) * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:29393 <-> DISABLED <-> SERVER-OTHER ntp monlist denial of service attempt (server-other.rules) * 1:29396 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same (policy-spam.rules) * 1:29397 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same (policy-spam.rules) * 1:29398 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same (policy-spam.rules) * 1:29399 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same (policy-spam.rules) * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (file-identify.rules) * 1:29411 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page (exploit-kit.rules) * 1:29412 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Java download attempt (exploit-kit.rules) * 1:29413 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:29414 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:29418 <-> DISABLED <-> OS-MOBILE Android signature validation bypass APK file download attempt (os-mobile.rules) * 1:29419 <-> DISABLED <-> OS-MOBILE Android signature validation bypass APK file download attempt (os-mobile.rules) * 1:29433 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:29437 <-> DISABLED <-> OS-MOBILE Android Goodix gt915 touchscreen driver improper bounds-check privileged access attempt (os-mobile.rules) * 1:29438 <-> DISABLED <-> OS-MOBILE Android Goodix gt915 touchscreen driver improper bounds-check privileged access attempt (os-mobile.rules) * 1:29444 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit flashplayer11 payload download (exploit-kit.rules) * 1:29447 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit payload download - scandsk.exe (exploit-kit.rules) * 1:29454 <-> DISABLED <-> PROTOCOL-ICMP Unusual L3retriever Ping detected (protocol-icmp.rules) * 1:29455 <-> DISABLED <-> PROTOCOL-ICMP Unusual Microsoft Windows Ping detected (protocol-icmp.rules) * 1:29456 <-> DISABLED <-> PROTOCOL-ICMP Unusual PING detected (protocol-icmp.rules) * 1:29457 <-> DISABLED <-> PROTOCOL-ICMP Unusual Microsoft Windows 7 Ping detected (protocol-icmp.rules) * 1:29490 <-> ENABLED <-> FILE-JAVA Oracle Java ShortComponentRaster integer overflow attempt (file-java.rules) * 1:29491 <-> ENABLED <-> FILE-JAVA Oracle Java ShortComponentRaster integer overflow attempt (file-java.rules) * 1:29500 <-> DISABLED <-> PUA-ADWARE 4Shared Downloader outbound connection attempt (pua-adware.rules) * 1:29501 <-> DISABLED <-> PUA-ADWARE 4Shared Downloader executable file download attempt (pua-adware.rules) * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:29515 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:29516 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29517 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules) * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules) * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:29534 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:29539 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29540 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29541 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29542 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29543 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29544 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29545 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29546 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29551 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (file-flash.rules) * 1:29552 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (file-flash.rules) * 1:29553 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (file-flash.rules) * 1:29554 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (file-flash.rules) * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:29582 <-> DISABLED <-> SERVER-OTHER Mediawiki DjVu and PDF handling code execution attempt (server-other.rules) * 1:29585 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt (server-other.rules) * 1:29586 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29587 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29588 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:29589 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:29590 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:29591 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:29604 <-> DISABLED <-> OS-OTHER CoDeSys Gateway Server Denial of Service attempt detected (os-other.rules) * 1:29605 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:29606 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules) * 1:29611 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules) * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules) * 1:29626 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29628 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29629 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29640 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules) * 1:29641 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules) * 1:29642 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules) * 1:29643 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules) * 1:29660 <-> DISABLED <-> FILE-OTHER Norton Anti-Virus decompression bomb denial of service attempt (file-other.rules) * 1:29661 <-> DISABLED <-> FILE-OTHER Norton Anti-Virus decompression bomb denial of service attempt (file-other.rules) * 1:29669 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader pattern object memory corruption attempt (file-pdf.rules) * 1:29715 <-> DISABLED <-> SERVER-IIS Microsoft Windows ASP .NET denial of service attempt (server-iis.rules) * 1:29723 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (file-office.rules) * 1:29724 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (file-office.rules) * 1:29725 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (file-office.rules) * 1:29726 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (file-office.rules) * 1:29745 <-> DISABLED <-> INDICATOR-OBFUSCATION Alternating character encodings - JS variable (indicator-obfuscation.rules) * 1:29755 <-> DISABLED <-> BROWSER-CHROME Google Chrome and Apple Safari Ruby before and after memory corruption (browser-chrome.rules) * 1:29792 <-> DISABLED <-> SERVER-OTHER Novell iPrint Server remote code execution attempt (server-other.rules) * 1:29793 <-> DISABLED <-> SERVER-OTHER D-Link IP Cameras execution of commands from administration web interface (server-other.rules) * 1:29794 <-> DISABLED <-> SERVER-OTHER D-Link IP Cameras access to the video stream via HTTP (server-other.rules) * 1:29795 <-> DISABLED <-> SERVER-OTHER D-Link IP Cameras access the ASCII video stream via image luminance (server-other.rules) * 1:29800 <-> DISABLED <-> FILE-OTHER XML exponential entity expansion attack attempt (file-other.rules) * 1:29807 <-> DISABLED <-> INDICATOR-OBFUSCATION Alternating character encodings - JS array (indicator-obfuscation.rules) * 1:29809 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (browser-webkit.rules) * 1:29810 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (browser-webkit.rules) * 1:29811 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (browser-webkit.rules) * 1:29812 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (browser-webkit.rules) * 1:29823 <-> DISABLED <-> OS-WINDOWS Microsoft Windows secure channel malformed certificate request memory corruption attempt (os-windows.rules) * 1:29835 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode object type confusion information disclosure attempt (file-flash.rules) * 1:29836 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode object type confusion information disclosure attempt (file-flash.rules) * 1:29864 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit payload request (exploit-kit.rules) * 1:29866 <-> DISABLED <-> SERVER-IIS Microsoft Windows Server 2012 IIS OData protocol nested replace filter dos attempt (server-iis.rules) * 1:29871 <-> DISABLED <-> SERVER-ORACLE Oracle Reports server remote code execution attempt (server-oracle.rules) * 1:29874 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Dremseko outbound username enumeration (malware-backdoor.rules) * 1:29888 <-> DISABLED <-> FILE-OTHER Clam Anti-Virus TNEF file handling denial of service attempt (file-other.rules) * 1:29889 <-> DISABLED <-> FILE-OTHER Clam Anti-Virus TNEF file handling denial of service attempt (file-other.rules) * 1:29896 <-> DISABLED <-> SERVER-APACHE Apache Tomcat infinite loop denial of service attempt (server-apache.rules) * 1:29902 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:29903 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:29904 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:29905 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:29918 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Vacky system information disclosure (malware-other.rules) * 1:29926 <-> ENABLED <-> FILE-FLASH Adobe Flash Player buffer overflow attempt (file-flash.rules) * 1:29927 <-> ENABLED <-> FILE-FLASH Adobe Flash Player buffer overflow attempt (file-flash.rules) * 1:29932 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE regexp out of bounds memory leak ASLR bypass attempt (file-flash.rules) * 1:29933 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE regexp out of bounds memory leak ASLR bypass attempt (file-flash.rules) * 1:29934 <-> DISABLED <-> FILE-FLASH Adobe Flash regular expression grouping depth buffer overflow attempt (file-flash.rules) * 1:29935 <-> DISABLED <-> PROTOCOL-DNS ISC libdns client NAPTR record regular expression handling denial of service attempt (protocol-dns.rules) * 1:29938 <-> DISABLED <-> SERVER-OTHER InduSoft Web Studio Remote Agent buffer overflow attempt (server-other.rules) * 1:29939 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29940 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29941 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29942 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29950 <-> DISABLED <-> SERVER-OTHER TP-Link TL-WR740N wireless router remote denial of service attempt (server-other.rules) * 1:29951 <-> DISABLED <-> SERVER-OTHER HylaFAX plus LDAP authentication username buffer overflow attempt (server-other.rules) * 1:29952 <-> DISABLED <-> SERVER-OTHER HP LoadRunner XDR handling heap buffer overflow (server-other.rules) * 1:29953 <-> DISABLED <-> SERVER-OTHER Ubiquiti airCam RTSP service buffer overflow attempt (server-other.rules) * 1:29954 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server heap buffer overflow attempt (protocol-scada.rules) * 1:29958 <-> DISABLED <-> SERVER-OTHER multiple products HTTP HEAD request buffer overflow attempt (server-other.rules) * 1:29959 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:29960 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (protocol-scada.rules) * 1:29961 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (protocol-scada.rules) * 1:29962 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (protocol-scada.rules) * 1:29963 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (protocol-scada.rules) * 1:29964 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime directory traversal attempt (protocol-scada.rules) * 1:29965 <-> DISABLED <-> PROTOCOL-SCADA Tri PLC Nano 10 PLC denial of service attempt (protocol-scada.rules) * 1:29966 <-> DISABLED <-> SERVER-OTHER Ubiquiti airCam RTSP service buffer overflow attempt (server-other.rules) * 1:29967 <-> DISABLED <-> SERVER-OTHER Python socket.recvfrom_into remote buffer overflow attempt (server-other.rules) * 1:29968 <-> DISABLED <-> SERVER-OTHER Python socket.recvfrom_into remote buffer overflow attempt (server-other.rules) * 1:29969 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (file-java.rules) * 1:29970 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (file-java.rules) * 1:29971 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (file-java.rules) * 1:29972 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (file-java.rules) * 1:29991 <-> DISABLED <-> PUA-ADWARE The Best All Codecs App runtime detection (pua-adware.rules) * 1:30000 <-> DISABLED <-> MALWARE-BACKDOOR FireCrotch exploit kit backdoor attempt (malware-backdoor.rules) * 1:30010 <-> DISABLED <-> SERVER-APACHE Apache Solr SolrResourceLoader directory traversal attempt (server-apache.rules) * 1:30014 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:30017 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:30018 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (file-identify.rules) * 1:30032 <-> DISABLED <-> SERVER-OTHER Borland VisiBroker Smart Agent heap overflow attempt (server-other.rules) * 1:30038 <-> DISABLED <-> PUA-TOOLBARS Babylon toolbar outbound connection (pua-toolbars.rules) * 1:30070 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.iBanking outbound connection attempt (malware-other.rules) * 1:30071 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.iBanking outbound connection attempt (malware-other.rules) * 1:30072 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.iBanking outbound connection attempt (malware-other.rules) * 1:30133 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit landing page (exploit-kit.rules) * 1:30134 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit malicious payload delivery - specific string (exploit-kit.rules) * 1:30137 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - RULEZ cookie set (malware-other.rules) * 1:30138 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - RULEZ cookie (malware-other.rules) * 1:30146 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (file-flash.rules) * 1:30147 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (file-flash.rules) * 1:30148 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (file-flash.rules) * 1:30149 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (file-flash.rules) * 1:30150 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:30151 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:30152 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:30195 <-> DISABLED <-> APP-DETECT Paros proxy outbound connection attempt (app-detect.rules) * 1:30202 <-> DISABLED <-> SERVER-MAIL Mortal Universe POP Peeper uidl header overflow attempt (server-mail.rules) * 1:30205 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (server-other.rules) * 1:30206 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (server-other.rules) * 1:30207 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (server-other.rules) * 1:30212 <-> DISABLED <-> FILE-IMAGE GIMP heap buffer overflow vulnerability attempt (file-image.rules) * 1:30213 <-> DISABLED <-> FILE-IMAGE GIMP heap buffer overflow vulnerability attempt (file-image.rules) * 1:30215 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow attempt (file-multimedia.rules) * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:30218 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:30221 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit linux/x86 reverse_tcp stager transfer attempt (indicator-shellcode.rules) * 1:30222 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit shellcode linux/x86/meterpreter stage transfer attempt (indicator-shellcode.rules) * 1:30223 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit shellcode linux/x86/shell stage transfer attempt (indicator-shellcode.rules) * 1:30224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit shellcode linux/x86/shell_reverse_tcp single stage transfer attempt (indicator-shellcode.rules) * 1:30225 <-> DISABLED <-> INDICATOR-SHELLCODE possible /bin/sh shellcode transfer attempt (indicator-shellcode.rules) * 1:30226 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/meterpreter stage transfer attempt (indicator-shellcode.rules) * 1:30227 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/reverse_tcp stager transfer attempt (indicator-shellcode.rules) * 1:30228 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/shell stage transfer attempt (indicator-shellcode.rules) * 1:30229 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/shell stage transfer attempt (indicator-shellcode.rules) * 1:30236 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader field flags exploit attempt (file-pdf.rules) * 1:30237 <-> DISABLED <-> PUA-ADWARE InstallMonster initial runtime outbound connection (pua-adware.rules) * 1:30238 <-> DISABLED <-> PUA-ADWARE InstallMonster follow-up outbound connection (pua-adware.rules) * 1:30240 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules) * 1:30241 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules) * 1:30242 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:30243 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:30244 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fOdbcConn parsing remote code execution attempt (file-office.rules) * 1:30245 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules) * 1:30246 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules) * 1:30247 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules) * 1:30248 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules) * 1:30252 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor filter security policy bypass attempt (browser-chrome.rules) * 1:30253 <-> DISABLED <-> APP-DETECT Anyplace proxy header detected (app-detect.rules) * 1:30254 <-> DISABLED <-> APP-DETECT Anyplace usage attempt (app-detect.rules) * 1:30260 <-> ENABLED <-> PUA-ADWARE Lucky Leap Adware outbound connection (pua-adware.rules) * 1:30261 <-> ENABLED <-> PUA-ADWARE Lucky Leap Adware outbound connection (pua-adware.rules) * 1:30272 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Onimiki redirected client DNS request (malware-other.rules) * 1:30273 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Onimiki DNS compromised server response (malware-other.rules) * 1:30281 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool SMBv2 (policy-other.rules) * 1:30306 <-> ENABLED <-> EXPLOIT-KIT SofosFO/Stamp exploit kit plugin detection page (exploit-kit.rules) * 1:30312 <-> ENABLED <-> EXPLOIT-KIT WhiteLotus exploit kit plugin outbound detection (exploit-kit.rules) * 1:30316 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules) * 1:30317 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules) * 1:30320 <-> ENABLED <-> MALWARE-OTHER connection to malware sinkhole (malware-other.rules) * 1:30325 <-> ENABLED <-> MALWARE-OTHER malicious iframe injection redirect attempt (malware-other.rules) * 1:30326 <-> DISABLED <-> OS-LINUX Linux kernel SCTP duplicate cookie denial of service attempt (os-linux.rules) * 1:30329 <-> DISABLED <-> SERVER-OTHER McAfee Asset Manager downloadReport information disclosure attempt (server-other.rules) * 1:30330 <-> DISABLED <-> SERVER-OTHER McAfee Asset Manager downloadReport information disclosure attempt (server-other.rules) * 1:30337 <-> DISABLED <-> SERVER-OTHER Cisco Catalyst SSH protocol mismatch denial of service attempt (server-other.rules) * 1:30338 <-> DISABLED <-> SERVER-OTHER Cisco 677-678 telnet buffer overflow attempt (server-other.rules) * 1:30339 <-> DISABLED <-> SERVER-OTHER Cisco Catalyst telnet memory leak denial of service attempt (server-other.rules) * 1:30347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (file-flash.rules) * 1:30348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (file-flash.rules) * 1:30349 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (file-flash.rules) * 1:30350 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_bind_tcp (indicator-shellcode.rules) * 1:30351 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_find_port (indicator-shellcode.rules) * 1:30352 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_interact (indicator-shellcode.rules) * 1:30353 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_reverse_tcp (indicator-shellcode.rules) * 1:30354 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload android_shell_reverse_tcp (indicator-shellcode.rules) * 1:30355 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_sparc_shell_bind_tcp (indicator-shellcode.rules) * 1:30356 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_sparc_shell_reverse_tcp (indicator-shellcode.rules) * 1:30357 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_exec (indicator-shellcode.rules) * 1:30358 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_bind_ipv6_tcp (indicator-shellcode.rules) * 1:30359 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_bind_tcp (indicator-shellcode.rules) * 1:30360 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_find_port (indicator-shellcode.rules) * 1:30361 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_reverse_ipv6_tcp (indicator-shellcode.rules) * 1:30362 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_reverse_tcp (indicator-shellcode.rules) * 1:30363 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsdi_x86_shell_find_port (indicator-shellcode.rules) * 1:30364 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_awk (indicator-shellcode.rules) * 1:30365 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_inetd (indicator-shellcode.rules) * 1:30366 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_lua (indicator-shellcode.rules) * 1:30367 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_netcat (indicator-shellcode.rules) * 1:30368 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_netcat_gaping (indicator-shellcode.rules) * 1:30369 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_netcat_gaping_ipv6 (indicator-shellcode.rules) * 1:30370 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_nodejs (indicator-shellcode.rules) * 1:30371 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_perl (indicator-shellcode.rules) * 1:30372 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_perl_ipv6 (indicator-shellcode.rules) * 1:30373 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_ruby (indicator-shellcode.rules) * 1:30374 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_zsh (indicator-shellcode.rules) * 1:30375 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse (indicator-shellcode.rules) * 1:30376 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_awk (indicator-shellcode.rules) * 1:30377 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_lua (indicator-shellcode.rules) * 1:30378 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_openssl (indicator-shellcode.rules) * 1:30379 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (indicator-shellcode.rules) * 1:30380 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl_ssl (indicator-shellcode.rules) * 1:30381 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_php_ssl (indicator-shellcode.rules) * 1:30382 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_python (indicator-shellcode.rules) * 1:30383 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_ruby (indicator-shellcode.rules) * 1:30384 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_ruby_ssl (indicator-shellcode.rules) * 1:30385 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_zsh (indicator-shellcode.rules) * 1:30386 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_adduser (indicator-shellcode.rules) * 1:30387 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_bind_perl (indicator-shellcode.rules) * 1:30388 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_bind_perl_ipv6 (indicator-shellcode.rules) * 1:30389 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_bind_ruby (indicator-shellcode.rules) * 1:30390 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_download_exec_vbs (indicator-shellcode.rules) * 1:30391 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_reverse_perl (indicator-shellcode.rules) * 1:30392 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_reverse_powershell (indicator-shellcode.rules) * 1:30393 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_reverse_ruby (indicator-shellcode.rules) * 1:30394 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload firefox_exec (indicator-shellcode.rules) * 1:30395 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload firefox_shell_bind_tcp (indicator-shellcode.rules) * 1:30396 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload java_jsp_shell_bind_tcp (indicator-shellcode.rules) * 1:30397 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload java_shell_reverse_tcp (indicator-shellcode.rules) * 1:30398 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_adduser (indicator-shellcode.rules) * 1:30399 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_exec (indicator-shellcode.rules) * 1:30400 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_shell_bind_tcp (indicator-shellcode.rules) * 1:30401 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_shell_reverse_tcp (indicator-shellcode.rules) * 1:30402 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsbe_shell_bind_tcp (indicator-shellcode.rules) * 1:30403 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsbe_shell_reverse_tcp (indicator-shellcode.rules) * 1:30404 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsle_reboot (indicator-shellcode.rules) * 1:30405 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsle_shell_bind_tcp (indicator-shellcode.rules) * 1:30406 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsle_shell_reverse_tcp (indicator-shellcode.rules) * 1:30407 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc64_shell_bind_tcp (indicator-shellcode.rules) * 1:30408 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc64_shell_find_port (indicator-shellcode.rules) * 1:30409 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc_shell_bind_tcp (indicator-shellcode.rules) * 1:30410 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc_shell_find_port (indicator-shellcode.rules) * 1:30411 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_exec (indicator-shellcode.rules) * 1:30412 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_bind_tcp (indicator-shellcode.rules) * 1:30413 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_bind_tcp_random_port (indicator-shellcode.rules) * 1:30414 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_find_port (indicator-shellcode.rules) * 1:30415 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_reverse_tcp (indicator-shellcode.rules) * 1:30416 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_adduser (indicator-shellcode.rules) * 1:30417 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_chmod (indicator-shellcode.rules) * 1:30418 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_exec (indicator-shellcode.rules) * 1:30419 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_bind_ipv6_tcp (indicator-shellcode.rules) * 1:30420 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_bind_nonx_tcp (indicator-shellcode.rules) * 1:30421 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_bind_tcp (indicator-shellcode.rules) * 1:30422 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_find_tag (indicator-shellcode.rules) * 1:30423 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_reverse_ipv6_tcp (indicator-shellcode.rules) * 1:30424 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_reverse_nonx_tcp (indicator-shellcode.rules) * 1:30425 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_reverse_tcp (indicator-shellcode.rules) * 1:30426 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_bind_ipv6_tcp (indicator-shellcode.rules) * 1:30427 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_bind_tcp (indicator-shellcode.rules) * 1:30428 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_bind_tcp_random_port (indicator-shellcode.rules) * 1:30429 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_find_port (indicator-shellcode.rules) * 1:30430 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_reverse_tcp (indicator-shellcode.rules) * 1:30431 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_reverse_tcp2 (indicator-shellcode.rules) * 1:30432 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload netware_shell_reverse_tcp (indicator-shellcode.rules) * 1:30433 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload nodejs_shell_bind_tcp (indicator-shellcode.rules) * 1:30434 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_armle_shell_bind_tcp (indicator-shellcode.rules) * 1:30435 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_armle_shell_reverse_tcp (indicator-shellcode.rules) * 1:30436 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_armle_vibrate (indicator-shellcode.rules) * 1:30437 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_ppc_shell_bind_tcp (indicator-shellcode.rules) * 1:30438 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_ppc_shell_find_tag (indicator-shellcode.rules) * 1:30439 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_ppc_shell_reverse_tcp (indicator-shellcode.rules) * 1:30440 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_dupandexecve_bind_tcp (indicator-shellcode.rules) * 1:30441 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_dupandexecve_reverse_tcp (indicator-shellcode.rules) * 1:30442 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_exec (indicator-shellcode.rules) * 1:30443 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_say (indicator-shellcode.rules) * 1:30444 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_shell_find_tag (indicator-shellcode.rules) * 1:30445 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_shell_reverse_tcp (indicator-shellcode.rules) * 1:30446 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_exec (indicator-shellcode.rules) * 1:30447 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_isight_bind_tcp (indicator-shellcode.rules) * 1:30448 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_isight_reverse_tcp (indicator-shellcode.rules) * 1:30449 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_shell_find_port (indicator-shellcode.rules) * 1:30450 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_vforkshell_bind_tcp (indicator-shellcode.rules) * 1:30451 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_vforkshell_reverse_tcp (indicator-shellcode.rules) * 1:30452 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_bind_perl (indicator-shellcode.rules) * 1:30453 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_download_exec (indicator-shellcode.rules) * 1:30454 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_exec (indicator-shellcode.rules) * 1:30455 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_meterpreter_bind_tcp (indicator-shellcode.rules) * 1:30456 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_meterpreter_reverse_tcp (indicator-shellcode.rules) * 1:30457 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_reverse_perl (indicator-shellcode.rules) * 1:30458 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_reverse_php (indicator-shellcode.rules) * 1:30459 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_shell_findsock (indicator-shellcode.rules) * 1:30460 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload python_meterpreter_bind_tcp (indicator-shellcode.rules) * 1:30461 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload python_shell_reverse_tcp_ssl (indicator-shellcode.rules) * 1:30462 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload ruby_shell_bind_tcp (indicator-shellcode.rules) * 1:30463 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload ruby_shell_reverse_tcp (indicator-shellcode.rules) * 1:30464 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload ruby_shell_reverse_tcp_ssl (indicator-shellcode.rules) * 1:30465 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_sparc_shell_bind_tcp (indicator-shellcode.rules) * 1:30466 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_sparc_shell_find_port (indicator-shellcode.rules) * 1:30467 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_sparc_shell_reverse_tcp (indicator-shellcode.rules) * 1:30468 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_x86_shell_bind_tcp (indicator-shellcode.rules) * 1:30469 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_x86_shell_find_port (indicator-shellcode.rules) * 1:30470 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_x86_shell_reverse_tcp (indicator-shellcode.rules) * 1:30471 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_adduser (indicator-shellcode.rules) * 1:30472 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_messagebox (indicator-shellcode.rules) * 1:30473 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_bind_nonx_tcp (indicator-shellcode.rules) * 1:30474 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_bind_tcp (indicator-shellcode.rules) * 1:30475 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_find_tag (indicator-shellcode.rules) * 1:30476 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_reverse_ord_tcp (indicator-shellcode.rules) * 1:30477 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_shell_bind_tcp_xpfw (indicator-shellcode.rules) * 1:30478 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_speak_pwned (indicator-shellcode.rules) * 1:30479 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_x64_exec (indicator-shellcode.rules) * 1:30480 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_x64_meterpreter_reverse_https (indicator-shellcode.rules) * 1:30485 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:30486 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:30487 <-> DISABLED <-> SERVER-OTHER Zilab Chat and Instant Messaging server heap overflow attempt (server-other.rules) * 1:30488 <-> DISABLED <-> SERVER-OTHER Zilab Chat and Instant Messaging server channel join heap overflow attempt (server-other.rules) * 1:30489 <-> DISABLED <-> SERVER-OTHER Zilab Chat and Instant Messaging server connection heap overflow attempt (server-other.rules) * 1:30492 <-> DISABLED <-> PUA-ADWARE Win.Adware.Boaxxe suspicious advert traffic related to click fraud (pua-adware.rules) * 1:30493 <-> DISABLED <-> PUA-ADWARE Win.Adware.Boaxxe suspicious advert traffic related to click fraud (pua-adware.rules) * 1:30496 <-> DISABLED <-> PUA-ADWARE Win.Adware.Boaxxe suspicious advert traffic related to click fraud (pua-adware.rules) * 1:30507 <-> DISABLED <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt (server-other.rules) * 1:30510 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30511 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30512 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30513 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30514 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30515 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30516 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30517 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30520 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 heartbeat read overrun attempt - vulnerable client response (server-other.rules) * 1:30521 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 heartbeat read overrun attempt - vulnerable client response (server-other.rules) * 1:30522 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - vulnerable client response (server-other.rules) * 1:30523 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt - vulnerable client response (server-other.rules) * 1:30524 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30525 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30530 <-> DISABLED <-> FILE-MULTIMEDIA CoCSoft Stream Down SEH based buffer overflow attempt (file-multimedia.rules) * 1:30531 <-> DISABLED <-> FILE-MULTIMEDIA CoCSoft Stream Down SEH based buffer overflow attempt (file-multimedia.rules) * 1:30532 <-> ENABLED <-> FILE-MULTIMEDIA CoCSoft Stream Download session (file-multimedia.rules) * 1:30535 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:30536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:30537 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:30538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:30539 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigateToUrl hidden channel to file creation (file-flash.rules) * 1:30540 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigateToUrl hidden channel to file creation (file-flash.rules) * 1:30549 <-> ENABLED <-> SERVER-OTHER OpenSSL Heartbleed masscan access exploitation attempt (server-other.rules) * 1:30562 <-> ENABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 stack buffer overflow attempt (protocol-scada.rules) * 1:30564 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime long rnet atom size buffer overflow attempt (file-multimedia.rules) * 1:30565 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime long rnet atom size buffer overflow attempt (file-multimedia.rules) * 1:30567 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent E-FAX phishing attempt (malware-other.rules) * 1:30568 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent E-FAX phishing attempt (malware-other.rules) * 1:30569 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent Funeral ceremony phishing attempt (malware-other.rules) * 1:30711 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30712 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30713 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30714 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30715 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30716 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30717 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30718 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30719 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30720 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30721 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30722 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30723 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30724 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30725 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30726 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30727 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30728 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30729 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30730 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30731 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30732 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30733 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30734 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30735 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30736 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30737 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30738 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30739 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30740 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30741 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30742 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30756 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30757 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30758 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30759 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30760 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file download request (file-identify.rules) * 1:30761 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:30762 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:30763 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:30764 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:30765 <-> DISABLED <-> PUA-TOOLBARS Inbox Public Transport Toolbar outbound connection (pua-toolbars.rules) * 1:30766 <-> ENABLED <-> EXPLOIT-KIT Magnitude exploit kit landing page (exploit-kit.rules) * 1:30770 <-> DISABLED <-> FILE-PDF Foxit Reader CFF CharStrings buffer overflow attempt (file-pdf.rules) * 1:30771 <-> DISABLED <-> FILE-PDF Foxit Reader CFF CharStrings buffer overflow attempt (file-pdf.rules) * 1:30777 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30778 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30779 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30780 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30781 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30782 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30783 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30784 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30785 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30786 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30787 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30788 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30790 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30791 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30792 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30793 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30797 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 RETR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30798 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 STOR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30799 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 ATTR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30800 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 XATR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30801 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 PMODE bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30802 <-> ENABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 bkclogserv buffer overflow attempt (protocol-scada.rules) * 1:30816 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - invalid reference type (protocol-scada.rules) * 1:30817 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large byte count (protocol-scada.rules) * 1:30818 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large reference value (protocol-scada.rules) * 1:30819 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - small byte count (protocol-scada.rules) * 1:30820 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - invalid reference type (protocol-scada.rules) * 1:30821 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large byte count (protocol-scada.rules) * 1:30822 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large reference value (protocol-scada.rules) * 1:30823 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - small byte count (protocol-scada.rules) * 1:30843 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Reader cross-site scripting attempt (file-flash.rules) * 1:30844 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Reader cross-site scripting attempt (file-flash.rules) * 1:30845 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF ActionScript exploit attempt (file-flash.rules) * 1:30846 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF ActionScript exploit attempt (file-flash.rules) * 1:30852 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page - base64 encoded xml/jnlp statement (exploit-kit.rules) * 1:30853 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain bitseed.xf2.org (app-detect.rules) * 1:30854 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.btcltcftc.com (app-detect.rules) * 1:30855 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.fc.altcointech.net (app-detect.rules) * 1:30856 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.feathercoin.com (app-detect.rules) * 1:30857 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.koin-project.com (app-detect.rules) * 1:30858 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.litecoinpool.org (app-detect.rules) * 1:30859 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.litecointools.com (app-detect.rules) * 1:30860 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.ltc.xurious.com (app-detect.rules) * 1:30861 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.ppc.altcointech.net (app-detect.rules) * 1:30862 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.xpm.altcointech.net (app-detect.rules) * 1:30863 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dvcstable01.dvcnode.org (app-detect.rules) * 1:30864 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dvcstable02.dvcnode.org (app-detect.rules) * 1:30865 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.bitcoinstats.com (app-detect.rules) * 1:30866 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.dglibrary.org (app-detect.rules) * 1:30867 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.dogechain.info (app-detect.rules) * 1:30868 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.dogecoin.com (app-detect.rules) * 1:30869 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.mophides.com (app-detect.rules) * 1:30870 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.ppcoin.net (app-detect.rules) * 1:30871 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed1.metiscoininvest.info (app-detect.rules) * 1:30872 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed1.net.terracoin.org (app-detect.rules) * 1:30873 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed1.qrkcoin.org (app-detect.rules) * 1:30874 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed2.net.terracoin.org (app-detect.rules) * 1:30875 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain tnseed.ppcoin.net (app-detect.rules) * 1:30878 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit mp3 requested by Java (exploit-kit.rules) * 1:30898 <-> DISABLED <-> FILE-OTHER Microsoft Windows Briefcase integer underflow (file-other.rules) * 1:30904 <-> DISABLED <-> FILE-OTHER RARLAB WinRAR ZIP format filename spoof attempt (file-other.rules) * 1:30907 <-> DISABLED <-> FILE-OTHER RARLAB WinRAR ZIP format filename spoof attempt (file-other.rules) * 1:30920 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit redirection gate (exploit-kit.rules) * 1:30927 <-> DISABLED <-> PUA-ADWARE Win.Adware.Linkular variant outbound connection (pua-adware.rules) * 1:30930 <-> DISABLED <-> PUA-ADWARE Win.Adware.FakeAV variant outbound connection (pua-adware.rules) * 1:30934 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity/Rig exploit kit encrypted binary download (exploit-kit.rules) * 1:30935 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity/Rig exploit kit landing page - specific structure (exploit-kit.rules) * 1:30939 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows NtUserMessageCall implementation exploitation attempt (file-executable.rules) * 1:30940 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows NtUserMessageCall implementation exploitation attempt (file-executable.rules) * 1:30946 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Wysotot variant download attempt (malware-other.rules) * 1:30948 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Hikit outbound banner response (malware-backdoor.rules) * 1:30950 <-> DISABLED <-> SERVER-MAIL BitDefender Antivirus logging function format string remote code execution attempt (server-mail.rules) * 1:30960 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit outbound jnlp request (exploit-kit.rules) * 1:30965 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Oracle Java exploit (exploit-kit.rules) * 1:30966 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Microsoft Internet Explorer exploit (exploit-kit.rules) * 1:30967 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Adobe Flash exploit (exploit-kit.rules) * 1:30968 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to font exploit (exploit-kit.rules) * 1:30969 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Internet Explorer landing page (exploit-kit.rules) * 1:30970 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Adobe Flash landing page (exploit-kit.rules) * 1:30971 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Oracle Java landing page (exploit-kit.rules) * 1:30972 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Silverlight landing page (exploit-kit.rules) * 1:30975 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Oracle Java exploit (exploit-kit.rules) * 1:30976 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Adobe Flash exploit (exploit-kit.rules) * 1:30992 <-> DISABLED <-> FILE-OTHER invalid ELF padding field value attempt (file-other.rules) * 1:30993 <-> DISABLED <-> FILE-OTHER invalid ELF padding field value attempt (file-other.rules) * 1:30994 <-> DISABLED <-> INDICATOR-COMPROMISE possible TAR file oversize length field (indicator-compromise.rules) * 1:30995 <-> DISABLED <-> INDICATOR-COMPROMISE possible TAR file oversize length field (indicator-compromise.rules) * 1:31008 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader length-compute UTF-16 string buffer overflow attempt (file-pdf.rules) * 1:31009 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader length-compute UTF-16 string buffer overflow attempt (file-pdf.rules) * 1:31011 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader DCT encoded stream null pointer dereference attempt (file-pdf.rules) * 1:31012 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader DCT encoded stream null pointer dereference attempt (file-pdf.rules) * 1:31013 <-> DISABLED <-> SERVER-OTHER UNIX platform forwardslash directory traversal (server-other.rules) * 1:31015 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (file-pdf.rules) * 1:31016 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (file-pdf.rules) * 1:31019 <-> DISABLED <-> PUA-ADWARE Win.Adware.OptimumInstaller variant outbound connection (pua-adware.rules) * 1:31021 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader api call handling arbitrary execution attempt (file-pdf.rules) * 1:31022 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader api call handling arbitrary execution attempt (file-pdf.rules) * 1:31023 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:31024 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:31025 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:31026 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:31037 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CS3000 BKESimmgr.exe buffer overflow attempt (protocol-scada.rules) * 1:31038 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (file-image.rules) * 1:31039 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (file-image.rules) * 1:31040 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (file-image.rules) * 1:31041 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (file-image.rules) * 1:31042 <-> DISABLED <-> PUA-ADWARE Win.Adware.Outbrowse installation attempt (pua-adware.rules) * 1:31045 <-> DISABLED <-> SERVER-OTHER Oracle Demantra arbitrary file retrieval with authentication bypass attempt (server-other.rules) * 1:31048 <-> DISABLED <-> PUA-ADWARE Win.Adware.PCSpeedUp variant outbound connection (pua-adware.rules) * 1:31052 <-> DISABLED <-> PUA-ADWARE Win.Adware.Kdupd variant outbound connection (pua-adware.rules) * 1:31056 <-> DISABLED <-> PROTOCOL-SNMP Motorola Netopia 3347 series WEP key enumeration attempt (protocol-snmp.rules) * 1:31057 <-> DISABLED <-> PROTOCOL-SNMP Motorola Netopia 3347 series WPA key enumeration attempt (protocol-snmp.rules) * 1:31058 <-> DISABLED <-> PROTOCOL-SNMP Brocade snAgentUserAccntName enumeration attempt (protocol-snmp.rules) * 1:31059 <-> DISABLED <-> PROTOCOL-SNMP Brocade snAgentUserAccntPassword enumeration attempt (protocol-snmp.rules) * 1:31074 <-> DISABLED <-> PUA-TOOLBARS AVG anti-virus toolbar download attempt - download-toolbar.avg.com (pua-toolbars.rules) * 1:31075 <-> DISABLED <-> PUA-TOOLBARS AVG anti-virus toolbar download attempt - mmi.explabs.net (pua-toolbars.rules) * 1:31076 <-> DISABLED <-> PUA-TOOLBARS Babylon toolbar download attempt - stat.info-stream.net (pua-toolbars.rules) * 1:31082 <-> DISABLED <-> SERVER-OTHER Vino VNC multiple client authentication denial of service attempt (server-other.rules) * 1:31085 <-> DISABLED <-> FILE-OTHER Autodesk AutoCAD insecure acad.fas file load attempt (file-other.rules) * 1:31086 <-> DISABLED <-> FILE-OTHER Autodesk AutoCAD insecure acad.fas file load attempt (file-other.rules) * 1:31087 <-> DISABLED <-> FILE-OTHER Sophos RAR virtual machine filters memory corruption attempt (file-other.rules) * 1:31088 <-> DISABLED <-> FILE-OTHER Sophos RAR virtual machine filters memory corruption attempt (file-other.rules) * 1:31089 <-> ENABLED <-> PUA-ADWARE Win.Adware.CloseApp variant outbound connection (pua-adware.rules) * 1:31091 <-> ENABLED <-> PUA-ADWARE Win.Adware.Inbox/PCFixSpeed/RebateInformer variant outbound connection (pua-adware.rules) * 1:31095 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series WEP key enumeration attempt (protocol-snmp.rules) * 1:31096 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series WPA key enumeration attempt (protocol-snmp.rules) * 1:31097 <-> DISABLED <-> PROTOCOL-SNMP CableHome Devices cabhPsDevUIPassword enumeration attempt (protocol-snmp.rules) * 1:31098 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series WEP key enumeration attempt (protocol-snmp.rules) * 1:31099 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series WPA key enumeration attempt (protocol-snmp.rules) * 1:31100 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series password enumeration attempt (protocol-snmp.rules) * 1:31101 <-> DISABLED <-> SERVER-OTHER Sharetronix cross site request forgery attempt (server-other.rules) * 1:31102 <-> DISABLED <-> SERVER-OTHER TrendMicro InterScan Viruswall directory traversal attempt (server-other.rules) * 1:31125 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:31126 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:31127 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:31128 <-> DISABLED <-> PROTOCOL-FTP CoreFTP FTP Server TYPE command denial of service attempt (protocol-ftp.rules) * 1:31130 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31146 <-> DISABLED <-> PUA-ADWARE Win.Adware.iBryte variant outbound connection (pua-adware.rules) * 1:31162 <-> DISABLED <-> SERVER-OTHER Beetel 450TC2 CSRF attempt (server-other.rules) * 1:31166 <-> DISABLED <-> PUA-ADWARE InstallRex bundled installer outbound activity (pua-adware.rules) * 1:31167 <-> DISABLED <-> PUA-ADWARE InstallRex bundled installer outbound activity (pua-adware.rules) * 1:31176 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31177 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31178 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31179 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31180 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules) * 1:31181 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules) * 1:31184 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ZBerp variant download attempt (malware-other.rules) * 1:31185 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ZBerp variant download attempt (malware-other.rules) * 1:31212 <-> DISABLED <-> INDICATOR-COMPROMISE http GET request smuggling attempt (indicator-compromise.rules) * 1:31213 <-> DISABLED <-> INDICATOR-COMPROMISE http POST request smuggling attempt (indicator-compromise.rules) * 1:31217 <-> DISABLED <-> OS-WINDOWS Microsoft Lync Server meeting URL XSS attempt (os-windows.rules) * 1:31229 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:31230 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit outbound connection (exploit-kit.rules) * 1:31231 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit outbound connection (exploit-kit.rules) * 1:31237 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound swf request (exploit-kit.rules) * 1:31245 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:31246 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:31274 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit encrypted binary download (exploit-kit.rules) * 1:31275 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit landing page (exploit-kit.rules) * 1:31281 <-> DISABLED <-> FILE-FLASH Adobe Flash Player redirect attempt (file-flash.rules) * 1:31282 <-> DISABLED <-> FILE-FLASH Adobe Flash Player redirect attempt (file-flash.rules) * 1:31283 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31291 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DynamicAnnotStore exploit attempt (file-pdf.rules) * 1:31292 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DynamicAnnotStore exploit attempt (file-pdf.rules) * 1:31298 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules) * 1:31313 <-> DISABLED <-> PUA-ADWARE Ticno Multibar installation attempt (pua-adware.rules) * 1:31329 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Zbot variant download attempt (malware-other.rules) * 1:31331 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31337 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules) * 1:31338 <-> DISABLED <-> SERVER-OTHER OpenAFS GetStatistics buffer overflow attempt (server-other.rules) * 1:31347 <-> ENABLED <-> FILE-FLASH Adobe AS3 pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31348 <-> ENABLED <-> FILE-FLASH Adobe AS3 pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31349 <-> ENABLED <-> FILE-FLASH Adobe AS3 simplified pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31350 <-> ENABLED <-> FILE-FLASH Adobe AS3 simplified pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31351 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31352 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31353 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31354 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31370 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit redirection page (exploit-kit.rules) * 1:31376 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer mpeg width integer memory underflow attempt (file-multimedia.rules) * 1:31378 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules) * 1:31379 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTTextFflow overflow attempt (file-office.rules) * 1:31392 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31393 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31394 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31395 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31396 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31397 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31405 <-> DISABLED <-> SERVER-APACHE Apache Chunked-Encoding worm attempt (server-apache.rules) * 1:31411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31412 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31413 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31415 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31416 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31435 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB record memory corruption attempt (file-office.rules) * 1:31436 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB record memory corruption attempt (file-office.rules) * 1:31455 <-> DISABLED <-> EXPLOIT-KIT Rig Exploit Kit Outbound DGA Request (exploit-kit.rules) * 1:31477 <-> DISABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31478 <-> DISABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31479 <-> DISABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31480 <-> DISABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31481 <-> ENABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31482 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31483 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31484 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31487 <-> ENABLED <-> MALWARE-OTHER Game Over Zeus executable download detected (malware-other.rules) * 1:31488 <-> ENABLED <-> MALWARE-OTHER Game Over Zeus executable download detected (malware-other.rules) * 1:31489 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31490 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31510 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Injector outbound traffic (malware-other.rules) * 1:31511 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:31512 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:31513 <-> DISABLED <-> BROWSER-FIREFOX Multiple browser pressure function denial of service attempt (browser-firefox.rules) * 1:31532 <-> DISABLED <-> APP-DETECT Xolominer outbound connection attempt (app-detect.rules) * 1:31534 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31535 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31536 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31537 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules) * 1:31552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31554 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules) * 1:31555 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt (file-pdf.rules) * 1:31558 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Andromeda variant outbound connection (malware-backdoor.rules) * 1:31559 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Andromeda variant outbound connection (malware-backdoor.rules) * 1:31570 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB mysql.cc buffer overflow attempt (server-mysql.rules) * 1:31571 <-> DISABLED <-> FILE-IMAGE GIMP XWD BlueMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31572 <-> DISABLED <-> FILE-IMAGE GIMP XWD GreenMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31573 <-> DISABLED <-> FILE-IMAGE GIMP XWD RedMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31574 <-> DISABLED <-> FILE-IMAGE GIMP XWD BlueMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31575 <-> DISABLED <-> FILE-IMAGE GIMP XWD GreenMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31576 <-> DISABLED <-> FILE-IMAGE GIMP XWD RedMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31577 <-> DISABLED <-> PROTOCOL-SNMP HP Huawei password disclosure attempt (protocol-snmp.rules) * 1:31578 <-> DISABLED <-> PROTOCOL-SNMP HP Huawei password disclosure attempt (protocol-snmp.rules) * 1:31579 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record attempt (file-office.rules) * 1:31587 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XDP encoded download attempt (file-pdf.rules) * 1:31589 <-> DISABLED <-> PROTOCOL-SERVICES Linux iscsi_add_notunderstood_response request buffer overflow attempt (protocol-services.rules) * 1:31590 <-> DISABLED <-> PROTOCOL-SERVICES Linux iscsi_add_notunderstood_response request buffer overflow attempt (protocol-services.rules) * 1:31594 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (browser-chrome.rules) * 1:31595 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (browser-chrome.rules) * 1:31596 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (browser-chrome.rules) * 1:31597 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (browser-chrome.rules) * 1:31598 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (browser-chrome.rules) * 1:31599 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (browser-chrome.rules) * 1:31612 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded PRC stream NULL dereference denial of service attempt (file-pdf.rules) * 1:31613 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded PRC stream NULL dereference denial of service attempt (file-pdf.rules) * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player possible cross-domain bypass attempt (policy-other.rules) * 1:31670 <-> DISABLED <-> FILE-OTHER Symantec Endpoint Protection Sysplant kernel pool overflow exploit attempt (file-other.rules) * 1:31671 <-> DISABLED <-> FILE-OTHER Symantec Endpoint Protection Sysplant kernel pool overflow exploit attempt (file-other.rules) * 1:31673 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URL handling remote code execution attempt (file-flash.rules) * 1:31674 <-> DISABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31675 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31676 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31677 <-> DISABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31678 <-> ENABLED <-> FILE-FLASH Adobe Flash valueOf memory leak attempt (file-flash.rules) * 1:31679 <-> ENABLED <-> FILE-FLASH Adobe Flash valueOf memory leak attempt (file-flash.rules) * 1:31684 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-origin security policy bypass attempt (file-flash.rules) * 1:31685 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-origin security policy bypass attempt (file-flash.rules) * 1:31692 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page detected (exploit-kit.rules) * 1:31695 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31699 <-> ENABLED <-> EXPLOIT-KIT Hanjuan exploit kit encrypted binary download (exploit-kit.rules) * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31704 <-> DISABLED <-> SERVER-OTHER FCKeditor textinputs cross site scripting attempt (server-other.rules) * 1:31708 <-> DISABLED <-> SERVER-OTHER Cougar-LG SSH key path access attempt (server-other.rules) * 1:31709 <-> DISABLED <-> SERVER-OTHER Cougar-LG configuration file access attempt (server-other.rules) * 1:31719 <-> DISABLED <-> FILE-IMAGE Microsoft Multiple Products JPEG parser heap overflow attempt (file-image.rules) * 1:31723 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules) * 1:31724 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules) * 1:31725 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules) * 1:31726 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules) * 1:31727 <-> DISABLED <-> SERVER-OTHER Cistron-LG configuration file access attempt (server-other.rules) * 1:31732 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MMgc use-after-free attempt (file-flash.rules) * 1:31733 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MMgc use-after-free attempt (file-flash.rules) * 1:31734 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detection (exploit-kit.rules) * 1:31739 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (file-flash.rules) * 1:31740 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (file-flash.rules) * 1:31741 <-> ENABLED <-> SERVER-OTHER Multi-Router Looking Glass remote command injection attempt (server-other.rules) * 1:31746 <-> ENABLED <-> MALWARE-BACKDOOR Backdoor.Perl.Shellbot outbound communication attempt (malware-backdoor.rules) * 1:31749 <-> DISABLED <-> FILE-FLASH Adobe Flash Player marshallException through JavaScript XSS attempt (file-flash.rules) * 1:31750 <-> DISABLED <-> FILE-FLASH Adobe Flash Player marshallException through JavaScript XSS attempt (file-flash.rules) * 1:31764 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC TGS request cross-realm referral null pointer dereference denial of service attempt (server-other.rules) * 1:31765 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC TGS request cross-realm referral null pointer dereference denial of service attempt (server-other.rules) * 1:31766 <-> DISABLED <-> SERVER-OTHER Cougar-LG addr parameter XSS attempt (server-other.rules) * 1:31767 <-> DISABLED <-> SERVER-OTHER MRLG fastping echo reply memory corruption attempt (server-other.rules) * 1:31769 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit outbound connection on non-standard port (exploit-kit.rules) * 1:31770 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit jquery_datepicker domain decode attempt (exploit-kit.rules) * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31817 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Graftor variant retrieval of a DLL hosted as a JPG (malware-other.rules) * 1:31821 <-> DISABLED <-> FILE-OTHER Mozilla products clipPath element stroke-width buffer overflow attempt (file-other.rules) * 1:31822 <-> DISABLED <-> FILE-OTHER Mozilla products clipPath element stroke-width buffer overflow attempt (file-other.rules) * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules) * 1:31839 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules) * 1:31840 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules) * 1:31841 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules) * 1:31842 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules) * 1:31847 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (file-flash.rules) * 1:31848 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (file-flash.rules) * 1:31849 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (file-flash.rules) * 1:31850 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (file-flash.rules) * 1:31851 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A 128 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31852 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A 64 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31853 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A WPA key enumeration attempt (protocol-snmp.rules) * 1:31854 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 128 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31855 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 64 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31856 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products WPA key enumeration attempt (protocol-snmp.rules) * 1:31857 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit enumeration code detected (exploit-kit.rules) * 1:31858 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit enumeration code detected (exploit-kit.rules) * 1:31859 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit exfiltration attempt (exploit-kit.rules) * 1:31860 <-> DISABLED <-> SERVER-OTHER Apple CUPS web interface cross site scripting attempt (server-other.rules) * 1:31861 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (file-flash.rules) * 1:31862 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (file-flash.rules) * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:31898 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:31899 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash encoded shellcode detected (exploit-kit.rules) * 1:31900 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Internet Explorer encoded shellcode detected (exploit-kit.rules) * 1:31902 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit flash file download (exploit-kit.rules) * 1:31903 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit flash file download (exploit-kit.rules) * 1:31966 <-> DISABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules) * 1:31967 <-> DISABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules) * 1:31972 <-> DISABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules) * 1:31986 <-> ENABLED <-> FILE-OTHER Wireshark MPEG dissector stack buffer overflow attempt (file-other.rules) * 1:31987 <-> ENABLED <-> FILE-OTHER Wireshark MPEG dissector stack buffer overflow attempt (file-other.rules) * 1:31988 <-> ENABLED <-> EXPLOIT-KIT Gong Da exploit kit landing page (exploit-kit.rules) * 1:32005 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules) * 1:32006 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules) * 1:32008 <-> ENABLED <-> MALWARE-OTHER Fake Delta Ticket HTTP Response phishing attack (malware-other.rules) * 1:32021 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D format Line Set Continuation out-of-bounds memory access attempt (file-pdf.rules) * 1:32022 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D format Line Set Continuation out-of-bounds memory access attempt (file-pdf.rules) * 1:32024 <-> ENABLED <-> FILE-FLASH Adobe Flash Player unsupported bitmapFormat value memory disclosure attempt (file-flash.rules) * 1:32025 <-> ENABLED <-> FILE-FLASH Adobe Flash Player unsupported bitmapFormat value memory disclosure attempt (file-flash.rules) * 1:32026 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules) * 1:32027 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules) * 1:32029 <-> DISABLED <-> BROWSER-OTHER Android WebView same origin policy bypass attempt (browser-other.rules) * 1:32045 <-> ENABLED <-> OS-OTHER Bash redir_stack here document handling denial of service attempt (os-other.rules) * 1:32046 <-> ENABLED <-> OS-OTHER Bash redir_stack here document handling denial of service attempt (os-other.rules) * 1:32047 <-> ENABLED <-> OS-OTHER Bash CGI nested loops word_lineno denial of service attempt (os-other.rules) * 1:32049 <-> ENABLED <-> OS-OTHER Bash CGI nested loops word_lineno denial of service attempt (os-other.rules) * 1:32055 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Blohi variant outbound connection (malware-backdoor.rules) * 1:32059 <-> ENABLED <-> PROTOCOL-SCADA KingSCADA Alarm Server stack buffer overflow attempt (protocol-scada.rules) * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (policy-other.rules) * 1:32076 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 directory traversal attempt (server-other.rules) * 1:32077 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP ping abort message double free attempt (file-flash.rules) * 1:32080 <-> ENABLED <-> MALWARE-BACKDOOR Linux.Backdoor.Starysu variant inbound connection (malware-backdoor.rules) * 1:32081 <-> ENABLED <-> MALWARE-BACKDOOR Linux.Backdoor.Starysu variant inbound connection (malware-backdoor.rules) * 1:32084 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32085 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32087 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules) * 1:32088 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules) * 1:32089 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules) * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (policy-other.rules) * 1:32099 <-> DISABLED <-> FILE-OTHER Adobe Flash Player integer overflow out-of-bounds read attempt (file-other.rules) * 1:32100 <-> DISABLED <-> FILE-OTHER Adobe Flash Player integer overflow out-of-bounds read attempt (file-other.rules) * 1:32117 <-> DISABLED <-> PUA-ADWARE MplayerX malvertising browser hijacker (pua-adware.rules) * 1:32118 <-> DISABLED <-> PUA-ADWARE MplayerX malvertising connectivity check (pua-adware.rules) * 1:32119 <-> DISABLED <-> PUA-ADWARE Vsearch installer User-Agent (pua-adware.rules) * 1:32120 <-> DISABLED <-> PUA-ADWARE Vsearch installer request (pua-adware.rules) * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:32141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32142 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32143 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32146 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32147 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word styleWithEffects use-after-free attempt (file-office.rules) * 1:32148 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word styleWithEffects use-after-free attempt (file-office.rules) * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (file-identify.rules) * 1:32166 <-> ENABLED <-> FILE-OTHER Microsoft Internet Explorer SVG heap corruption attempt (file-other.rules) * 1:32167 <-> ENABLED <-> FILE-OTHER Microsoft Internet Explorer SVG heap corruption attempt (file-other.rules) * 1:32170 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader string replacement heap overflow attempt (file-pdf.rules) * 1:32171 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader string replacement heap overflow attempt (file-pdf.rules) * 1:32190 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font parsing remote code execution attempt (os-windows.rules) * 1:32191 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font parsing remote code execution attempt (os-windows.rules) * 1:32199 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 305 directory traversal attempt (server-other.rules) * 1:32204 <-> DISABLED <-> SERVER-OTHER SSLv3 POODLE CBC padding brute force attempt (server-other.rules) * 1:32205 <-> DISABLED <-> SERVER-OTHER SSLv3 POODLE CBC padding brute force attempt (server-other.rules) * 1:32236 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (file-flash.rules) * 1:32237 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (file-flash.rules) * 1:32238 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (file-flash.rules) * 1:32239 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (file-flash.rules) * 1:32240 <-> DISABLED <-> SERVER-OTHER rsyslog remote PRI out of bounds attempt (server-other.rules) * 1:32244 <-> DISABLED <-> BROWSER-FIREFOX Mozilla 1.0 Javascript arbitrary cookie access attempt (browser-firefox.rules) * 1:32247 <-> ENABLED <-> MALWARE-BACKDOOR PHP IRCBot command execution attempt (malware-backdoor.rules) * 1:32248 <-> ENABLED <-> MALWARE-BACKDOOR PHP IRCBot file edit attempt (malware-backdoor.rules) * 1:32249 <-> ENABLED <-> MALWARE-BACKDOOR PHP IRCBot port bind attempt (malware-backdoor.rules) * 1:32251 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:32252 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:32253 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file download request (file-identify.rules) * 1:32260 <-> ENABLED <-> MALWARE-OTHER Sinkhole reply - irc-sinkhole.cert.pl (malware-other.rules) * 1:32274 <-> DISABLED <-> OS-MOBILE Apple iOS 8.x jailbreak download attempt (os-mobile.rules) * 1:32275 <-> DISABLED <-> OS-MOBILE Apple iOS 8.x jailbreak download attempt (os-mobile.rules) * 1:32277 <-> DISABLED <-> SERVER-OTHER Novell ZENworks PreBoot directory traversal attempt (server-other.rules) * 1:32301 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32302 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32303 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32304 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32305 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32306 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32307 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32308 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32319 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink locationAttributeSetter use after free attempt (browser-chrome.rules) * 1:32320 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink locationAttributeSetter use after free attempt (browser-chrome.rules) * 1:32321 <-> DISABLED <-> SERVER-OTHER Generic JPEG stored cross site scripting attempt (server-other.rules) * 1:32322 <-> DISABLED <-> SERVER-OTHER Generic JPEG stored cross site scripting attempt (server-other.rules) * 1:32337 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader pattern object memory corruption attempt (file-pdf.rules) * 1:32339 <-> DISABLED <-> PUA-ADWARE Nosibay Bubble Dock freeware auto update outbound connection (pua-adware.rules) * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:32346 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 directory traversal attempt (server-other.rules) * 1:32358 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JpxDecode invalid crgn memory corruption attempt (file-pdf.rules) * 1:32361 <-> DISABLED <-> FILE-OTHER Microsoft Windows Briefcase integer overflow (file-other.rules) * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules) * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules) * 1:32371 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32376 <-> DISABLED <-> SERVER-OTHER Citrix NetScaler stack buffer overflow attempt (server-other.rules) * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (file-identify.rules) * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (file-identify.rules) * 1:32381 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules) * 1:32382 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules) * 1:32387 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit jar file download (exploit-kit.rules) * 1:32388 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules) * 1:32390 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:32399 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound Oracle Java request (exploit-kit.rules) * 1:32403 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32404 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32405 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32406 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32407 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32408 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32409 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32410 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32411 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32412 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32413 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32414 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32415 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32416 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32417 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32419 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel ECDH key exchange heap overflow attempt (os-windows.rules) * 1:32420 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel ECDH key exchange heap overflow attempt (os-windows.rules) * 1:32421 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel ECDH key exchange heap overflow attempt (os-windows.rules) * 1:32422 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DTLSv1.0 handshake cookie buffer overflow attempt (os-windows.rules) * 1:32423 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DTLSv1.0 hello verify request out of bounds read attempt (os-windows.rules) * 1:32428 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document malicious lcbSttbfBkmkArto value attempt (file-office.rules) * 1:32429 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document malicious lcbSttbfBkmkArto value attempt (file-office.rules) * 1:32432 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word lcbPlcffndTxt out-of-bounds attempt (file-office.rules) * 1:32433 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word fcPlfguidUim out-of-bounds attempt (file-office.rules) * 1:32434 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word lcbPlcffndTxt out-of-bounds attempt (file-office.rules) * 1:32435 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word fcPlfguidUim out-of-bounds attempt (file-office.rules) * 1:32465 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (server-other.rules) * 1:32466 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (server-other.rules) * 1:32467 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (server-other.rules) * 1:32468 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (server-other.rules) * 1:32474 <-> ENABLED <-> OS-WINDOWS .NET Framework BinaryServerFormatterSink-ProcessMessage IMessage corruption attempt (os-windows.rules) * 1:32475 <-> ENABLED <-> OS-WINDOWS .NET Framework BinaryServerFormatterSink-ProcessMessage IMessage corruption attempt (os-windows.rules) * 1:32476 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word bOffset value overflow attempt (file-office.rules) * 1:32477 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word bOffset value overflow attempt (file-office.rules) * 1:32489 <-> DISABLED <-> OS-WINDOWS Microsoft Windows tcpip.sys null pointer dereference attempt (os-windows.rules) * 1:32490 <-> DISABLED <-> OS-WINDOWS Microsoft Windows tcpip.sys null pointer dereference attempt (os-windows.rules) * 1:32499 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer EPM sandbox escape attempt (file-other.rules) * 1:32500 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer EPM sandbox escape attempt (file-other.rules) * 1:32501 <-> ENABLED <-> FILE-OTHER Microsoft XML invalid priority in xsl template (file-other.rules) * 1:32502 <-> ENABLED <-> FILE-OTHER Microsoft XML invalid priority in xsl template (file-other.rules) * 1:32514 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules) * 1:32515 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules) * 1:32516 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules) * 1:32517 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules) * 1:32518 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer registry symbolic link attack attempt (file-other.rules) * 1:32519 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer registry symbolic link attack attempt (file-other.rules) * 1:32525 <-> ENABLED <-> BROWSER-OTHER FreeBSD tnftp client detected (browser-other.rules) * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (policy-other.rules) * 1:32530 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32533 <-> ENABLED <-> SERVER-MYSQL Oracle MySQL Server XPath memory Corruption attempt (server-mysql.rules) * 1:32534 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32535 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32537 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32540 <-> ENABLED <-> FILE-FLASH Adobe Flash Player decompressed microphone object codec denial of service attempt (file-flash.rules) * 1:32541 <-> ENABLED <-> FILE-FLASH Adobe Flash Player decompressed microphone object codec denial of service attempt (file-flash.rules) * 1:32542 <-> ENABLED <-> FILE-FLASH Adobe Flash Player compressed microphone object codec denial of service attempt (file-flash.rules) * 1:32543 <-> ENABLED <-> FILE-FLASH Adobe Flash Player compressed microphone object codec denial of service attempt (file-flash.rules) * 1:32544 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML focus with no data denial of service attempt (file-flash.rules) * 1:32545 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML focus with no data denial of service attempt (file-flash.rules) * 1:32552 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect codec denial of service attempt (file-flash.rules) * 1:32553 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect codec denial of service attempt (file-flash.rules) * 1:32554 <-> ENABLED <-> EXPLOIT-KIT Hellspawn exploit kit landing page detected (exploit-kit.rules) * 1:32558 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (file-flash.rules) * 1:32559 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (file-flash.rules) * 1:32560 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (file-flash.rules) * 1:32561 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (file-flash.rules) * 1:32566 <-> DISABLED <-> POLICY-OTHER SSLv3 CBC client connection attempt (policy-other.rules) * 1:32567 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (file-flash.rules) * 1:32568 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (file-flash.rules) * 1:32569 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (file-flash.rules) * 1:32570 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (file-flash.rules) * 1:32571 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32572 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32573 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32574 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32575 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32576 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32578 <-> ENABLED <-> PUA-OTHER Request for known malware domain pierrejb.agora.eu.org (pua-other.rules) * 1:32587 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Series record exploit attempt (file-office.rules) * 1:32588 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules) * 1:32589 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules) * 1:32592 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed JPEG information leak attempt (file-flash.rules) * 1:32593 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed JPEG information leak attempt (file-flash.rules) * 1:32601 <-> DISABLED <-> SERVER-OTHER Hikvision DVR RTSP request buffer overflow attempt (server-other.rules) * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (policy-other.rules) * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (policy-other.rules) * 1:32616 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules) * 1:32617 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules) * 1:32618 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file download request (file-identify.rules) * 1:32619 <-> DISABLED <-> FILE-OTHER MostGear EasyLanFolderShare serial key overflow attempt (file-other.rules) * 1:32620 <-> DISABLED <-> FILE-OTHER MostGear EasyLanFolderShare serial key overflow attempt (file-other.rules) * 1:32628 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32636 <-> DISABLED <-> FILE-OTHER fCreateShellLink function use - potential attack (file-other.rules) * 1:32637 <-> DISABLED <-> PROTOCOL-TFTP UDP large packet use after free attempt (protocol-tftp.rules) * 1:32638 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit Adobe Flash exploit on defined port (exploit-kit.rules) * 1:32640 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit outbound payload detection (exploit-kit.rules) * 1:32641 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit Oracle Java jnlp file requested on defined port (exploit-kit.rules) * 1:32647 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32648 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32649 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32650 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32651 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32668 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray.uncompress use after free attempt (file-flash.rules) * 1:32669 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray.uncompress use after free attempt (file-flash.rules) * 1:32671 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (file-other.rules) * 1:32672 <-> DISABLED <-> SERVER-OTHER Cisco ios ftp proxy overflow attempt (server-other.rules) * 1:32673 <-> DISABLED <-> SERVER-OTHER Web Service on Devices API WSDAPI URL processing buffer corruption attempt (server-other.rules) * 1:32683 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel blip image use after free attempt (file-office.rules) * 1:32684 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel blip image use after free attempt (file-office.rules) * 1:32687 <-> DISABLED <-> FILE-OFFICE Microsoft Office use after free (file-office.rules) * 1:32688 <-> DISABLED <-> FILE-OFFICE Microsoft Office use after free (file-office.rules) * 1:32705 <-> DISABLED <-> SERVER-MAIL Microsoft Exchange OWA meeting invite XSS attempt (server-mail.rules) * 1:32707 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object use after free attempt (file-office.rules) * 1:32708 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object use after free attempt (file-office.rules) * 1:32711 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word array index out-of-bounds attempt (file-office.rules) * 1:32712 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word array index out-of-bounds attempt (file-office.rules) * 1:32713 <-> DISABLED <-> BROWSER-OTHER Microsoft Internet Explorer cross site scripting filter bypass attempt (browser-other.rules) * 1:32718 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel remote code execution attempt (file-office.rules) * 1:32719 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel remote code execution attempt (file-office.rules) * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (policy-other.rules) * 1:32731 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32732 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32737 <-> DISABLED <-> SERVER-OTHER Lianja SQL Server db_netserver Buffer Overflow attempt (server-other.rules) * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32748 <-> DISABLED <-> SERVER-OTHER Ecava IntegraXor HMI /res buffer overflow attempt (server-other.rules) * 1:32749 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules) * 1:32750 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules) * 1:32751 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules) * 1:32752 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules) * 1:32755 <-> DISABLED <-> SERVER-OTHER TLSv1.0 POODLE CBC padding brute force attempt (server-other.rules) * 1:32756 <-> DISABLED <-> SERVER-OTHER TLSv1.1 POODLE CBC padding brute force attempt (server-other.rules) * 1:32757 <-> DISABLED <-> SERVER-OTHER TLSv1.2 POODLE CBC padding brute force attempt (server-other.rules) * 1:32758 <-> DISABLED <-> SERVER-OTHER TLSv1.0 POODLE CBC padding brute force attempt (server-other.rules) * 1:32759 <-> DISABLED <-> SERVER-OTHER TLSv1.1 POODLE CBC padding brute force attempt (server-other.rules) * 1:32760 <-> DISABLED <-> SERVER-OTHER TLSv1.2 POODLE CBC padding brute force attempt (server-other.rules) * 1:32764 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (file-flash.rules) * 1:32765 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (file-flash.rules) * 1:32766 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (file-flash.rules) * 1:32767 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (file-flash.rules) * 1:32768 <-> DISABLED <-> SQL PK-CMS SQL injection attempt (sql.rules) * 1:32771 <-> DISABLED <-> MALWARE-OTHER Adobe Invoice email scam phishing attempt (malware-other.rules) * 1:32772 <-> DISABLED <-> MALWARE-OTHER Adobe License Key email scam phishing attempt (malware-other.rules) * 1:32787 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32788 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32789 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32790 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32793 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:32794 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:32795 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D light resource orphaned array use after free attempt (file-pdf.rules) * 1:32796 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D light resource orphaned array use after free attempt (file-pdf.rules) * 1:32797 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32798 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32799 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32800 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32801 <-> DISABLED <-> FILE-FLASH Adobe Flash Player orphaning MP3 crash attempt (file-flash.rules) * 1:32802 <-> DISABLED <-> FILE-FLASH Adobe Flash Player orphaning MP3 crash attempt (file-flash.rules) * 1:32805 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32806 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32807 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32808 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32809 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32813 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D object use after free attempt (file-pdf.rules) * 1:32814 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D object use after free attempt (file-pdf.rules) * 1:32815 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:32816 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:32817 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:32818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:32819 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 row out of bounds memory corruption attempt (file-pdf.rules) * 1:32820 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 row out of bounds memory corruption attempt (file-pdf.rules) * 1:32821 <-> DISABLED <-> FILE-PDF Cross Domain potentially malicious redirection attempt (file-pdf.rules) * 1:32822 <-> DISABLED <-> FILE-PDF Cross Domain potentially malicious redirection attempt (file-pdf.rules) * 1:32828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32832 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32833 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32834 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32835 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32836 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32837 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32838 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ANTrustPropgateAll privilege propagation attempt (file-pdf.rules) * 1:32839 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ANTrustPropgateAll privilege propagation attempt (file-pdf.rules) * 1:32845 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - 209.53.113.223 (app-detect.rules) * 1:32846 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - absolute.com (app-detect.rules) * 1:32847 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - bh.namequery.com (app-detect.rules) * 1:32848 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - namequery.nettrace.co.za (app-detect.rules) * 1:32849 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search.us.namequery.com (app-detect.rules) * 1:32850 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search2.namequery.com (app-detect.rules) * 1:32851 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search64.namequery.com (app-detect.rules) * 1:32864 <-> DISABLED <-> APP-DETECT I2P NetBIOS name resolution request attempt (app-detect.rules) * 1:32865 <-> DISABLED <-> APP-DETECT I2P DNS request attempt (app-detect.rules) * 1:32866 <-> DISABLED <-> APP-DETECT I2P UPNP query attempt (app-detect.rules) * 1:32867 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader resampling invalid graphic matrix value attempt (file-pdf.rules) * 1:32868 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader resampling invalid graphic matrix value attempt (file-pdf.rules) * 1:32872 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff exploit attempt (file-office.rules) * 1:32873 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray crash attempt (file-flash.rules) * 1:32874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray crash attempt (file-flash.rules) * 1:32875 <-> DISABLED <-> MALWARE-TOOLS BlackSpider Tool ali.txt file upload attempt (malware-tools.rules) * 1:32877 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:32878 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:32879 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit payload delivery (exploit-kit.rules) * 1:32880 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules) * 1:32883 <-> DISABLED <-> FILE-OTHER Adobe Reader MoveFileEx arbitrary file write attempt (file-other.rules) * 1:32884 <-> DISABLED <-> FILE-OTHER Adobe Reader MoveFileEx arbitrary file write attempt (file-other.rules) * 1:32889 <-> DISABLED <-> FILE-IMAGE Microsoft and libpng multiple products PNG large image width overflow attempt (file-image.rules) * 1:32890 <-> DISABLED <-> SERVER-OTHER ntpd configure buffer overflow attempt (server-other.rules) * 1:32898 <-> DISABLED <-> FILE-MULTIMEDIA Quicktime MJPEG Frame stsd Atom Heap Overflow attempt (file-multimedia.rules) * 1:32899 <-> DISABLED <-> FILE-MULTIMEDIA Quicktime MJPEG Frame stsd Atom Heap Overflow attempt (file-multimedia.rules) * 1:32900 <-> DISABLED <-> FILE-FLASH Adobe Flash pepper player 307 redirect custom header cross domain policy evasion attempt (file-flash.rules) * 1:32903 <-> DISABLED <-> FILE-OTHER Oracle Database Server XML stack buffer overflow attempt (file-other.rules) * 1:32904 <-> DISABLED <-> FILE-OTHER Oracle Database Server XML stack buffer overflow attempt (file-other.rules) * 1:32907 <-> DISABLED <-> POLICY-OTHER PirateBrowser User-Agent detected (policy-other.rules) * 1:32911 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper inbound communication attempt (malware-backdoor.rules) * 1:32912 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper outbound communication attempt (malware-backdoor.rules) * 1:32913 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper download attempt (malware-backdoor.rules) * 1:32914 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper download attempt (malware-backdoor.rules) * 1:32915 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper inbound communication attempt (malware-backdoor.rules) * 1:32916 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper outbound communication attempt (malware-backdoor.rules) * 1:32917 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper inbound communication attempt (malware-backdoor.rules) * 1:32918 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper download attempt (malware-backdoor.rules) * 1:32919 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32920 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32921 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32922 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32923 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32924 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32925 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32926 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32927 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32928 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32929 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32930 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32931 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32932 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32933 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32934 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32935 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32936 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Wiper proxy tools download attempt (malware-tools.rules) * 1:32937 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Wiper proxy communication attempt (malware-tools.rules) * 1:32938 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Wiper proxy tool download attempt (malware-tools.rules) * 1:32940 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed Label record exploit attempt (file-office.rules) * 1:32941 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules) * 1:32942 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules) * 1:32943 <-> DISABLED <-> FILE-OTHER Microsoft SYmbolic LinK stack overflow attempt (file-other.rules) * 1:32945 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules) * 1:32946 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules) * 1:32947 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file download request (file-identify.rules) * 1:32948 <-> DISABLED <-> INDICATOR-COMPROMISE Download of executable screensaver file (indicator-compromise.rules) * 1:32949 <-> DISABLED <-> MALWARE-OTHER Download of executable screensaver file (malware-other.rules) * 1:32951 <-> DISABLED <-> POLICY-OTHER base64 encoded executable file download (policy-other.rules) * 1:32953 <-> DISABLED <-> SERVER-OTHER XCat Blind XPath Injection attempt (server-other.rules) * 1:32954 <-> DISABLED <-> SERVER-OTHER XCat Blind XPath Injection attempt (server-other.rules) * 1:32955 <-> DISABLED <-> SERVER-OTHER XCat Blind XPath Injection attempt (server-other.rules) * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (protocol-dns.rules) * 1:32960 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules) * 1:32961 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules) * 1:32965 <-> DISABLED <-> OS-WINDOWS Microsoft Windows identity token authorization bypass attempt (os-windows.rules) * 1:32966 <-> DISABLED <-> OS-WINDOWS Microsoft Windows identity token authorization bypass attempt (os-windows.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules) * 1:32974 <-> DISABLED <-> OS-MOBILE Android ObjectInputStream privilege escalation attempt (os-mobile.rules) * 1:32975 <-> DISABLED <-> OS-MOBILE Android ObjectInputStream privilege escalation attempt (os-mobile.rules) * 1:32995 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit Adobe Flash download (exploit-kit.rules) * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules) * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules) * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (file-identify.rules) * 1:33048 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebdavRedirector privilege escalation attempt (os-windows.rules) * 1:33049 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebdavRedirector privilege escalation attempt (os-windows.rules) * 1:33062 <-> DISABLED <-> FILE-OTHER BulletProof FTP Client BPS file buffer overflow attempt (file-other.rules) * 1:33063 <-> DISABLED <-> FILE-OTHER BulletProof FTP Client BPS file buffer overflow attempt (file-other.rules) * 1:33155 <-> DISABLED <-> OS-WINDOWS CryptProtectMemory Impersonation Check Bypass attempt (os-windows.rules) * 1:33156 <-> DISABLED <-> OS-WINDOWS CryptProtectMemory Impersonation Check Bypass attempt (os-windows.rules) * 1:33159 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM2 opcode type confusion denial of service attempt (file-flash.rules) * 1:33160 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM2 opcode type confusion denial of service attempt (file-flash.rules) * 1:33162 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:33163 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:33164 <-> DISABLED <-> FILE-FLASH Adobe Flash Player RTMP out-of-bounds read attempt (file-flash.rules) * 1:33176 <-> ENABLED <-> FILE-FLASH Adobe Flash AWM2 out of bounds corruption attempt (file-flash.rules) * 1:33177 <-> ENABLED <-> FILE-FLASH Adobe Flash AWM2 out of bounds corruption attempt (file-flash.rules) * 1:33183 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:33185 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:33186 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (exploit-kit.rules) * 1:33187 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (exploit-kit.rules) * 1:33197 <-> DISABLED <-> SERVER-OTHER BMC Track-It FileStorageService directory traversal attempt (server-other.rules) * 1:33205 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC 2.1.5 Media Player libavcodex memory corruption attempt (file-multimedia.rules) * 1:33206 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC 2.1.5 Media Player libavcodex memory corruption attempt (file-multimedia.rules) * 1:33208 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bladbindi obfuscated with Yano Obfuscator download attempt (malware-other.rules) * 1:33212 <-> ENABLED <-> PUA-ADWARE SoftPulse variant HTTP response attempt (pua-adware.rules) * 1:33213 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader newfunction memory corruption attempt (file-pdf.rules) * 1:33214 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader newfunction memory corruption attempt (file-pdf.rules) * 1:33215 <-> DISABLED <-> INDICATOR-COMPROMISE DNS request for known malware domain icanhazip.com (indicator-compromise.rules) * 1:33216 <-> DISABLED <-> INDICATOR-COMPROMISE DNS request for known malware domain tor2web.org (indicator-compromise.rules) * 1:33224 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.Blocker variant outbound connection attempt (indicator-compromise.rules) * 1:33280 <-> DISABLED <-> PUA-ADWARE Win.Adware.iBryte variant outbound connection (pua-adware.rules) * 1:33286 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (exploit-kit.rules) * 1:33292 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:33295 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (file-flash.rules) * 1:33296 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (file-flash.rules) * 1:33297 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (file-flash.rules) * 1:33298 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (file-flash.rules) * 1:33304 <-> ENABLED <-> PUA-ADWARE Win.Adware.Gamevance variant outbound connection (pua-adware.rules) * 1:33306 <-> ENABLED <-> MALWARE-OTHER connection to malware sinkhole (malware-other.rules) * 1:33307 <-> DISABLED <-> FILE-OTHER Microsoft Visio packed object parsing memory corruption attempt (file-other.rules) * 1:33308 <-> DISABLED <-> FILE-OTHER Microsoft Visio packed object parsing memory corruption attempt (file-other.rules) * 1:33309 <-> DISABLED <-> FILE-OTHER libxml2 entity reference name heap buffer overflow attempt (file-other.rules) * 1:33310 <-> DISABLED <-> FILE-OTHER libxml2 entity reference name heap buffer overflow attempt (file-other.rules) * 1:33311 <-> ENABLED <-> PUA-ADWARE Win.Adware.OptimizerPro variant outbound connection (pua-adware.rules) * 1:33343 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 x64 linked cursor double free attempt (os-windows.rules) * 1:33344 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 x64 linked cursor double free attempt (os-windows.rules) * 1:33355 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys use-after-free attempt (os-windows.rules) * 1:33363 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules) * 1:33364 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules) * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (policy-other.rules) * 1:33430 <-> DISABLED <-> APP-DETECT I2P traffic transmission attempt (app-detect.rules) * 1:33436 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font integer overflow attempt (file-other.rules) * 1:33437 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font integer overflow attempt (file-other.rules) * 1:33441 <-> DISABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (file-office.rules) * 1:33442 <-> DISABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (file-office.rules) * 1:33445 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP channel driver denial of service attempt (protocol-voip.rules) * 1:33452 <-> ENABLED <-> PUA-TOOLBARS Win.Toolbar.Crossrider variant outbound connection (pua-toolbars.rules) * 1:33454 <-> ENABLED <-> FILE-OTHER Adobe Reader CoolType.DLL out-of-bounds memory access attempt (file-other.rules) * 1:33455 <-> ENABLED <-> FILE-OTHER Adobe Reader CoolType.DLL out-of-bounds memory access attempt (file-other.rules) * 1:33475 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (file-flash.rules) * 1:33476 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (file-flash.rules) * 1:33477 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (file-flash.rules) * 1:33478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (file-flash.rules) * 1:33480 <-> DISABLED <-> PUA-ADWARE Win.Adware.DownloadGuide variant outbound connection (pua-adware.rules) * 1:33483 <-> ENABLED <-> PUA-ADWARE Win.Adware.InstallMonster variant outbound connection (pua-adware.rules) * 1:33515 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33516 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33517 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33518 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33525 <-> DISABLED <-> FILE-OTHER Apple OSX Safari format string validation corruption attempt (file-other.rules) * 1:33526 <-> DISABLED <-> FILE-OTHER Apple OSX Safari format string validation corruption attempt (file-other.rules) * 1:33527 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33528 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33529 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33530 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33531 <-> DISABLED <-> PUA-ADWARE MediaBuzz malvertising browser redirect attempt (pua-adware.rules) * 1:33532 <-> DISABLED <-> PUA-ADWARE MediaBuzz malvertising browser redirect attempt (pua-adware.rules) * 1:33549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33553 <-> DISABLED <-> PUA-ADWARE Win.Adware.iBryte variant outbound connection (pua-adware.rules) * 1:33561 <-> DISABLED <-> SERVER-OTHER OpenSSL fragmented protocol downgrade attempt (server-other.rules) * 1:33562 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document with embedded networking script (file-office.rules) * 1:33563 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document with embedded networking script (file-office.rules) * 1:33564 <-> DISABLED <-> SERVER-MAIL GNU Mailman date field buffer overflow attempt (server-mail.rules) * 1:33565 <-> DISABLED <-> SERVER-OTHER McAfee E-Business Server remote preauth code execution attempt (server-other.rules) * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules) * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules) * 1:33580 <-> DISABLED <-> PUA-ADWARE SuperFish adware outbound connection attempt (pua-adware.rules) * 1:33583 <-> DISABLED <-> PROTOCOL-DNS ISC BIND recursive resolver resource consumption denial of service attempt (protocol-dns.rules) * 1:33588 <-> DISABLED <-> FILE-OTHER Oracle Java WebStart JNLP stack buffer overflow attempt (file-other.rules) * 1:33592 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player SwDir.dll PlayerVersion Buffer Overflow attempt (file-other.rules) * 1:33593 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player SwDir.dll PlayerVersion Buffer Overflow attempt (file-other.rules) * 1:33595 <-> DISABLED <-> SERVER-OTHER GnuTLS TLSA record heap buffer overflow attempt (server-other.rules) * 1:33596 <-> DISABLED <-> SERVER-OTHER GnuTLS TLSA record heap buffer overflow attempt (server-other.rules) * 1:33603 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption attempt (file-other.rules) * 1:33604 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption attempt (file-other.rules) * 1:33615 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules) * 1:33618 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.lubot download (malware-backdoor.rules) * 1:33619 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.lubot download (malware-backdoor.rules) * 1:33622 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33624 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33625 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33626 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33627 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33628 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33629 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33630 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33631 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33634 <-> DISABLED <-> FILE-FLASH Adobe Flash Player decompressing denial of service attempt (file-flash.rules) * 1:33635 <-> DISABLED <-> FILE-FLASH Adobe Flash Player decompressing denial of service attempt (file-flash.rules) * 1:33636 <-> DISABLED <-> SERVER-OTHER SAP Sybase ESP xmlrpc unsafe pointer dereference attempt (server-other.rules) * 1:33637 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query object integer overflow attempt (server-mysql.rules) * 1:33640 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file download request (file-identify.rules) * 1:33641 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules) * 1:33642 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules) * 1:33643 <-> DISABLED <-> FILE-OTHER Apple Motion OZDocumentparseElement Integer Overflow attempt (file-other.rules) * 1:33644 <-> DISABLED <-> FILE-OTHER Apple Motion OZDocumentparseElement Integer Overflow attempt (file-other.rules) * 1:33645 <-> DISABLED <-> PUA-ADWARE SuperFish adware outbound connection attempt (pua-adware.rules) * 1:33654 <-> DISABLED <-> SERVER-OTHER OpenSSH maxstartup threshold connection exhaustion denial of service attempt (server-other.rules) * 1:33661 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (browser-chrome.rules) * 1:33662 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (browser-chrome.rules) * 1:33663 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound uri structure (exploit-kit.rules) * 1:33664 <-> DISABLED <-> BROWSER-OTHER Network Security Services NSS library RSA signature forgery attempt (browser-other.rules) * 1:33666 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file download request (file-identify.rules) * 1:33667 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules) * 1:33668 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules) * 1:33669 <-> DISABLED <-> FILE-OTHER Executable disguised as PIF file (file-other.rules) * 1:33679 <-> DISABLED <-> SERVER-OTHER Cisco CNS Network Registrar denial of service attempt (server-other.rules) * 1:33680 <-> DISABLED <-> SERVER-OTHER Cisco CNS Network Registrar denial of service attempt (server-other.rules) * 1:33682 <-> DISABLED <-> SERVER-OTHER PHP unserialize use after free attempt (server-other.rules) * 1:33683 <-> DISABLED <-> SERVER-OTHER PHP unserialize use after free attempt (server-other.rules) * 1:33685 <-> DISABLED <-> SERVER-OTHER PHPMoAdmin remote code execution attempt (server-other.rules) * 1:33713 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules) * 1:33714 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules) * 1:33717 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Task Scheduler access control bypass attempt (os-windows.rules) * 1:33728 <-> DISABLED <-> OS-WINDOWS ATLMFD.DLL improperly terminated encrypted charstrings in type 1 font attempt (os-windows.rules) * 1:33729 <-> DISABLED <-> OS-WINDOWS ATLMFD.DLL improperly terminated encrypted charstrings in type 1 font attempt (os-windows.rules) * 1:33732 <-> DISABLED <-> FILE-OTHER Microsoft OpenType font atlmfd.dll uninitialized memory read attempt (file-other.rules) * 1:33733 <-> DISABLED <-> FILE-OTHER Microsoft OpenType font atlmfd.dll uninitialized memory read attempt (file-other.rules) * 1:33734 <-> DISABLED <-> FILE-OFFICE Microsoft Office ADODB.RecordSet code execution attempt (file-office.rules) * 1:33735 <-> DISABLED <-> FILE-OFFICE Microsoft Office ADODB.RecordSet code execution attempt (file-office.rules) * 1:33758 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.CTB-Locker download attempt (malware-other.rules) * 1:33759 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.CTB-Locker download attempt (malware-other.rules) * 1:33760 <-> DISABLED <-> FILE-IMAGE Microsoft Internet Explorer PNG tRNS chuck size 1 information disclosure attempt (file-image.rules) * 1:33761 <-> DISABLED <-> FILE-IMAGE Microsoft Internet Explorer PNG tRNS chuck size 1 information disclosure attempt (file-image.rules) * 1:33765 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetClipboardAccessToken privilege escalation attempt (os-windows.rules) * 1:33766 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetClipboardAccessToken privilege escalation attempt (os-windows.rules) * 1:33767 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserFnINOUTNCCALCSIZE kernel memory leak attempt (os-windows.rules) * 1:33768 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserFnINOUTNCCALCSIZE kernel memory leak attempt (os-windows.rules) * 1:33769 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserfnINSTRINGNULL memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:33770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserfnINSTRINGNULL memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:33771 <-> DISABLED <-> FILE-OTHER Microsoft Windows jxr information disclosure attempt (file-other.rules) * 1:33772 <-> DISABLED <-> FILE-OTHER Microsoft Windows jxr information disclosure attempt (file-other.rules) * 1:33773 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CmpGetVirtualizationID race condition user impersonation attempt (os-windows.rules) * 1:33774 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CmpGetVirtualizationID race condition user impersonation attempt (os-windows.rules) * 1:33777 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33778 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33779 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33780 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33781 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33782 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33783 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33784 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33785 <-> DISABLED <-> SERVER-OTHER SSL request for export grade cipher suite attempt (server-other.rules) * 1:33786 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33787 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33788 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33789 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33790 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33791 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33792 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33793 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33794 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33795 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33796 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33797 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33798 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33799 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33800 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33801 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33802 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33803 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33804 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33805 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33806 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33807 <-> DISABLED <-> SERVER-MAIL Microsoft Exchange OWA X-OWA-CANARY command injection attempt (server-mail.rules) * 1:33808 <-> DISABLED <-> SERVER-OTHER Microsoft Sharepoint Server Newsfeed XSS attempt (server-other.rules) * 1:33809 <-> DISABLED <-> SERVER-OTHER Microsoft Sharepoint user display name XSS attempt (server-other.rules) * 1:33810 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server custom DLP policy name cross-site scripting attempt (server-other.rules) * 1:33811 <-> DISABLED <-> SERVER-MAIL Microsoft Exchange UM Management user stored XSS attempt (server-mail.rules) * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:33815 <-> DISABLED <-> PUA-ADWARE Adware Goobzo/CrossRider variant outbound connection (pua-adware.rules) * 1:33816 <-> DISABLED <-> PUA-ADWARE Adware Goobzo/CrossRider variant outbound connection (pua-adware.rules) * 1:33823 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Speccom variant outbound connection (malware-backdoor.rules) * 1:33825 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules) * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules) * 1:33830 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:33833 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules) * 1:33834 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules) * 1:33835 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules) * 1:33858 <-> DISABLED <-> SERVER-OTHER rsyslog remote PRI out of bounds attempt (server-other.rules) * 1:33874 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Latekonsul Runtime Detection (malware-other.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules) * 1:33908 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll out-of-bounds memory write access attempt (file-pdf.rules) * 1:33909 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll out-of-bounds memory write access attempt (file-pdf.rules) * 1:33910 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit rowspan denial of service attempt (browser-webkit.rules) * 1:33911 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit rowspan denial of service attempt (browser-webkit.rules) * 1:33939 <-> DISABLED <-> MALWARE-OTHER Executable control panel file attachment detected (malware-other.rules) * 1:33940 <-> DISABLED <-> MALWARE-OTHER Executable control panel file attachment detected (malware-other.rules) * 1:33941 <-> DISABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:33942 <-> DISABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:33943 <-> ENABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:33944 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33945 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33946 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33947 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33948 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33949 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33950 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33951 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33952 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33953 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33954 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33955 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33956 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33957 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33958 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33959 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33960 <-> DISABLED <-> SERVER-OTHER PHP unserialize code execution attempt (server-other.rules) * 1:33961 <-> DISABLED <-> SERVER-OTHER PHP unserialize code execution attempt (server-other.rules) * 1:33962 <-> DISABLED <-> BROWSER-CHROME Google Chrome Pepper Flash same-origin-policy bypass attempt (browser-chrome.rules) * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33971 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross domain policy bypass attempt (file-flash.rules) * 1:33972 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross domain policy bypass attempt (file-flash.rules) * 1:33973 <-> DISABLED <-> FILE-FLASH Adobe Flash Player compressed file cross domain policy bypass attempt (file-flash.rules) * 1:33974 <-> DISABLED <-> FILE-FLASH Adobe Flash Player compressed file cross domain policy bypass attempt (file-flash.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34027 <-> DISABLED <-> SERVER-OTHER PHP 4 unserialize ZVAL Reference Counter Overflow attempt (server-other.rules) * 1:34053 <-> DISABLED <-> SERVER-OTHER PHP unserialize and __wakeup use after free attempt (server-other.rules) * 1:34054 <-> DISABLED <-> SERVER-OTHER PHP unserialize and __wakeup use after free attempt (server-other.rules) * 1:34057 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:34058 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:34078 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules) * 1:34079 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules) * 1:34080 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules) * 1:34081 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules) * 1:34082 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules) * 1:34083 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules) * 1:34088 <-> DISABLED <-> SERVER-IIS Web.config information disclosure attempt (server-iis.rules) * 1:34091 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender misconfiguration MpCmdRun.exe system execution attempt (os-windows.rules) * 1:34092 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender misconfiguration MpCmdRun.exe system execution attempt (os-windows.rules) * 1:34095 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtCreateTransactionManager type confusion attempt (os-windows.rules) * 1:34096 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtCreateTransactionManager type confusion attempt (os-windows.rules) * 1:34097 <-> DISABLED <-> FILE-OTHER Multiple products external entity injection attempt (file-other.rules) * 1:34098 <-> DISABLED <-> FILE-OTHER Multiple products external entity injection attempt (file-other.rules) * 1:34099 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint projectdetails.aspx ret parameter XSS attempt (server-other.rules) * 1:34112 <-> DISABLED <-> SERVER-OTHER NTP mode 6 REQ_NONCE denial of service attempt (server-other.rules) * 1:34114 <-> DISABLED <-> SERVER-OTHER NTP mode 6 UNSETTRAP denial of service attempt (server-other.rules) * 1:34118 <-> DISABLED <-> INDICATOR-OBFUSCATION known malicious javascript packer detected (indicator-obfuscation.rules) * 1:34119 <-> DISABLED <-> PUA-ADWARE InstallMetrix precheck stage outbound connection (pua-adware.rules) * 1:34120 <-> DISABLED <-> PUA-ADWARE InstallMetrix fetch offers stage outbound connection (pua-adware.rules) * 1:34121 <-> DISABLED <-> PUA-ADWARE InstallMetrix reporting binary installation stage status (pua-adware.rules) * 1:34122 <-> DISABLED <-> PUA-ADWARE InstallMetrix reporting fetch offers stage status (pua-adware.rules) * 1:34125 <-> DISABLED <-> PUA-ADWARE User-Agent Vitruvian (pua-adware.rules) * 1:34126 <-> DISABLED <-> PUA-ADWARE Vitruvian outbound connection (pua-adware.rules) * 1:34127 <-> DISABLED <-> PUA-ADWARE Vitruvian outbound connection (pua-adware.rules) * 1:34131 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules) * 1:34137 <-> DISABLED <-> PUA-ADWARE SearchProtect user-agent detection (pua-adware.rules) * 1:34141 <-> DISABLED <-> SERVER-OTHER Oracle CorelDRAW file parser heap buffer overflow attempt (server-other.rules) * 1:34142 <-> DISABLED <-> SERVER-OTHER Oracle CorelDRAW file parser heap buffer overflow attempt (server-other.rules) * 1:34144 <-> DISABLED <-> PUA-ADWARE SuperOptimizer installation status (pua-adware.rules) * 1:34145 <-> DISABLED <-> PUA-ADWARE SuperOptimizer encrypted data transmission (pua-adware.rules) * 1:34146 <-> DISABLED <-> PUA-ADWARE SuperOptimizer geolocation request (pua-adware.rules) * 1:34147 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34148 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34149 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34150 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34160 <-> DISABLED <-> SERVER-OTHER Oracle Outside In Paradox database denial of service attempt (server-other.rules) * 1:34170 <-> DISABLED <-> BROWSER-OTHER Opera SVG use after free memory corruption attempt (browser-other.rules) * 1:34171 <-> DISABLED <-> BROWSER-OTHER Opera SVG use after free memory corruption attempt (browser-other.rules) * 1:34176 <-> DISABLED <-> FILE-FLASH Adobe Flash Player domain security bypass attempt (file-flash.rules) * 1:34177 <-> DISABLED <-> FILE-FLASH Adobe Flash Player domain security bypass attempt (file-flash.rules) * 1:34224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (indicator-shellcode.rules) * 1:34226 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple AV products evasion attempt (indicator-obfuscation.rules) * 1:34227 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple AV products evasion attempt (indicator-obfuscation.rules) * 1:34232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules) * 1:34233 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules) * 1:34234 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules) * 1:34235 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules) * 1:34236 <-> DISABLED <-> PUA-ADWARE Eorezo outbound connection (pua-adware.rules) * 1:34237 <-> DISABLED <-> PUA-ADWARE Eorezo get advertisement (pua-adware.rules) * 1:34238 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file upload attempt (server-other.rules) * 1:34239 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file upload attempt (server-other.rules) * 1:34253 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules) * 1:34254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules) * 1:34288 <-> DISABLED <-> SERVER-OTHER Windows iSCSI target login request Denial of Service attempt (server-other.rules) * 1:34295 <-> DISABLED <-> SQL Lblog possible sql injection attempt - GET parameter (sql.rules) * 1:34301 <-> DISABLED <-> SERVER-OTHER GNU Mailman listname directory traversal attempt (server-other.rules) * 1:34336 <-> ENABLED <-> MALWARE-OTHER Html.Phishing.Crea outbound connection attempt (malware-other.rules) * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (policy-other.rules) * 1:34343 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (file-multimedia.rules) * 1:34344 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (file-multimedia.rules) * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (policy-other.rules) * 1:34348 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit payload download (exploit-kit.rules) * 1:34373 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34374 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34375 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34376 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34377 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetComboBoxInfo information disclosure attempt (os-windows.rules) * 1:34378 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetComboBoxInfo information disclosure attempt (os-windows.rules) * 1:34395 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:34396 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:34397 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download request (file-identify.rules) * 1:34398 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download attempt (file-identify.rules) * 1:34413 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetScrollBarInfo information disclosure attempt (os-windows.rules) * 1:34414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetScrollBarInfo information disclosure attempt (os-windows.rules) * 1:34426 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:34427 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:34434 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET XML recursive call denial of service attempt (os-windows.rules) * 1:34435 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET XML recursive call denial of service attempt (os-windows.rules) * 1:34438 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .msc file stack overflow attempt (os-windows.rules) * 1:34439 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .msc file stack overflow attempt (os-windows.rules) * 1:34442 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTUserGetTitleBarInfo information disclosure attempt (os-windows.rules) * 1:34443 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTUserGetTitleBarInfo information disclosure attempt (os-windows.rules) * 1:34463 <-> DISABLED <-> APP-DETECT TeamViewer remote administration tool outbound connection attempt (app-detect.rules) * 1:34464 <-> DISABLED <-> SERVER-OTHER AsusWRT infosvr remote command execution attempt (server-other.rules) * 1:34465 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT28 Lisuife (indicator-compromise.rules) * 1:34479 <-> DISABLED <-> FILE-EXECUTABLE Adobe Flash Player Internet Explorer broker process directory traversal attempt (file-executable.rules) * 1:34480 <-> DISABLED <-> FILE-EXECUTABLE Adobe Flash Player Internet Explorer broker process directory traversal attempt (file-executable.rules) * 1:34481 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34482 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34483 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34484 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34485 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34486 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34487 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34488 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:34493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:34494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:34495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:34496 <-> DISABLED <-> APP-DETECT Your-Freedom DNS tunneling query attempt (app-detect.rules) * 1:34497 <-> DISABLED <-> APP-DETECT Your-Freedom DNS tunneling query response attempt (app-detect.rules) * 1:34498 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules) * 1:34499 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules) * 1:34500 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Wekby Torn variant outbound connection (malware-backdoor.rules) * 1:34528 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader AVDoc use-after-free attempt (file-pdf.rules) * 1:34529 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader AVDoc use-after-free attempt (file-pdf.rules) * 1:34530 <-> DISABLED <-> FILE-OTHER Microsoft CAB incorrect version multiple antivirus evasion attempt (file-other.rules) * 1:34531 <-> DISABLED <-> FILE-OTHER Microsoft CAB incorrect version multiple antivirus evasion attempt (file-other.rules) * 1:34532 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader customDictionaryExport information disclosure attempt (file-pdf.rules) * 1:34533 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader customDictionaryExport information disclosure attempt (file-pdf.rules) * 1:34534 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PRC invalid index attempt (file-pdf.rules) * 1:34535 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PRC invalid index attempt (file-pdf.rules) * 1:34536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:34537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:34566 <-> DISABLED <-> FILE-OTHER Microsoft Windows Font Library file buffer overflow attempt (file-other.rules) * 1:34573 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34574 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34575 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34576 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34577 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34578 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34579 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34580 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:34585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34587 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34588 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34595 <-> DISABLED <-> SERVER-OTHER OpenSSL handshake with potentially unseeded PRNG information disclosure attempt (server-other.rules) * 1:34629 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules) * 1:34630 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules) * 1:34631 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file download request (file-identify.rules) * 1:34649 <-> DISABLED <-> SERVER-OTHER OpenSSL zero-length ClientKeyExchange message denial of service attempt (server-other.rules) * 1:34709 <-> DISABLED <-> SERVER-OTHER MIT Kerberos MIT Kerberos 5 krb5_read_message denial of service attempt (server-other.rules) * 1:34710 <-> DISABLED <-> SERVER-OTHER PHP unserialize datetimezone object code execution attempt (server-other.rules) * 1:34714 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules) * 1:34715 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules) * 1:34761 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference privilege escalation attempt (os-windows.rules) * 1:34762 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference privilege escalation attempt (os-windows.rules) * 1:34769 <-> DISABLED <-> SERVER-IIS Microsoft Active Directory Federation Services wct parameter cross site scripting attempt (server-iis.rules) * 1:34770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows bitmap menu item use after free attempt (os-windows.rules) * 1:34771 <-> DISABLED <-> OS-WINDOWS Microsoft Windows bitmap menu item use after free attempt (os-windows.rules) * 1:34774 <-> DISABLED <-> OS-WINDOWS Microsoft Windows multiple linked fonts memory corruption attempt (os-windows.rules) * 1:34775 <-> DISABLED <-> OS-WINDOWS Microsoft Windows multiple linked fonts memory corruption attempt (os-windows.rules) * 1:34776 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserMessageCall information disclosure attempt (os-windows.rules) * 1:34777 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserMessageCall information disclosure attempt (os-windows.rules) * 1:34780 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context visible region memory corruption attempt (file-other.rules) * 1:34781 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context visible region memory corruption attempt (file-other.rules) * 1:34782 <-> DISABLED <-> OS-WINDOWS Microsoft Windows BrushAttributes use-after-free attempt (os-windows.rules) * 1:34783 <-> DISABLED <-> OS-WINDOWS Microsoft Windows BrushAttributes use-after-free attempt (os-windows.rules) * 1:34784 <-> DISABLED <-> OS-WINDOWS Microsoft Windows window placement invalid memory write attempt (os-windows.rules) * 1:34785 <-> DISABLED <-> OS-WINDOWS Microsoft Windows window placement invalid memory write attempt (os-windows.rules) * 1:34786 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context memory corruption attempt (file-other.rules) * 1:34787 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context memory corruption attempt (file-other.rules) * 1:34788 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 CreateWindowEx privilege escalation attempt (os-windows.rules) * 1:34789 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 CreateWindowEx privilege escalation attempt (os-windows.rules) * 1:34792 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules) * 1:34793 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules) * 1:34800 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:34801 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:34802 <-> DISABLED <-> OS-LINUX Linux kernel SCTP Unknown Chunk Types denial of service attempt (os-linux.rules) * 1:34811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player assumed trust URI reference to child file attempt (file-flash.rules) * 1:34812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34814 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34836 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34837 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34838 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34839 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34858 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34859 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34860 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34861 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34864 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (indicator-compromise.rules) * 1:34889 <-> DISABLED <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt (server-other.rules) * 1:34927 <-> DISABLED <-> PUA-ADWARE PullUpdate installer outbound connection (pua-adware.rules) * 1:34930 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy outbound traffic attempt (malware-other.rules) * 1:34933 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HSC DVD driver upgrade code execution attempt (os-windows.rules) * 1:34945 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.Dridex dropper message (malware-tools.rules) * 1:34946 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox automatic user click event attempt (browser-firefox.rules) * 1:34947 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox automatic user click event attempt (browser-firefox.rules) * 1:34951 <-> DISABLED <-> SERVER-OTHER PHP DateTimeZone object timezone unserialize type confusion attempt (server-other.rules) * 1:34952 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34953 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34954 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34955 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34956 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34964 <-> DISABLED <-> PUA-ADWARE Win.Adware.Sendori user-agent detection (pua-adware.rules) * 1:34969 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:34970 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:34973 <-> DISABLED <-> SERVER-OTHER Apache mod_include buffer overflow attempt (server-other.rules) * 1:34974 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio UML string object heap buffer overflow attempt (file-office.rules) * 1:34975 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio UML string object heap buffer overflow attempt (file-office.rules) * 1:34984 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (file-other.rules) * 1:34985 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (file-other.rules) * 1:34986 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (file-other.rules) * 1:34987 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (file-other.rules) * 1:35003 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Malumpos malware download attempt (malware-other.rules) * 1:35004 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Malumpos malware download attempt (malware-other.rules) * 1:35018 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules) * 1:35019 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules) * 1:35020 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules) * 1:35021 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules) * 1:35022 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime corrupt stbl atom out of bounds read attempt (file-multimedia.rules) * 1:35023 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime corrupt stbl atom out of bounds read attempt (file-multimedia.rules) * 1:35038 <-> DISABLED <-> SERVER-OTHER Trustwave ModSecurity chunked transfer encoding policy bypass attempt (server-other.rules) * 1:35042 <-> DISABLED <-> POLICY-OTHER Apple Cups cupsd.conf change attempt (policy-other.rules) * 1:35044 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari URI spoofing attempt (browser-webkit.rules) * 1:35045 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari URI spoofing attempt (browser-webkit.rules) * 1:35070 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (browser-firefox.rules) * 1:35071 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use after free attempt (browser-firefox.rules) * 1:35072 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (browser-firefox.rules) * 1:35073 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (browser-firefox.rules) * 1:35074 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use after free attempt (browser-firefox.rules) * 1:35075 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (browser-firefox.rules) * 1:35084 <-> DISABLED <-> EXPLOIT-KIT Null Hole exploit kit binary download request (exploit-kit.rules) * 1:35085 <-> DISABLED <-> EXPLOIT-KIT Null Hole exploit kit malicious swf request (exploit-kit.rules) * 1:35092 <-> DISABLED <-> SERVER-OTHER PHP core compressed file temp_len buffer overflow attempt (server-other.rules) * 1:35093 <-> DISABLED <-> SERVER-OTHER PHP core compressed file temp_len buffer overflow attempt (server-other.rules) * 1:35094 <-> DISABLED <-> FILE-OTHER Microsoft proxy autoconfig script system library import attempt (file-other.rules) * 1:35097 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35098 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35105 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (os-windows.rules) * 1:35106 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (os-windows.rules) * 1:35107 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (os-windows.rules) * 1:35108 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (os-windows.rules) * 1:35109 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit obfuscated Flash actionscript classname detected (exploit-kit.rules) * 1:35110 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit obfuscated Flash actionscript classname detected (exploit-kit.rules) * 1:35111 <-> DISABLED <-> SERVER-OTHER OpenSSL anomalous x509 certificate with default org name and certificate chain detected (server-other.rules) * 1:35112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference attempt (os-windows.rules) * 1:35113 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference attempt (os-windows.rules) * 1:35118 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos privilege escalation attempt (os-windows.rules) * 1:35129 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid table information disclosure attempt (file-office.rules) * 1:35130 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid table information disclosure attempt (file-office.rules) * 1:35131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserDisableProcessWindowFiltering information disclosure attempt (os-windows.rules) * 1:35132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserDisableProcessWindowFiltering information disclosure attempt (os-windows.rules) * 1:35135 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DeferWindowPos access after release code injection attempt (os-windows.rules) * 1:35136 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DeferWindowPos access after release code injection attempt (os-windows.rules) * 1:35143 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Viewer msostyle.dll dll-load exploit attempt (file-office.rules) * 1:35144 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Viewer request for msostyle.dll over SMB attempt (file-office.rules) * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:35149 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop reference use after free attempt (os-windows.rules) * 1:35150 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop reference use after free attempt (os-windows.rules) * 1:35160 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules) * 1:35161 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules) * 1:35162 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules) * 1:35163 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules) * 1:35166 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object remote code execution attempt (file-office.rules) * 1:35167 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object remote code execution attempt (file-office.rules) * 1:35168 <-> DISABLED <-> FILE-OFFICE Microsoft Office rapi.dll dll-load exploit attempt (file-office.rules) * 1:35169 <-> DISABLED <-> FILE-OFFICE Microsoft Office request for rapi.dll over SMB attempt (file-office.rules) * 1:35174 <-> DISABLED <-> OS-WINDOWS DCOM DCE/RPC NTLM reflection elevation of privilege attempt (os-windows.rules) * 1:35188 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35239 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (file-pdf.rules) * 1:35240 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (file-pdf.rules) * 1:35241 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (file-pdf.rules) * 1:35242 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (file-pdf.rules) * 1:35247 <-> ENABLED <-> FILE-IDENTIFY GNI file download request (file-identify.rules) * 1:35248 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules) * 1:35249 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules) * 1:35250 <-> ENABLED <-> FILE-IDENTIFY GNI file magic detected (file-identify.rules) * 1:35253 <-> DISABLED <-> SERVER-OTHER LibreOffice Impress socket manager Use After Free attempt (server-other.rules) * 1:35256 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:35282 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (file-flash.rules) * 1:35283 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (file-flash.rules) * 1:35284 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (file-flash.rules) * 1:35285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (file-flash.rules) * 1:35286 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (file-flash.rules) * 1:35287 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (file-flash.rules) * 1:35288 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (file-flash.rules) * 1:35289 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (file-flash.rules) * 1:35307 <-> DISABLED <-> SERVER-OTHER OpenSSL alternative chains certificate forgery attempt (server-other.rules) * 1:35314 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_proxy denial of service attempt (server-apache.rules) * 1:35333 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:35334 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:35335 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:35371 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Bimteni variant initial outbound connection (malware-backdoor.rules) * 1:35384 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nicabown variant outbound connection (malware-backdoor.rules) * 1:35405 <-> DISABLED <-> SERVER-OTHER HP Release Control authenticated privilege escalation attempt (server-other.rules) * 1:35406 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_status heap buffer overflow attempt (server-apache.rules) * 1:35411 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor Policy ByPass command injection attempt (browser-chrome.rules) * 1:35412 <-> DISABLED <-> BROWSER-CHROME Google Chrome xssauditor policy bypass command injection attempt (browser-chrome.rules) * 1:35413 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules) * 1:35414 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules) * 1:35417 <-> DISABLED <-> SERVER-OTHER Fortinet Single Sign On hello message denial of service attempt (server-other.rules) * 1:35418 <-> DISABLED <-> SERVER-OTHER Fortinet Single Sign On hello message denial of service attempt (server-other.rules) * 1:35432 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:35433 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (file-identify.rules) * 1:35460 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallWrapper error handling code execution attempt (browser-firefox.rules) * 1:35461 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallWrapper error handling code execution attempt (browser-firefox.rules) * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35469 <-> ENABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35487 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Notepad remote printer file access attempt (os-windows.rules) * 1:35488 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Notepad remote printer file access attempt (os-windows.rules) * 1:35513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtGdiGetTextMetricsW TEXTMETRICW kernel mode ASLR bypass attempt (os-windows.rules) * 1:35514 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtGdiGetTextMetricsW TEXTMETRICW kernel mode ASLR bypass attempt (os-windows.rules) * 1:35527 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:35528 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:35529 <-> DISABLED <-> FILE-OTHER Microsoft Windows malformed TTF table hmtx remote code execution attempt (file-other.rules) * 1:35530 <-> DISABLED <-> FILE-OTHER Microsoft Windows malformed TTF table hmtx remote code execution attempt (file-other.rules) * 1:35542 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit flash exploit download attempt (exploit-kit.rules) * 1:35543 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35544 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35545 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35548 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35550 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:35552 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (server-mail.rules) * 1:35553 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (server-mail.rules) * 1:35554 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (server-mail.rules) * 1:35555 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (server-mail.rules) * 1:35561 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules) * 1:35562 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules) * 1:35563 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime esds atom buffer overread attempt (file-multimedia.rules) * 1:35564 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime esds atom buffer overread attempt (file-multimedia.rules) * 1:35567 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid mvhd atom size out of bounds read attempt (file-multimedia.rules) * 1:35568 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid mvhd atom size out of bounds read attempt (file-multimedia.rules) * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (policy-other.rules) * 1:35628 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime tkhd atom matrix integer overflow attempt (file-multimedia.rules) * 1:35629 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime tkhd atom matrix integer overflow attempt (file-multimedia.rules) * 1:35630 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules) * 1:35631 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules) * 1:35636 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid swf tag parsing buffer overflow attempt (file-flash.rules) * 1:35637 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid swf tag parsing buffer overflow attempt (file-flash.rules) * 1:35638 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35639 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35640 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object after free attempt (file-flash.rules) * 1:35641 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35664 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules) * 1:35665 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules) * 1:35688 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml file request (protocol-other.rules) * 1:35689 <-> DISABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml buffer overflow attempt (protocol-other.rules) * 1:35739 <-> DISABLED <-> FILE-PDF Adobe Reader GoToE javascript execution attempt (file-pdf.rules) * 1:35740 <-> DISABLED <-> FILE-PDF Adobe Reader GoToE javascript execution attempt (file-pdf.rules) * 1:35757 <-> DISABLED <-> FILE-PDF Adobe Reader exclGroup element null pointer dereference attempt (file-pdf.rules) * 1:35758 <-> DISABLED <-> FILE-PDF Adobe Reader exclGroup element null pointer dereference attempt (file-pdf.rules) * 1:35763 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules) * 1:35764 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules) * 1:35765 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules) * 1:35766 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules) * 1:35769 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Cobrike inbound connection (malware-backdoor.rules) * 1:35770 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Cobrike outbound connection (malware-backdoor.rules) * 1:35773 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35774 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35775 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35776 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35777 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35778 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35781 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (file-pdf.rules) * 1:35782 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (file-pdf.rules) * 1:35784 <-> DISABLED <-> FILE-PDF Adobe Reader AcroForm null pointer dereference attempt (file-pdf.rules) * 1:35785 <-> DISABLED <-> FILE-PDF Adobe Reader AcroForm null pointer dereference attempt (file-pdf.rules) * 1:35786 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader trusted function privilege escalation attempt (file-pdf.rules) * 1:35787 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader trusted function privilege escalation attempt (file-pdf.rules) * 1:35795 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules) * 1:35796 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules) * 1:35797 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file download request (file-identify.rules) * 1:35805 <-> DISABLED <-> FILE-EXECUTABLE Adobe Reader NtSetInformationFile privilege escalation attempt (file-executable.rules) * 1:35806 <-> DISABLED <-> FILE-EXECUTABLE Adobe Reader NtSetInformationFile privilege escalation attempt (file-executable.rules) * 1:35807 <-> DISABLED <-> FILE-PDF Adobe Reader validation bypass privilege escalation attempt (file-pdf.rules) * 1:35808 <-> DISABLED <-> FILE-PDF Adobe Reader validation bypass privilege escalation attempt (file-pdf.rules) * 1:35826 <-> DISABLED <-> FILE-OTHER TAR archive with absolute path detected (file-other.rules) * 1:35827 <-> DISABLED <-> FILE-OTHER TAR archive with absolute path detected (file-other.rules) * 1:35828 <-> DISABLED <-> FILE-OTHER OpenOffice Starview metafile arbitrary read write attempt (file-other.rules) * 1:35829 <-> DISABLED <-> FILE-OTHER OpenOffice Starview metafile arbitrary read write attempt (file-other.rules) * 1:35831 <-> DISABLED <-> SERVER-OTHER multiple vendors NTP daemon integer overflow attempt (server-other.rules) * 1:35845 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules) * 1:35849 <-> DISABLED <-> POLICY-OTHER EMC Documentum Content Server remote access attempt (policy-other.rules) * 1:35851 <-> DISABLED <-> SERVER-OTHER QEMU VNC set-pixel-format memory corruption attempt (server-other.rules) * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules) * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:35858 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:35876 <-> DISABLED <-> FILE-OTHER InduSoft Web Studio insecure visual basic code execution attempt (file-other.rules) * 1:35886 <-> DISABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules) * 1:35887 <-> DISABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules) * 1:35889 <-> DISABLED <-> PROTOCOL-SCADA Kaskad SCADA arbitrary command execution attempt (protocol-scada.rules) * 1:35904 <-> DISABLED <-> SERVER-OTHER SCADA InduSoft Web Studio buffer overflow attempt (server-other.rules) * 1:35916 <-> DISABLED <-> SERVER-OTHER Websense Triton Web Security untrusted remote file creation attempt (server-other.rules) * 1:35917 <-> DISABLED <-> SERVER-OTHER Websense Triton Web Security untrusted remote file creation attempt (server-other.rules) * 1:35921 <-> DISABLED <-> SERVER-OTHER General Electric Proficy malicious log forwarding request attempt (server-other.rules) * 1:35973 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SURFACE objects kernel privilege escalation attempt (os-windows.rules) * 1:35974 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SURFACE objects kernel privilege escalation attempt (os-windows.rules) * 1:35977 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateObjectTask privilege escalation attempt (os-windows.rules) * 1:35978 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateObjectTask privilege escalation attempt (os-windows.rules) * 1:35979 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file download request (file-identify.rules) * 1:35980 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules) * 1:35981 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules) * 1:35986 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserSetWindowsHook memory disclosure attempt (os-windows.rules) * 1:35987 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserSetWindowsHook memory disclosure attempt (os-windows.rules) * 1:35988 <-> DISABLED <-> FILE-EXECUTABLE NtGdiStretchBlt buffer overflow privilege escalation attempt (file-executable.rules) * 1:35989 <-> DISABLED <-> FILE-EXECUTABLE NtGdiStretchBlt buffer overflow privilege escalation attempt (file-executable.rules) * 1:35994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop window privilege escalation attempt (os-windows.rules) * 1:35995 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop window privilege escalation attempt (os-windows.rules) * 1:36010 <-> DISABLED <-> OS-WINDOWS Microsoft Windows task scheduler race condition attempt (os-windows.rules) * 1:36011 <-> DISABLED <-> OS-WINDOWS Microsoft Windows task scheduler race condition attempt (os-windows.rules) * 1:36012 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel SettingsSyncDiagnostics privilege escalation attempt (os-windows.rules) * 1:36013 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel SettingsSyncDiagnostics privilege escalation attempt (os-windows.rules) * 1:36016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows use after free kernel privilege escalation attempt (os-windows.rules) * 1:36017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows use after free kernel privilege escalation attempt (os-windows.rules) * 1:36025 <-> DISABLED <-> SERVER-OTHER Digium Asterisk TLS Certificate Common Name null byte validation bypass attempt (server-other.rules) * 1:36028 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys use after free attempt (os-windows.rules) * 1:36029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys use after free attempt (os-windows.rules) * 1:36034 <-> DISABLED <-> FILE-FLASH Infinity popup toolkit detected (file-flash.rules) * 1:36035 <-> DISABLED <-> FILE-FLASH Infinity popup toolkit detected (file-flash.rules) * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules) * 1:36061 <-> DISABLED <-> SERVER-OTHER SAP SQL Anywhere .NET malformed integer buffer overflow attempt (server-other.rules) * 1:36062 <-> DISABLED <-> FILE-PDF Adobe Reader makeMeasurement information disclosure attempt (file-pdf.rules) * 1:36063 <-> DISABLED <-> FILE-PDF Adobe Reader makeMeasurement information disclosure attempt (file-pdf.rules) * 1:36067 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:36071 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit browser version detection attempt (exploit-kit.rules) * 1:36096 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake oversized fragment length denial of service attempt (server-other.rules) * 1:36194 <-> DISABLED <-> POLICY-OTHER BitTorrent distributed reflected denial-of-service attempt (policy-other.rules) * 1:36201 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit exfiltration attempt (exploit-kit.rules) * 1:36239 <-> ENABLED <-> FILE-JAVA Oracle Java System.arraycopy race condition attempt (file-java.rules) * 1:36240 <-> ENABLED <-> FILE-JAVA Oracle Java System.arraycopy race condition attempt (file-java.rules) * 1:36241 <-> ENABLED <-> MALWARE-OTHER self-signed SSL certificate transfer for EXEPROXY attempt (malware-other.rules) * 1:36247 <-> DISABLED <-> SERVER-OTHER IRC w3wt0rk pitbull perl bot remote command execution attempt (server-other.rules) * 1:36248 <-> DISABLED <-> SERVER-OTHER IRC w3wt0rk pitbull perl bot remote command execution attempt (server-other.rules) * 1:36250 <-> DISABLED <-> SERVER-OTHER ntpd keyfile buffer overflow attempt (server-other.rules) * 1:36251 <-> DISABLED <-> SERVER-OTHER ntpq atoascii memory corruption attempt (server-other.rules) * 1:36252 <-> DISABLED <-> SERVER-OTHER ntpd remote configuration denial of service attempt (server-other.rules) * 1:36253 <-> DISABLED <-> SERVER-OTHER ntpd saveconfig directory traversal attempt (server-other.rules) * 1:36256 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:36277 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36278 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36279 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36280 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36281 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:36305 <-> DISABLED <-> FILE-PDF Foxit Reader PNG to PDF conversion heap buffer overflow attempt (file-pdf.rules) * 1:36306 <-> DISABLED <-> FILE-PDF Foxit Reader PNG to PDF conversion heap buffer overflow attempt (file-pdf.rules) * 1:36307 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (file-image.rules) * 1:36308 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (file-image.rules) * 1:36309 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (file-image.rules) * 1:36310 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (file-image.rules) * 1:36315 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit relay traffic detected (exploit-kit.rules) * 1:36316 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URI loaded MP4 potential information leak attempt (file-flash.rules) * 1:36317 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URI loaded FLV potential information leak attempt (file-flash.rules) * 1:36332 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit relay traffic detected (exploit-kit.rules) * 1:36338 <-> ENABLED <-> MALWARE-OTHER Apple iTunes Connect HTTP response phishing attempt (malware-other.rules) * 1:36360 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:36361 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:36362 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:36375 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework Endpoint default HTTP password authentication attempt (server-other.rules) * 1:36376 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework lcfd endpoint daemon buffer overflow attempt (server-other.rules) * 1:36377 <-> DISABLED <-> BROWSER-OTHER Google Chrome invalid URI denial of service attempt (browser-other.rules) * 1:36378 <-> DISABLED <-> BROWSER-OTHER Google Chrome invalid URI denial of service attempt (browser-other.rules) * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:36383 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:36384 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:36403 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SepReferenceLowBoxObjects privilege escalation attempt (os-windows.rules) * 1:36404 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SepReferenceLowBoxObjects privilege escalation attempt (os-windows.rules) * 1:36405 <-> DISABLED <-> OS-WINDOWS Microsoft Windows sandbox policy bypass attempt (os-windows.rules) * 1:36406 <-> DISABLED <-> OS-WINDOWS Microsoft Windows sandbox policy bypass attempt (os-windows.rules) * 1:36407 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (os-windows.rules) * 1:36408 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (os-windows.rules) * 1:36409 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (os-windows.rules) * 1:36410 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (os-windows.rules) * 1:36415 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel ALPC synchronous requests memory corruption attempt (os-windows.rules) * 1:36416 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel ALPC synchronous requests memory corruption attempt (os-windows.rules) * 1:36419 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36420 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36422 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36435 <-> DISABLED <-> SERVER-OTHER Xerox Administrator Console password extraction attempt (server-other.rules) * 1:36445 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 10 low integrity level NTFS mount reparse point bypass attempt (os-windows.rules) * 1:36446 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 10 low integrity level NTFS mount reparse point bypass attempt (os-windows.rules) * 1:36454 <-> DISABLED <-> SERVER-OTHER multiple products WinExec function remote code execution attempt (server-other.rules) * 1:36455 <-> DISABLED <-> SERVER-OTHER Schneider Electric InduSoft Web Studio Remote Agent remote code execution attempt (server-other.rules) * 1:36456 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (file-multimedia.rules) * 1:36457 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:36461 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost sadminpwd buffer overflow attempt (server-other.rules) * 1:36462 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost verifypwd buffer overflow attempt (server-other.rules) * 1:36476 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36477 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36479 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36492 <-> DISABLED <-> EXPLOIT-KIT Neutrino exploit kit gate detected (exploit-kit.rules) * 1:36493 <-> DISABLED <-> SERVER-OTHER Squid snmphandleUDP off-by-one buffer overflow attempt (server-other.rules) * 1:36498 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:36499 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:36500 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:36501 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:36523 <-> DISABLED <-> EXPLOIT-KIT Sundown exploit kit landing page detected (exploit-kit.rules) * 1:36524 <-> DISABLED <-> FILE-JAVA Oracle Java TrueType font parsing mort table ligature subtable buffer overflow attempt (file-java.rules) * 1:36525 <-> DISABLED <-> FILE-JAVA Oracle Java TrueType font parsing mort table ligature subtable buffer overflow attempt (file-java.rules) * 1:36527 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:36528 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:36529 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:36530 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (file-identify.rules) * 1:36535 <-> DISABLED <-> EXPLOIT-KIT Neutrino exploit kit landing page detected (exploit-kit.rules) * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:36543 <-> ENABLED <-> EXPLOIT-KIT Hunter exploit kit landing page detected (exploit-kit.rules) * 1:36545 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (server-other.rules) * 1:36546 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (server-other.rules) * 1:36547 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (server-other.rules) * 1:36548 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (server-other.rules) * 1:36562 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:36563 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:36564 <-> DISABLED <-> FILE-MULTIMEDIA libav LZO integer overflow attempt (file-multimedia.rules) * 1:36565 <-> DISABLED <-> FILE-MULTIMEDIA libav LZO integer overflow attempt (file-multimedia.rules) * 1:36585 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari user assisted applescript code execution attempt (browser-webkit.rules) * 1:36596 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos privilege escalation attempt (os-windows.rules) * 1:36606 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (file-flash.rules) * 1:36607 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (file-flash.rules) * 1:36608 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (file-flash.rules) * 1:36609 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (file-flash.rules) * 1:36611 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (indicator-compromise.rules) * 1:36612 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (indicator-compromise.rules) * 1:36650 <-> DISABLED <-> PROTOCOL-ICMP Squid Pinger IPv6 denial of service attempt (protocol-icmp.rules) * 1:36651 <-> DISABLED <-> PROTOCOL-ICMP Squid Pinger IPv6 denial of service attempt (protocol-icmp.rules) * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:36711 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file attachment detected (file-identify.rules) * 1:36718 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel memory information disclosure attempt (os-windows.rules) * 1:36719 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel memory information disclosure attempt (os-windows.rules) * 1:36733 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:36734 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:36735 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:36748 <-> ENABLED <-> FILE-IDENTIFY TTF file attachment detected (file-identify.rules) * 1:36766 <-> DISABLED <-> FILE-OTHER Microsoft Outlook for Mac EML file http-equiv refresh url attempt (file-other.rules) * 1:36767 <-> DISABLED <-> FILE-OTHER Microsoft Outlook for Mac EML file http-equiv refresh url attempt (file-other.rules) * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (policy-other.rules) * 1:36786 <-> DISABLED <-> FILE-OTHER Apple SceneKit qlmanage setelementname buffer overflow attempt (file-other.rules) * 1:36787 <-> DISABLED <-> FILE-OTHER Apple SceneKit qlmanage setelementname buffer overflow attempt (file-other.rules) * 1:36789 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript large regex memory corruption attempt (browser-firefox.rules) * 1:36803 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt (server-other.rules) * 1:36804 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet peerdistsvc.dll dll-load exploit attempt (os-windows.rules) * 1:36805 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet request for peerdistsvc.dll over SMB attempt (os-windows.rules) * 1:36814 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO acceptor acc_ctx_cont denial of service attempt (server-other.rules) * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (server-other.rules) * 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (server-other.rules) * 1:36823 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack Server buffer overflow attempt (server-other.rules) * 1:36825 <-> DISABLED <-> PUA-ADWARE DealPly Adware variant outbound connection (pua-adware.rules) * 1:36854 <-> DISABLED <-> FILE-OTHER IDEAL Administration IPJ file handling stack overflow attempt (file-other.rules) * 1:36855 <-> ENABLED <-> FILE-OTHER Wireshark DECT packet dissector overflow attempt (file-other.rules) * 1:36856 <-> DISABLED <-> FILE-IMAGE Microsoft Windows malformed WMF meta escape record memory corruption attempt (file-image.rules) * 1:36887 <-> DISABLED <-> POLICY-OTHER self-signed SSL certificate eDellRoot use attempt (policy-other.rules) * 1:36888 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:36912 <-> DISABLED <-> SERVER-OTHER Novell eDirectory dhost buffer overflow attempt (server-other.rules) * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (policy-other.rules) * 1:36972 <-> DISABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules) * 1:36973 <-> DISABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules) * 1:37017 <-> DISABLED <-> SERVER-OTHER Redis SSH authorized keys file overwrite attempt (server-other.rules) * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37028 <-> DISABLED <-> PROTOCOL-OTHER Websocket upgrade request without a client key detected (protocol-other.rules) * 1:37054 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37055 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37056 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37057 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37058 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37059 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37060 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37061 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37062 <-> DISABLED <-> APP-DETECT 12P DNS request attempt (app-detect.rules) * 1:37087 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Metafile invalid header size integer overflow (os-windows.rules) * 1:37154 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid RSASSA-PSS certificate denial of service attempt (server-other.rules) * 1:37155 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid RSASSA-PSS certificate denial of service attempt (server-other.rules) * 1:37222 <-> ENABLED <-> MALWARE-OTHER Win.Worm.Pixipos Outbound Connection Attempt (malware-other.rules) * 1:37281 <-> DISABLED <-> FILE-OTHER Microsoft Office MScomctl.ocx memory leak attempt (file-other.rules) * 1:37282 <-> DISABLED <-> FILE-OTHER Microsoft Office MScomctl.ocx memory leak attempt (file-other.rules) * 1:37288 <-> DISABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules) * 1:37291 <-> DISABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules) * 1:37298 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules) * 1:37299 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules) * 1:37300 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:37301 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:37302 <-> DISABLED <-> APP-DETECT Hola VPN X-Hola-Version header nonstandard port attempt (app-detect.rules) * 1:37303 <-> DISABLED <-> APP-DETECT Hola VPN X-Hola-Version header attempt (app-detect.rules) * 1:37304 <-> DISABLED <-> APP-DETECT Hola VPN non-http port ping (app-detect.rules) * 1:37305 <-> DISABLED <-> APP-DETECT Hola VPN tunnel keep alive (app-detect.rules) * 1:37306 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:37310 <-> DISABLED <-> BROWSER-CHROME Google Chrome MOTW pageSerializer HTML injection attempt (browser-chrome.rules) * 1:37311 <-> DISABLED <-> BROWSER-CHROME Google Chrome MOTW pageSerializer HTML injection attempt (browser-chrome.rules) * 1:37314 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (file-pdf.rules) * 1:37315 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (file-pdf.rules) * 1:37318 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rpawinet.dll dll-load exploit attempt (file-office.rules) * 1:37319 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word request for rpawinet.dll over SMB attempt (file-office.rules) * 1:37325 <-> DISABLED <-> BROWSER-CHROME Google Chrome same origin policy bypass attempt (browser-chrome.rules) * 1:37328 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37329 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37330 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37331 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37332 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37333 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37334 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37335 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37336 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37337 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37338 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37339 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37340 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37341 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37342 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37354 <-> DISABLED <-> APP-DETECT Jenkins Groovy script access through script console attempt (app-detect.rules) * 1:37355 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page detected (exploit-kit.rules) * 1:37362 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 conversion library code execution attempt (file-office.rules) * 1:37364 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST client identifier overflow attempt (os-windows.rules) * 1:37365 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST client identifier overflow attempt (os-windows.rules) * 1:37366 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST hostname overflow attempt (os-windows.rules) * 1:37367 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST hostname overflow attempt (os-windows.rules) * 1:37368 <-> DISABLED <-> SERVER-OTHER Multiple Vendors SOAP large array information disclosure attempt (server-other.rules) * 1:37375 <-> DISABLED <-> SERVER-MAIL Multiple IMAP servers EXAMINE command buffer overflow attempt (server-mail.rules) * 1:37401 <-> DISABLED <-> FILE-OTHER librtmp invalid pointer dereference attempt (file-other.rules) * 1:37402 <-> DISABLED <-> FILE-OTHER librtmp invalid pointer dereference attempt (file-other.rules) * 1:37403 <-> DISABLED <-> SERVER-OTHER Easy Chat server authentication request password parameter overflow attempt (server-other.rules) * 1:37404 <-> DISABLED <-> SERVER-OTHER Easy Chat server authentication request username parameter overflow attempt (server-other.rules) * 1:37407 <-> DISABLED <-> FILE-OTHER librtmp invalid pointer dereference attempt (file-other.rules) * 1:37416 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT download (malware-backdoor.rules) * 1:37417 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT server file download (malware-backdoor.rules) * 1:37418 <-> ENABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (malware-backdoor.rules) * 1:37419 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (malware-backdoor.rules) * 1:37420 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT initial connection (malware-backdoor.rules) * 1:37421 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT download (malware-backdoor.rules) * 1:37422 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT server file download (malware-backdoor.rules) * 1:37431 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ExtGState use after free attempt (file-pdf.rules) * 1:37432 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ExtGState use after free attempt (file-pdf.rules) * 1:37441 <-> ENABLED <-> FILE-OTHER Adobe Flash Player javascript parsing cross site scripting attempt (file-other.rules) * 1:37442 <-> ENABLED <-> FILE-OTHER Adobe Flash Player javascript parsing cross site scripting attempt (file-other.rules) * 1:37446 <-> DISABLED <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt (server-other.rules) * 1:37452 <-> DISABLED <-> FILE-IDENTIFY PESpin v0.3 packer file magic detected (file-identify.rules) * 1:37453 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox location.hostname DOM modification bypass attempt (browser-firefox.rules) * 1:37495 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter compressed stream length code execution attempt (file-pdf.rules) * 1:37496 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter compressed stream length code execution attempt (file-pdf.rules) * 1:37497 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter encrypted stream code execution attempt (file-pdf.rules) * 1:37498 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter encrypted stream code execution attempt (file-pdf.rules) * 1:37499 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Basefont string overflow attempt (file-pdf.rules) * 1:37500 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Basefont string overflow attempt (file-pdf.rules) * 1:37501 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt (file-pdf.rules) * 1:37502 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt (file-pdf.rules) * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules) * 1:37524 <-> DISABLED <-> FILE-OTHER ReGet Deluxe wjr file buffer overflow attempt (file-other.rules) * 1:37545 <-> DISABLED <-> POLICY-OTHER Netcore/Netis firmware hard-coded backdoor account access attempt (policy-other.rules) * 1:37546 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules) * 1:37583 <-> DISABLED <-> INDICATOR-SHELLCODE Javascript 0xCCCC unicode unescape (indicator-shellcode.rules) * 1:37619 <-> DISABLED <-> SERVER-OTHER InterSystems Cache UtilConfigHome.csp buffer overflow attempt (server-other.rules) * 1:37620 <-> DISABLED <-> PUA-ADWARE Genieo Adware framework variant outbound connection (pua-adware.rules) * 1:37621 <-> DISABLED <-> PUA-ADWARE Genieo Adware framework User-Agent (pua-adware.rules) * 1:37635 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SPNEGO ASN.1 library heap corruption overflow attempt (os-windows.rules) * 1:37642 <-> ENABLED <-> PUA-ADWARE Win.Adware.Dealply outbound POST attempt (pua-adware.rules) * 1:37643 <-> DISABLED <-> SQL Oracle e-Business Suite ORACLESSWA SQL injection attempt (sql.rules) * 1:37648 <-> DISABLED <-> SQL Oracle e-Business Suite JTF_BISUTILITY_PUB SQL injection attempt (sql.rules) * 1:37649 <-> DISABLED <-> FILE-OTHER Sophos Anti-Virus reserved device name handling vulnerability attempt (file-other.rules) * 1:37651 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.Downloader outbound connection attempt (malware-tools.rules) * 1:37654 <-> DISABLED <-> OS-LINUX Linux kernel SCTP handshake COOKIE ECHO Chunks denial of service attempt (os-linux.rules) * 1:37732 <-> DISABLED <-> POLICY-OTHER eicar test string download attempt (policy-other.rules) * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules) * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37841 <-> DISABLED <-> SERVER-OTHER ntpd reference clock impersonation attempt (server-other.rules) * 1:37842 <-> DISABLED <-> SERVER-OTHER ntpd reference clock impersonation attempt (server-other.rules) * 1:37843 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK possible DoS attempt (server-other.rules) * 1:37861 <-> DISABLED <-> SERVER-OTHER SafeNEt SoftRemote IKE service buffer overflow attempt (server-other.rules) * 1:37862 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:37863 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:37864 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf xref offset out of bounds read attempt (file-pdf.rules) * 1:37865 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf xref offset out of bounds read attempt (file-pdf.rules) * 1:37866 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf arbitrary pointer access attempt (file-pdf.rules) * 1:37867 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf arbitrary pointer access attempt (file-pdf.rules) * 1:37868 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:37869 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:37891 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS tunneling attempt (indicator-obfuscation.rules) * 1:37892 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS tunneling attempt (indicator-obfuscation.rules) * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37918 <-> ENABLED <-> EXPLOIT-KIT Magnitude exploit kit Internet Explorer exploit attempt (exploit-kit.rules) * 1:38060 <-> DISABLED <-> POLICY-OTHER SSLv2 Client Hello attempt (policy-other.rules) * 1:38130 <-> DISABLED <-> POLICY-OTHER HTTP Request missing user-agent (policy-other.rules) * 1:38135 <-> DISABLED <-> BROWSER-OTHER Apple iOS CoreGraphics library PDF embedded image handling information leak attempt (browser-other.rules) * 1:38136 <-> DISABLED <-> SERVER-MAIL excessive email recipients - potential spam attempt (server-mail.rules) * 1:38172 <-> DISABLED <-> FILE-OTHER Adobe Acrobat updaternotifications.dll dll-load exploit attempt (file-other.rules) * 1:38263 <-> DISABLED <-> SERVER-OTHER CUPS Filters command injection attempt (server-other.rules) * 1:38268 <-> DISABLED <-> SERVER-APACHE 404 OK response (server-apache.rules) * 1:38270 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt (server-other.rules) * 1:38271 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt (server-other.rules) * 1:38279 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (malware-other.rules) * 1:38280 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (malware-other.rules) * 1:38289 <-> DISABLED <-> FILE-PDF Oracle IOT IX SDK libvs_pdf null pointer dereference attempt (file-pdf.rules) * 1:38290 <-> DISABLED <-> FILE-PDF Oracle IOT IX SDK libvs_pdf null pointer dereference attempt (file-pdf.rules) * 1:38291 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules) * 1:38292 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules) * 1:38293 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:38294 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:38295 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:38296 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:38306 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules) * 1:38307 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules) * 1:38319 <-> DISABLED <-> NETBIOS SMB winreg named pipe creation attempt (netbios.rules) * 1:38320 <-> DISABLED <-> NETBIOS SMB srvsvc named pipe creation attempt (netbios.rules) * 1:38321 <-> DISABLED <-> NETBIOS SMB svcctl named pipe creation attempt (netbios.rules) * 1:38322 <-> DISABLED <-> NETBIOS SMB samr named pipe creation attempt (netbios.rules) * 1:38323 <-> DISABLED <-> FILE-OTHER 7zip HFS+ handling heap buffer overflow attempt (file-other.rules) * 1:38324 <-> DISABLED <-> FILE-OTHER 7zip HFS+ handling heap buffer overflow attempt (file-other.rules) * 1:38327 <-> ENABLED <-> MALWARE-BACKDOOR ReGeorg proxy read attempt (malware-backdoor.rules) * 1:38328 <-> ENABLED <-> MALWARE-BACKDOOR ReGeorg socks proxy connection attempt (malware-backdoor.rules) * 1:38329 <-> ENABLED <-> MALWARE-BACKDOOR ReGeorg socks proxy initial connection attempt (malware-backdoor.rules) * 1:38338 <-> DISABLED <-> FILE-JAVA Oracle Java Class Loader namespace sandbox bypass attempt (file-java.rules) * 1:38339 <-> DISABLED <-> FILE-JAVA Oracle Java Class Loader namespace sandbox bypass attempt (file-java.rules) * 1:38342 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf Root xref stack exhaustion attempt (file-pdf.rules) * 1:38343 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf Root xref stack exhaustion attempt (file-pdf.rules) * 1:38344 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT is operation null pointer dereference attempt (server-other.rules) * 1:38345 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT is operation null pointer dereference attempt (server-other.rules) * 1:38360 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (malware-other.rules) * 1:38361 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (malware-other.rules) * 1:38365 <-> DISABLED <-> SERVER-OTHER TCPDUMP ISAKMP payload handling denial of service attempt (server-other.rules) * 1:38372 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38373 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38374 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38375 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38376 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38377 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38390 <-> DISABLED <-> SERVER-OTHER HP JetDirect PJL path traversal attempt (server-other.rules) * 1:38391 <-> DISABLED <-> SERVER-OTHER HP JetDirect PJL path traversal attempt (server-other.rules) * 1:38441 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38442 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38443 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38444 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38445 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38446 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38447 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38448 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38449 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38450 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38451 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38452 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38453 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38454 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38457 <-> DISABLED <-> POLICY-OTHER Suspicious typo squatting DNS query to .om TLD attempt (policy-other.rules) * 1:38461 <-> ENABLED <-> OS-WINDOWS DCERPC Bind auth level packet privacy connection detected (os-windows.rules) * 1:38497 <-> DISABLED <-> MALWARE-OTHER samsam delfiletype.exe file load attempt (malware-other.rules) * 1:38498 <-> DISABLED <-> MALWARE-OTHER samsam samsam.exe file load attempt (malware-other.rules) * 1:38499 <-> DISABLED <-> MALWARE-OTHER samsam sqlsrvtmg1.exe file load attempt (malware-other.rules) * 1:38500 <-> DISABLED <-> MALWARE-OTHER samsam delfiletype.exe file load attempt (malware-other.rules) * 1:38501 <-> DISABLED <-> MALWARE-OTHER samsam samsam.exe file load attempt (malware-other.rules) * 1:38502 <-> DISABLED <-> MALWARE-OTHER samsam sqlsrvtmg1.exe file load attempt (malware-other.rules) * 1:38525 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Troll dropper document file detected (malware-other.rules) * 1:38526 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Troll dropper document file detected (malware-other.rules) * 1:38529 <-> DISABLED <-> MALWARE-OTHER XBot CC Social Engineering (malware-other.rules) * 1:38545 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_update_contact out of bounds read attempt (server-other.rules) * 1:38546 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT table markup command out of bounds read attempt (server-other.rules) * 1:38547 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT table markup command out of bounds read attempt (server-other.rules) * 1:38548 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling null pointer dereference attempt (server-other.rules) * 1:38549 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_parse_cmd_extprofile out of bounds read attempt (server-other.rules) * 1:38550 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling splash_remove directory traversal attempt (server-other.rules) * 1:38551 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling splash_remove directory traversal attempt (server-other.rules) * 1:38569 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (file-other.rules) * 1:38570 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (file-other.rules) * 1:38571 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (file-other.rules) * 1:38572 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (file-other.rules) * 1:38575 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS change cipher spec protocol denial of service attempt (server-other.rules) * 1:38578 <-> DISABLED <-> SERVER-OTHER Pidgin multimx_message_received out of bounds read attempt (server-other.rules) * 1:38583 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_parse_cmd_suggestcontacts out of bounds read attempt (server-other.rules) * 1:38594 <-> DISABLED <-> APP-DETECT Bloomberg web crawler outbound connection (app-detect.rules) * 1:38641 <-> DISABLED <-> INDICATOR-OBFUSCATION Invalid header line evasion attempt (indicator-obfuscation.rules) * 1:38650 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38651 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38652 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38653 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38654 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38655 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38656 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38657 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38658 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38659 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38660 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38661 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38662 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38663 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38664 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38665 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38666 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP header invalid entry evasion attempt (indicator-obfuscation.rules) * 1:38682 <-> ENABLED <-> EXPLOIT-KIT Angler Exploit Kit email gate (exploit-kit.rules) * 1:38683 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38684 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38685 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38686 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38687 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38688 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38689 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38690 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38691 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38692 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38693 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38694 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38695 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38696 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38697 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38698 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38699 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38700 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38701 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38702 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38703 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38704 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38705 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38706 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38707 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38708 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38709 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38710 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38711 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38712 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38713 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38714 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38715 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38716 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38717 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38718 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38719 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38731 <-> DISABLED <-> SERVER-OTHER Squid Proxy range header denial of service attempt (server-other.rules) * 1:38767 <-> DISABLED <-> INDICATOR-COMPROMISE potential abuse of originating page privileges by new tab (indicator-compromise.rules) * 1:38822 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:38823 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:38851 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file download request (file-identify.rules) * 1:38852 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules) * 1:38853 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules) * 1:38854 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules) * 1:38855 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules) * 1:38856 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38857 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38858 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38859 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38862 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file download request (file-identify.rules) * 1:38863 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:38864 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:38865 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:38866 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:38867 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_chunk_parse_get_avatar out of bounds read attempt (server-other.rules) * 1:38870 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_chunk_parse_cr out of bounds read attempt (server-other.rules) * 1:38892 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38893 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38897 <-> DISABLED <-> FILE-OTHER Adobe Illustrator CS4 request for aires.dll over SMB attempt (file-other.rules) * 1:38898 <-> DISABLED <-> FILE-OTHER Adobe Illustrator CS4 aires.dll dll-load exploit attempt (file-other.rules) * 1:38922 <-> DISABLED <-> INDICATOR-OBFUSCATION Brotli encoding evasion attempt (indicator-obfuscation.rules) * 1:38933 <-> DISABLED <-> INDICATOR-COMPROMISE IRC nick change on non-standard port (indicator-compromise.rules) * 1:38951 <-> ENABLED <-> PUA-ADWARE Win.Adware.OpenSoftwareUpdater variant outbound connection attempt (pua-adware.rules) * 1:38952 <-> ENABLED <-> PUA-ADWARE Win.Adware.OpenSoftwareUpdater variant outbound connection attempt (pua-adware.rules) * 1:38953 <-> ENABLED <-> PUA-ADWARE Win.Adware.OpenSoftwareUpdater variant outbound connection attempt (pua-adware.rules) * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (policy-other.rules) * 1:38989 <-> DISABLED <-> MALWARE-TOOLS TorStresser http DoS tool (malware-tools.rules) * 1:39034 <-> DISABLED <-> FILE-OTHER libarchive mtree parse_device stack buffer overflow attempt (file-other.rules) * 1:39035 <-> DISABLED <-> FILE-OTHER libarchive mtree parse_device stack buffer overflow attempt (file-other.rules) * 1:39045 <-> DISABLED <-> FILE-OTHER libarchive RAR RestartModel out of bounds write attempt (file-other.rules) * 1:39046 <-> DISABLED <-> FILE-OTHER libarchive RAR RestartModel out of bounds write attempt (file-other.rules) * 1:39047 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Internet Security kl1.sys out of bounds read attempt (file-executable.rules) * 1:39048 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Internet Security kl1.sys out of bounds read attempt (file-executable.rules) * 1:39049 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office NXDeleteLineObj memory corruption attempt (file-office.rules) * 1:39050 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office NXDeleteLineObj memory corruption attempt (file-office.rules) * 1:39058 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:39059 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:39071 <-> DISABLED <-> SERVER-OTHER Aruba Networks IAP PAPI authentication bypass attempt (server-other.rules) * 1:39108 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:39109 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:39110 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office HCell HncChart out of bounds write attempt (file-office.rules) * 1:39111 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office HCell HncChart out of bounds write attempt (file-office.rules) * 1:39150 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT negative message length underflow attempt (server-other.rules) * 1:39151 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT message length overflow attempt (server-other.rules) * 1:39189 <-> ENABLED <-> PUA-TOOLBARS Win.Toolbar.Crossrider variant outbound connection (pua-toolbars.rules) * 1:39262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (file-flash.rules) * 1:39263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (file-flash.rules) * 1:39264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (file-flash.rules) * 1:39265 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (file-flash.rules) * 1:39356 <-> ENABLED <-> MALWARE-OTHER Lamer outbound communication attempt (malware-other.rules) * 1:39357 <-> ENABLED <-> MALWARE-OTHER Flopex outbound communication attempt (malware-other.rules) * 1:39362 <-> DISABLED <-> INDICATOR-COMPROMISE User-Agent blank user-agent string (indicator-compromise.rules) * 1:39378 <-> DISABLED <-> PROTOCOL-FTP PUT overflow attempt (protocol-ftp.rules) * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules) * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules) * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules) * 1:39416 <-> DISABLED <-> PUA-OTHER RMS rmansys remote management tool cnc communication (pua-other.rules) * 1:39443 <-> DISABLED <-> PUA-ADWARE Win.Adware.InstallFaster variant outbound connection attempt (pua-adware.rules) * 1:39444 <-> DISABLED <-> INDICATOR-COMPROMISE Netgear D6000 or D3600 password recovery page access attempt (indicator-compromise.rules) * 1:39449 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server sp_addsrvrolemember privilege escalation attempt (server-mssql.rules) * 1:39450 <-> DISABLED <-> PROTOCOL-TFTP Firmware upgrade request (protocol-tftp.rules) * 1:39451 <-> DISABLED <-> PROTOCOL-TFTP Comtrol RocketLinx switch reboot request (protocol-tftp.rules) * 1:39452 <-> DISABLED <-> PROTOCOL-TFTP Comtrol RocketLinx factory reset request (protocol-tftp.rules) * 1:39463 <-> DISABLED <-> FILE-EXECUTABLE McAfee LiveSafe malformed executable denial of service attempt (file-executable.rules) * 1:39464 <-> DISABLED <-> FILE-EXECUTABLE McAfee LiveSafe malformed executable denial of service attempt (file-executable.rules) * 1:39472 <-> DISABLED <-> SERVER-OTHER Jenkins server auto-discovery attempt (server-other.rules) * 1:39501 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:39502 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:39584 <-> DISABLED <-> SERVER-OTHER EasyCafe Server remote file access attempt (server-other.rules) * 1:39586 <-> DISABLED <-> PUA-ADWARE Win.Adware.Antivirus Container.exe referral link attempt (pua-adware.rules) * 1:39587 <-> DISABLED <-> PUA-ADWARE Win.Adware.Antivirus Container.exe referral link attempt (pua-adware.rules) * 1:39593 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:39594 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:39595 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:39596 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:39597 <-> DISABLED <-> FILE-MULTIMEDIA Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt (file-multimedia.rules) * 1:39598 <-> DISABLED <-> FILE-MULTIMEDIA Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt (file-multimedia.rules) * 1:39599 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image tile size heap buffer overflow attempt (file-image.rules) * 1:39600 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image tile size heap buffer overflow attempt (file-image.rules) * 1:39633 <-> DISABLED <-> PUA-ADWARE Win.Adware.Mizenota outbound connection (pua-adware.rules) * 1:39637 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ranscam initial download attempt (malware-other.rules) * 1:39638 <-> DISABLED <-> MALWARE-TOOLS Win.Packer.ConfuserEx packed .NET executable attempt (malware-tools.rules) * 1:39660 <-> DISABLED <-> FILE-OTHER Oracle OIT gem metafile n_integers heap buffer overflow attempt (file-other.rules) * 1:39661 <-> DISABLED <-> FILE-OTHER Oracle OIT gem metafile n_integers heap buffer overflow attempt (file-other.rules) * 1:39663 <-> DISABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt (file-other.rules) * 1:39664 <-> DISABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt (file-other.rules) * 1:39665 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39666 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39667 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39668 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39669 <-> DISABLED <-> FILE-PDF Adobe Reader submitForm SOP bypass attempt (file-pdf.rules) * 1:39670 <-> DISABLED <-> FILE-PDF Adobe Reader submitForm SOP bypass attempt (file-pdf.rules) * 1:39671 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39672 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39673 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:39674 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:39675 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:39676 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:39682 <-> DISABLED <-> PUA-ADWARE Win.Adware.EoRezo outbound ad download attempt (pua-adware.rules) * 1:39706 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:39707 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:39708 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:39709 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:39713 <-> ENABLED <-> MALWARE-OTHER MKVIS outbound communication attempt (malware-other.rules) * 1:39729 <-> DISABLED <-> INDICATOR-COMPROMISE Content-Type image containing Portable Executable data (indicator-compromise.rules) * 1:39734 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Xtrat outbound connection detected (malware-other.rules) * 1:39735 <-> DISABLED <-> FILE-OTHER VideoCharge buffer overflow SEH attempt (file-other.rules) * 1:39736 <-> DISABLED <-> FILE-OTHER VideoCharge buffer overflow SEH attempt (file-other.rules) * 1:39741 <-> DISABLED <-> PUA-ADWARE Win.Adware.StartPage variant outbound connection (pua-adware.rules) * 1:39744 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:39745 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.FakeRean outbound connection detection (malware-other.rules) * 1:39746 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Apocalypse download attempt (malware-other.rules) * 1:39747 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Apocalypse download attempt (malware-other.rules) * 1:39755 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Retefe variant malicious certificate installation page (malware-other.rules) * 1:39756 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Retefe variant malicious certificate installation page (malware-other.rules) * 1:39757 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:39758 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:39759 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:39760 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:39761 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt (file-office.rules) * 1:39762 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt (file-office.rules) * 1:39766 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Ogimant outbound connection detected (malware-other.rules) * 1:39768 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Alfa download attempt (malware-other.rules) * 1:39769 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Alfa download attempt (malware-other.rules) * 1:39771 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:39772 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:39773 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:39776 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules) * 1:39777 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules) * 1:39778 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file download request (file-identify.rules) * 1:39779 <-> DISABLED <-> FILE-OTHER Ubisoft Heroes of Might and Magic III .h3m map file buffer overflow attempt (file-other.rules) * 1:39780 <-> DISABLED <-> FILE-OTHER Ubisoft Heroes of Might and Magic III .h3m map file buffer overflow attempt (file-other.rules) * 1:39781 <-> DISABLED <-> FILE-OTHER Ubisoft Heroes of Might and Magic III .h3m map file buffer overflow attempt (file-other.rules) * 1:39786 <-> DISABLED <-> PUA-ADWARE Win.Dowadmin.Adware outbound connection detected (pua-adware.rules) * 1:39787 <-> DISABLED <-> PUA-ADWARE Win.Dowadmin.Adware outbound connection detected (pua-adware.rules) * 1:39798 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:39799 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:39804 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:39805 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:39806 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:39807 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Lethic outbound connection detected (malware-other.rules) * 1:39830 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrypMIC outbound connection detected (malware-other.rules) * 1:39863 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:39877 <-> DISABLED <-> PROTOCOL-SNMP Allen-Bradley MicroLogix PLC firmware update detected (protocol-snmp.rules) * 1:39888 <-> DISABLED <-> PUA-ADWARE Dorv Adware variant outbound connection (pua-adware.rules) * 1:39899 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (pua-adware.rules) * 1:39900 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (pua-adware.rules) * 1:39901 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (pua-adware.rules) * 1:39902 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (pua-adware.rules) * 1:39904 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 download attempt (malware-other.rules) * 1:39905 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 SMTP upload attempt (malware-other.rules) * 1:39906 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 download attempt (malware-other.rules) * 1:39907 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 SMTP upload attempt (malware-other.rules) * 1:39908 <-> DISABLED <-> SERVER-APACHE Apache Tomcat Commons FileUpload library denial of service attempt (server-apache.rules) * 1:39918 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt (file-executable.rules) * 1:39919 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt (file-executable.rules) * 1:39922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:39923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:39926 <-> ENABLED <-> MALWARE-OTHER pisloader DNS drive command response attempt (malware-other.rules) * 1:39927 <-> ENABLED <-> MALWARE-OTHER pisloader DNS list command response attempt (malware-other.rules) * 1:39928 <-> ENABLED <-> MALWARE-OTHER pisloader DNS open command response attempt (malware-other.rules) * 1:39929 <-> ENABLED <-> MALWARE-OTHER pisloader DNS sinfo command response attempt (malware-other.rules) * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules) * 1:39974 <-> ENABLED <-> MALWARE-OTHER Andr.Trojan.KungFu variant download (malware-other.rules) * 1:39975 <-> ENABLED <-> MALWARE-OTHER Andr.Trojan.KungFu variant download (malware-other.rules) * 1:39976 <-> DISABLED <-> SERVER-OTHER BGP bad marker strings (server-other.rules) * 1:39977 <-> DISABLED <-> SERVER-OTHER BGP invalid length (server-other.rules) * 1:39983 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt (indicator-compromise.rules) * 1:39984 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules) * 1:39985 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules) * 1:39986 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt (indicator-compromise.rules) * 1:39987 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules) * 1:39993 <-> DISABLED <-> SERVER-OTHER Netcore router backdoor access attempt (server-other.rules) * 1:39995 <-> DISABLED <-> POLICY-SOCIAL IRC server connection (policy-social.rules) * 1:40015 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox about field spoofing attempt (browser-firefox.rules) * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules) * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:40037 <-> DISABLED <-> PUA-ADWARE Google Chrome Google Contacts extension adware (pua-adware.rules) * 1:40046 <-> DISABLED <-> SERVER-OTHER PHP locale_accept_from_http out of bounds read attempt (server-other.rules) * 1:40050 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40051 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40052 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40053 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40054 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40055 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40056 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40057 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40063 <-> DISABLED <-> OS-LINUX Linux Kernel Challenge ACK provocation attempt (os-linux.rules) * 1:40064 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (os-windows.rules) * 1:40065 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (os-windows.rules) * 1:40084 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationBlink property use (indicator-compromise.rules) * 1:40085 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineNone property use (indicator-compromise.rules) * 1:40086 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineOverline property use (indicator-compromise.rules) * 1:40087 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineThrough property use (indicator-compromise.rules) * 1:40088 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineUnderline property use (indicator-compromise.rules) * 1:40089 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationBlink property use (indicator-compromise.rules) * 1:40090 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineNone property use (indicator-compromise.rules) * 1:40091 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineOverline property use (indicator-compromise.rules) * 1:40092 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineThrough property use (indicator-compromise.rules) * 1:40093 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineUnderline property use (indicator-compromise.rules) * 1:40094 <-> DISABLED <-> INDICATOR-SCAN Microsoft Internet Explorer AnchorElement information disclosure attempt (indicator-scan.rules) * 1:40095 <-> DISABLED <-> INDICATOR-SCAN Microsoft Internet Explorer AnchorElement information disclosure attempt (indicator-scan.rules) * 1:40125 <-> DISABLED <-> FILE-OTHER Ichitaro Office Excel TxO record heap overflow attempt (file-other.rules) * 1:40126 <-> DISABLED <-> FILE-OTHER Ichitaro Office Excel TxO record heap overflow attempt (file-other.rules) * 1:40161 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:40162 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:40163 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:40164 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:40165 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:40170 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player use after free attempt (file-flash.rules) * 1:40171 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player use after free attempt (file-flash.rules) * 1:40172 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player out of bounds memory access attempt (file-flash.rules) * 1:40173 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player out of bounds memory access attempt (file-flash.rules) * 1:40174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:40175 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:40184 <-> DISABLED <-> EXPLOIT-KIT Phoenix Exploit Kit inbound geoip.php bdr exploit attempt (exploit-kit.rules) * 1:40186 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40187 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40188 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40189 <-> DISABLED <-> POLICY-OTHER SSH weak 3DES cipher suite use attempt (policy-other.rules) * 1:40190 <-> DISABLED <-> POLICY-OTHER SSH weak blowfish cipher suite use attempt (policy-other.rules) * 1:40191 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40192 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40193 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40196 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40197 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40198 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40199 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40200 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40201 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40202 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40211 <-> DISABLED <-> PUA-ADWARE Win.Adware.EoRezo outbound connection (pua-adware.rules) * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules) * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules) * 1:40294 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (file-image.rules) * 1:40295 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (file-image.rules) * 1:40296 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (file-image.rules) * 1:40297 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (file-image.rules) * 1:40301 <-> DISABLED <-> SERVER-OTHER Redis CONFIG SET array index out of bounds attempt (server-other.rules) * 1:40305 <-> DISABLED <-> PUA-ADWARE Win.Adware.SupTab external connection attempt (pua-adware.rules) * 1:40313 <-> DISABLED <-> SQL PostgreSQL potential remote code execution attempt (sql.rules) * 1:40316 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:40317 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:40318 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:40319 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:40320 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:40321 <-> DISABLED <-> SERVER-APACHE Apache Tomcat credential disclosure attempt (server-apache.rules) * 1:40323 <-> ENABLED <-> SERVER-OTHER Adobe ColdFusion RDS admin bypass attempt (server-other.rules) * 1:40324 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion default credential login attempt (server-other.rules) * 1:40325 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion default credential login attempt (server-other.rules) * 1:40326 <-> DISABLED <-> SERVER-OTHER JBoss directory traversal attempt (server-other.rules) * 1:40327 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion fckeditor arbitrary file upload (server-other.rules) * 1:40328 <-> DISABLED <-> SERVER-OTHER Railo directory traversal attempt (server-other.rules) * 1:40329 <-> DISABLED <-> SERVER-OTHER Axis2 directory traversal attempt (server-other.rules) * 1:40330 <-> DISABLED <-> SERVER-OTHER JBoss directory traversal attempt (server-other.rules) * 1:40333 <-> DISABLED <-> PROTOCOL-SCADA Rockwell firmware upload attempt (protocol-scada.rules) * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (app-detect.rules) * 1:40353 <-> DISABLED <-> SERVER-OTHER Linknat Vos Manager potential directory traversal attempt (server-other.rules) * 1:40354 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Runtime malformed ASF codec memory corruption attempt (os-windows.rules) * 1:40355 <-> DISABLED <-> PROTOCOL-FTP z/OS FTP Job Entry Subsystem JCL execution attempt (protocol-ftp.rules) * 1:40356 <-> DISABLED <-> PUA-ADWARE Win.Trojan.InstantAccess variant outbound connection (pua-adware.rules) * 1:40357 <-> DISABLED <-> PUA-ADWARE Win.Trojan.InstantAccess variant outbound connection (pua-adware.rules) * 1:40361 <-> DISABLED <-> BROWSER-OTHER Android Browser potential denial of service attempt (browser-other.rules) * 1:40376 <-> DISABLED <-> OS-WINDOWS Microsoft GDI local privilege escalation attempt (os-windows.rules) * 1:40377 <-> DISABLED <-> OS-WINDOWS Microsoft GDI local privilege escalation attempt (os-windows.rules) * 1:40387 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules) * 1:40388 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules) * 1:40389 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules) * 1:40390 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules) * 1:40391 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file download request (file-identify.rules) * 1:40457 <-> DISABLED <-> PUA-ADWARE Win.Downloader.OpenCandy variant outbound connection (pua-adware.rules) * 1:40458 <-> DISABLED <-> BROWSER-OTHER Android browser file exfiltration attempt (browser-other.rules) * 1:40459 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:40460 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:40484 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:40485 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:40486 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:40487 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:40492 <-> DISABLED <-> PUA-ADWARE Win.Adware.DownloadManager outbound connection (pua-adware.rules) * 1:40517 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Network Policy Change attempt (protocol-scada.rules) * 1:40518 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Stop CPU attempt (protocol-scada.rules) * 1:40525 <-> DISABLED <-> FILE-IMAGE LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt (file-image.rules) * 1:40526 <-> DISABLED <-> FILE-IMAGE LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt (file-image.rules) * 1:40529 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (pua-adware.rules) * 1:40530 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (pua-adware.rules) * 1:40531 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (pua-adware.rules) * 1:40532 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (pua-adware.rules) * 1:40533 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40534 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40535 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40536 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40537 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40538 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40562 <-> DISABLED <-> OS-LINUX Linux kernel madvise race condition attempt (os-linux.rules) * 1:40564 <-> DISABLED <-> OS-LINUX Linux kernel madvise race condition attempt (os-linux.rules) * 1:40593 <-> DISABLED <-> PUA-ADWARE Win.Adware.CoolMirage outbound ad download attempt (pua-adware.rules) * 1:40594 <-> DISABLED <-> PUA-ADWARE Win.Adware.CoolMirage outbound ad download attempt (pua-adware.rules) * 1:40595 <-> DISABLED <-> PUA-ADWARE Win.Adware.CoolMirage outbound ad download attempt (pua-adware.rules) * 1:40597 <-> DISABLED <-> INDICATOR-COMPROMISE shell script download with wget from external source (indicator-compromise.rules) * 1:40598 <-> DISABLED <-> INDICATOR-COMPROMISE shell script download with curl from external source (indicator-compromise.rules) * 1:40610 <-> DISABLED <-> INDICATOR-COMPROMISE DNS response points to sinkholed domain (indicator-compromise.rules) * 1:40760 <-> DISABLED <-> SERVER-OTHER OpenLDAP deref control denial of service attempt (server-other.rules) * 1:40772 <-> DISABLED <-> PUA-ADWARE Win.Trojan.Miuref variant outbound connection (pua-adware.rules) * 1:40773 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules) * 1:40774 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules) * 1:40811 <-> DISABLED <-> SERVER-OTHER NTP origin timestamp denial of service attempt (server-other.rules) * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules) * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules) * 1:40827 <-> DISABLED <-> PUA-ADWARE MindSpark framework installer attempt (pua-adware.rules) * 1:40839 <-> DISABLED <-> PUA-ADWARE Sokuxuan outbound connection attempt (pua-adware.rules) * 1:40840 <-> DISABLED <-> PUA-OTHER Bitcoin Mining subscribe Stratum protocol client request attempt (pua-other.rules) * 1:40841 <-> DISABLED <-> PUA-OTHER Bitcoin Mining authorize Stratum protocol client request attempt (pua-other.rules) * 1:40842 <-> DISABLED <-> PUA-OTHER Bitcoin Mining extranonce Stratum protocol subscribe client request attempt (pua-other.rules) * 1:40844 <-> DISABLED <-> SERVER-OTHER OpenSSL Invalid CMS structure null pointer dereference attempt (server-other.rules) * 1:40845 <-> DISABLED <-> SERVER-OTHER OpenSSL Invalid CMS structure null pointer dereference attempt (server-other.rules) * 1:40871 <-> DISABLED <-> MALWARE-OTHER Virut CnC command reply (malware-other.rules) * 1:40872 <-> DISABLED <-> FILE-PDF Iceni Argus loadTrailer heap corruption attempt (file-pdf.rules) * 1:40873 <-> DISABLED <-> FILE-PDF Iceni Argus loadTrailer heap corruption attempt (file-pdf.rules) * 1:40874 <-> DISABLED <-> FILE-PDF Iceni Argus icnChainAlloc heap corruption attempt (file-pdf.rules) * 1:40875 <-> DISABLED <-> FILE-PDF Iceni Argus icnChainAlloc heap corruption attempt (file-pdf.rules) * 1:40876 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT file transfer length memory disclosure attempt (server-other.rules) * 1:40891 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file download request (file-identify.rules) * 1:40892 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules) * 1:40893 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules) * 1:40894 <-> DISABLED <-> FILE-OTHER R Project PDF encoding buffer overflow attempt (file-other.rules) * 1:40895 <-> DISABLED <-> FILE-OTHER R Project PDF encoding buffer overflow attempt (file-other.rules) * 1:40908 <-> ENABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules) * 1:40912 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Flokibot variant download attempt (malware-other.rules) * 1:40913 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Flokibot variant download attempt (malware-other.rules) * 1:40921 <-> DISABLED <-> FILE-PDF Iceni Argus loadLZWBuffer out of bounds write attempt (file-pdf.rules) * 1:40922 <-> DISABLED <-> FILE-PDF Iceni Argus loadLZWBuffer out of bounds write attempt (file-pdf.rules) * 1:40961 <-> DISABLED <-> FILE-OTHER Microsoft Office OLE DLL side load attempt (file-other.rules) * 1:40979 <-> ENABLED <-> FILE-IDENTIFY ico file download request (file-identify.rules) * 1:40980 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:40990 <-> DISABLED <-> OS-WINDOWS empty PostScript Type 1 font pfb file null dereference attempt (os-windows.rules) * 1:41027 <-> DISABLED <-> OS-LINUX Linux net af_packet.c tpacket version race condition use after free attempt (os-linux.rules) * 1:41028 <-> DISABLED <-> OS-LINUX Linux net af_packet.c tpacket version race condition use after free attempt (os-linux.rules) * 1:41042 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Dump Boot Code attempt (protocol-scada.rules) * 1:41043 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Ethernet Reset attempt (protocol-scada.rules) * 1:41044 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Crash CPU attempt (protocol-scada.rules) * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules) * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules) * 1:41047 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STARTDT ACT (protocol-scada.rules) * 1:41048 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STARTDT CON (protocol-scada.rules) * 1:41049 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STOPDT ACT (protocol-scada.rules) * 1:41050 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STOPDT CON (protocol-scada.rules) * 1:41051 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 TESTFR ACT (protocol-scada.rules) * 1:41052 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 TESTFR CON (protocol-scada.rules) * 1:41053 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Ack file (protocol-scada.rules) * 1:41054 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Double point information (protocol-scada.rules) * 1:41055 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 End of initialization (protocol-scada.rules) * 1:41056 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 File ready (protocol-scada.rules) * 1:41057 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Integrated totals (protocol-scada.rules) * 1:41058 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Interrogation command (protocol-scada.rules) * 1:41059 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Last section (protocol-scada.rules) * 1:41060 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 List directory (protocol-scada.rules) * 1:41061 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Measured value (protocol-scada.rules) * 1:41062 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Packed start events (protocol-scada.rules) * 1:41063 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Parameter value (protocol-scada.rules) * 1:41064 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Query Log (protocol-scada.rules) * 1:41065 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Read command (protocol-scada.rules) * 1:41066 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Regulating step command (protocol-scada.rules) * 1:41067 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Rest process command (protocol-scada.rules) * 1:41068 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Set point command (protocol-scada.rules) * 1:41069 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Single command (protocol-scada.rules) * 1:41070 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Single point information (protocol-scada.rules) * 1:41071 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Step point information (protocol-scada.rules) * 1:41072 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Test command with time tag (protocol-scada.rules) * 1:41073 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 bitstring of 32 bits (protocol-scada.rules) * 1:41074 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 clock sync command (protocol-scada.rules) * 1:41075 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 counter interrogation command (protocol-scada.rules) * 1:41076 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 double command issued (protocol-scada.rules) * 1:41077 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 unknown ASDU type detected (protocol-scada.rules) * 1:41078 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 traffic to/from EXTERNAL_NET (protocol-scada.rules) * 1:41079 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 traffic to/from EXTERNAL_NET (protocol-scada.rules) * 1:41081 <-> ENABLED <-> SERVER-OTHER Tarantool initial connection banner detected (server-other.rules) * 1:41090 <-> DISABLED <-> SERVER-OTHER Rockwell Factorytalk RNADiagReceiver denial of service attempt (server-other.rules) * 1:41091 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Crash Ethernet attempt (protocol-scada.rules) * 1:41097 <-> DISABLED <-> SERVER-OTHER Moxa AWK-3131A serviceAgent information disclosure attempt (server-other.rules) * 1:41118 <-> DISABLED <-> SERVER-OTHER OpenSSL ChaCha20 Poly1305 heap-buffer overflow attempt (server-other.rules) * 1:41132 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules) * 1:41204 <-> DISABLED <-> FILE-PDF Adobe Reader XSL type confusion attempt (file-pdf.rules) * 1:41205 <-> DISABLED <-> FILE-PDF Adobe Reader XSL type confusion attempt (file-pdf.rules) * 1:41207 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed PlaceObject3 memory corruption attempt (file-flash.rules) * 1:41208 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed PlaceObject3 memory corruption attempt (file-flash.rules) * 1:41219 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric denial of service attempt (server-other.rules) * 1:41298 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41299 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41300 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41301 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41302 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41303 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41304 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41305 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41308 <-> DISABLED <-> FILE-OTHER Dell Precision Optimizer dll-load exploit attempt (file-other.rules) * 1:41309 <-> DISABLED <-> FILE-OTHER Dell Precision Optimizer dll-load exploit attempt (file-other.rules) * 1:41365 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RtlQueryRegistryValues buffer overflow attempt (os-windows.rules) * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (policy-other.rules) * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco WebEx explicit use of web plugin (policy-other.rules) * 1:41416 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader image cache use after free attempt (file-pdf.rules) * 1:41417 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader image cache use after free attempt (file-pdf.rules) * 1:41440 <-> DISABLED <-> MALWARE-OTHER Dos.Tool.LOIC TCP default U dun goofed attack (malware-other.rules) * 1:41445 <-> DISABLED <-> SERVER-OTHER QNAP remote buffer overflow attempt (server-other.rules) * 1:41462 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (file-executable.rules) * 1:41463 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (file-executable.rules) * 1:41464 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (file-executable.rules) * 1:41465 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (file-executable.rules) * 1:41467 <-> DISABLED <-> SERVER-OTHER InsideSecure MatrixSSL x509 IssuerDomainPolicy remote code execution attempt (server-other.rules) * 1:41483 <-> DISABLED <-> FILE-OTHER LexMark Perceptive Document Filters BZIP2 convert out of bounds write attempt (file-other.rules) * 1:41484 <-> DISABLED <-> FILE-OTHER LexMark Perceptive Document Filters BZIP2 convert out of bounds write attempt (file-other.rules) * 1:41507 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString denial of service attempt (server-other.rules) * 1:41524 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy server method negotiation on non-standard port (indicator-compromise.rules) * 1:41525 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41526 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41527 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41528 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41529 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41530 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41531 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41532 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41533 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41534 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy server method negotiation on non-standard port (indicator-compromise.rules) * 1:41537 <-> DISABLED <-> SERVER-OTHER Siemens WinCC TIA Portal DOS attempt (server-other.rules) * 1:41563 <-> DISABLED <-> FILE-OFFICE Microsoft Office request for imjp12k.dll over SMB attempt (file-office.rules) * 1:41564 <-> DISABLED <-> FILE-OFFICE Microsoft Office imjp12k.dll dll-load exploit attempt (file-office.rules) * 1:41603 <-> DISABLED <-> FILE-FLASH Adobe Flash player BitmapData class use after free attempt (file-flash.rules) * 1:41604 <-> DISABLED <-> FILE-FLASH Adobe Flash player BitmapData class use after free attempt (file-flash.rules) * 1:41637 <-> DISABLED <-> INDICATOR-COMPROMISE Writable SQL directories discovery attempt (indicator-compromise.rules) * 1:41640 <-> DISABLED <-> FILE-EXECUTABLE QuickHeal Internet Security malformed Mach-O file buffer overflow attempt (file-executable.rules) * 1:41641 <-> DISABLED <-> FILE-EXECUTABLE QuickHeal Internet Security malformed Mach-O file buffer overflow attempt (file-executable.rules) * 1:41647 <-> DISABLED <-> POLICY-OTHER Piwik Analytics Platform PHP plugin installation detected (policy-other.rules) * 1:41648 <-> DISABLED <-> PROTOCOL-SCADA SCADA Trace Mode DoS attempt (protocol-scada.rules) * 1:41649 <-> DISABLED <-> POLICY-OTHER Wordpress Press-This page access detected (policy-other.rules) * 1:41651 <-> DISABLED <-> SERVER-OTHER Schneider Electric ETY Telnet DOS attempt (server-other.rules) * 1:41658 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.MagicHound dropper document file detected (malware-other.rules) * 1:41659 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.MagicHound dropper document file detected (malware-other.rules) * 1:41664 <-> DISABLED <-> PUA-ADWARE Win.Adware.Xiazai variant outbound connection (pua-adware.rules) * 1:41688 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_http2 denial of service attempt (server-apache.rules) * 1:41701 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DSGetNCChanges attempt (policy-other.rules) * 1:41736 <-> DISABLED <-> SERVER-OTHER Beck IPC CHIP DoS attempt (server-other.rules) * 1:41737 <-> DISABLED <-> PROTOCOL-SCADA Sunway DOS attempt (protocol-scada.rules) * 1:41738 <-> DISABLED <-> PROTOCOL-SCADA Sunway DOS attempt (protocol-scada.rules) * 1:41739 <-> DISABLED <-> PROTOCOL-SCADA Moxa Mass Config Tool DOS attempt (protocol-scada.rules) * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules) * 1:41744 <-> DISABLED <-> POLICY-OTHER Cisco IOS configuration transfer via TFTP detected (policy-other.rules) * 1:41747 <-> DISABLED <-> PROTOCOL-SCADA Moxa SoftCMS webserver DOS attempt (protocol-scada.rules) * 1:41755 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (indicator-compromise.rules) * 1:41756 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (indicator-compromise.rules) * 1:41757 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (indicator-compromise.rules) * 1:41758 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (indicator-compromise.rules) * 1:41761 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:41762 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:41771 <-> ENABLED <-> MALWARE-TOOLS slowhttptest DoS tool (malware-tools.rules) * 1:41778 <-> ENABLED <-> PROTOCOL-SCADA Yokogawa CS3000 BKFSim_vhfd buffer overflow attempt (protocol-scada.rules) * 1:41784 <-> DISABLED <-> INDICATOR-COMPROMISE clorius controls information gathering attempt (indicator-compromise.rules) * 1:41794 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:41795 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:41796 <-> DISABLED <-> POLICY-OTHER Cisco IOS privileged user configuration transfer via TFTP detected (policy-other.rules) * 1:41807 <-> DISABLED <-> POLICY-OTHER SSLv3 Client Hello attempt (policy-other.rules) * 1:41812 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ fileserver broker service file move attempt (server-other.rules) * 1:41853 <-> DISABLED <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt (os-linux.rules) * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:41915 <-> DISABLED <-> POLICY-OTHER Carel PlantVisorPRO insecure SQL query transmission (policy-other.rules) * 1:41924 <-> DISABLED <-> FILE-OTHER Notepad++ request for scilexer.dll over SMB attempt (file-other.rules) * 1:41925 <-> DISABLED <-> FILE-OTHER Notepad++ scilexer.dll dll-load exploit attempt (file-other.rules) * 1:41946 <-> DISABLED <-> FILE-IMAGE Microsoft GDI+ malformed EMF description out of bounds read attempt (file-image.rules) * 1:41947 <-> DISABLED <-> FILE-IMAGE GDI+ malformed EMF description out of bounds read attempt (file-image.rules) * 1:41989 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Com Session Moniker pivilege escalation attempt (file-executable.rules) * 1:41990 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Com Session Moniker pivilege escalation attempt (file-executable.rules) * 1:41997 <-> DISABLED <-> OS-WINDOWS Microsoft GDI+ privilege escalation attempt (os-windows.rules) * 1:42000 <-> DISABLED <-> SERVER-OTHER WolfSSL X509 parsing off-by-one code execution attempt (server-other.rules) * 1:42015 <-> DISABLED <-> SERVER-OTHER Randombit Botan Library X509 DistinguishedName out of bounds read attempt (server-other.rules) * 1:42054 <-> DISABLED <-> PROTOCOL-SCADA Moxa get SNMP read string attempt (protocol-scada.rules) * 1:42055 <-> DISABLED <-> PROTOCOL-SCADA Moxa password retrieval attempt (protocol-scada.rules) * 1:42056 <-> DISABLED <-> PROTOCOL-SCADA Moxa password retrieval attempt (protocol-scada.rules) * 1:42057 <-> DISABLED <-> PROTOCOL-SCADA Moxa unlock function code attempt (protocol-scada.rules) * 1:42058 <-> DISABLED <-> PROTOCOL-SCADA Moxa unlock function code attempt (protocol-scada.rules) * 1:42064 <-> DISABLED <-> SERVER-OTHER kaskad SCADA daserver heap overflow exploitation attempt (server-other.rules) * 1:42065 <-> DISABLED <-> SERVER-OTHER kaskad SCADA daserver heap overflow exploitation attempt (server-other.rules) * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules) * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules) * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:42082 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (indicator-compromise.rules) * 1:42084 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:42085 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:42086 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:42087 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules) * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules) * 1:42100 <-> DISABLED <-> FILE-EXECUTABLE AnC MMU side channel ASLR bypass attack (file-executable.rules) * 1:42101 <-> DISABLED <-> FILE-EXECUTABLE AnC MMU side channel ASLR bypass attack (file-executable.rules) * 1:42109 <-> DISABLED <-> PROTOCOL-SCADA invalid modbus protocol identifier (protocol-scada.rules) * 1:42127 <-> DISABLED <-> PROTOCOL-SCADA Eaton Network Pi3Web DOS attempt (protocol-scada.rules) * 1:42133 <-> DISABLED <-> SERVER-APACHE Apache mod_session_crypto padding oracle brute force attempt (server-apache.rules) * 1:42163 <-> DISABLED <-> FILE-OTHER Microsoft Office OneNote 2007 dll-load exploit attempt (file-other.rules) * 1:42164 <-> DISABLED <-> FILE-OTHER Microsoft Office OneNote 2007 dll-load exploit attempt (file-other.rules) * 1:42223 <-> ENABLED <-> FILE-IDENTIFY AOP file download request (file-identify.rules) * 1:42224 <-> DISABLED <-> SERVER-OTHER Moxa MX-AOPC XML external entity injection attempt (server-other.rules) * 1:42226 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:42227 <-> DISABLED <-> SERVER-OTHER NTP Config Unpeer denial of service attempt (server-other.rules) * 1:42229 <-> DISABLED <-> INDICATOR-COMPROMISE RTF url moniker COM file download attempt (indicator-compromise.rules) * 1:42230 <-> DISABLED <-> INDICATOR-COMPROMISE RTF url moniker COM file download attempt (indicator-compromise.rules) * 1:42231 <-> DISABLED <-> FILE-OFFICE RTF url moniker COM file download attempt (file-office.rules) * 1:42256 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB anonymous user session setup request detected (os-windows.rules) * 1:42257 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules) * 1:42258 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:42259 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:42260 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:42261 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules) * 1:42262 <-> ENABLED <-> FILE-IDENTIFY ISO file download request (file-identify.rules) * 1:42263 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42264 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42265 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42266 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42267 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42268 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42269 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42270 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42271 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42272 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42279 <-> DISABLED <-> FILE-OTHER Adobe Acrobat request for RARfsClientNP.dll over SMB attempt (file-other.rules) * 1:42280 <-> DISABLED <-> FILE-OTHER Adobe Acrobat RARfsClientNP.dll dll-load exploit attempt (file-other.rules) * 1:42281 <-> DISABLED <-> OS-SOLARIS Solaris catflap telnet remote code execution attempt (os-solaris.rules) * 1:42282 <-> DISABLED <-> OS-SOLARIS Solaris catflap telnet remote code execution attempt (os-solaris.rules) * 1:42283 <-> DISABLED <-> OS-SOLARIS Solaris catflap telnet remote code execution attempt (os-solaris.rules) * 1:42284 <-> DISABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server DOS attempt (protocol-scada.rules) * 1:42289 <-> DISABLED <-> INDICATOR-SCAN PHP info leak attempt (indicator-scan.rules) * 1:42304 <-> DISABLED <-> FILE-OTHER fwpuclnt dll-load exploit attempt (file-other.rules) * 1:42305 <-> DISABLED <-> FILE-OTHER fwpuclnt dll-load exploit attempt (file-other.rules) * 1:42307 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF out of bounds memory access attempt (file-pdf.rules) * 1:42308 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF out of bounds memory access attempt (file-pdf.rules) * 1:42315 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream tile height out of bounds read attempt (file-pdf.rules) * 1:42316 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream tile height out of bounds read attempt (file-pdf.rules) * 1:42317 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream width out of bounds read attempt (file-pdf.rules) * 1:42318 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream width out of bounds read attempt (file-pdf.rules) * 1:42319 <-> DISABLED <-> FILE-PDF Poppler PDF library embedded jp2 COD levels integer overflow attempt (file-pdf.rules) * 1:42320 <-> DISABLED <-> FILE-PDF Poppler PDF library embedded jp2 COD levels integer overflow attempt (file-pdf.rules) * 1:42341 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:42342 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:42343 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:42344 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:42349 <-> DISABLED <-> PROTOCOL-SCADA InduSoft Web Studio CEServer buffer overflow attempt (protocol-scada.rules) * 1:42350 <-> DISABLED <-> PROTOCOL-SCADA InduSoft Web Studio CEServer buffer overflow attempt (protocol-scada.rules) * 1:42351 <-> DISABLED <-> PROTOCOL-SCADA InduSoft Web Studio CEServer buffer overflow attempt (protocol-scada.rules) * 1:42352 <-> DISABLED <-> FILE-PDF Poppler readProgressiveSOF out of bounds write attempt (file-pdf.rules) * 1:42353 <-> DISABLED <-> FILE-PDF Poppler readProgressiveSOF out of bounds write attempt (file-pdf.rules) * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42367 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42377 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader dll injection sandbox escape (file-pdf.rules) * 1:42378 <-> DISABLED <-> SERVER-OTHER Yealink VoIP phone remote code execution attempt (server-other.rules) * 1:42396 <-> DISABLED <-> EXPLOIT-KIT Blacole inbound malformed pdf download attempt (exploit-kit.rules) * 1:42397 <-> DISABLED <-> EXPLOIT-KIT Blacole inbound malformed pdf download attempt (exploit-kit.rules) * 1:42418 <-> DISABLED <-> FILE-EXECUTABLE Win.Trojan.DoubleAgent download attempt (file-executable.rules) * 1:42419 <-> DISABLED <-> FILE-EXECUTABLE Win.Trojan.DoubleAgent download attempt (file-executable.rules) * 1:42420 <-> DISABLED <-> SERVER-OTHER HP Operations Agent for NonStop server HEALTH packet parsing stack buffer overflow attempt (server-other.rules) * 1:42458 <-> DISABLED <-> PROTOCOL-DNS ISC BIND unexpected DNAME CNAME ordering denial of service attempt (protocol-dns.rules) * 1:42459 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Reader PDF embedded null JPEG image (indicator-compromise.rules) * 1:42460 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Reader PDF embedded null JPEG image (indicator-compromise.rules) * 1:42463 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:42466 <-> DISABLED <-> SERVER-OTHER WinRadius long password denial of service attempt (server-other.rules) * 1:42773 <-> DISABLED <-> OS-WINDOWS Microsoft Windows COM privilege escalation attempt (os-windows.rules) * 1:42774 <-> DISABLED <-> OS-WINDOWS Microsoft Windows COM privilege escalation attempt (os-windows.rules) * 1:42786 <-> DISABLED <-> PROTOCOL-SCADA Moxa unlock function code attempt (protocol-scada.rules) * 1:42822 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (malware-other.rules) * 1:42823 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (malware-other.rules) * 1:42824 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (malware-other.rules) * 1:42825 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (malware-other.rules) * 1:42846 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF heap overflow attempt (file-image.rules) * 1:42847 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF heap overflow attempt (file-image.rules) * 1:42861 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon TM221CE16R password retrieval attempt (protocol-scada.rules) * 1:42865 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS MIBEntryGet buffer overflow attempt (os-windows.rules) * 1:42870 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42871 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42872 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42873 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42874 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42875 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42876 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42877 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42918 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:42919 <-> DISABLED <-> FILE-IDENTIFY ISO file attachment with executable detected (file-identify.rules) * 1:42927 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office with embedded EPS download attempt (indicator-compromise.rules) * 1:42928 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office with embedded EPS download attempt (indicator-compromise.rules) * 1:42934 <-> DISABLED <-> PROTOCOL-SCADA GE Proficy Historian buffer overflow attempt (protocol-scada.rules) * 1:42935 <-> DISABLED <-> FILE-OTHER Everest Software PeakHMI malicious .bsu file buffer overflow attempt (file-other.rules) * 1:42936 <-> DISABLED <-> FILE-OTHER Everest Software PeakHMI malicious .bsu file buffer overflow attempt (file-other.rules) * 1:42937 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules) * 1:42938 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules) * 1:42939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules) * 1:42940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules) * 1:42969 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (file-pdf.rules) * 1:42970 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (file-pdf.rules) * 1:42971 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (file-pdf.rules) * 1:42972 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (file-pdf.rules) * 1:42995 <-> DISABLED <-> PROTOCOL-SCADA Weintek EB Pro denial of service attempt (protocol-scada.rules) * 1:43002 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:43003 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:43044 <-> DISABLED <-> SERVER-OTHER RaySharp DVR administrative interface access attempt (server-other.rules) * 1:43054 <-> DISABLED <-> OS-WINDOWS Microsoft Windows IIS buffer overflow attempt (os-windows.rules) * 1:43065 <-> DISABLED <-> INDICATOR-COMPROMISE Trend Micro Control Manager WFINFOR cookie authentication bypass attempt (indicator-compromise.rules) * 1:43073 <-> DISABLED <-> SQL SysAid potential default credential login attempt (sql.rules) * 1:43074 <-> DISABLED <-> INDICATOR-COMPROMISE SysAid mssql potentially malicious new user creation attempt (indicator-compromise.rules) * 1:43075 <-> DISABLED <-> INDICATOR-COMPROMISE SysAid mssql potentially malicious user permissions creation (indicator-compromise.rules) * 1:43080 <-> ENABLED <-> BROWSER-OTHER Foscam IP Camera User-Agent string detected (browser-other.rules) * 1:43092 <-> DISABLED <-> INDICATOR-COMPROMISE OLE attachment with embedded PICT attempt (indicator-compromise.rules) * 1:43094 <-> DISABLED <-> SERVER-OTHER Ecava IntegraXor SCADA information leak attempt (server-other.rules) * 1:43103 <-> DISABLED <-> PROTOCOL-SCADA Weintek EasyBuilder Pro denial of service attempt (protocol-scada.rules) * 1:43104 <-> DISABLED <-> PROTOCOL-SCADA OPC Systems denial of service attempt (protocol-scada.rules) * 1:43105 <-> DISABLED <-> SERVER-OTHER Novus WS10 Data Server buffer overflow attempt (server-other.rules) * 1:43106 <-> DISABLED <-> PROTOCOL-SCADA Optima PLC APIFTP denial of service attempt (protocol-scada.rules) * 1:43116 <-> DISABLED <-> SERVER-OTHER Moore Industries NCS denial of service attempt (server-other.rules) * 1:43122 <-> DISABLED <-> PROTOCOL-SCADA Advantech WebAccess webvrpcs denial of service attempt (protocol-scada.rules) * 1:43123 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Password read or write attempt (indicator-compromise.rules) * 1:43124 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Username read or write attempt (indicator-compromise.rules) * 1:43125 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Password read or write attempt (indicator-compromise.rules) * 1:43126 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Username read or write attempt (indicator-compromise.rules) * 1:43127 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration enumeration attempt (policy-other.rules) * 1:43128 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration overwrite attempt (policy-other.rules) * 1:43130 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:43131 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:43132 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:43133 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:43136 <-> DISABLED <-> SERVER-MAIL SysGauge SMTP response buffer overflow (server-mail.rules) * 1:43137 <-> DISABLED <-> FILE-OTHER INSAT MasterSCADA malicious project command execution attempt (file-other.rules) * 1:43138 <-> DISABLED <-> FILE-OTHER INSAT MasterSCADA malicious project command execution attempt (file-other.rules) * 1:43139 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large data allocation denial of service attempt (protocol-scada.rules) * 1:43140 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large size value denial of service attempt (protocol-scada.rules) * 1:43141 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large data allocation denial of service attempt (protocol-scada.rules) * 1:43142 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large size value denial of service attempt (protocol-scada.rules) * 1:43143 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX arbitrary memory disclosure attempt (protocol-scada.rules) * 1:43144 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX arbitrary memory disclosure attempt (protocol-scada.rules) * 1:43145 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:43146 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:43161 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:43162 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:43177 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIPROTEC V4.24 crafted packet denial of service attempt (protocol-scada.rules) * 1:43218 <-> DISABLED <-> PUA-ADWARE Win.Adware.Hotbar variant outbound connection (pua-adware.rules) * 1:43219 <-> DISABLED <-> PUA-ADWARE Win.Adware.Hotbar variant outbound connection (pua-adware.rules) * 1:43221 <-> ENABLED <-> MALWARE-OTHER Win.Trojan-Downloader.Jadtree GET request of RAR file to server (malware-other.rules) * 1:43225 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework CLI loader denial of service attempt (os-windows.rules) * 1:43226 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework CLI loader denial of service attempt (os-windows.rules) * 1:43227 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 force off denial of service attempt (protocol-scada.rules) * 1:43228 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 force on denial of service attempt (protocol-scada.rules) * 1:43229 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43230 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43231 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43232 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43233 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43234 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43235 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43236 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43239 <-> DISABLED <-> PROTOCOL-FTP WS-FTP REST command overly large file creation attempt (protocol-ftp.rules) * 1:43247 <-> DISABLED <-> SERVER-APACHE Apache Rave information disclosure attempt (server-apache.rules) * 1:43252 <-> DISABLED <-> PROTOCOL-SCADA IEC 61850 device connection enumeration attempt (protocol-scada.rules) * 1:43253 <-> DISABLED <-> PROTOCOL-SCADA IEC 61850 virtual manufacturing device domain variable enumeration attempt (protocol-scada.rules) * 1:43259 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:43260 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:43261 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:43262 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:43263 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:43264 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:43275 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:43276 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:43277 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:43278 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:43297 <-> DISABLED <-> SERVER-OTHER Cisco ASA 5500 series denial of service attempt (server-other.rules) * 1:43298 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit WebCore CSSSelector denial of service attempt (browser-webkit.rules) * 1:43300 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:43301 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:43302 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:43303 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:43333 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules) * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules) * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules) * 1:43348 <-> DISABLED <-> PROTOCOL-SCADA Advantech Studio DOS attempt (protocol-scada.rules) * 1:43349 <-> DISABLED <-> SERVER-OTHER Karjasoft Sami HTTP Server denial of service attempt (server-other.rules) * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (policy-other.rules) * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:43368 <-> DISABLED <-> FILE-OTHER Compface xbm long declaration buffer overflow attempt (file-other.rules) * 1:43369 <-> DISABLED <-> FILE-OTHER Compface xbm long declaration buffer overflow attempt (file-other.rules) * 1:43370 <-> DISABLED <-> NETBIOS DCERPC possible wmi remote process launch (netbios.rules) * 1:43384 <-> DISABLED <-> INDICATOR-COMPROMISE Wing FTP Server potentially malicious admin user creation attempt (indicator-compromise.rules) * 1:43385 <-> DISABLED <-> INDICATOR-COMPROMISE Wing FTP Server potentially malicious admin user creation attempt (indicator-compromise.rules) * 1:43386 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:43387 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:43388 <-> DISABLED <-> OS-OTHER Apple OSX CFNetwork HTTP response denial of service attempt (os-other.rules) * 1:43389 <-> DISABLED <-> INDICATOR-COMPROMISE Symantec Endpoint Protection potential binary planting RCE attempt (indicator-compromise.rules) * 1:43397 <-> DISABLED <-> SERVER-OTHER Proface GP-Pro EX EX-ED BeginPreRead stack buffer overflow attempt (server-other.rules) * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (policy-other.rules) * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (policy-other.rules) * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules) * 1:43442 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Sorebrect download attempt (malware-other.rules) * 1:43443 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Sorebrect download attempt (malware-other.rules) * 1:43450 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file double free attempt (file-office.rules) * 1:43514 <-> DISABLED <-> SERVER-OTHER Cisco IOS authentication proxy authentication request attempt (server-other.rules) * 1:43516 <-> DISABLED <-> BROWSER-OTHER Apple Safari nested xml tag denial of service attempt (browser-other.rules) * 1:43517 <-> DISABLED <-> BROWSER-OTHER Apple Safari nested xml tag denial of service attempt (browser-other.rules) * 1:43525 <-> DISABLED <-> SERVER-OTHER Cisco ASA malformed SCCP packet denial of service attempt (server-other.rules) * 1:43540 <-> DISABLED <-> FILE-OTHER Aktiv Player wma file buffer overflow attempt (file-other.rules) * 1:43541 <-> DISABLED <-> FILE-OTHER Aktiv Player wma file buffer overflow attempt (file-other.rules) * 1:43542 <-> DISABLED <-> SERVER-OTHER CCProxy telnet ping buffer overflow attempt (server-other.rules) * 1:43543 <-> DISABLED <-> FILE-OTHER multiple vulnerabilities malformed .m3u file buffer overflow attempt (file-other.rules) * 1:43546 <-> DISABLED <-> INDICATOR-COMPROMISE Juniper vSRX Application Firewall IPv6 REJECT buffer overflow attempt (indicator-compromise.rules) * 1:43547 <-> DISABLED <-> SERVER-APACHE httpd mod_mime content-type buffer overflow attempt (server-apache.rules) * 1:43562 <-> DISABLED <-> POLICY-OTHER Teleopti WFM database information request detected (policy-other.rules) * 1:43563 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user credentials request detected (policy-other.rules) * 1:43564 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user creation detected (policy-other.rules) * 1:43565 <-> DISABLED <-> APP-DETECT HTTPTunnel proxy outbound connection detected (app-detect.rules) * 1:43566 <-> DISABLED <-> SERVER-OTHER LAN Messenger initiation request buffer overflow attempt (server-other.rules) * 1:43573 <-> DISABLED <-> SERVER-OTHER Cisco IOS DHCP denial of service attempt (server-other.rules) * 1:43576 <-> DISABLED <-> INDICATOR-COMPROMISE possible Samsung DVR authentication bypass attempt (indicator-compromise.rules) * 1:43581 <-> DISABLED <-> SERVER-OTHER Oracle DBMS AUTH_ALTER_SESSION SQL injection attempt (server-other.rules) * 1:43582 <-> DISABLED <-> FILE-OTHER multiple vulnerabilities malformed .wav file buffer overflow attempt (file-other.rules) * 1:43596 <-> DISABLED <-> SERVER-OTHER Oracle Demantra information disclosure attempt (server-other.rules) * 1:43600 <-> DISABLED <-> FILE-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (file-other.rules) * 1:43601 <-> DISABLED <-> FILE-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (file-other.rules) * 1:43602 <-> DISABLED <-> SERVER-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (server-other.rules) * 1:43603 <-> DISABLED <-> FILE-OTHER Schneider Electric ClearSCADA malicious OPF file (file-other.rules) * 1:43604 <-> DISABLED <-> FILE-OTHER Schneider Electric ClearSCADA malicious OPF file (file-other.rules) * 1:43610 <-> DISABLED <-> SERVER-OTHER Piwigo LocalFiles editor cross-site request forgery attempt (server-other.rules) * 1:43611 <-> DISABLED <-> SERVER-OTHER Piwigo LocalFiles editor cross-site request forgery attempt (server-other.rules) * 1:43620 <-> DISABLED <-> SERVER-OTHER Real Networks Helix Server RTSP denial of service attempt (server-other.rules) * 1:43621 <-> DISABLED <-> SERVER-OTHER Real Networks Helix Server RTSP denial of service attempt (server-other.rules) * 1:43623 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file HostList processing stack buffer overflow attempt (file-other.rules) * 1:43624 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file InformixServerList processing stack buffer overflow attempt (file-other.rules) * 1:43626 <-> DISABLED <-> FILE-OTHER Schneider Electric MaxStream Configuration X-CTU code execution attempt (file-other.rules) * 1:43627 <-> DISABLED <-> FILE-OTHER Schneider Electric MaxStream Configuration X-CTU code execution attempt (file-other.rules) * 1:43632 <-> DISABLED <-> FILE-EXECUTABLE SandboxEscaper WER download attempt (file-executable.rules) * 1:43633 <-> DISABLED <-> FILE-EXECUTABLE SandboxEscaper WER download attempt (file-executable.rules) * 1:43638 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (file-office.rules) * 1:43639 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (file-office.rules) * 1:43640 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (file-office.rules) * 1:43641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (file-office.rules) * 1:43642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox multiple vulnerabilities memory corruption attempt (browser-firefox.rules) * 1:43643 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox design mode deleted style memory corruption attempt (browser-firefox.rules) * 1:43644 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox display moz-deck style memory corruption attempt (browser-firefox.rules) * 1:43651 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox large window null pointer dereference attempt (browser-firefox.rules) * 1:43652 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox large window null pointer dereference attempt (browser-firefox.rules) * 1:43660 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Server information disclosure attempt (server-oracle.rules) * 1:43661 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Servlet information disclosure attempt (server-oracle.rules) * 1:43662 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Servlet information disclosure attempt (server-oracle.rules) * 1:43663 <-> DISABLED <-> SERVER-OTHER WSFTP IpSwitch custom SITE command execution attempt (server-other.rules) * 1:43669 <-> DISABLED <-> FILE-OTHER Node.js JS-YAML js function tag code execution attempt (file-other.rules) * 1:43670 <-> DISABLED <-> FILE-OTHER Node.js JS-YAML js function tag code execution attempt (file-other.rules) * 1:43672 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products obfuscated cross site scripting attempt (browser-firefox.rules) * 1:43673 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products obfuscated cross site scripting attempt (browser-firefox.rules) * 1:43676 <-> DISABLED <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt (file-pdf.rules) * 1:43677 <-> DISABLED <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt (file-pdf.rules) * 1:43682 <-> DISABLED <-> FILE-OTHER Xion Media Player AIFF denial of service attempt (file-other.rules) * 1:43683 <-> DISABLED <-> FILE-OTHER Xion Media Player AIFF denial of service attempt (file-other.rules) * 1:43684 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod variant file download (malware-other.rules) * 1:43685 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod variant outbound connection (malware-other.rules) * 1:43686 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.NemucodAES variant outbound connection (malware-other.rules) * 1:43700 <-> DISABLED <-> SERVER-OTHER Monkey HTTPD null request denial of service attempt (server-other.rules) * 1:43705 <-> DISABLED <-> SERVER-OTHER HPE LoadRunner buffer overflow exploitation attempt (server-other.rules) * 1:43728 <-> DISABLED <-> SERVER-OTHER XChat heap buffer overflow attempt (server-other.rules) * 1:43730 <-> DISABLED <-> SERVER-OTHER multiple vulnerabilities malformed mp3 buffer overflow attempt (server-other.rules) * 1:43748 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox BOM character cross site scripting attempt (browser-firefox.rules) * 1:43749 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox BOM character cross site scripting attempt (browser-firefox.rules) * 1:43750 <-> DISABLED <-> FILE-OTHER Sorensoft Media Player asz file buffer overflow attempt (file-other.rules) * 1:43751 <-> DISABLED <-> FILE-OTHER Sorensoft Media Player asz file buffer overflow attempt (file-other.rules) * 1:43752 <-> DISABLED <-> SERVER-OTHER Sun Solaris dhcpd malformed bootp denial of service attempt (server-other.rules) * 1:43753 <-> DISABLED <-> SERVER-OTHER Sami FTP RETR denial of service attempt (server-other.rules) * 1:43760 <-> DISABLED <-> PROTOCOL-NNTP Control overflow attempt (protocol-nntp.rules) * 1:43761 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox wyciwgy domain forgery attempt (browser-firefox.rules) * 1:43763 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree node removal memory corruption attempt (browser-firefox.rules) * 1:43764 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree node removal memory corruption attempt (browser-firefox.rules) * 1:43765 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL null menu memory corruption attempt (browser-firefox.rules) * 1:43766 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL null menu memory corruption attempt (browser-firefox.rules) * 1:43767 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox floating layer denial of service attempt (browser-firefox.rules) * 1:43768 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox floating layer denial of service attempt (browser-firefox.rules) * 1:43769 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:43770 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:43771 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:43772 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:43773 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:43774 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:43784 <-> DISABLED <-> POLICY-OTHER D-Link DIR-645 router external authentication attempt (policy-other.rules) * 1:43794 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (file-other.rules) * 1:43795 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (file-other.rules) * 1:43797 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (file-other.rules) * 1:43798 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (file-other.rules) * 1:43806 <-> DISABLED <-> MALWARE-BACKDOOR HVL Rat inbound command (malware-backdoor.rules) * 1:43815 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (os-windows.rules) * 1:43816 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (os-windows.rules) * 1:43817 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (os-windows.rules) * 1:43818 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (os-windows.rules) * 1:43826 <-> DISABLED <-> BROWSER-OTHER Opera animation element denial of service attempt (browser-other.rules) * 1:43827 <-> DISABLED <-> BROWSER-OTHER Opera animation element denial of service attempt (browser-other.rules) * 1:43828 <-> DISABLED <-> FILE-OTHER Snackamp malformed AIFF buffer overflow attempt (file-other.rules) * 1:43834 <-> DISABLED <-> FILE-OTHER Bmxplay malformed BMX buffer overflow attempt (file-other.rules) * 1:43840 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP response format string exploit attempt (file-other.rules) * 1:43841 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:43842 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP response format string exploit attempt (file-other.rules) * 1:43843 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:43844 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:43845 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:43871 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (file-image.rules) * 1:43872 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (file-image.rules) * 1:43873 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (file-image.rules) * 1:43874 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (file-image.rules) * 1:43879 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF polygon heap buffer overflow attempt (file-other.rules) * 1:43880 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF polygon heap buffer overflow attempt (file-other.rules) * 1:43891 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules) * 1:43892 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules) * 1:43914 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode type confusion exploitation attempt (file-pdf.rules) * 1:43915 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode type confusion exploitation attempt (file-pdf.rules) * 1:43918 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43919 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43920 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43921 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43926 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA javascript use after free exploitation attempt (file-pdf.rules) * 1:43927 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA javascript use after free exploitation attempt (file-pdf.rules) * 1:43928 <-> DISABLED <-> PROTOCOL-OTHER NETBIOS Session Service header length field denial of service attempt (protocol-other.rules) * 1:43942 <-> DISABLED <-> FILE-OTHER Abbs Media Player LST buffer overflow attempt (file-other.rules) * 1:43943 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.DonaldDick variant outbound connection detection (malware-backdoor.rules) * 1:43944 <-> DISABLED <-> FILE-OTHER multiple products malformed CUE file buffer overflow attempt (file-other.rules) * 1:43945 <-> DISABLED <-> FILE-OTHER Magic Music Editor malformed CDA buffer overflow attempt (file-other.rules) * 1:43946 <-> DISABLED <-> FILE-OTHER Guitar Pro malformed GPX buffer overflow attempt (file-other.rules) * 1:43947 <-> DISABLED <-> FILE-OTHER Guitar Pro malformed GPX buffer overflow attempt (file-other.rules) * 1:43952 <-> DISABLED <-> FILE-OTHER VLC Media Player malformed AMR buffer overflow attempt (file-other.rules) * 1:43953 <-> DISABLED <-> FILE-OTHER VLC Media Player malformed AMR buffer overflow attempt (file-other.rules) * 1:43954 <-> DISABLED <-> BROWSER-FIREFOX Mozilla PLUGINSPAGE javascript execution attempt (browser-firefox.rules) * 1:43955 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine integer overflow attempt (browser-chrome.rules) * 1:43956 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine integer overflow attempt (browser-chrome.rules) * 1:43959 <-> DISABLED <-> SERVER-OTHER Sybase Open Server function pointer array code execution attempt (server-other.rules) * 1:43960 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products element style change memory corruption code execution attempt (browser-firefox.rules) * 1:43965 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .doc file denial of service attempt (os-windows.rules) * 1:43966 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .doc file denial of service attempt (os-windows.rules) * 1:43970 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIER16 out of bounds access attempt (file-multimedia.rules) * 1:43971 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIER16 out of bounds access attempt (file-multimedia.rules) * 1:43975 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Hermit variant malicious dropper download attempt (malware-other.rules) * 1:43976 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Hermit variant malicious dropper download attempt (malware-other.rules) * 1:43986 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electroc ModbusDrv.exe buffer overflow attempt (protocol-scada.rules) * 1:43987 <-> DISABLED <-> SERVER-OTHER Konqueror KDE ftp iframe denial of service attempt (server-other.rules) * 1:43988 <-> DISABLED <-> SERVER-OTHER Konqueror KDE ftp iframe denial of service attempt (server-other.rules) * 1:44004 <-> DISABLED <-> POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected (policy-other.rules) * 1:44009 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox empty lookupGetter dangling pointer attempt (browser-firefox.rules) * 1:44010 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox empty lookupGetter dangling pointer attempt (browser-firefox.rules) * 1:44015 <-> DISABLED <-> PROTOCOL-OTHER STCP heartbeat chunk denial of service attempt (protocol-other.rules) * 1:44019 <-> DISABLED <-> FILE-IMAGE malformed png missing IHDR (file-image.rules) * 1:44020 <-> DISABLED <-> FILE-IMAGE malformed png missing IHDR (file-image.rules) * 1:44024 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44026 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules) * 1:44038 <-> DISABLED <-> SERVER-OTHER LCDproc parse_all_client_messages buffer overflow attempt (server-other.rules) * 1:44039 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Launch action buffer overflow attempt (file-pdf.rules) * 1:44040 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Launch action buffer overflow attempt (file-pdf.rules) * 1:44041 <-> DISABLED <-> SERVER-OTHER LCDproc test_func buffer overflow attempt (server-other.rules) * 1:44050 <-> DISABLED <-> BROWSER-OTHER Apple Safari document.write buffer overflow attempt (browser-other.rules) * 1:44051 <-> DISABLED <-> BROWSER-OTHER Apple Safari document.write buffer overflow attempt (browser-other.rules) * 1:44055 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules) * 1:44056 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules) * 1:44057 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file EMR_ALPHABLEND record memory corruption attempt (file-other.rules) * 1:44058 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file EMR_ALPHABLEND record memory corruption attempt (file-other.rules) * 1:44064 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:44065 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:44066 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:44067 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:44078 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod file download (malware-other.rules) * 1:44096 <-> DISABLED <-> MALWARE-TOOLS Request to service that provices external IP address detected (malware-tools.rules) * 1:44103 <-> DISABLED <-> FILE-PDF Multiple products PDF JavaScript saveAs arbitrary file write attempt (file-pdf.rules) * 1:44104 <-> DISABLED <-> FILE-PDF Multiple products PDF JavaScript saveAs arbitrary file write attempt (file-pdf.rules) * 1:44105 <-> DISABLED <-> SERVER-OTHER WebPageTests upload feature remote file upload attempt (server-other.rules) * 1:44108 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44109 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44110 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44111 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44112 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44113 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44114 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44115 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44119 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record crash attempt (file-other.rules) * 1:44120 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record crash attempt (file-other.rules) * 1:44121 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (file-other.rules) * 1:44122 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (file-other.rules) * 1:44123 <-> DISABLED <-> FILE-OTHER EMF EMR_EXTTEXTOUTW record memory corruption attempt (file-other.rules) * 1:44124 <-> DISABLED <-> FILE-OTHER EMF EMR_EXTTEXTOUTW record memory corruption attempt (file-other.rules) * 1:44143 <-> DISABLED <-> SERVER-OTHER LCDproc test_func format string code execution attempt (server-other.rules) * 1:44151 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:44152 <-> DISABLED <-> SERVER-OTHER Multmedia Builder MEF buffer overflow attempt (server-other.rules) * 1:44155 <-> DISABLED <-> SERVER-APACHE Apache Qpid AMQP denial of service attempt (server-apache.rules) * 1:44156 <-> DISABLED <-> SERVER-APACHE Apache Qpid AMQP denial of service attempt (server-apache.rules) * 1:44158 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media Player malformed au denial of service attempt (file-other.rules) * 1:44159 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media Player malformed au denial of service attempt (file-other.rules) * 1:44172 <-> DISABLED <-> INDICATOR-OBFUSCATION suspicious dynamic http link creation attempt (indicator-obfuscation.rules) * 1:44180 <-> DISABLED <-> FILE-OTHER Bluezone Desktop buffer overflow attempt (file-other.rules) * 1:44181 <-> DISABLED <-> FILE-OTHER Bluezone Desktop buffer overflow attempt (file-other.rules) * 1:44194 <-> DISABLED <-> FILE-MULTIMEDIA multiple audio players playlist file handling heap overflow attempt (file-multimedia.rules) * 1:44201 <-> DISABLED <-> SERVER-OTHER Verso NetPerformer frame relay access device telnet buffer overflow attempt (server-other.rules) * 1:44202 <-> DISABLED <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt (server-other.rules) * 1:44203 <-> DISABLED <-> SERVER-OTHER HP Data Protector memory corruption attempt (server-other.rules) * 1:44204 <-> DISABLED <-> FILE-OTHER VideoLAN VLC Media Player Ogg/Vorbis denial of service attempt (file-other.rules) * 1:44205 <-> DISABLED <-> FILE-OTHER VideoLAN VLC Media Player Ogg/Vorbis denial of service attempt (file-other.rules) * 1:44206 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules) * 1:44207 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules) * 1:44208 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules) * 1:44209 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules) * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (file-identify.rules) * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:44286 <-> DISABLED <-> FILE-IMAGE Real-DRAW PRO malformed PNG denial of service attempt (file-image.rules) * 1:44303 <-> DISABLED <-> FILE-OFFICE Microsoft PowerPoint CString atom overflow attempt (file-office.rules) * 1:44304 <-> DISABLED <-> FILE-OFFICE Microsoft PowerPoint CString atom overflow attempt (file-office.rules) * 1:44320 <-> DISABLED <-> SERVER-OTHER Symantec Firewalls DNS response denial of service attempt (server-other.rules) * 1:44323 <-> DISABLED <-> FILE-OTHER RAR file malformed header antivirus evasion attempt (file-other.rules) * 1:44324 <-> DISABLED <-> POLICY-OTHER vsFTPd denial of service attempt (policy-other.rules) * 1:44325 <-> DISABLED <-> FILE-OTHER ZIP file malformed header antivirus evasion attempt (file-other.rules) * 1:44326 <-> DISABLED <-> SERVER-OTHER Novell iPrint Client buffer overflow attempt (server-other.rules) * 1:44355 <-> DISABLED <-> FILE-IMAGE Free Opener malformed JPEG file buffer overflow attempt (file-image.rules) * 1:44358 <-> DISABLED <-> PUA-ADWARE DealPly Adware variant outbound connection (pua-adware.rules) * 1:44368 <-> DISABLED <-> PROTOCOL-SCADA CoDeSys GatewayService heap overrun attempt (protocol-scada.rules) * 1:44369 <-> DISABLED <-> FILE-PDF Nitro Pro malformed object index buffer overflow attempt (file-pdf.rules) * 1:44370 <-> DISABLED <-> FILE-PDF Nitro Pro malformed object index buffer overflow attempt (file-pdf.rules) * 1:44374 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid hash algorithm (server-other.rules) * 1:44375 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid signature algorithm (server-other.rules) * 1:44382 <-> DISABLED <-> SERVER-OTHER D-Link router remote reboot attempt (server-other.rules) * 1:44394 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab variant outbound connection detected (pua-adware.rules) * 1:44395 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab variant outbound connection detected (pua-adware.rules) * 1:44416 <-> DISABLED <-> INDICATOR-COMPROMISE png file attachment without matching file magic (indicator-compromise.rules) * 1:44418 <-> DISABLED <-> SERVER-OTHER Tipping Point IPS reverse DNS lookup format string exploit attempt (server-other.rules) * 1:44434 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server possible OPTIONS method memory leak attempt (server-apache.rules) * 1:44441 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules) * 1:44442 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules) * 1:44468 <-> DISABLED <-> SERVER-OTHER SAP Netweaver Dynpro Engine denial of service attempt (server-other.rules) * 1:44474 <-> DISABLED <-> MALWARE-OTHER GHBkdr TLS Change Cipher spoof runtime detection (malware-other.rules) * 1:44475 <-> DISABLED <-> MALWARE-OTHER GHBkdr TLS Handshake spoof runtime detection (malware-other.rules) * 1:44476 <-> DISABLED <-> PUA-ADWARE Win.Adware.OutBrowse variant outbound connection detected (pua-adware.rules) * 1:44479 <-> DISABLED <-> PROTOCOL-DNS dnsmasq overly large DNS query denial of service attempt (protocol-dns.rules) * 1:44481 <-> DISABLED <-> SERVER-OTHER dnsmasq IPv6 heap overflow attempt (server-other.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44574 <-> DISABLED <-> SERVER-OTHER Ipass Client control pipe remote code execution attempt (server-other.rules) * 1:44576 <-> DISABLED <-> SERVER-OTHER Samsung Security Manager ActiveMQ arbitrary file upload attempt (server-other.rules) * 1:44577 <-> DISABLED <-> SERVER-OTHER Samsung Security Manager ActiveMQ cross site scripting attempt (server-other.rules) * 1:44581 <-> DISABLED <-> SERVER-OTHER TrendMicro OfficeScan LogonUser buffer overflow attempt (server-other.rules) * 1:44585 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx object type confusion attempt (file-office.rules) * 1:44586 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx object type confusion attempt (file-office.rules) * 1:44615 <-> DISABLED <-> INDICATOR-OBFUSCATION suspicious javascript deobfuscation calls attempt (indicator-obfuscation.rules) * 1:44623 <-> DISABLED <-> POLICY-OTHER EMC Autostart default domain login attempt (policy-other.rules) * 1:44633 <-> DISABLED <-> SERVER-OTHER Colorado FTP Server directory traversal attempt (server-other.rules) * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (policy-other.rules) * 1:44643 <-> DISABLED <-> SERVER-OTHER Mikrotik RouterOS denial of service attempt (server-other.rules) * 1:44647 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB2 transfer attempt (malware-other.rules) * 1:44648 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB transfer attempt (malware-other.rules) * 1:44649 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB2 transfer attempt (malware-other.rules) * 1:44650 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB transfer attempt (malware-other.rules) * 1:44651 <-> DISABLED <-> NETBIOS SMB NTLMSSP authentication brute force attempt (netbios.rules) * 1:44660 <-> DISABLED <-> SERVER-OTHER D-Link DIR-300 and DIR-600 command execution attempt (server-other.rules) * 1:44661 <-> DISABLED <-> SERVER-OTHER D-Link DIR-300 and DIR-600 information disclosure attempt (server-other.rules) * 1:44662 <-> DISABLED <-> SERVER-OTHER D-Link DIR-300 and DIR-600 information disclosure attempt (server-other.rules) * 1:44663 <-> DISABLED <-> SERVER-OTHER Mikrotik RouterOS SNMP security bypass attempt (server-other.rules) * 1:44665 <-> DISABLED <-> SERVER-OTHER Easy Chat Server buffer overflow attempt (server-other.rules) * 1:44666 <-> DISABLED <-> SERVER-OTHER Easy Chat Server buffer overflow attempt (server-other.rules) * 1:44674 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query integer overflow attempt (server-mysql.rules) * 1:44676 <-> DISABLED <-> SERVER-OTHER Wireshark Sigcomp buffer overflow attempt (server-other.rules) * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (policy-other.rules) * 1:44679 <-> DISABLED <-> SERVER-OTHER Beetel Connection Manager username buffer overflow attempt (server-other.rules) * 1:44680 <-> DISABLED <-> SERVER-OTHER Beetel Connection Manager username buffer overflow attempt (server-other.rules) * 1:44685 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules) * 1:44686 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules) * 1:44690 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:44691 <-> DISABLED <-> PUA-ADWARE Win.Adware.Clover outbound connection (pua-adware.rules) * 1:44694 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules) * 1:44695 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules) * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (policy-other.rules) * 1:44703 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44704 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44705 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44706 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44715 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate Collector process remote start attempt (server-other.rules) * 1:44716 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (server-other.rules) * 1:44717 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate Collector process remote start attempt (server-other.rules) * 1:44718 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (server-other.rules) * 1:44719 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (server-other.rules) * 1:44720 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (server-other.rules) * 1:44721 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate Manager process arbitrary file execution attempt (server-other.rules) * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules) * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules) * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44743 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:44756 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK denial of service attempt (server-other.rules) * 1:44757 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (file-other.rules) * 1:44758 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (file-other.rules) * 1:44759 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (file-other.rules) * 1:44783 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (file-identify.rules) * 1:44784 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (file-identify.rules) * 1:44785 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (file-identify.rules) * 1:44786 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (file-identify.rules) * 1:44795 <-> DISABLED <-> FILE-OFFICE Hewlett-Packard Autonomy KeyView library stack-based buffer overflow attempt (file-office.rules) * 1:44796 <-> DISABLED <-> FILE-OFFICE Hewlett-Packard Autonomy KeyView library stack-based buffer overflow attempt (file-office.rules) * 1:44808 <-> DISABLED <-> INDICATOR-COMPROMISE Apache HTTP Server possible mod_dav.c remote denial of service vulnerability attempt (indicator-compromise.rules) * 1:44825 <-> DISABLED <-> OS-WINDOWS Microsoft Edge out of bounds write attempt (os-windows.rules) * 1:44826 <-> DISABLED <-> OS-WINDOWS Microsoft Edge out of bounds write attempt (os-windows.rules) * 1:44838 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF memory corruption attempt (file-office.rules) * 1:44839 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF memory corruption attempt (file-office.rules) * 1:44864 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer OLE auto-open attempt (indicator-compromise.rules) * 1:44865 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer OLE auto-open attempt (indicator-compromise.rules) * 1:44878 <-> DISABLED <-> SERVER-OTHER Mako Web Server arbitrary file upload attempt (server-other.rules) * 1:44889 <-> DISABLED <-> PUA-TOOLBARS WidgiToolbar toolbar runtime detection (pua-toolbars.rules) * 1:44904 <-> DISABLED <-> FILE-PDF Adobe Acrobat untrusted pointer dereference attempt (file-pdf.rules) * 1:44905 <-> DISABLED <-> FILE-PDF Adobe Acrobat untrusted pointer dereference attempt (file-pdf.rules) * 1:44906 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javscript use after free attempt (file-pdf.rules) * 1:44907 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javscript use after free attempt (file-pdf.rules) * 1:44914 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PrintParams out of bounds array index attempt (file-pdf.rules) * 1:44915 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PrintParams out of bounds array index attempt (file-pdf.rules) * 1:44919 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusRectF out of bounds read attempt (file-other.rules) * 1:44920 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusRectF out of bounds read attempt (file-other.rules) * 1:44931 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file embedded JPEG invalid SOS data memory corruption attempt (file-other.rules) * 1:44932 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file embedded JPEG invalid SOS data memory corruption attempt (file-other.rules) * 1:44935 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:44936 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:44941 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader FDF file security bypass attempt (file-other.rules) * 1:44942 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader FDF file security bypass attempt (file-other.rules) * 1:44947 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:44948 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:44957 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed XObject use after free attempt (file-pdf.rules) * 1:44958 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed XObject use after free attempt (file-pdf.rules) * 1:44971 <-> DISABLED <-> SERVER-OTHER QNAP transcode server command injection attempt (server-other.rules) * 1:44974 <-> DISABLED <-> SERVER-OTHER Cisco IOS Smart Install identification attempt (server-other.rules) * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:44979 <-> DISABLED <-> FILE-PDF Foxit Reader util printf information disclosure attempt (file-pdf.rules) * 1:44980 <-> DISABLED <-> FILE-PDF Foxit Reader util printf information disclosure attempt (file-pdf.rules) * 1:44981 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Kristina encryption over SMB attempt (malware-other.rules) * 1:44982 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Kristina encryption over SMB attempt (malware-other.rules) * 1:44985 <-> DISABLED <-> SERVER-OTHER Galil RIO-47100 denial of service attempt (server-other.rules) * 1:44991 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules) * 1:45023 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules) * 1:45024 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules) * 1:45027 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules) * 1:45028 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules) * 1:45029 <-> DISABLED <-> FILE-PDF JPEG2000 image coding style default information disclosure attempt (file-pdf.rules) * 1:45030 <-> DISABLED <-> FILE-PDF JPEG2000 image coding style default information disclosure attempt (file-pdf.rules) * 1:45042 <-> DISABLED <-> BROWSER-OTHER Adobe Acrobat Pro WebCapture information disclosure attempt (browser-other.rules) * 1:45043 <-> DISABLED <-> BROWSER-OTHER Adobe Acrobat Pro WebCapture information disclosure attempt (browser-other.rules) * 1:45058 <-> DISABLED <-> FILE-OTHER Microsoft Windows UAC bypass attempt (file-other.rules) * 1:45059 <-> DISABLED <-> FILE-OTHER Microsoft Windows UAC bypass attempt (file-other.rules) * 1:45068 <-> DISABLED <-> SERVER-OTHER Oracle Identity Manager default login attempt (server-other.rules) * 1:45069 <-> DISABLED <-> SERVER-SAMBA Samba write andx command memory leak attempt (server-samba.rules) * 1:45070 <-> DISABLED <-> SERVER-SAMBA Samba write and close command memory leak attempt (server-samba.rules) * 1:45071 <-> DISABLED <-> SERVER-SAMBA Samba write and unlock command memory leak attempt (server-samba.rules) * 1:45072 <-> DISABLED <-> SERVER-SAMBA Samba write command memory leak attempt (server-samba.rules) * 1:45085 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:45101 <-> DISABLED <-> PROTOCOL-SCADA vxworks rpc credential flavor integer overflow device crash attempt (protocol-scada.rules) * 1:45108 <-> DISABLED <-> PROTOCOL-RPC XDR string allocation denial of service attempt (protocol-rpc.rules) * 1:45125 <-> DISABLED <-> FILE-OTHER Adobe Shockwave newModel memory disclosure attempt (file-other.rules) * 1:45126 <-> DISABLED <-> FILE-OTHER Adobe Shockwave newModel memory disclosure attempt (file-other.rules) * 1:45152 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft MsMpEng shrink compressed zip code execution attempt (indicator-compromise.rules) * 1:45153 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft MsMpEng shrink compressed zip code execution attempt (indicator-compromise.rules) * 1:45157 <-> DISABLED <-> SERVER-OTHER SSDP M-SEARCH ssdp-all potential amplified distributed denial-of-service attempt (server-other.rules) * 1:45164 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 3 dump request attempt (policy-other.rules) * 1:45165 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 2 dump request attempt (policy-other.rules) * 1:45166 <-> DISABLED <-> POLICY-OTHER RPC Portmapper getstat request attempt (policy-other.rules) * 1:45173 <-> DISABLED <-> BROWSER-FIREFOX Mozilla download directory file deletion attempt (browser-firefox.rules) * 1:45174 <-> DISABLED <-> BROWSER-FIREFOX Mozilla download directory file deletion attempt (browser-firefox.rules) * 1:45187 <-> DISABLED <-> SERVER-OTHER WinRadius long password denial of service attempt (server-other.rules) * 1:45188 <-> DISABLED <-> SERVER-OTHER ElectraSoft 32bit FTP PASV reply stack buffer overflow attempt (server-other.rules) * 1:45206 <-> DISABLED <-> BROWSER-FIREFOX Multiple browser pressure function denial of service attempt (browser-firefox.rules) * 1:45207 <-> DISABLED <-> PROTOCOL-SCADA WelinTech Kingview History Server denial of service attempt (protocol-scada.rules) * 1:45224 <-> DISABLED <-> FILE-FLASH Adobe Flash memory corruption exploit attempt (file-flash.rules) * 1:45225 <-> DISABLED <-> FILE-FLASH Adobe Flash memory corruption exploit attempt (file-flash.rules) * 1:45227 <-> DISABLED <-> SERVER-OTHER Docker Rancher Server remote code execution attempt (server-other.rules) * 1:45228 <-> DISABLED <-> SERVER-OTHER Medal Of Honor Allied Assault getinfo buffer overflow attempt (server-other.rules) * 1:45233 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon Quantum modbus stop command attempt (protocol-scada.rules) * 1:45234 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon Quantum modbus start command attempt (protocol-scada.rules) * 1:45246 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox DOM event handler privilege escalation attempt (browser-firefox.rules) * 1:45247 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox DOM event handler privilege escalation attempt (browser-firefox.rules) * 1:45253 <-> DISABLED <-> SERVER-OTHER Dahua DVR hard-coded root login attempt (server-other.rules) * 1:45256 <-> DISABLED <-> BROWSER-OTHER IBM Notes denial of service attempt (browser-other.rules) * 1:45257 <-> DISABLED <-> BROWSER-OTHER IBM Notes denial of service attempt (browser-other.rules) * 1:45307 <-> DISABLED <-> SERVER-APACHE Apache SSI error page cross-site scripting attempt (server-apache.rules) * 1:45311 <-> DISABLED <-> POLICY-OTHER Vicon Security and Infinova IP cameras IP filer state change (policy-other.rules) * 1:45348 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules) * 1:45349 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules) * 1:45350 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules) * 1:45351 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules) * 1:45356 <-> DISABLED <-> FILE-FLASH Adobe Flash Player null pointer dereference attempt (file-flash.rules) * 1:45380 <-> DISABLED <-> SERVER-OTHER Sixnet SixView Manager directory traversal attempt (server-other.rules) * 1:45385 <-> DISABLED <-> OS-OTHER Mac OS X setuid privilege esclatation exploit attempt (os-other.rules) * 1:45386 <-> DISABLED <-> OS-OTHER Mac OS X setuid privilege esclatation exploit attempt (os-other.rules) * 1:45394 <-> DISABLED <-> SERVER-OTHER Quest Privilege Manager pmmasterd denial of service attempt (server-other.rules) * 1:45397 <-> DISABLED <-> PUA-ADWARE Osx.Adware.SurfBuyer adware outbound connection detected (pua-adware.rules) * 1:45398 <-> DISABLED <-> PUA-ADWARE Osx.Adware.SurfBuyer adware outbound connection detected (pua-adware.rules) * 1:45402 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word memory corruption exploit attempt (file-office.rules) * 1:45403 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word memory corruption exploit attempt (file-office.rules) * 1:45411 <-> DISABLED <-> POLICY-OTHER TrendMicro ServerProtect server configuration file download detected (policy-other.rules) * 1:45417 <-> DISABLED <-> POLICY-OTHER Stratum mining protocol outbound connection attempt (policy-other.rules) * 1:45423 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU (protocol-scada.rules) * 1:45424 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ResponsePDU (protocol-scada.rules) * 1:45425 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ErrorPDU (protocol-scada.rules) * 1:45426 <-> DISABLED <-> PROTOCOL-SCADA MMS UnconfirmedPDU (protocol-scada.rules) * 1:45427 <-> DISABLED <-> PROTOCOL-SCADA MMS RejectPDU (protocol-scada.rules) * 1:45428 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-RequestPDU (protocol-scada.rules) * 1:45429 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ResponsePDU (protocol-scada.rules) * 1:45430 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ErrorPDU (protocol-scada.rules) * 1:45431 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-RequestPDU (protocol-scada.rules) * 1:45432 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ResponsePDU (protocol-scada.rules) * 1:45433 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ErrorPDU (protocol-scada.rules) * 1:45434 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-RequestPDU (protocol-scada.rules) * 1:45435 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ResponsePDU (protocol-scada.rules) * 1:45436 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ErrorPDU (protocol-scada.rules) * 1:45440 <-> DISABLED <-> SERVER-OTHER HP LoadRunner remote command execution attempt (server-other.rules) * 1:45476 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox HTTP index format out of bounds read attempt (browser-firefox.rules) * 1:45491 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word PlfLfo use after free attempt (file-office.rules) * 1:45492 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word PlfLfo use after free attempt (file-office.rules) * 1:45499 <-> DISABLED <-> SERVER-OTHER ISC DHCPD remote denial of service attempt (server-other.rules) * 1:45515 <-> ENABLED <-> NETBIOS SMB SESSION_SETUP subcommand detected (netbios.rules) * 1:45533 <-> DISABLED <-> FILE-OTHER Ghostscript rsdparams type confusion attempt (file-other.rules) * 1:45534 <-> DISABLED <-> FILE-OTHER Ghostscript rsdparams type confusion attempt (file-other.rules) * 1:45535 <-> DISABLED <-> FILE-OTHER Ghostscript eqproc type confusion attempt (file-other.rules) * 1:45536 <-> DISABLED <-> FILE-OTHER Ghostscript eqproc type confusion attempt (file-other.rules) * 1:45543 <-> DISABLED <-> FILE-OTHER WinAce RAR file directory traversal attempt (file-other.rules) * 1:45544 <-> DISABLED <-> FILE-OTHER WinAce RAR file directory traversal attempt (file-other.rules) * 1:45545 <-> DISABLED <-> PUA-ADWARE Osx.Adware.Mughthesec outbound connection attempt (pua-adware.rules) * 1:45550 <-> ENABLED <-> PUA-OTHER CPUMiner-Multi cryptocurrency mining pool connection attempt (pua-other.rules) * 1:45565 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant download attempt (malware-other.rules) * 1:45571 <-> DISABLED <-> SERVER-OTHER Commvault Communications Service command injection attempt (server-other.rules) * 1:45576 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Function focus overflow attempt (browser-firefox.rules) * 1:45577 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules) * 1:45578 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules) * 1:45579 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules) * 1:45580 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules) * 1:45581 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules) * 1:45582 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules) * 1:45583 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP SIP servers discovery attempt (protocol-voip.rules) * 1:45584 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP SIP servers discovery attempt (protocol-voip.rules) * 1:45587 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:45588 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:45589 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:45590 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:45591 <-> DISABLED <-> PROTOCOL-FTP LabF nfsAxe FTP Client buffer overflow attempt (protocol-ftp.rules) * 1:45611 <-> DISABLED <-> PROTOCOL-SNMP Cambium cnPilot SNMP request with read-only community string attempt (protocol-snmp.rules) * 1:45612 <-> DISABLED <-> PROTOCOL-TFTP WRITE long filename attempt (protocol-tftp.rules) * 1:45618 <-> DISABLED <-> PROTOCOL-SNMP Cambium ePMP SNMP request with read-only community string attempt (protocol-snmp.rules) * 1:45619 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules) * 1:45630 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS privilege escalation attempt (file-other.rules) * 1:45631 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS privilege escalation attempt (file-other.rules) * 1:45638 <-> DISABLED <-> SERVER-MAIL SqWebMail print_header_ua cross site scripting attempt (server-mail.rules) * 1:45639 <-> DISABLED <-> SERVER-MAIL SqWebMail print_header_ua cross site scripting attempt (server-mail.rules) * 1:45640 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:45641 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:45669 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:45670 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:45671 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:45672 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:45684 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro BMP out of bounds read attempt (file-image.rules) * 1:45685 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro BMP out of bounds read attempt (file-image.rules) * 1:45686 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded JPEG out of bounds read attempt (file-other.rules) * 1:45687 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded JPEG out of bounds read attempt (file-other.rules) * 1:45719 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader OCG heap overflow attempt (file-pdf.rules) * 1:45720 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader OCG heap overflow attempt (file-pdf.rules) * 1:45745 <-> DISABLED <-> SERVER-OTHER CloudMe Sync Client stack buffer overflow attempt (server-other.rules) * 1:45746 <-> DISABLED <-> SERVER-OTHER CloudMe Sync Client stack buffer overflow attempt (server-other.rules) * 1:45747 <-> DISABLED <-> SERVER-OTHER CloudMe Sync Client stack buffer overflow attempt (server-other.rules) * 1:45758 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View guest login attempt (policy-other.rules) * 1:45759 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View built-in function WebGetFile usage attempt (policy-other.rules) * 1:45770 <-> DISABLED <-> POLICY-OTHER Polycom VoIP config download attempt (policy-other.rules) * 1:45776 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:45777 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:45780 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:45781 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:45784 <-> DISABLED <-> FILE-PDF Adobe Reader annotation object out of bounds read attempt (file-pdf.rules) * 1:45785 <-> DISABLED <-> FILE-PDF Adobe Reader annotation object out of bounds read attempt (file-pdf.rules) * 1:45802 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:45803 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:45871 <-> DISABLED <-> PROTOCOL-SCADA IntegraXor 6x denial of service attempt (protocol-scada.rules) * 1:45879 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF listoverride memory corruption attempt (file-office.rules) * 1:45880 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF listoverride memory corruption attempt (file-office.rules) * 1:45919 <-> DISABLED <-> EXPLOIT-KIT Sundown/Terror EK landing page attempt (exploit-kit.rules) * 1:45933 <-> DISABLED <-> FILE-EXECUTABLE Binutils objdump integer overflow attempt (file-executable.rules) * 1:45934 <-> DISABLED <-> FILE-EXECUTABLE Binutils objdump integer overflow attempt (file-executable.rules) * 1:45983 <-> DISABLED <-> POLICY-OTHER Sandvine PacketLogic http redirection attempt (policy-other.rules) * 1:46072 <-> DISABLED <-> FILE-OTHER Python lib wave.py wav zero channel denial of service attempt (file-other.rules) * 1:46073 <-> DISABLED <-> FILE-OTHER Python lib wave.py wav zero channel denial of service attempt (file-other.rules) * 1:46074 <-> DISABLED <-> FILE-OTHER Microsoft Windows Remote Assistance external entity remote file download attempt (file-other.rules) * 1:46075 <-> DISABLED <-> FILE-OTHER Microsoft Windows Remote Assistance external entity remote file download attempt (file-other.rules) * 1:46077 <-> DISABLED <-> FILE-IMAGE Gifsicle gifread double-free attempt (file-image.rules) * 1:46078 <-> DISABLED <-> FILE-IMAGE Gifsicle gifread double-free attempt (file-image.rules) * 1:46098 <-> DISABLED <-> PROTOCOL-OTHER Routing Information Protocol version 1 potential amplified distributed denial of service attempt (protocol-other.rules) * 1:46115 <-> DISABLED <-> SERVER-APACHE FrontPage privilege escalation attempt (server-apache.rules) * 1:46116 <-> DISABLED <-> SERVER-APACHE FrontPage privilege escalation attempt (server-apache.rules) * 1:46121 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46122 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46123 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46124 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46258 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip out of bounds write attempt (file-flash.rules) * 1:46259 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip out of bounds write attempt (file-flash.rules) * 1:46289 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell transfer attempt (malware-backdoor.rules) * 1:46304 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ JMS ObjectMessage deserialization attempt (server-other.rules) * 1:46317 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules) * 1:46318 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules) * 1:46324 <-> ENABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:46326 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed PageManagementService persistent XSS attempt (server-apache.rules) * 1:46327 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed PageManagementService persistent XSS attempt (server-apache.rules) * 1:46335 <-> DISABLED <-> SERVER-OTHER QNAP QTS hard coded credential access attempt (server-other.rules) * 1:46336 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed User Manager service unauthorized API access attempt (server-apache.rules) * 1:46342 <-> DISABLED <-> SERVER-OTHER QNAP QTS cross site request forgery attempt (server-other.rules) * 1:46366 <-> ENABLED <-> PUA-OTHER CryptoNight webassembly download attempt (pua-other.rules) * 1:46367 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file download detected (file-identify.rules) * 1:46373 <-> DISABLED <-> PROTOCOL-OTHER CLDAP potential reflected distributed denial of service attempt (protocol-other.rules) * 1:46374 <-> DISABLED <-> PROTOCOL-OTHER CLDAP potential reflected distributed denial of service attempt (protocol-other.rules) * 1:46375 <-> DISABLED <-> SERVER-OTHER DualDesk v20 Proxy.exe long string denial of service attempt (server-other.rules) * 1:46381 <-> DISABLED <-> INDICATOR-COMPROMISE Potential data exfiltration through Google form submission (indicator-compromise.rules) * 1:46382 <-> DISABLED <-> SERVER-OTHER Micro Focus Operations Orchestration denial of service attempt (server-other.rules) * 1:46383 <-> DISABLED <-> SERVER-OTHER Micro Focus Operations Orchestration information disclosure attempt (server-other.rules) * 1:46387 <-> DISABLED <-> SERVER-OTHER Multiple Vendors NTP zero-origin timestamp denial of service attempt (server-other.rules) * 1:46393 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file detected (file-identify.rules) * 1:46394 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file attachment detected (file-identify.rules) * 1:46398 <-> DISABLED <-> BROWSER-OTHER Mozilla Firefox table object integer underflow (browser-other.rules) * 1:46399 <-> DISABLED <-> BROWSER-OTHER Mozilla Firefox table object integer underflow (browser-other.rules) * 1:46403 <-> DISABLED <-> NETBIOS SMB NTLM Authentication with unknown authentication message type attempt (netbios.rules) * 1:46409 <-> DISABLED <-> OS-WINDOWS Attempted DNS overflow (os-windows.rules) * 1:46412 <-> DISABLED <-> PUA-OTHER Javascript obfuscated by obfuscator.io download attempt (pua-other.rules) * 1:46417 <-> DISABLED <-> SERVER-OTHER X.509 IPAddressFamily extension buffer overread attempt (server-other.rules) * 1:46418 <-> DISABLED <-> SERVER-OTHER X.509 IPAddressFamily extension buffer overread attempt (server-other.rules) * 1:46419 <-> DISABLED <-> OS-WINDOWS Microsoft Windows XXE information disclosure attempt (os-windows.rules) * 1:46420 <-> DISABLED <-> OS-WINDOWS Microsoft Windows XXE information disclosure attempt (os-windows.rules) * 1:46428 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:46447 <-> DISABLED <-> POLICY-OTHER TP-Link device reboot attempt (policy-other.rules) * 1:46448 <-> DISABLED <-> POLICY-OTHER TP-Link device enable remote management attempt (policy-other.rules) * 1:46484 <-> DISABLED <-> SERVER-MAIL Multiple IMAP servers DELETE command buffer overflow attempt (server-mail.rules) * 1:46495 <-> DISABLED <-> SERVER-OTHER HTTP request smuggling attempt (server-other.rules) * 1:46613 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46614 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46615 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46616 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46617 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46618 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46619 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46663 <-> DISABLED <-> INDICATOR-COMPROMISE Outbound telize.com geo-IP location connection attempt (indicator-compromise.rules) * 1:46664 <-> DISABLED <-> INDICATOR-COMPROMISE Outbound freegeoip.net geo-IP location connection attempt (indicator-compromise.rules) * 1:46667 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46668 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46669 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46670 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46671 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46672 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46673 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46674 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46679 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (indicator-compromise.rules) * 1:46711 <-> DISABLED <-> FILE-OTHER Adobe Professional BMP embedded image heap overflow attempt (file-other.rules) * 1:46712 <-> DISABLED <-> FILE-OTHER Adobe Professional BMP embedded image heap overflow attempt (file-other.rules) * 1:46715 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader use after free attempt (file-pdf.rules) * 1:46716 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader use after free attempt (file-pdf.rules) * 1:46725 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (file-image.rules) * 1:46726 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (file-image.rules) * 1:46729 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS out of bounds read attempt (file-other.rules) * 1:46730 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS out of bounds read attempt (file-other.rules) * 1:46765 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46766 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46767 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46781 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46797 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:46798 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:46848 <-> DISABLED <-> INDICATOR-COMPROMISE Possible Samba internal DNS forged response (indicator-compromise.rules) * 1:46878 <-> DISABLED <-> SERVER-OTHER BMC Server Automation RSCD Agent remote code execution attempt (server-other.rules) * 1:46879 <-> DISABLED <-> SERVER-OTHER BMC Server Automation RSCD Agent remote code execution attempt (server-other.rules) * 1:46880 <-> DISABLED <-> SERVER-OTHER BMC Server Automation RSCD Agent remote code execution attempt (server-other.rules) * 1:46903 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows SYSTEM token stealing attempt (indicator-compromise.rules) * 1:46904 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows SYSTEM token stealing attempt (indicator-compromise.rules) * 1:46905 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows malicious CONTEXT structure creation attempt (indicator-compromise.rules) * 1:46906 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows malicious CONTEXT structure creation attempt (indicator-compromise.rules) * 1:46907 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows processor modification return to user-mode attempt (indicator-compromise.rules) * 1:46908 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows processor modification return to user-mode attempt (indicator-compromise.rules) * 1:46909 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows Interrupt Service Routine stack rollback attempt (indicator-compromise.rules) * 1:46910 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows Interrupt Service Routine stack rollback attempt (indicator-compromise.rules) * 1:46915 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:46916 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:46931 <-> DISABLED <-> INDICATOR-COMPROMISE dynamic Excel web query file download attempt (indicator-compromise.rules) * 1:46932 <-> DISABLED <-> INDICATOR-COMPROMISE dynamic Excel web query file download attempt (indicator-compromise.rules) * 1:46957 <-> DISABLED <-> OS-WINDOWS Microsoft Windows hidparse.sys privilege escalation attempt (os-windows.rules) * 1:46958 <-> DISABLED <-> OS-WINDOWS Microsoft Windows hidparse.sys privilege escalation attempt (os-windows.rules) * 1:46960 <-> DISABLED <-> FILE-OTHER Adobe Flash Player AMF0 Shared Object integer overflow attempt (file-other.rules) * 1:46975 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (browser-chrome.rules) * 1:46976 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (browser-chrome.rules) * 1:46977 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (browser-chrome.rules) * 1:46978 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (browser-chrome.rules) * 1:46979 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office Discovery User-Agent to a potential URL shortener service (indicator-compromise.rules) * 1:46980 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office Discovery User-Agent to a potential URL shortener service (indicator-compromise.rules) * 1:47018 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 __defineGetter__ memory corruption attempt (browser-chrome.rules) * 1:47019 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 __defineGetter__ memory corruption attempt (browser-chrome.rules) * 1:47024 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (indicator-compromise.rules) * 1:47032 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:47033 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:47043 <-> DISABLED <-> INDICATOR-COMPROMISE Atvise SCADA user enumeration attempt (indicator-compromise.rules) * 1:47044 <-> DISABLED <-> INDICATOR-COMPROMISE Atvise SCADA privilege escalation attempt (indicator-compromise.rules) * 1:47059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-image.rules) * 1:47060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-image.rules) * 1:47070 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:47093 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules) * 1:47094 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules) * 1:47095 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules) * 1:47115 <-> DISABLED <-> SERVER-MAIL Zerofont phishing attempt (server-mail.rules) * 1:47116 <-> DISABLED <-> SERVER-MAIL Zerofont phishing attempt (server-mail.rules) * 1:47129 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules) * 1:47130 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules) * 1:47146 <-> DISABLED <-> POLICY-OTHER Siemens SICAM PAS hard coded factory account usage attempt (policy-other.rules) * 1:47153 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47154 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47157 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (file-image.rules) * 1:47158 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (file-image.rules) * 1:47187 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules) * 1:47188 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules) * 1:47195 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47196 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47230 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules) * 1:47231 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules) * 1:47232 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47233 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47251 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47252 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47266 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47267 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47268 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47269 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47274 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47275 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47279 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47280 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47312 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47313 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47314 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (file-image.rules) * 1:47315 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (file-image.rules) * 1:47318 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds write attempt (file-pdf.rules) * 1:47319 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds write attempt (file-pdf.rules) * 1:47328 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:47329 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:47330 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:47331 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:47332 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (file-other.rules) * 1:47333 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (file-other.rules) * 1:47334 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out of bounds write attempt (file-pdf.rules) * 1:47335 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out of bounds write attempt (file-pdf.rules) * 1:47343 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47344 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47350 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47351 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47352 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47353 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47356 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47357 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47359 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47360 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47361 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47362 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47365 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:47366 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:47369 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (file-other.rules) * 1:47370 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (file-other.rules) * 1:47378 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (file-pdf.rules) * 1:47379 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (file-pdf.rules) * 1:47382 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (file-image.rules) * 1:47383 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (file-image.rules) * 1:47384 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47385 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47413 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic T3 inbound connection detected (policy-other.rules) * 1:47422 <-> DISABLED <-> FILE-OTHER SAP GUI ABAP code arbitrary dll-load attempt (file-other.rules) * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (policy-other.rules) * 1:47541 <-> DISABLED <-> SERVER-MAIL EHLO user overflow attempt (server-mail.rules) * 1:47585 <-> DISABLED <-> SERVER-OTHER ntpq decode array buffer overflow attempt (server-other.rules) * 1:47611 <-> DISABLED <-> FILE-OTHER Easy MPEG to DVD Burner buffer overflow attempt (file-other.rules) * 1:47612 <-> DISABLED <-> FILE-OTHER Easy MPEG to DVD Burner buffer overflow attempt (file-other.rules) * 1:47625 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (file-other.rules) * 1:47626 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (file-other.rules) * 1:47639 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling (indicator-obfuscation.rules) * 1:47685 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules) * 1:47686 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules) * 1:47687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules) * 1:47688 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules) * 1:47820 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid Diffie-Hellman parameter NULL pointer dereference attempt (server-other.rules) * 1:47821 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid Diffie-Hellman parameter NULL pointer dereference attempt (server-other.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules) * 1:47838 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules) * 1:47839 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules) * 1:47874 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (file-image.rules) * 1:47875 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (file-image.rules) * 1:47883 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (file-other.rules) * 1:47884 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (file-other.rules) * 1:47885 <-> DISABLED <-> FILE-OTHER Microsoft Windows JET Database Engine out-of-bounds write attempt (file-other.rules) * 1:47886 <-> DISABLED <-> FILE-OTHER Microsoft Windows JET Database Engine out-of-bounds write attempt (file-other.rules) * 1:47889 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:47890 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:47896 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules) * 1:47897 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules) * 1:47907 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules) * 1:47908 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules) * 1:47909 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules) * 1:47910 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules) * 1:47939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules) * 1:47940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules) * 1:47943 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules) * 1:47944 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules) * 1:47961 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules) * 1:47962 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules) * 1:47989 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:47990 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:48029 <-> DISABLED <-> SERVER-MAIL PHPMailer information disclosure attempt (server-mail.rules) * 1:48039 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules) * 1:48040 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules) * 1:48109 <-> DISABLED <-> SERVER-OTHER Aktakom oscilloscope denial of service attempt (server-other.rules) * 1:48114 <-> DISABLED <-> SERVER-OTHER Delta Industrial Automation Robot DRAStudio Arbitrary File Disclosure attempt (server-other.rules) * 1:48121 <-> DISABLED <-> SERVER-OTHER LSIS wXP Denial of Service attempt (server-other.rules) * 1:48127 <-> DISABLED <-> SERVER-OTHER Reliance SCADA Control Server Denial of Service attempt (server-other.rules) * 1:48134 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules) * 1:48135 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules) * 1:48144 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules) * 1:48145 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules) * 1:48146 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip variant runtime detection (malware-backdoor.rules) * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules) * 1:48167 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48168 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48169 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Filter Manager Elevation Of Privilege attempt (os-windows.rules) * 1:48211 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out-of-bounds write attempt (file-pdf.rules) * 1:48212 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out-of-bounds write attempt (file-pdf.rules) * 1:48221 <-> DISABLED <-> SERVER-OTHER Oracle MySQL uninitialized variable remote code execution attempt (server-other.rules) * 1:48222 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantomPDF use after free exploitation attempt (file-pdf.rules) * 1:48223 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantomPDF use after free exploitation attempt (file-pdf.rules) * 1:48224 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox sandbox escape attempt (browser-firefox.rules) * 1:48225 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox sandbox escape attempt (browser-firefox.rules) * 1:48249 <-> DISABLED <-> SERVER-OTHER GP ProEX WinGP Runtime directory traversal attempt (server-other.rules) * 1:48295 <-> DISABLED <-> FILE-OTHER out-of-bounds write attempt with malicious MAR file detected (file-other.rules) * 1:48296 <-> DISABLED <-> FILE-OTHER out-of-bounds write attempt with malicious MAR file detected (file-other.rules) * 1:48309 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48310 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48311 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48312 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48313 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48314 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48315 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48316 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48317 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48318 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48319 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48320 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48321 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48322 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48323 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48324 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48325 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48326 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48327 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48328 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48329 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48330 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48331 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48332 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48333 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48334 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48335 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48336 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48337 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48338 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48339 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48340 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48341 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48342 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48343 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48344 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48345 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48346 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48347 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48348 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48349 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48350 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48351 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48352 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48400 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds read attempt (file-flash.rules) * 1:48401 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds read attempt (file-flash.rules) * 1:48439 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address/location detected (indicator-compromise.rules) * 1:48553 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file download request (file-identify.rules) * 1:48554 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:48555 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:48556 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:48569 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell download (malware-tools.rules) * 1:48570 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell commands sent in X-JEX headers (malware-tools.rules) * 1:48571 <-> DISABLED <-> MALWARE-TOOLS JexBoss User-Agent detected (malware-tools.rules) * 1:48576 <-> DISABLED <-> PROTOCOL-SCADA PNIO-CM Connect Operation (protocol-scada.rules) * 1:48577 <-> DISABLED <-> PROTOCOL-SCADA PNIO-CM Connect Operation (protocol-scada.rules) * 1:48584 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript resolveNode use-after-free attempt (file-pdf.rules) * 1:48585 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript resolveNode use-after-free attempt (file-pdf.rules) * 1:48823 <-> DISABLED <-> POLICY-OTHER C-More Programming Simulator denial of service attempt (policy-other.rules) * 1:48861 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48862 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48863 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48864 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48894 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - Web Open Font Format evasion attempt (policy-spam.rules) * 1:48895 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - Web Open Font Format evasion attempt (policy-spam.rules) * 1:48909 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48910 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48911 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48912 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48913 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48914 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48915 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48916 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48917 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48918 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48919 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48920 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48921 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48922 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48923 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48924 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48925 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48926 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48927 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48928 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48929 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48930 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48931 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48932 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48933 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48934 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48935 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48936 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48965 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:48966 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:48967 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:48968 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:48984 <-> DISABLED <-> PROTOCOL-SCADA PCOM Identification ASCII request (protocol-scada.rules) * 1:48985 <-> DISABLED <-> PROTOCOL-SCADA PCOM Init Device ASCII request (protocol-scada.rules) * 1:48986 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set UnitID ASCII request (protocol-scada.rules) * 1:48987 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get UnitID ASCII request (protocol-scada.rules) * 1:48988 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Inputs ASCII request (protocol-scada.rules) * 1:48989 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set RTC ASCII request (protocol-scada.rules) * 1:48990 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Ouputs ASCII request (protocol-scada.rules) * 1:48991 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Bits ASCII request (protocol-scada.rules) * 1:48992 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Integers ASCII request (protocol-scada.rules) * 1:48993 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Longs ASCII request (protocol-scada.rules) * 1:48994 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Integers ASCII request (protocol-scada.rules) * 1:48995 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Bits ASCII request (protocol-scada.rules) * 1:48996 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Longs ASCII request (protocol-scada.rules) * 1:48997 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Integers ASCII request (protocol-scada.rules) * 1:48998 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Bits ASCII request (protocol-scada.rules) * 1:48999 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Ouputs ASCII request (protocol-scada.rules) * 1:49000 <-> DISABLED <-> PROTOCOL-SCADA PCOM Stop Device ASCII request (protocol-scada.rules) * 1:49001 <-> DISABLED <-> PROTOCOL-SCADA PCOM Start Device ASCII request (protocol-scada.rules) * 1:49002 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Longs ASCII request (protocol-scada.rules) * 1:49003 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get RTC ASCII request (protocol-scada.rules) * 1:49004 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Bits ASCII request (protocol-scada.rules) * 1:49005 <-> DISABLED <-> PROTOCOL-SCADA PCOM Reset Device ASCII request (protocol-scada.rules) * 1:49006 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Longs ASCII request (protocol-scada.rules) * 1:49007 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Integers ASCII request (protocol-scada.rules) * 1:49008 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Operands binary request (protocol-scada.rules) * 1:49009 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set UnitID ASCII reply (protocol-scada.rules) * 1:49010 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get RTC ASCII reply (protocol-scada.rules) * 1:49011 <-> DISABLED <-> PROTOCOL-SCADA PCOM Identification ASCII reply (protocol-scada.rules) * 1:49012 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Data Table binary request (protocol-scada.rules) * 1:49013 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get UnitID ASCII reply (protocol-scada.rules) * 1:49014 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Data Table binary request (protocol-scada.rules) * 1:49015 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get PLC Name binary request (protocol-scada.rules) * 1:49016 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set RTC ASCII reply (protocol-scada.rules) * 1:49017 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Inputs ASCII reply (protocol-scada.rules) * 1:49018 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Bits ASCII reply (protocol-scada.rules) * 1:49019 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Longs ASCII reply (protocol-scada.rules) * 1:49020 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Integers ASCII reply (protocol-scada.rules) * 1:49021 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Ouputs ASCII reply (protocol-scada.rules) * 1:49022 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Bits ASCII reply (protocol-scada.rules) * 1:49023 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Integers ASCII reply (protocol-scada.rules) * 1:49024 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Bits ASCII reply (protocol-scada.rules) * 1:49025 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Integers ASCII reply (protocol-scada.rules) * 1:49026 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Bits ASCII reply (protocol-scada.rules) * 1:49027 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Ouputs ASCII reply (protocol-scada.rules) * 1:49028 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Integers ASCII reply (protocol-scada.rules) * 1:49029 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Longs ASCII reply (protocol-scada.rules) * 1:49030 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Operands binary reply (protocol-scada.rules) * 1:49031 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get PLC Name binary reply (protocol-scada.rules) * 1:49032 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Data Table binary reply (protocol-scada.rules) * 1:49033 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Data Table binary reply (protocol-scada.rules) * 1:49050 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC S7-1500 remote denial of service attempt (protocol-scada.rules) * 1:49051 <-> DISABLED <-> SERVER-OTHER Ewon router default credential login attempt (server-other.rules) * 1:49052 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49053 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49054 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49055 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49056 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49057 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49058 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49059 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49060 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49061 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49062 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49063 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49064 <-> DISABLED <-> SERVER-OTHER Westermo router default credential login attempt (server-other.rules) * 1:49065 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner getSystemState attempt (server-other.rules) * 1:49066 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules) * 1:49067 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules) * 1:35175 <-> DISABLED <-> OS-WINDOWS DCOM DCE/RPC NTLM reflection elevation of privilege attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:49942 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:49941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant outbound connection attempt (malware-cnc.rules) * 1:49940 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules) * 1:49943 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 3:49939 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed RecolorInfoAtom out of bounds read attempt (file-office.rules)
* 1:38457 <-> DISABLED <-> POLICY-OTHER Suspicious typo squatting DNS query to .om TLD attempt (policy-other.rules) * 1:38454 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38453 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38452 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38451 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38450 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38449 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38448 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38652 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38651 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38650 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38641 <-> DISABLED <-> INDICATOR-OBFUSCATION Invalid header line evasion attempt (indicator-obfuscation.rules) * 1:38594 <-> DISABLED <-> APP-DETECT Bloomberg web crawler outbound connection (app-detect.rules) * 1:38583 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_parse_cmd_suggestcontacts out of bounds read attempt (server-other.rules) * 1:38578 <-> DISABLED <-> SERVER-OTHER Pidgin multimx_message_received out of bounds read attempt (server-other.rules) * 1:38575 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS change cipher spec protocol denial of service attempt (server-other.rules) * 1:38572 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (file-other.rules) * 1:38571 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (file-other.rules) * 1:38570 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (file-other.rules) * 1:38569 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (file-other.rules) * 1:38551 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling splash_remove directory traversal attempt (server-other.rules) * 1:38550 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling splash_remove directory traversal attempt (server-other.rules) * 1:38549 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_parse_cmd_extprofile out of bounds read attempt (server-other.rules) * 1:38548 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling null pointer dereference attempt (server-other.rules) * 1:38657 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38656 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38655 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38654 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38653 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38658 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38694 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38693 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38692 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38691 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38690 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38689 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38688 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38687 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38686 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38685 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38684 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38683 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38682 <-> ENABLED <-> EXPLOIT-KIT Angler Exploit Kit email gate (exploit-kit.rules) * 1:38666 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP header invalid entry evasion attempt (indicator-obfuscation.rules) * 1:38665 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38664 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38663 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38662 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38661 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38660 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38659 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38710 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38709 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38708 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38707 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38706 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38705 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38704 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38703 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38702 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38701 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38700 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38699 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38698 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38697 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38696 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38695 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38711 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38712 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38713 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38714 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38716 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38715 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38717 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38718 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38719 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38731 <-> DISABLED <-> SERVER-OTHER Squid Proxy range header denial of service attempt (server-other.rules) * 1:38767 <-> DISABLED <-> INDICATOR-COMPROMISE potential abuse of originating page privileges by new tab (indicator-compromise.rules) * 1:38822 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:38852 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules) * 1:38851 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file download request (file-identify.rules) * 1:38823 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:38853 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules) * 1:38854 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules) * 1:38862 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file download request (file-identify.rules) * 1:38859 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38858 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38857 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38856 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38855 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules) * 1:38867 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_chunk_parse_get_avatar out of bounds read attempt (server-other.rules) * 1:38866 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:38865 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:38864 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:38863 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:38870 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_chunk_parse_cr out of bounds read attempt (server-other.rules) * 1:38893 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38892 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38898 <-> DISABLED <-> FILE-OTHER Adobe Illustrator CS4 aires.dll dll-load exploit attempt (file-other.rules) * 1:38897 <-> DISABLED <-> FILE-OTHER Adobe Illustrator CS4 request for aires.dll over SMB attempt (file-other.rules) * 1:38922 <-> DISABLED <-> INDICATOR-OBFUSCATION Brotli encoding evasion attempt (indicator-obfuscation.rules) * 1:38933 <-> DISABLED <-> INDICATOR-COMPROMISE IRC nick change on non-standard port (indicator-compromise.rules) * 1:38989 <-> DISABLED <-> MALWARE-TOOLS TorStresser http DoS tool (malware-tools.rules) * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (policy-other.rules) * 1:38953 <-> ENABLED <-> PUA-ADWARE Win.Adware.OpenSoftwareUpdater variant outbound connection attempt (pua-adware.rules) * 1:38952 <-> ENABLED <-> PUA-ADWARE Win.Adware.OpenSoftwareUpdater variant outbound connection attempt (pua-adware.rules) * 1:38951 <-> ENABLED <-> PUA-ADWARE Win.Adware.OpenSoftwareUpdater variant outbound connection attempt (pua-adware.rules) * 1:39046 <-> DISABLED <-> FILE-OTHER libarchive RAR RestartModel out of bounds write attempt (file-other.rules) * 1:39045 <-> DISABLED <-> FILE-OTHER libarchive RAR RestartModel out of bounds write attempt (file-other.rules) * 1:39035 <-> DISABLED <-> FILE-OTHER libarchive mtree parse_device stack buffer overflow attempt (file-other.rules) * 1:39034 <-> DISABLED <-> FILE-OTHER libarchive mtree parse_device stack buffer overflow attempt (file-other.rules) * 1:39047 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Internet Security kl1.sys out of bounds read attempt (file-executable.rules) * 1:39049 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office NXDeleteLineObj memory corruption attempt (file-office.rules) * 1:39048 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Internet Security kl1.sys out of bounds read attempt (file-executable.rules) * 1:39050 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office NXDeleteLineObj memory corruption attempt (file-office.rules) * 1:39058 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:39416 <-> DISABLED <-> PUA-OTHER RMS rmansys remote management tool cnc communication (pua-other.rules) * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules) * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules) * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules) * 1:39378 <-> DISABLED <-> PROTOCOL-FTP PUT overflow attempt (protocol-ftp.rules) * 1:39362 <-> DISABLED <-> INDICATOR-COMPROMISE User-Agent blank user-agent string (indicator-compromise.rules) * 1:39357 <-> ENABLED <-> MALWARE-OTHER Flopex outbound communication attempt (malware-other.rules) * 1:39356 <-> ENABLED <-> MALWARE-OTHER Lamer outbound communication attempt (malware-other.rules) * 1:39265 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (file-flash.rules) * 1:39264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (file-flash.rules) * 1:43231 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43232 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:39263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (file-flash.rules) * 1:39262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (file-flash.rules) * 1:39189 <-> ENABLED <-> PUA-TOOLBARS Win.Toolbar.Crossrider variant outbound connection (pua-toolbars.rules) * 1:39151 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT message length overflow attempt (server-other.rules) * 1:39150 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT negative message length underflow attempt (server-other.rules) * 1:39111 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office HCell HncChart out of bounds write attempt (file-office.rules) * 1:39110 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office HCell HncChart out of bounds write attempt (file-office.rules) * 1:39109 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:39108 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:39071 <-> DISABLED <-> SERVER-OTHER Aruba Networks IAP PAPI authentication bypass attempt (server-other.rules) * 1:39059 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:39595 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:39594 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:39593 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:39587 <-> DISABLED <-> PUA-ADWARE Win.Adware.Antivirus Container.exe referral link attempt (pua-adware.rules) * 1:39586 <-> DISABLED <-> PUA-ADWARE Win.Adware.Antivirus Container.exe referral link attempt (pua-adware.rules) * 1:39584 <-> DISABLED <-> SERVER-OTHER EasyCafe Server remote file access attempt (server-other.rules) * 1:39502 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:39501 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:39472 <-> DISABLED <-> SERVER-OTHER Jenkins server auto-discovery attempt (server-other.rules) * 1:39464 <-> DISABLED <-> FILE-EXECUTABLE McAfee LiveSafe malformed executable denial of service attempt (file-executable.rules) * 1:39463 <-> DISABLED <-> FILE-EXECUTABLE McAfee LiveSafe malformed executable denial of service attempt (file-executable.rules) * 1:39452 <-> DISABLED <-> PROTOCOL-TFTP Comtrol RocketLinx factory reset request (protocol-tftp.rules) * 1:39451 <-> DISABLED <-> PROTOCOL-TFTP Comtrol RocketLinx switch reboot request (protocol-tftp.rules) * 1:39450 <-> DISABLED <-> PROTOCOL-TFTP Firmware upgrade request (protocol-tftp.rules) * 1:39449 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server sp_addsrvrolemember privilege escalation attempt (server-mssql.rules) * 1:39444 <-> DISABLED <-> INDICATOR-COMPROMISE Netgear D6000 or D3600 password recovery page access attempt (indicator-compromise.rules) * 1:39443 <-> DISABLED <-> PUA-ADWARE Win.Adware.InstallFaster variant outbound connection attempt (pua-adware.rules) * 1:39633 <-> DISABLED <-> PUA-ADWARE Win.Adware.Mizenota outbound connection (pua-adware.rules) * 1:39600 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image tile size heap buffer overflow attempt (file-image.rules) * 1:39599 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image tile size heap buffer overflow attempt (file-image.rules) * 1:39598 <-> DISABLED <-> FILE-MULTIMEDIA Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt (file-multimedia.rules) * 1:39597 <-> DISABLED <-> FILE-MULTIMEDIA Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt (file-multimedia.rules) * 1:39596 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:39661 <-> DISABLED <-> FILE-OTHER Oracle OIT gem metafile n_integers heap buffer overflow attempt (file-other.rules) * 1:39660 <-> DISABLED <-> FILE-OTHER Oracle OIT gem metafile n_integers heap buffer overflow attempt (file-other.rules) * 1:39638 <-> DISABLED <-> MALWARE-TOOLS Win.Packer.ConfuserEx packed .NET executable attempt (malware-tools.rules) * 1:39637 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ranscam initial download attempt (malware-other.rules) * 1:39663 <-> DISABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt (file-other.rules) * 1:39664 <-> DISABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt (file-other.rules) * 1:39665 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39667 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39666 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39676 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:39672 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39671 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39670 <-> DISABLED <-> FILE-PDF Adobe Reader submitForm SOP bypass attempt (file-pdf.rules) * 1:39669 <-> DISABLED <-> FILE-PDF Adobe Reader submitForm SOP bypass attempt (file-pdf.rules) * 1:39668 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39675 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:39674 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:39673 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:39682 <-> DISABLED <-> PUA-ADWARE Win.Adware.EoRezo outbound ad download attempt (pua-adware.rules) * 1:39706 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:39744 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:39734 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Xtrat outbound connection detected (malware-other.rules) * 1:39729 <-> DISABLED <-> INDICATOR-COMPROMISE Content-Type image containing Portable Executable data (indicator-compromise.rules) * 1:39713 <-> ENABLED <-> MALWARE-OTHER MKVIS outbound communication attempt (malware-other.rules) * 1:39709 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:39708 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:39707 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:39741 <-> DISABLED <-> PUA-ADWARE Win.Adware.StartPage variant outbound connection (pua-adware.rules) * 1:39736 <-> DISABLED <-> FILE-OTHER VideoCharge buffer overflow SEH attempt (file-other.rules) * 1:39735 <-> DISABLED <-> FILE-OTHER VideoCharge buffer overflow SEH attempt (file-other.rules) * 1:39779 <-> DISABLED <-> FILE-OTHER Ubisoft Heroes of Might and Magic III .h3m map file buffer overflow attempt (file-other.rules) * 1:39778 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file download request (file-identify.rules) * 1:39777 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules) * 1:39776 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules) * 1:39773 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:39772 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:39771 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:39769 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Alfa download attempt (malware-other.rules) * 1:39768 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Alfa download attempt (malware-other.rules) * 1:39766 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Ogimant outbound connection detected (malware-other.rules) * 1:39762 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt (file-office.rules) * 1:39761 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt (file-office.rules) * 1:39760 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:39759 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:39758 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:39757 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:39756 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Retefe variant malicious certificate installation page (malware-other.rules) * 1:39755 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Retefe variant malicious certificate installation page (malware-other.rules) * 1:39747 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Apocalypse download attempt (malware-other.rules) * 1:39746 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Apocalypse download attempt (malware-other.rules) * 1:39745 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.FakeRean outbound connection detection (malware-other.rules) * 1:39900 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (pua-adware.rules) * 1:39899 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (pua-adware.rules) * 1:39888 <-> DISABLED <-> PUA-ADWARE Dorv Adware variant outbound connection (pua-adware.rules) * 1:39877 <-> DISABLED <-> PROTOCOL-SNMP Allen-Bradley MicroLogix PLC firmware update detected (protocol-snmp.rules) * 1:39863 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:39830 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrypMIC outbound connection detected (malware-other.rules) * 1:39807 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Lethic outbound connection detected (malware-other.rules) * 1:39806 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:39805 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:39804 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:39799 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:39798 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:39787 <-> DISABLED <-> PUA-ADWARE Win.Dowadmin.Adware outbound connection detected (pua-adware.rules) * 1:39786 <-> DISABLED <-> PUA-ADWARE Win.Dowadmin.Adware outbound connection detected (pua-adware.rules) * 1:39781 <-> DISABLED <-> FILE-OTHER Ubisoft Heroes of Might and Magic III .h3m map file buffer overflow attempt (file-other.rules) * 1:39780 <-> DISABLED <-> FILE-OTHER Ubisoft Heroes of Might and Magic III .h3m map file buffer overflow attempt (file-other.rules) * 1:40037 <-> DISABLED <-> PUA-ADWARE Google Chrome Google Contacts extension adware (pua-adware.rules) * 1:39983 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt (indicator-compromise.rules) * 1:39977 <-> DISABLED <-> SERVER-OTHER BGP invalid length (server-other.rules) * 1:39976 <-> DISABLED <-> SERVER-OTHER BGP bad marker strings (server-other.rules) * 1:39975 <-> ENABLED <-> MALWARE-OTHER Andr.Trojan.KungFu variant download (malware-other.rules) * 1:39974 <-> ENABLED <-> MALWARE-OTHER Andr.Trojan.KungFu variant download (malware-other.rules) * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules) * 1:39929 <-> ENABLED <-> MALWARE-OTHER pisloader DNS sinfo command response attempt (malware-other.rules) * 1:39928 <-> ENABLED <-> MALWARE-OTHER pisloader DNS open command response attempt (malware-other.rules) * 1:39927 <-> ENABLED <-> MALWARE-OTHER pisloader DNS list command response attempt (malware-other.rules) * 1:39926 <-> ENABLED <-> MALWARE-OTHER pisloader DNS drive command response attempt (malware-other.rules) * 1:39923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:39922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:39919 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt (file-executable.rules) * 1:39918 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt (file-executable.rules) * 1:39908 <-> DISABLED <-> SERVER-APACHE Apache Tomcat Commons FileUpload library denial of service attempt (server-apache.rules) * 1:39907 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 SMTP upload attempt (malware-other.rules) * 1:39906 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 download attempt (malware-other.rules) * 1:39905 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 SMTP upload attempt (malware-other.rules) * 1:39904 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 download attempt (malware-other.rules) * 1:39902 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (pua-adware.rules) * 1:39901 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (pua-adware.rules) * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules) * 1:40015 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox about field spoofing attempt (browser-firefox.rules) * 1:39995 <-> DISABLED <-> POLICY-SOCIAL IRC server connection (policy-social.rules) * 1:39993 <-> DISABLED <-> SERVER-OTHER Netcore router backdoor access attempt (server-other.rules) * 1:39987 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules) * 1:39986 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt (indicator-compromise.rules) * 1:39985 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules) * 1:39984 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules) * 1:40050 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40046 <-> DISABLED <-> SERVER-OTHER PHP locale_accept_from_http out of bounds read attempt (server-other.rules) * 1:40051 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40165 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:40091 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineOverline property use (indicator-compromise.rules) * 1:40090 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineNone property use (indicator-compromise.rules) * 1:40089 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationBlink property use (indicator-compromise.rules) * 1:40088 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineUnderline property use (indicator-compromise.rules) * 1:40087 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineThrough property use (indicator-compromise.rules) * 1:40086 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineOverline property use (indicator-compromise.rules) * 1:40085 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineNone property use (indicator-compromise.rules) * 1:40084 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationBlink property use (indicator-compromise.rules) * 1:40065 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (os-windows.rules) * 1:40064 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (os-windows.rules) * 1:40063 <-> DISABLED <-> OS-LINUX Linux Kernel Challenge ACK provocation attempt (os-linux.rules) * 1:40057 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40056 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40055 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40054 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40053 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40052 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40164 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:40163 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:40162 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:40161 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:40126 <-> DISABLED <-> FILE-OTHER Ichitaro Office Excel TxO record heap overflow attempt (file-other.rules) * 1:40125 <-> DISABLED <-> FILE-OTHER Ichitaro Office Excel TxO record heap overflow attempt (file-other.rules) * 1:40095 <-> DISABLED <-> INDICATOR-SCAN Microsoft Internet Explorer AnchorElement information disclosure attempt (indicator-scan.rules) * 1:40094 <-> DISABLED <-> INDICATOR-SCAN Microsoft Internet Explorer AnchorElement information disclosure attempt (indicator-scan.rules) * 1:40093 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineUnderline property use (indicator-compromise.rules) * 1:40092 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineThrough property use (indicator-compromise.rules) * 1:40170 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player use after free attempt (file-flash.rules) * 1:40175 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:40174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:40173 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player out of bounds memory access attempt (file-flash.rules) * 1:40172 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player out of bounds memory access attempt (file-flash.rules) * 1:40171 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player use after free attempt (file-flash.rules) * 1:40184 <-> DISABLED <-> EXPLOIT-KIT Phoenix Exploit Kit inbound geoip.php bdr exploit attempt (exploit-kit.rules) * 1:40186 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40197 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40192 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40191 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40190 <-> DISABLED <-> POLICY-OTHER SSH weak blowfish cipher suite use attempt (policy-other.rules) * 1:40189 <-> DISABLED <-> POLICY-OTHER SSH weak 3DES cipher suite use attempt (policy-other.rules) * 1:40188 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40187 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40196 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40193 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40296 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (file-image.rules) * 1:40211 <-> DISABLED <-> PUA-ADWARE Win.Adware.EoRezo outbound connection (pua-adware.rules) * 1:40202 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40201 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40200 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40199 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40198 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40295 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (file-image.rules) * 1:40294 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (file-image.rules) * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules) * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules) * 1:40316 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:40313 <-> DISABLED <-> SQL PostgreSQL potential remote code execution attempt (sql.rules) * 1:40305 <-> DISABLED <-> PUA-ADWARE Win.Adware.SupTab external connection attempt (pua-adware.rules) * 1:40301 <-> DISABLED <-> SERVER-OTHER Redis CONFIG SET array index out of bounds attempt (server-other.rules) * 1:40297 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (file-image.rules) * 1:40318 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:40317 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:40319 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:40320 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:40388 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules) * 1:40387 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules) * 1:40377 <-> DISABLED <-> OS-WINDOWS Microsoft GDI local privilege escalation attempt (os-windows.rules) * 1:40376 <-> DISABLED <-> OS-WINDOWS Microsoft GDI local privilege escalation attempt (os-windows.rules) * 1:40361 <-> DISABLED <-> BROWSER-OTHER Android Browser potential denial of service attempt (browser-other.rules) * 1:40357 <-> DISABLED <-> PUA-ADWARE Win.Trojan.InstantAccess variant outbound connection (pua-adware.rules) * 1:40356 <-> DISABLED <-> PUA-ADWARE Win.Trojan.InstantAccess variant outbound connection (pua-adware.rules) * 1:40355 <-> DISABLED <-> PROTOCOL-FTP z/OS FTP Job Entry Subsystem JCL execution attempt (protocol-ftp.rules) * 1:40354 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Runtime malformed ASF codec memory corruption attempt (os-windows.rules) * 1:40353 <-> DISABLED <-> SERVER-OTHER Linknat Vos Manager potential directory traversal attempt (server-other.rules) * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (app-detect.rules) * 1:40333 <-> DISABLED <-> PROTOCOL-SCADA Rockwell firmware upload attempt (protocol-scada.rules) * 1:40330 <-> DISABLED <-> SERVER-OTHER JBoss directory traversal attempt (server-other.rules) * 1:40329 <-> DISABLED <-> SERVER-OTHER Axis2 directory traversal attempt (server-other.rules) * 1:40328 <-> DISABLED <-> SERVER-OTHER Railo directory traversal attempt (server-other.rules) * 1:40327 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion fckeditor arbitrary file upload (server-other.rules) * 1:40326 <-> DISABLED <-> SERVER-OTHER JBoss directory traversal attempt (server-other.rules) * 1:40325 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion default credential login attempt (server-other.rules) * 1:40324 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion default credential login attempt (server-other.rules) * 1:40323 <-> ENABLED <-> SERVER-OTHER Adobe ColdFusion RDS admin bypass attempt (server-other.rules) * 1:40321 <-> DISABLED <-> SERVER-APACHE Apache Tomcat credential disclosure attempt (server-apache.rules) * 1:40529 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (pua-adware.rules) * 1:40526 <-> DISABLED <-> FILE-IMAGE LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt (file-image.rules) * 1:40525 <-> DISABLED <-> FILE-IMAGE LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt (file-image.rules) * 1:40518 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Stop CPU attempt (protocol-scada.rules) * 1:40517 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Network Policy Change attempt (protocol-scada.rules) * 1:40492 <-> DISABLED <-> PUA-ADWARE Win.Adware.DownloadManager outbound connection (pua-adware.rules) * 1:40487 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:40486 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:40485 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:40484 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:40460 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:40459 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:40458 <-> DISABLED <-> BROWSER-OTHER Android browser file exfiltration attempt (browser-other.rules) * 1:40457 <-> DISABLED <-> PUA-ADWARE Win.Downloader.OpenCandy variant outbound connection (pua-adware.rules) * 1:40391 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file download request (file-identify.rules) * 1:40390 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules) * 1:40389 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules) * 1:40530 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (pua-adware.rules) * 1:40892 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules) * 1:40811 <-> DISABLED <-> SERVER-OTHER NTP origin timestamp denial of service attempt (server-other.rules) * 1:40774 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules) * 1:40773 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules) * 1:40772 <-> DISABLED <-> PUA-ADWARE Win.Trojan.Miuref variant outbound connection (pua-adware.rules) * 1:40760 <-> DISABLED <-> SERVER-OTHER OpenLDAP deref control denial of service attempt (server-other.rules) * 1:40610 <-> DISABLED <-> INDICATOR-COMPROMISE DNS response points to sinkholed domain (indicator-compromise.rules) * 1:40598 <-> DISABLED <-> INDICATOR-COMPROMISE shell script download with curl from external source (indicator-compromise.rules) * 1:40597 <-> DISABLED <-> INDICATOR-COMPROMISE shell script download with wget from external source (indicator-compromise.rules) * 1:40595 <-> DISABLED <-> PUA-ADWARE Win.Adware.CoolMirage outbound ad download attempt (pua-adware.rules) * 1:40594 <-> DISABLED <-> PUA-ADWARE Win.Adware.CoolMirage outbound ad download attempt (pua-adware.rules) * 1:40593 <-> DISABLED <-> PUA-ADWARE Win.Adware.CoolMirage outbound ad download attempt (pua-adware.rules) * 1:40564 <-> DISABLED <-> OS-LINUX Linux kernel madvise race condition attempt (os-linux.rules) * 1:40562 <-> DISABLED <-> OS-LINUX Linux kernel madvise race condition attempt (os-linux.rules) * 1:40538 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40537 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40536 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40535 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40534 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40533 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40532 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (pua-adware.rules) * 1:40531 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (pua-adware.rules) * 1:40891 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file download request (file-identify.rules) * 1:40876 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT file transfer length memory disclosure attempt (server-other.rules) * 1:40875 <-> DISABLED <-> FILE-PDF Iceni Argus icnChainAlloc heap corruption attempt (file-pdf.rules) * 1:40874 <-> DISABLED <-> FILE-PDF Iceni Argus icnChainAlloc heap corruption attempt (file-pdf.rules) * 1:40873 <-> DISABLED <-> FILE-PDF Iceni Argus loadTrailer heap corruption attempt (file-pdf.rules) * 1:40872 <-> DISABLED <-> FILE-PDF Iceni Argus loadTrailer heap corruption attempt (file-pdf.rules) * 1:40871 <-> DISABLED <-> MALWARE-OTHER Virut CnC command reply (malware-other.rules) * 1:40845 <-> DISABLED <-> SERVER-OTHER OpenSSL Invalid CMS structure null pointer dereference attempt (server-other.rules) * 1:40844 <-> DISABLED <-> SERVER-OTHER OpenSSL Invalid CMS structure null pointer dereference attempt (server-other.rules) * 1:40842 <-> DISABLED <-> PUA-OTHER Bitcoin Mining extranonce Stratum protocol subscribe client request attempt (pua-other.rules) * 1:40841 <-> DISABLED <-> PUA-OTHER Bitcoin Mining authorize Stratum protocol client request attempt (pua-other.rules) * 1:40840 <-> DISABLED <-> PUA-OTHER Bitcoin Mining subscribe Stratum protocol client request attempt (pua-other.rules) * 1:40839 <-> DISABLED <-> PUA-ADWARE Sokuxuan outbound connection attempt (pua-adware.rules) * 1:40827 <-> DISABLED <-> PUA-ADWARE MindSpark framework installer attempt (pua-adware.rules) * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules) * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules) * 1:40912 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Flokibot variant download attempt (malware-other.rules) * 1:40908 <-> ENABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules) * 1:40895 <-> DISABLED <-> FILE-OTHER R Project PDF encoding buffer overflow attempt (file-other.rules) * 1:40894 <-> DISABLED <-> FILE-OTHER R Project PDF encoding buffer overflow attempt (file-other.rules) * 1:40893 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules) * 1:40913 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Flokibot variant download attempt (malware-other.rules) * 1:40921 <-> DISABLED <-> FILE-PDF Iceni Argus loadLZWBuffer out of bounds write attempt (file-pdf.rules) * 1:40922 <-> DISABLED <-> FILE-PDF Iceni Argus loadLZWBuffer out of bounds write attempt (file-pdf.rules) * 1:41055 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 End of initialization (protocol-scada.rules) * 1:41054 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Double point information (protocol-scada.rules) * 1:41053 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Ack file (protocol-scada.rules) * 1:41052 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 TESTFR CON (protocol-scada.rules) * 1:41051 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 TESTFR ACT (protocol-scada.rules) * 1:41050 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STOPDT CON (protocol-scada.rules) * 1:41049 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STOPDT ACT (protocol-scada.rules) * 1:41048 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STARTDT CON (protocol-scada.rules) * 1:41047 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STARTDT ACT (protocol-scada.rules) * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules) * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules) * 1:41044 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Crash CPU attempt (protocol-scada.rules) * 1:41043 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Ethernet Reset attempt (protocol-scada.rules) * 1:41042 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Dump Boot Code attempt (protocol-scada.rules) * 1:41028 <-> DISABLED <-> OS-LINUX Linux net af_packet.c tpacket version race condition use after free attempt (os-linux.rules) * 1:41027 <-> DISABLED <-> OS-LINUX Linux net af_packet.c tpacket version race condition use after free attempt (os-linux.rules) * 1:40990 <-> DISABLED <-> OS-WINDOWS empty PostScript Type 1 font pfb file null dereference attempt (os-windows.rules) * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:40980 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:40979 <-> ENABLED <-> FILE-IDENTIFY ico file download request (file-identify.rules) * 1:40961 <-> DISABLED <-> FILE-OTHER Microsoft Office OLE DLL side load attempt (file-other.rules) * 1:41072 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Test command with time tag (protocol-scada.rules) * 1:41071 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Step point information (protocol-scada.rules) * 1:41070 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Single point information (protocol-scada.rules) * 1:41069 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Single command (protocol-scada.rules) * 1:41068 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Set point command (protocol-scada.rules) * 1:41067 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Rest process command (protocol-scada.rules) * 1:41066 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Regulating step command (protocol-scada.rules) * 1:41065 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Read command (protocol-scada.rules) * 1:41064 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Query Log (protocol-scada.rules) * 1:41063 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Parameter value (protocol-scada.rules) * 1:41062 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Packed start events (protocol-scada.rules) * 1:41061 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Measured value (protocol-scada.rules) * 1:41060 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 List directory (protocol-scada.rules) * 1:41059 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Last section (protocol-scada.rules) * 1:41058 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Interrogation command (protocol-scada.rules) * 1:41057 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Integrated totals (protocol-scada.rules) * 1:41056 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 File ready (protocol-scada.rules) * 1:41300 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41299 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41298 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41219 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric denial of service attempt (server-other.rules) * 1:41208 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed PlaceObject3 memory corruption attempt (file-flash.rules) * 1:41207 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed PlaceObject3 memory corruption attempt (file-flash.rules) * 1:41205 <-> DISABLED <-> FILE-PDF Adobe Reader XSL type confusion attempt (file-pdf.rules) * 1:41204 <-> DISABLED <-> FILE-PDF Adobe Reader XSL type confusion attempt (file-pdf.rules) * 1:41132 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules) * 1:41118 <-> DISABLED <-> SERVER-OTHER OpenSSL ChaCha20 Poly1305 heap-buffer overflow attempt (server-other.rules) * 1:41097 <-> DISABLED <-> SERVER-OTHER Moxa AWK-3131A serviceAgent information disclosure attempt (server-other.rules) * 1:41091 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Crash Ethernet attempt (protocol-scada.rules) * 1:41090 <-> DISABLED <-> SERVER-OTHER Rockwell Factorytalk RNADiagReceiver denial of service attempt (server-other.rules) * 1:41081 <-> ENABLED <-> SERVER-OTHER Tarantool initial connection banner detected (server-other.rules) * 1:41079 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 traffic to/from EXTERNAL_NET (protocol-scada.rules) * 1:41078 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 traffic to/from EXTERNAL_NET (protocol-scada.rules) * 1:41077 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 unknown ASDU type detected (protocol-scada.rules) * 1:41076 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 double command issued (protocol-scada.rules) * 1:41075 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 counter interrogation command (protocol-scada.rules) * 1:41074 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 clock sync command (protocol-scada.rules) * 1:41073 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 bitstring of 32 bits (protocol-scada.rules) * 1:41463 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (file-executable.rules) * 1:41462 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (file-executable.rules) * 1:41445 <-> DISABLED <-> SERVER-OTHER QNAP remote buffer overflow attempt (server-other.rules) * 1:41440 <-> DISABLED <-> MALWARE-OTHER Dos.Tool.LOIC TCP default U dun goofed attack (malware-other.rules) * 1:41417 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader image cache use after free attempt (file-pdf.rules) * 1:41416 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader image cache use after free attempt (file-pdf.rules) * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco WebEx explicit use of web plugin (policy-other.rules) * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (policy-other.rules) * 1:41365 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RtlQueryRegistryValues buffer overflow attempt (os-windows.rules) * 1:41309 <-> DISABLED <-> FILE-OTHER Dell Precision Optimizer dll-load exploit attempt (file-other.rules) * 1:41308 <-> DISABLED <-> FILE-OTHER Dell Precision Optimizer dll-load exploit attempt (file-other.rules) * 1:41305 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41304 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41303 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41302 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41301 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41464 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (file-executable.rules) * 1:41465 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (file-executable.rules) * 1:41637 <-> DISABLED <-> INDICATOR-COMPROMISE Writable SQL directories discovery attempt (indicator-compromise.rules) * 1:41604 <-> DISABLED <-> FILE-FLASH Adobe Flash player BitmapData class use after free attempt (file-flash.rules) * 1:41603 <-> DISABLED <-> FILE-FLASH Adobe Flash player BitmapData class use after free attempt (file-flash.rules) * 1:41564 <-> DISABLED <-> FILE-OFFICE Microsoft Office imjp12k.dll dll-load exploit attempt (file-office.rules) * 1:41563 <-> DISABLED <-> FILE-OFFICE Microsoft Office request for imjp12k.dll over SMB attempt (file-office.rules) * 1:41537 <-> DISABLED <-> SERVER-OTHER Siemens WinCC TIA Portal DOS attempt (server-other.rules) * 1:41534 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy server method negotiation on non-standard port (indicator-compromise.rules) * 1:41533 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41532 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41531 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:38263 <-> DISABLED <-> SERVER-OTHER CUPS Filters command injection attempt (server-other.rules) * 1:38374 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38373 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38372 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38365 <-> DISABLED <-> SERVER-OTHER TCPDUMP ISAKMP payload handling denial of service attempt (server-other.rules) * 1:38361 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (malware-other.rules) * 1:38360 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (malware-other.rules) * 1:38345 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT is operation null pointer dereference attempt (server-other.rules) * 1:38344 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT is operation null pointer dereference attempt (server-other.rules) * 1:38343 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf Root xref stack exhaustion attempt (file-pdf.rules) * 1:38342 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf Root xref stack exhaustion attempt (file-pdf.rules) * 1:38339 <-> DISABLED <-> FILE-JAVA Oracle Java Class Loader namespace sandbox bypass attempt (file-java.rules) * 1:38338 <-> DISABLED <-> FILE-JAVA Oracle Java Class Loader namespace sandbox bypass attempt (file-java.rules) * 1:38329 <-> ENABLED <-> MALWARE-BACKDOOR ReGeorg socks proxy initial connection attempt (malware-backdoor.rules) * 1:38328 <-> ENABLED <-> MALWARE-BACKDOOR ReGeorg socks proxy connection attempt (malware-backdoor.rules) * 1:38327 <-> ENABLED <-> MALWARE-BACKDOOR ReGeorg proxy read attempt (malware-backdoor.rules) * 1:38324 <-> DISABLED <-> FILE-OTHER 7zip HFS+ handling heap buffer overflow attempt (file-other.rules) * 1:38375 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38447 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38442 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38441 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38391 <-> DISABLED <-> SERVER-OTHER HP JetDirect PJL path traversal attempt (server-other.rules) * 1:38390 <-> DISABLED <-> SERVER-OTHER HP JetDirect PJL path traversal attempt (server-other.rules) * 1:38377 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38376 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38446 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38445 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38444 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38443 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38547 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT table markup command out of bounds read attempt (server-other.rules) * 1:38546 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT table markup command out of bounds read attempt (server-other.rules) * 1:38545 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_update_contact out of bounds read attempt (server-other.rules) * 1:38529 <-> DISABLED <-> MALWARE-OTHER XBot CC Social Engineering (malware-other.rules) * 1:38526 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Troll dropper document file detected (malware-other.rules) * 1:38525 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Troll dropper document file detected (malware-other.rules) * 1:38502 <-> DISABLED <-> MALWARE-OTHER samsam sqlsrvtmg1.exe file load attempt (malware-other.rules) * 1:38501 <-> DISABLED <-> MALWARE-OTHER samsam samsam.exe file load attempt (malware-other.rules) * 1:38500 <-> DISABLED <-> MALWARE-OTHER samsam delfiletype.exe file load attempt (malware-other.rules) * 1:38499 <-> DISABLED <-> MALWARE-OTHER samsam sqlsrvtmg1.exe file load attempt (malware-other.rules) * 1:38498 <-> DISABLED <-> MALWARE-OTHER samsam samsam.exe file load attempt (malware-other.rules) * 1:38497 <-> DISABLED <-> MALWARE-OTHER samsam delfiletype.exe file load attempt (malware-other.rules) * 1:38461 <-> ENABLED <-> OS-WINDOWS DCERPC Bind auth level packet privacy connection detected (os-windows.rules) * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35413 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules) * 1:35284 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (file-flash.rules) * 1:35283 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (file-flash.rules) * 1:35282 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (file-flash.rules) * 1:35256 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:35253 <-> DISABLED <-> SERVER-OTHER LibreOffice Impress socket manager Use After Free attempt (server-other.rules) * 1:35250 <-> ENABLED <-> FILE-IDENTIFY GNI file magic detected (file-identify.rules) * 1:35249 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules) * 1:35248 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules) * 1:35247 <-> ENABLED <-> FILE-IDENTIFY GNI file download request (file-identify.rules) * 1:35241 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (file-pdf.rules) * 1:35240 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (file-pdf.rules) * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35242 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (file-pdf.rules) * 1:35239 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (file-pdf.rules) * 1:35412 <-> DISABLED <-> BROWSER-CHROME Google Chrome xssauditor policy bypass command injection attempt (browser-chrome.rules) * 1:35411 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor Policy ByPass command injection attempt (browser-chrome.rules) * 1:35406 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_status heap buffer overflow attempt (server-apache.rules) * 1:35405 <-> DISABLED <-> SERVER-OTHER HP Release Control authenticated privilege escalation attempt (server-other.rules) * 1:35384 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nicabown variant outbound connection (malware-backdoor.rules) * 1:35371 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Bimteni variant initial outbound connection (malware-backdoor.rules) * 1:35335 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:35334 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:35333 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:35314 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_proxy denial of service attempt (server-apache.rules) * 1:35307 <-> DISABLED <-> SERVER-OTHER OpenSSL alternative chains certificate forgery attempt (server-other.rules) * 1:35289 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (file-flash.rules) * 1:35288 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (file-flash.rules) * 1:35287 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (file-flash.rules) * 1:35286 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (file-flash.rules) * 1:35285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (file-flash.rules) * 1:35488 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Notepad remote printer file access attempt (os-windows.rules) * 1:35487 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Notepad remote printer file access attempt (os-windows.rules) * 1:35469 <-> ENABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:46374 <-> DISABLED <-> PROTOCOL-OTHER CLDAP potential reflected distributed denial of service attempt (protocol-other.rules) * 1:46375 <-> DISABLED <-> SERVER-OTHER DualDesk v20 Proxy.exe long string denial of service attempt (server-other.rules) * 1:46381 <-> DISABLED <-> INDICATOR-COMPROMISE Potential data exfiltration through Google form submission (indicator-compromise.rules) * 1:46382 <-> DISABLED <-> SERVER-OTHER Micro Focus Operations Orchestration denial of service attempt (server-other.rules) * 1:46383 <-> DISABLED <-> SERVER-OTHER Micro Focus Operations Orchestration information disclosure attempt (server-other.rules) * 1:46387 <-> DISABLED <-> SERVER-OTHER Multiple Vendors NTP zero-origin timestamp denial of service attempt (server-other.rules) * 1:46393 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file detected (file-identify.rules) * 1:46394 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file attachment detected (file-identify.rules) * 1:46398 <-> DISABLED <-> BROWSER-OTHER Mozilla Firefox table object integer underflow (browser-other.rules) * 1:46399 <-> DISABLED <-> BROWSER-OTHER Mozilla Firefox table object integer underflow (browser-other.rules) * 1:46403 <-> DISABLED <-> NETBIOS SMB NTLM Authentication with unknown authentication message type attempt (netbios.rules) * 1:46409 <-> DISABLED <-> OS-WINDOWS Attempted DNS overflow (os-windows.rules) * 1:46412 <-> DISABLED <-> PUA-OTHER Javascript obfuscated by obfuscator.io download attempt (pua-other.rules) * 1:46417 <-> DISABLED <-> SERVER-OTHER X.509 IPAddressFamily extension buffer overread attempt (server-other.rules) * 1:46418 <-> DISABLED <-> SERVER-OTHER X.509 IPAddressFamily extension buffer overread attempt (server-other.rules) * 1:46419 <-> DISABLED <-> OS-WINDOWS Microsoft Windows XXE information disclosure attempt (os-windows.rules) * 1:46420 <-> DISABLED <-> OS-WINDOWS Microsoft Windows XXE information disclosure attempt (os-windows.rules) * 1:46428 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:46447 <-> DISABLED <-> POLICY-OTHER TP-Link device reboot attempt (policy-other.rules) * 1:46448 <-> DISABLED <-> POLICY-OTHER TP-Link device enable remote management attempt (policy-other.rules) * 1:46484 <-> DISABLED <-> SERVER-MAIL Multiple IMAP servers DELETE command buffer overflow attempt (server-mail.rules) * 1:46495 <-> DISABLED <-> SERVER-OTHER HTTP request smuggling attempt (server-other.rules) * 1:46613 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46614 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46615 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46616 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46617 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46618 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46619 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46663 <-> DISABLED <-> INDICATOR-COMPROMISE Outbound telize.com geo-IP location connection attempt (indicator-compromise.rules) * 1:46664 <-> DISABLED <-> INDICATOR-COMPROMISE Outbound freegeoip.net geo-IP location connection attempt (indicator-compromise.rules) * 1:46667 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46668 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46669 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46670 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46671 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46672 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46673 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46674 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46679 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (indicator-compromise.rules) * 1:46711 <-> DISABLED <-> FILE-OTHER Adobe Professional BMP embedded image heap overflow attempt (file-other.rules) * 1:46712 <-> DISABLED <-> FILE-OTHER Adobe Professional BMP embedded image heap overflow attempt (file-other.rules) * 1:35461 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallWrapper error handling code execution attempt (browser-firefox.rules) * 1:35460 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallWrapper error handling code execution attempt (browser-firefox.rules) * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (file-identify.rules) * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:35433 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:35432 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:35418 <-> DISABLED <-> SERVER-OTHER Fortinet Single Sign On hello message denial of service attempt (server-other.rules) * 1:35417 <-> DISABLED <-> SERVER-OTHER Fortinet Single Sign On hello message denial of service attempt (server-other.rules) * 1:35414 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules) * 1:35553 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (server-mail.rules) * 1:35552 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (server-mail.rules) * 1:35550 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:35548 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35545 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35544 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35543 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35542 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit flash exploit download attempt (exploit-kit.rules) * 1:35530 <-> DISABLED <-> FILE-OTHER Microsoft Windows malformed TTF table hmtx remote code execution attempt (file-other.rules) * 1:35529 <-> DISABLED <-> FILE-OTHER Microsoft Windows malformed TTF table hmtx remote code execution attempt (file-other.rules) * 1:35528 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:35527 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:35514 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtGdiGetTextMetricsW TEXTMETRICW kernel mode ASLR bypass attempt (os-windows.rules) * 1:35513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtGdiGetTextMetricsW TEXTMETRICW kernel mode ASLR bypass attempt (os-windows.rules) * 1:35561 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules) * 1:35555 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (server-mail.rules) * 1:35554 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (server-mail.rules) * 1:35564 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime esds atom buffer overread attempt (file-multimedia.rules) * 1:35563 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime esds atom buffer overread attempt (file-multimedia.rules) * 1:35562 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules) * 1:35567 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid mvhd atom size out of bounds read attempt (file-multimedia.rules) * 1:35628 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime tkhd atom matrix integer overflow attempt (file-multimedia.rules) * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (policy-other.rules) * 1:35568 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid mvhd atom size out of bounds read attempt (file-multimedia.rules) * 1:35631 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules) * 1:35630 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules) * 1:35629 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime tkhd atom matrix integer overflow attempt (file-multimedia.rules) * 1:35636 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid swf tag parsing buffer overflow attempt (file-flash.rules) * 1:35774 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35773 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35770 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Cobrike outbound connection (malware-backdoor.rules) * 1:35769 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Cobrike inbound connection (malware-backdoor.rules) * 1:35766 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules) * 1:35765 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules) * 1:35764 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules) * 1:35763 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules) * 1:35758 <-> DISABLED <-> FILE-PDF Adobe Reader exclGroup element null pointer dereference attempt (file-pdf.rules) * 1:35757 <-> DISABLED <-> FILE-PDF Adobe Reader exclGroup element null pointer dereference attempt (file-pdf.rules) * 1:35740 <-> DISABLED <-> FILE-PDF Adobe Reader GoToE javascript execution attempt (file-pdf.rules) * 1:35739 <-> DISABLED <-> FILE-PDF Adobe Reader GoToE javascript execution attempt (file-pdf.rules) * 1:35689 <-> DISABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml buffer overflow attempt (protocol-other.rules) * 1:35688 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml file request (protocol-other.rules) * 1:35665 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules) * 1:35664 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules) * 1:35641 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35640 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object after free attempt (file-flash.rules) * 1:35639 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35638 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35637 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid swf tag parsing buffer overflow attempt (file-flash.rules) * 1:35807 <-> DISABLED <-> FILE-PDF Adobe Reader validation bypass privilege escalation attempt (file-pdf.rules) * 1:35806 <-> DISABLED <-> FILE-EXECUTABLE Adobe Reader NtSetInformationFile privilege escalation attempt (file-executable.rules) * 1:35805 <-> DISABLED <-> FILE-EXECUTABLE Adobe Reader NtSetInformationFile privilege escalation attempt (file-executable.rules) * 1:35797 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file download request (file-identify.rules) * 1:35796 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules) * 1:35795 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules) * 1:35787 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader trusted function privilege escalation attempt (file-pdf.rules) * 1:35786 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader trusted function privilege escalation attempt (file-pdf.rules) * 1:35785 <-> DISABLED <-> FILE-PDF Adobe Reader AcroForm null pointer dereference attempt (file-pdf.rules) * 1:35784 <-> DISABLED <-> FILE-PDF Adobe Reader AcroForm null pointer dereference attempt (file-pdf.rules) * 1:35782 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (file-pdf.rules) * 1:35781 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (file-pdf.rules) * 1:35778 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35777 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35776 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35775 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:36016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows use after free kernel privilege escalation attempt (os-windows.rules) * 1:35973 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SURFACE objects kernel privilege escalation attempt (os-windows.rules) * 1:35921 <-> DISABLED <-> SERVER-OTHER General Electric Proficy malicious log forwarding request attempt (server-other.rules) * 1:35917 <-> DISABLED <-> SERVER-OTHER Websense Triton Web Security untrusted remote file creation attempt (server-other.rules) * 1:35916 <-> DISABLED <-> SERVER-OTHER Websense Triton Web Security untrusted remote file creation attempt (server-other.rules) * 1:35904 <-> DISABLED <-> SERVER-OTHER SCADA InduSoft Web Studio buffer overflow attempt (server-other.rules) * 1:35889 <-> DISABLED <-> PROTOCOL-SCADA Kaskad SCADA arbitrary command execution attempt (protocol-scada.rules) * 1:35887 <-> DISABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules) * 1:35886 <-> DISABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules) * 1:35876 <-> DISABLED <-> FILE-OTHER InduSoft Web Studio insecure visual basic code execution attempt (file-other.rules) * 1:35858 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules) * 1:35851 <-> DISABLED <-> SERVER-OTHER QEMU VNC set-pixel-format memory corruption attempt (server-other.rules) * 1:35849 <-> DISABLED <-> POLICY-OTHER EMC Documentum Content Server remote access attempt (policy-other.rules) * 1:35845 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules) * 1:35831 <-> DISABLED <-> SERVER-OTHER multiple vendors NTP daemon integer overflow attempt (server-other.rules) * 1:35829 <-> DISABLED <-> FILE-OTHER OpenOffice Starview metafile arbitrary read write attempt (file-other.rules) * 1:35828 <-> DISABLED <-> FILE-OTHER OpenOffice Starview metafile arbitrary read write attempt (file-other.rules) * 1:35827 <-> DISABLED <-> FILE-OTHER TAR archive with absolute path detected (file-other.rules) * 1:35826 <-> DISABLED <-> FILE-OTHER TAR archive with absolute path detected (file-other.rules) * 1:35808 <-> DISABLED <-> FILE-PDF Adobe Reader validation bypass privilege escalation attempt (file-pdf.rules) * 1:36013 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel SettingsSyncDiagnostics privilege escalation attempt (os-windows.rules) * 1:36012 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel SettingsSyncDiagnostics privilege escalation attempt (os-windows.rules) * 1:36011 <-> DISABLED <-> OS-WINDOWS Microsoft Windows task scheduler race condition attempt (os-windows.rules) * 1:36010 <-> DISABLED <-> OS-WINDOWS Microsoft Windows task scheduler race condition attempt (os-windows.rules) * 1:35995 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop window privilege escalation attempt (os-windows.rules) * 1:35994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop window privilege escalation attempt (os-windows.rules) * 1:35989 <-> DISABLED <-> FILE-EXECUTABLE NtGdiStretchBlt buffer overflow privilege escalation attempt (file-executable.rules) * 1:35988 <-> DISABLED <-> FILE-EXECUTABLE NtGdiStretchBlt buffer overflow privilege escalation attempt (file-executable.rules) * 1:35987 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserSetWindowsHook memory disclosure attempt (os-windows.rules) * 1:35986 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserSetWindowsHook memory disclosure attempt (os-windows.rules) * 1:35981 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules) * 1:35980 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules) * 1:35979 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file download request (file-identify.rules) * 1:35978 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateObjectTask privilege escalation attempt (os-windows.rules) * 1:35977 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateObjectTask privilege escalation attempt (os-windows.rules) * 1:35974 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SURFACE objects kernel privilege escalation attempt (os-windows.rules) * 1:36017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows use after free kernel privilege escalation attempt (os-windows.rules) * 1:36025 <-> DISABLED <-> SERVER-OTHER Digium Asterisk TLS Certificate Common Name null byte validation bypass attempt (server-other.rules) * 1:36071 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit browser version detection attempt (exploit-kit.rules) * 1:36061 <-> DISABLED <-> SERVER-OTHER SAP SQL Anywhere .NET malformed integer buffer overflow attempt (server-other.rules) * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules) * 1:36035 <-> DISABLED <-> FILE-FLASH Infinity popup toolkit detected (file-flash.rules) * 1:36034 <-> DISABLED <-> FILE-FLASH Infinity popup toolkit detected (file-flash.rules) * 1:36029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys use after free attempt (os-windows.rules) * 1:36028 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys use after free attempt (os-windows.rules) * 1:36067 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:36063 <-> DISABLED <-> FILE-PDF Adobe Reader makeMeasurement information disclosure attempt (file-pdf.rules) * 1:36062 <-> DISABLED <-> FILE-PDF Adobe Reader makeMeasurement information disclosure attempt (file-pdf.rules) * 1:36096 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake oversized fragment length denial of service attempt (server-other.rules) * 1:36241 <-> ENABLED <-> MALWARE-OTHER self-signed SSL certificate transfer for EXEPROXY attempt (malware-other.rules) * 1:36240 <-> ENABLED <-> FILE-JAVA Oracle Java System.arraycopy race condition attempt (file-java.rules) * 1:36239 <-> ENABLED <-> FILE-JAVA Oracle Java System.arraycopy race condition attempt (file-java.rules) * 1:36201 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit exfiltration attempt (exploit-kit.rules) * 1:36194 <-> DISABLED <-> POLICY-OTHER BitTorrent distributed reflected denial-of-service attempt (policy-other.rules) * 1:36251 <-> DISABLED <-> SERVER-OTHER ntpq atoascii memory corruption attempt (server-other.rules) * 1:36250 <-> DISABLED <-> SERVER-OTHER ntpd keyfile buffer overflow attempt (server-other.rules) * 1:36248 <-> DISABLED <-> SERVER-OTHER IRC w3wt0rk pitbull perl bot remote command execution attempt (server-other.rules) * 1:36247 <-> DISABLED <-> SERVER-OTHER IRC w3wt0rk pitbull perl bot remote command execution attempt (server-other.rules) * 1:36252 <-> DISABLED <-> SERVER-OTHER ntpd remote configuration denial of service attempt (server-other.rules) * 1:36362 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:36361 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:36360 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:36338 <-> ENABLED <-> MALWARE-OTHER Apple iTunes Connect HTTP response phishing attempt (malware-other.rules) * 1:36332 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit relay traffic detected (exploit-kit.rules) * 1:36317 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URI loaded FLV potential information leak attempt (file-flash.rules) * 1:36316 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URI loaded MP4 potential information leak attempt (file-flash.rules) * 1:36315 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit relay traffic detected (exploit-kit.rules) * 1:36310 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (file-image.rules) * 1:36309 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (file-image.rules) * 1:36308 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (file-image.rules) * 1:36307 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (file-image.rules) * 1:36306 <-> DISABLED <-> FILE-PDF Foxit Reader PNG to PDF conversion heap buffer overflow attempt (file-pdf.rules) * 1:36305 <-> DISABLED <-> FILE-PDF Foxit Reader PNG to PDF conversion heap buffer overflow attempt (file-pdf.rules) * 1:36281 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:36280 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36279 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36278 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36277 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36256 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:36253 <-> DISABLED <-> SERVER-OTHER ntpd saveconfig directory traversal attempt (server-other.rules) * 1:36415 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel ALPC synchronous requests memory corruption attempt (os-windows.rules) * 1:36410 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (os-windows.rules) * 1:36409 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (os-windows.rules) * 1:36408 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (os-windows.rules) * 1:36407 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (os-windows.rules) * 1:36406 <-> DISABLED <-> OS-WINDOWS Microsoft Windows sandbox policy bypass attempt (os-windows.rules) * 1:36405 <-> DISABLED <-> OS-WINDOWS Microsoft Windows sandbox policy bypass attempt (os-windows.rules) * 1:36404 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SepReferenceLowBoxObjects privilege escalation attempt (os-windows.rules) * 1:36403 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SepReferenceLowBoxObjects privilege escalation attempt (os-windows.rules) * 1:36384 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:36383 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:36378 <-> DISABLED <-> BROWSER-OTHER Google Chrome invalid URI denial of service attempt (browser-other.rules) * 1:36377 <-> DISABLED <-> BROWSER-OTHER Google Chrome invalid URI denial of service attempt (browser-other.rules) * 1:36376 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework lcfd endpoint daemon buffer overflow attempt (server-other.rules) * 1:36375 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework Endpoint default HTTP password authentication attempt (server-other.rules) * 1:36416 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel ALPC synchronous requests memory corruption attempt (os-windows.rules) * 1:36445 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 10 low integrity level NTFS mount reparse point bypass attempt (os-windows.rules) * 1:36435 <-> DISABLED <-> SERVER-OTHER Xerox Administrator Console password extraction attempt (server-other.rules) * 1:36422 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36420 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36419 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36446 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 10 low integrity level NTFS mount reparse point bypass attempt (os-windows.rules) * 1:36462 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost verifypwd buffer overflow attempt (server-other.rules) * 1:36461 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost sadminpwd buffer overflow attempt (server-other.rules) * 1:36457 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:36456 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (file-multimedia.rules) * 1:36455 <-> DISABLED <-> SERVER-OTHER Schneider Electric InduSoft Web Studio Remote Agent remote code execution attempt (server-other.rules) * 1:36454 <-> DISABLED <-> SERVER-OTHER multiple products WinExec function remote code execution attempt (server-other.rules) * 1:36492 <-> DISABLED <-> EXPLOIT-KIT Neutrino exploit kit gate detected (exploit-kit.rules) * 1:36479 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36477 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36476 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36562 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:36548 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (server-other.rules) * 1:36547 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (server-other.rules) * 1:36546 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (server-other.rules) * 1:36545 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (server-other.rules) * 1:36543 <-> ENABLED <-> EXPLOIT-KIT Hunter exploit kit landing page detected (exploit-kit.rules) * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:36535 <-> DISABLED <-> EXPLOIT-KIT Neutrino exploit kit landing page detected (exploit-kit.rules) * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (file-identify.rules) * 1:36530 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:36529 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:36528 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:36527 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:36525 <-> DISABLED <-> FILE-JAVA Oracle Java TrueType font parsing mort table ligature subtable buffer overflow attempt (file-java.rules) * 1:36524 <-> DISABLED <-> FILE-JAVA Oracle Java TrueType font parsing mort table ligature subtable buffer overflow attempt (file-java.rules) * 1:36523 <-> DISABLED <-> EXPLOIT-KIT Sundown exploit kit landing page detected (exploit-kit.rules) * 1:36501 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:36500 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:36499 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:36498 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:36493 <-> DISABLED <-> SERVER-OTHER Squid snmphandleUDP off-by-one buffer overflow attempt (server-other.rules) * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:36651 <-> DISABLED <-> PROTOCOL-ICMP Squid Pinger IPv6 denial of service attempt (protocol-icmp.rules) * 1:36650 <-> DISABLED <-> PROTOCOL-ICMP Squid Pinger IPv6 denial of service attempt (protocol-icmp.rules) * 1:36612 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (indicator-compromise.rules) * 1:36611 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (indicator-compromise.rules) * 1:36609 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (file-flash.rules) * 1:36608 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (file-flash.rules) * 1:36607 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (file-flash.rules) * 1:36606 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (file-flash.rules) * 1:36596 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos privilege escalation attempt (os-windows.rules) * 1:36585 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari user assisted applescript code execution attempt (browser-webkit.rules) * 1:36565 <-> DISABLED <-> FILE-MULTIMEDIA libav LZO integer overflow attempt (file-multimedia.rules) * 1:36564 <-> DISABLED <-> FILE-MULTIMEDIA libav LZO integer overflow attempt (file-multimedia.rules) * 1:36563 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:36735 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:36734 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:36733 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:36719 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel memory information disclosure attempt (os-windows.rules) * 1:36718 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel memory information disclosure attempt (os-windows.rules) * 1:36711 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file attachment detected (file-identify.rules) * 1:36786 <-> DISABLED <-> FILE-OTHER Apple SceneKit qlmanage setelementname buffer overflow attempt (file-other.rules) * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (policy-other.rules) * 1:36767 <-> DISABLED <-> FILE-OTHER Microsoft Outlook for Mac EML file http-equiv refresh url attempt (file-other.rules) * 1:36766 <-> DISABLED <-> FILE-OTHER Microsoft Outlook for Mac EML file http-equiv refresh url attempt (file-other.rules) * 1:36748 <-> ENABLED <-> FILE-IDENTIFY TTF file attachment detected (file-identify.rules) * 1:36805 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet request for peerdistsvc.dll over SMB attempt (os-windows.rules) * 1:36804 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet peerdistsvc.dll dll-load exploit attempt (os-windows.rules) * 1:36803 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt (server-other.rules) * 1:36789 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript large regex memory corruption attempt (browser-firefox.rules) * 1:36787 <-> DISABLED <-> FILE-OTHER Apple SceneKit qlmanage setelementname buffer overflow attempt (file-other.rules) * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (server-other.rules) * 1:36814 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO acceptor acc_ctx_cont denial of service attempt (server-other.rules) * 1:36855 <-> ENABLED <-> FILE-OTHER Wireshark DECT packet dissector overflow attempt (file-other.rules) * 1:36854 <-> DISABLED <-> FILE-OTHER IDEAL Administration IPJ file handling stack overflow attempt (file-other.rules) * 1:36825 <-> DISABLED <-> PUA-ADWARE DealPly Adware variant outbound connection (pua-adware.rules) * 1:36823 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack Server buffer overflow attempt (server-other.rules) * 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (server-other.rules) * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (policy-other.rules) * 1:36912 <-> DISABLED <-> SERVER-OTHER Novell eDirectory dhost buffer overflow attempt (server-other.rules) * 1:36888 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:36887 <-> DISABLED <-> POLICY-OTHER self-signed SSL certificate eDellRoot use attempt (policy-other.rules) * 1:36856 <-> DISABLED <-> FILE-IMAGE Microsoft Windows malformed WMF meta escape record memory corruption attempt (file-image.rules) * 1:36973 <-> DISABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules) * 1:36972 <-> DISABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules) * 1:37055 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37017 <-> DISABLED <-> SERVER-OTHER Redis SSH authorized keys file overwrite attempt (server-other.rules) * 1:37054 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37028 <-> DISABLED <-> PROTOCOL-OTHER Websocket upgrade request without a client key detected (protocol-other.rules) * 1:37056 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37057 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37060 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37059 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37058 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37061 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37155 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid RSASSA-PSS certificate denial of service attempt (server-other.rules) * 1:37154 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid RSASSA-PSS certificate denial of service attempt (server-other.rules) * 1:37087 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Metafile invalid header size integer overflow (os-windows.rules) * 1:37062 <-> DISABLED <-> APP-DETECT 12P DNS request attempt (app-detect.rules) * 1:37282 <-> DISABLED <-> FILE-OTHER Microsoft Office MScomctl.ocx memory leak attempt (file-other.rules) * 1:37281 <-> DISABLED <-> FILE-OTHER Microsoft Office MScomctl.ocx memory leak attempt (file-other.rules) * 1:37222 <-> ENABLED <-> MALWARE-OTHER Win.Worm.Pixipos Outbound Connection Attempt (malware-other.rules) * 1:37301 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:37300 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:37299 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules) * 1:37298 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules) * 1:37291 <-> DISABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules) * 1:37288 <-> DISABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules) * 1:37302 <-> DISABLED <-> APP-DETECT Hola VPN X-Hola-Version header nonstandard port attempt (app-detect.rules) * 1:37303 <-> DISABLED <-> APP-DETECT Hola VPN X-Hola-Version header attempt (app-detect.rules) * 1:37306 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:37305 <-> DISABLED <-> APP-DETECT Hola VPN tunnel keep alive (app-detect.rules) * 1:37304 <-> DISABLED <-> APP-DETECT Hola VPN non-http port ping (app-detect.rules) * 1:37310 <-> DISABLED <-> BROWSER-CHROME Google Chrome MOTW pageSerializer HTML injection attempt (browser-chrome.rules) * 1:37314 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (file-pdf.rules) * 1:37311 <-> DISABLED <-> BROWSER-CHROME Google Chrome MOTW pageSerializer HTML injection attempt (browser-chrome.rules) * 1:37315 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (file-pdf.rules) * 1:37318 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rpawinet.dll dll-load exploit attempt (file-office.rules) * 1:37319 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word request for rpawinet.dll over SMB attempt (file-office.rules) * 1:37325 <-> DISABLED <-> BROWSER-CHROME Google Chrome same origin policy bypass attempt (browser-chrome.rules) * 1:37332 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37331 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37330 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37329 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37328 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37495 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter compressed stream length code execution attempt (file-pdf.rules) * 1:37333 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37403 <-> DISABLED <-> SERVER-OTHER Easy Chat server authentication request password parameter overflow attempt (server-other.rules) * 1:37402 <-> DISABLED <-> FILE-OTHER librtmp invalid pointer dereference attempt (file-other.rules) * 1:37401 <-> DISABLED <-> FILE-OTHER librtmp invalid pointer dereference attempt (file-other.rules) * 1:37375 <-> DISABLED <-> SERVER-MAIL Multiple IMAP servers EXAMINE command buffer overflow attempt (server-mail.rules) * 1:37368 <-> DISABLED <-> SERVER-OTHER Multiple Vendors SOAP large array information disclosure attempt (server-other.rules) * 1:37367 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST hostname overflow attempt (os-windows.rules) * 1:37366 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST hostname overflow attempt (os-windows.rules) * 1:37365 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST client identifier overflow attempt (os-windows.rules) * 1:37364 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST client identifier overflow attempt (os-windows.rules) * 1:37362 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 conversion library code execution attempt (file-office.rules) * 1:37355 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page detected (exploit-kit.rules) * 1:37354 <-> DISABLED <-> APP-DETECT Jenkins Groovy script access through script console attempt (app-detect.rules) * 1:37342 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37341 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37340 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37339 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37338 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37337 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37336 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37335 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37334 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37453 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox location.hostname DOM modification bypass attempt (browser-firefox.rules) * 1:37452 <-> DISABLED <-> FILE-IDENTIFY PESpin v0.3 packer file magic detected (file-identify.rules) * 1:37446 <-> DISABLED <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt (server-other.rules) * 1:37442 <-> ENABLED <-> FILE-OTHER Adobe Flash Player javascript parsing cross site scripting attempt (file-other.rules) * 1:37441 <-> ENABLED <-> FILE-OTHER Adobe Flash Player javascript parsing cross site scripting attempt (file-other.rules) * 1:37432 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ExtGState use after free attempt (file-pdf.rules) * 1:37431 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ExtGState use after free attempt (file-pdf.rules) * 1:37422 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT server file download (malware-backdoor.rules) * 1:37421 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT download (malware-backdoor.rules) * 1:37420 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT initial connection (malware-backdoor.rules) * 1:37419 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (malware-backdoor.rules) * 1:37418 <-> ENABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (malware-backdoor.rules) * 1:37417 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT server file download (malware-backdoor.rules) * 1:37416 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT download (malware-backdoor.rules) * 1:37407 <-> DISABLED <-> FILE-OTHER librtmp invalid pointer dereference attempt (file-other.rules) * 1:37404 <-> DISABLED <-> SERVER-OTHER Easy Chat server authentication request username parameter overflow attempt (server-other.rules) * 1:37496 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter compressed stream length code execution attempt (file-pdf.rules) * 1:37497 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter encrypted stream code execution attempt (file-pdf.rules) * 1:37498 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter encrypted stream code execution attempt (file-pdf.rules) * 1:37502 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt (file-pdf.rules) * 1:37501 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt (file-pdf.rules) * 1:37500 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Basefont string overflow attempt (file-pdf.rules) * 1:37499 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Basefont string overflow attempt (file-pdf.rules) * 1:37546 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules) * 1:37545 <-> DISABLED <-> POLICY-OTHER Netcore/Netis firmware hard-coded backdoor account access attempt (policy-other.rules) * 1:37524 <-> DISABLED <-> FILE-OTHER ReGet Deluxe wjr file buffer overflow attempt (file-other.rules) * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules) * 1:37621 <-> DISABLED <-> PUA-ADWARE Genieo Adware framework User-Agent (pua-adware.rules) * 1:37620 <-> DISABLED <-> PUA-ADWARE Genieo Adware framework variant outbound connection (pua-adware.rules) * 1:37619 <-> DISABLED <-> SERVER-OTHER InterSystems Cache UtilConfigHome.csp buffer overflow attempt (server-other.rules) * 1:37583 <-> DISABLED <-> INDICATOR-SHELLCODE Javascript 0xCCCC unicode unescape (indicator-shellcode.rules) * 1:37648 <-> DISABLED <-> SQL Oracle e-Business Suite JTF_BISUTILITY_PUB SQL injection attempt (sql.rules) * 1:37643 <-> DISABLED <-> SQL Oracle e-Business Suite ORACLESSWA SQL injection attempt (sql.rules) * 1:37642 <-> ENABLED <-> PUA-ADWARE Win.Adware.Dealply outbound POST attempt (pua-adware.rules) * 1:37635 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SPNEGO ASN.1 library heap corruption overflow attempt (os-windows.rules) * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:37732 <-> DISABLED <-> POLICY-OTHER eicar test string download attempt (policy-other.rules) * 1:37654 <-> DISABLED <-> OS-LINUX Linux kernel SCTP handshake COOKIE ECHO Chunks denial of service attempt (os-linux.rules) * 1:37651 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.Downloader outbound connection attempt (malware-tools.rules) * 1:37649 <-> DISABLED <-> FILE-OTHER Sophos Anti-Virus reserved device name handling vulnerability attempt (file-other.rules) * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules) * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:37841 <-> DISABLED <-> SERVER-OTHER ntpd reference clock impersonation attempt (server-other.rules) * 1:37865 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf xref offset out of bounds read attempt (file-pdf.rules) * 1:37864 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf xref offset out of bounds read attempt (file-pdf.rules) * 1:37863 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:37862 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:37861 <-> DISABLED <-> SERVER-OTHER SafeNEt SoftRemote IKE service buffer overflow attempt (server-other.rules) * 1:37843 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK possible DoS attempt (server-other.rules) * 1:37842 <-> DISABLED <-> SERVER-OTHER ntpd reference clock impersonation attempt (server-other.rules) * 1:37869 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:37868 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:37867 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf arbitrary pointer access attempt (file-pdf.rules) * 1:37866 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf arbitrary pointer access attempt (file-pdf.rules) * 1:37891 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS tunneling attempt (indicator-obfuscation.rules) * 1:37892 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS tunneling attempt (indicator-obfuscation.rules) * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:38060 <-> DISABLED <-> POLICY-OTHER SSLv2 Client Hello attempt (policy-other.rules) * 1:37918 <-> ENABLED <-> EXPLOIT-KIT Magnitude exploit kit Internet Explorer exploit attempt (exploit-kit.rules) * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:38136 <-> DISABLED <-> SERVER-MAIL excessive email recipients - potential spam attempt (server-mail.rules) * 1:38130 <-> DISABLED <-> POLICY-OTHER HTTP Request missing user-agent (policy-other.rules) * 1:38135 <-> DISABLED <-> BROWSER-OTHER Apple iOS CoreGraphics library PDF embedded image handling information leak attempt (browser-other.rules) * 1:38172 <-> DISABLED <-> FILE-OTHER Adobe Acrobat updaternotifications.dll dll-load exploit attempt (file-other.rules) * 1:38323 <-> DISABLED <-> FILE-OTHER 7zip HFS+ handling heap buffer overflow attempt (file-other.rules) * 1:38322 <-> DISABLED <-> NETBIOS SMB samr named pipe creation attempt (netbios.rules) * 1:38321 <-> DISABLED <-> NETBIOS SMB svcctl named pipe creation attempt (netbios.rules) * 1:38320 <-> DISABLED <-> NETBIOS SMB srvsvc named pipe creation attempt (netbios.rules) * 1:38319 <-> DISABLED <-> NETBIOS SMB winreg named pipe creation attempt (netbios.rules) * 1:38307 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules) * 1:38306 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules) * 1:38296 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:38295 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:38294 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:38293 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:38292 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules) * 1:38291 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules) * 1:38290 <-> DISABLED <-> FILE-PDF Oracle IOT IX SDK libvs_pdf null pointer dereference attempt (file-pdf.rules) * 1:38289 <-> DISABLED <-> FILE-PDF Oracle IOT IX SDK libvs_pdf null pointer dereference attempt (file-pdf.rules) * 1:38280 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (malware-other.rules) * 1:38279 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (malware-other.rules) * 1:38271 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt (server-other.rules) * 1:38270 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt (server-other.rules) * 1:38268 <-> DISABLED <-> SERVER-APACHE 404 OK response (server-apache.rules) * 1:41530 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41529 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41528 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41527 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41526 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41525 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41524 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy server method negotiation on non-standard port (indicator-compromise.rules) * 1:41507 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString denial of service attempt (server-other.rules) * 1:41484 <-> DISABLED <-> FILE-OTHER LexMark Perceptive Document Filters BZIP2 convert out of bounds write attempt (file-other.rules) * 1:41483 <-> DISABLED <-> FILE-OTHER LexMark Perceptive Document Filters BZIP2 convert out of bounds write attempt (file-other.rules) * 1:41467 <-> DISABLED <-> SERVER-OTHER InsideSecure MatrixSSL x509 IssuerDomainPolicy remote code execution attempt (server-other.rules) * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules) * 1:41739 <-> DISABLED <-> PROTOCOL-SCADA Moxa Mass Config Tool DOS attempt (protocol-scada.rules) * 1:41738 <-> DISABLED <-> PROTOCOL-SCADA Sunway DOS attempt (protocol-scada.rules) * 1:41737 <-> DISABLED <-> PROTOCOL-SCADA Sunway DOS attempt (protocol-scada.rules) * 1:41736 <-> DISABLED <-> SERVER-OTHER Beck IPC CHIP DoS attempt (server-other.rules) * 1:41701 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DSGetNCChanges attempt (policy-other.rules) * 1:41688 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_http2 denial of service attempt (server-apache.rules) * 1:41664 <-> DISABLED <-> PUA-ADWARE Win.Adware.Xiazai variant outbound connection (pua-adware.rules) * 1:41659 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.MagicHound dropper document file detected (malware-other.rules) * 1:41658 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.MagicHound dropper document file detected (malware-other.rules) * 1:41651 <-> DISABLED <-> SERVER-OTHER Schneider Electric ETY Telnet DOS attempt (server-other.rules) * 1:41649 <-> DISABLED <-> POLICY-OTHER Wordpress Press-This page access detected (policy-other.rules) * 1:41648 <-> DISABLED <-> PROTOCOL-SCADA SCADA Trace Mode DoS attempt (protocol-scada.rules) * 1:41647 <-> DISABLED <-> POLICY-OTHER Piwik Analytics Platform PHP plugin installation detected (policy-other.rules) * 1:41641 <-> DISABLED <-> FILE-EXECUTABLE QuickHeal Internet Security malformed Mach-O file buffer overflow attempt (file-executable.rules) * 1:41640 <-> DISABLED <-> FILE-EXECUTABLE QuickHeal Internet Security malformed Mach-O file buffer overflow attempt (file-executable.rules) * 1:41744 <-> DISABLED <-> POLICY-OTHER Cisco IOS configuration transfer via TFTP detected (policy-other.rules) * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41853 <-> DISABLED <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt (os-linux.rules) * 1:41812 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ fileserver broker service file move attempt (server-other.rules) * 1:41807 <-> DISABLED <-> POLICY-OTHER SSLv3 Client Hello attempt (policy-other.rules) * 1:41796 <-> DISABLED <-> POLICY-OTHER Cisco IOS privileged user configuration transfer via TFTP detected (policy-other.rules) * 1:41795 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:41794 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:41784 <-> DISABLED <-> INDICATOR-COMPROMISE clorius controls information gathering attempt (indicator-compromise.rules) * 1:41778 <-> ENABLED <-> PROTOCOL-SCADA Yokogawa CS3000 BKFSim_vhfd buffer overflow attempt (protocol-scada.rules) * 1:41771 <-> ENABLED <-> MALWARE-TOOLS slowhttptest DoS tool (malware-tools.rules) * 1:41762 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:41761 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:41758 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (indicator-compromise.rules) * 1:41757 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (indicator-compromise.rules) * 1:41756 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (indicator-compromise.rules) * 1:41755 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (indicator-compromise.rules) * 1:41747 <-> DISABLED <-> PROTOCOL-SCADA Moxa SoftCMS webserver DOS attempt (protocol-scada.rules) * 1:41997 <-> DISABLED <-> OS-WINDOWS Microsoft GDI+ privilege escalation attempt (os-windows.rules) * 1:41990 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Com Session Moniker pivilege escalation attempt (file-executable.rules) * 1:41989 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Com Session Moniker pivilege escalation attempt (file-executable.rules) * 1:41947 <-> DISABLED <-> FILE-IMAGE GDI+ malformed EMF description out of bounds read attempt (file-image.rules) * 1:41946 <-> DISABLED <-> FILE-IMAGE Microsoft GDI+ malformed EMF description out of bounds read attempt (file-image.rules) * 1:41925 <-> DISABLED <-> FILE-OTHER Notepad++ scilexer.dll dll-load exploit attempt (file-other.rules) * 1:41924 <-> DISABLED <-> FILE-OTHER Notepad++ request for scilexer.dll over SMB attempt (file-other.rules) * 1:41915 <-> DISABLED <-> POLICY-OTHER Carel PlantVisorPRO insecure SQL query transmission (policy-other.rules) * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:42000 <-> DISABLED <-> SERVER-OTHER WolfSSL X509 parsing off-by-one code execution attempt (server-other.rules) * 1:42101 <-> DISABLED <-> FILE-EXECUTABLE AnC MMU side channel ASLR bypass attack (file-executable.rules) * 1:42100 <-> DISABLED <-> FILE-EXECUTABLE AnC MMU side channel ASLR bypass attack (file-executable.rules) * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules) * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules) * 1:42087 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:42086 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:42085 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:42084 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:42082 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (indicator-compromise.rules) * 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules) * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules) * 1:42065 <-> DISABLED <-> SERVER-OTHER kaskad SCADA daserver heap overflow exploitation attempt (server-other.rules) * 1:42064 <-> DISABLED <-> SERVER-OTHER kaskad SCADA daserver heap overflow exploitation attempt (server-other.rules) * 1:42058 <-> DISABLED <-> PROTOCOL-SCADA Moxa unlock function code attempt (protocol-scada.rules) * 1:42057 <-> DISABLED <-> PROTOCOL-SCADA Moxa unlock function code attempt (protocol-scada.rules) * 1:42056 <-> DISABLED <-> PROTOCOL-SCADA Moxa password retrieval attempt (protocol-scada.rules) * 1:42055 <-> DISABLED <-> PROTOCOL-SCADA Moxa password retrieval attempt (protocol-scada.rules) * 1:42054 <-> DISABLED <-> PROTOCOL-SCADA Moxa get SNMP read string attempt (protocol-scada.rules) * 1:42015 <-> DISABLED <-> SERVER-OTHER Randombit Botan Library X509 DistinguishedName out of bounds read attempt (server-other.rules) * 1:42259 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:42258 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:42257 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules) * 1:42256 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB anonymous user session setup request detected (os-windows.rules) * 1:42231 <-> DISABLED <-> FILE-OFFICE RTF url moniker COM file download attempt (file-office.rules) * 1:42230 <-> DISABLED <-> INDICATOR-COMPROMISE RTF url moniker COM file download attempt (indicator-compromise.rules) * 1:42229 <-> DISABLED <-> INDICATOR-COMPROMISE RTF url moniker COM file download attempt (indicator-compromise.rules) * 1:42227 <-> DISABLED <-> SERVER-OTHER NTP Config Unpeer denial of service attempt (server-other.rules) * 1:42226 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:42224 <-> DISABLED <-> SERVER-OTHER Moxa MX-AOPC XML external entity injection attempt (server-other.rules) * 1:42223 <-> ENABLED <-> FILE-IDENTIFY AOP file download request (file-identify.rules) * 1:42164 <-> DISABLED <-> FILE-OTHER Microsoft Office OneNote 2007 dll-load exploit attempt (file-other.rules) * 1:42163 <-> DISABLED <-> FILE-OTHER Microsoft Office OneNote 2007 dll-load exploit attempt (file-other.rules) * 1:42133 <-> DISABLED <-> SERVER-APACHE Apache mod_session_crypto padding oracle brute force attempt (server-apache.rules) * 1:42127 <-> DISABLED <-> PROTOCOL-SCADA Eaton Network Pi3Web DOS attempt (protocol-scada.rules) * 1:42109 <-> DISABLED <-> PROTOCOL-SCADA invalid modbus protocol identifier (protocol-scada.rules) * 1:42260 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:42261 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules) * 1:42262 <-> ENABLED <-> FILE-IDENTIFY ISO file download request (file-identify.rules) * 1:42263 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42265 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42264 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42267 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42266 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42268 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42270 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42269 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42271 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42272 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42279 <-> DISABLED <-> FILE-OTHER Adobe Acrobat request for RARfsClientNP.dll over SMB attempt (file-other.rules) * 1:42280 <-> DISABLED <-> FILE-OTHER Adobe Acrobat RARfsClientNP.dll dll-load exploit attempt (file-other.rules) * 1:42281 <-> DISABLED <-> OS-SOLARIS Solaris catflap telnet remote code execution attempt (os-solaris.rules) * 1:42282 <-> DISABLED <-> OS-SOLARIS Solaris catflap telnet remote code execution attempt (os-solaris.rules) * 1:42283 <-> DISABLED <-> OS-SOLARIS Solaris catflap telnet remote code execution attempt (os-solaris.rules) * 1:42284 <-> DISABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server DOS attempt (protocol-scada.rules) * 1:42289 <-> DISABLED <-> INDICATOR-SCAN PHP info leak attempt (indicator-scan.rules) * 1:42304 <-> DISABLED <-> FILE-OTHER fwpuclnt dll-load exploit attempt (file-other.rules) * 1:42305 <-> DISABLED <-> FILE-OTHER fwpuclnt dll-load exploit attempt (file-other.rules) * 1:42307 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF out of bounds memory access attempt (file-pdf.rules) * 1:42308 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF out of bounds memory access attempt (file-pdf.rules) * 1:42315 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream tile height out of bounds read attempt (file-pdf.rules) * 1:42316 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream tile height out of bounds read attempt (file-pdf.rules) * 1:42317 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream width out of bounds read attempt (file-pdf.rules) * 1:42318 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream width out of bounds read attempt (file-pdf.rules) * 1:42319 <-> DISABLED <-> FILE-PDF Poppler PDF library embedded jp2 COD levels integer overflow attempt (file-pdf.rules) * 1:42320 <-> DISABLED <-> FILE-PDF Poppler PDF library embedded jp2 COD levels integer overflow attempt (file-pdf.rules) * 1:42341 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:42342 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:42343 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:42344 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:42349 <-> DISABLED <-> PROTOCOL-SCADA InduSoft Web Studio CEServer buffer overflow attempt (protocol-scada.rules) * 1:43075 <-> DISABLED <-> INDICATOR-COMPROMISE SysAid mssql potentially malicious user permissions creation (indicator-compromise.rules) * 1:42350 <-> DISABLED <-> PROTOCOL-SCADA InduSoft Web Studio CEServer buffer overflow attempt (protocol-scada.rules) * 1:42351 <-> DISABLED <-> PROTOCOL-SCADA InduSoft Web Studio CEServer buffer overflow attempt (protocol-scada.rules) * 1:42352 <-> DISABLED <-> FILE-PDF Poppler readProgressiveSOF out of bounds write attempt (file-pdf.rules) * 1:42353 <-> DISABLED <-> FILE-PDF Poppler readProgressiveSOF out of bounds write attempt (file-pdf.rules) * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42367 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42377 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader dll injection sandbox escape (file-pdf.rules) * 1:42378 <-> DISABLED <-> SERVER-OTHER Yealink VoIP phone remote code execution attempt (server-other.rules) * 1:42396 <-> DISABLED <-> EXPLOIT-KIT Blacole inbound malformed pdf download attempt (exploit-kit.rules) * 1:42397 <-> DISABLED <-> EXPLOIT-KIT Blacole inbound malformed pdf download attempt (exploit-kit.rules) * 1:42418 <-> DISABLED <-> FILE-EXECUTABLE Win.Trojan.DoubleAgent download attempt (file-executable.rules) * 1:42419 <-> DISABLED <-> FILE-EXECUTABLE Win.Trojan.DoubleAgent download attempt (file-executable.rules) * 1:42420 <-> DISABLED <-> SERVER-OTHER HP Operations Agent for NonStop server HEALTH packet parsing stack buffer overflow attempt (server-other.rules) * 1:42458 <-> DISABLED <-> PROTOCOL-DNS ISC BIND unexpected DNAME CNAME ordering denial of service attempt (protocol-dns.rules) * 1:42459 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Reader PDF embedded null JPEG image (indicator-compromise.rules) * 1:42460 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Reader PDF embedded null JPEG image (indicator-compromise.rules) * 1:42463 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:42466 <-> DISABLED <-> SERVER-OTHER WinRadius long password denial of service attempt (server-other.rules) * 1:42773 <-> DISABLED <-> OS-WINDOWS Microsoft Windows COM privilege escalation attempt (os-windows.rules) * 1:42774 <-> DISABLED <-> OS-WINDOWS Microsoft Windows COM privilege escalation attempt (os-windows.rules) * 1:42786 <-> DISABLED <-> PROTOCOL-SCADA Moxa unlock function code attempt (protocol-scada.rules) * 1:43080 <-> ENABLED <-> BROWSER-OTHER Foscam IP Camera User-Agent string detected (browser-other.rules) * 1:42822 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (malware-other.rules) * 1:42823 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (malware-other.rules) * 1:42824 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (malware-other.rules) * 1:42825 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (malware-other.rules) * 1:42846 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF heap overflow attempt (file-image.rules) * 1:42847 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF heap overflow attempt (file-image.rules) * 1:42861 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon TM221CE16R password retrieval attempt (protocol-scada.rules) * 1:42865 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS MIBEntryGet buffer overflow attempt (os-windows.rules) * 1:42870 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42871 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42872 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42873 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42874 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42875 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42876 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42877 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42918 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:42919 <-> DISABLED <-> FILE-IDENTIFY ISO file attachment with executable detected (file-identify.rules) * 1:42927 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office with embedded EPS download attempt (indicator-compromise.rules) * 1:42928 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office with embedded EPS download attempt (indicator-compromise.rules) * 1:42934 <-> DISABLED <-> PROTOCOL-SCADA GE Proficy Historian buffer overflow attempt (protocol-scada.rules) * 1:42935 <-> DISABLED <-> FILE-OTHER Everest Software PeakHMI malicious .bsu file buffer overflow attempt (file-other.rules) * 1:42936 <-> DISABLED <-> FILE-OTHER Everest Software PeakHMI malicious .bsu file buffer overflow attempt (file-other.rules) * 1:42937 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules) * 1:42938 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules) * 1:42939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules) * 1:42940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules) * 1:42969 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (file-pdf.rules) * 1:42970 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (file-pdf.rules) * 1:42971 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (file-pdf.rules) * 1:42972 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (file-pdf.rules) * 1:42995 <-> DISABLED <-> PROTOCOL-SCADA Weintek EB Pro denial of service attempt (protocol-scada.rules) * 1:43002 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:43003 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:43044 <-> DISABLED <-> SERVER-OTHER RaySharp DVR administrative interface access attempt (server-other.rules) * 1:43054 <-> DISABLED <-> OS-WINDOWS Microsoft Windows IIS buffer overflow attempt (os-windows.rules) * 1:43065 <-> DISABLED <-> INDICATOR-COMPROMISE Trend Micro Control Manager WFINFOR cookie authentication bypass attempt (indicator-compromise.rules) * 1:43073 <-> DISABLED <-> SQL SysAid potential default credential login attempt (sql.rules) * 1:43074 <-> DISABLED <-> INDICATOR-COMPROMISE SysAid mssql potentially malicious new user creation attempt (indicator-compromise.rules) * 1:43092 <-> DISABLED <-> INDICATOR-COMPROMISE OLE attachment with embedded PICT attempt (indicator-compromise.rules) * 1:43094 <-> DISABLED <-> SERVER-OTHER Ecava IntegraXor SCADA information leak attempt (server-other.rules) * 1:43103 <-> DISABLED <-> PROTOCOL-SCADA Weintek EasyBuilder Pro denial of service attempt (protocol-scada.rules) * 1:43104 <-> DISABLED <-> PROTOCOL-SCADA OPC Systems denial of service attempt (protocol-scada.rules) * 1:43105 <-> DISABLED <-> SERVER-OTHER Novus WS10 Data Server buffer overflow attempt (server-other.rules) * 1:43106 <-> DISABLED <-> PROTOCOL-SCADA Optima PLC APIFTP denial of service attempt (protocol-scada.rules) * 1:43116 <-> DISABLED <-> SERVER-OTHER Moore Industries NCS denial of service attempt (server-other.rules) * 1:43122 <-> DISABLED <-> PROTOCOL-SCADA Advantech WebAccess webvrpcs denial of service attempt (protocol-scada.rules) * 1:43123 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Password read or write attempt (indicator-compromise.rules) * 1:43547 <-> DISABLED <-> SERVER-APACHE httpd mod_mime content-type buffer overflow attempt (server-apache.rules) * 1:43562 <-> DISABLED <-> POLICY-OTHER Teleopti WFM database information request detected (policy-other.rules) * 1:43563 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user credentials request detected (policy-other.rules) * 1:43564 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user creation detected (policy-other.rules) * 1:43565 <-> DISABLED <-> APP-DETECT HTTPTunnel proxy outbound connection detected (app-detect.rules) * 1:43566 <-> DISABLED <-> SERVER-OTHER LAN Messenger initiation request buffer overflow attempt (server-other.rules) * 1:43573 <-> DISABLED <-> SERVER-OTHER Cisco IOS DHCP denial of service attempt (server-other.rules) * 1:43576 <-> DISABLED <-> INDICATOR-COMPROMISE possible Samsung DVR authentication bypass attempt (indicator-compromise.rules) * 1:43581 <-> DISABLED <-> SERVER-OTHER Oracle DBMS AUTH_ALTER_SESSION SQL injection attempt (server-other.rules) * 1:43582 <-> DISABLED <-> FILE-OTHER multiple vulnerabilities malformed .wav file buffer overflow attempt (file-other.rules) * 1:43596 <-> DISABLED <-> SERVER-OTHER Oracle Demantra information disclosure attempt (server-other.rules) * 1:43600 <-> DISABLED <-> FILE-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (file-other.rules) * 1:43601 <-> DISABLED <-> FILE-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (file-other.rules) * 1:43602 <-> DISABLED <-> SERVER-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (server-other.rules) * 1:43603 <-> DISABLED <-> FILE-OTHER Schneider Electric ClearSCADA malicious OPF file (file-other.rules) * 1:43604 <-> DISABLED <-> FILE-OTHER Schneider Electric ClearSCADA malicious OPF file (file-other.rules) * 1:43610 <-> DISABLED <-> SERVER-OTHER Piwigo LocalFiles editor cross-site request forgery attempt (server-other.rules) * 1:43611 <-> DISABLED <-> SERVER-OTHER Piwigo LocalFiles editor cross-site request forgery attempt (server-other.rules) * 1:43620 <-> DISABLED <-> SERVER-OTHER Real Networks Helix Server RTSP denial of service attempt (server-other.rules) * 1:43621 <-> DISABLED <-> SERVER-OTHER Real Networks Helix Server RTSP denial of service attempt (server-other.rules) * 1:43623 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file HostList processing stack buffer overflow attempt (file-other.rules) * 1:43624 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file InformixServerList processing stack buffer overflow attempt (file-other.rules) * 1:43626 <-> DISABLED <-> FILE-OTHER Schneider Electric MaxStream Configuration X-CTU code execution attempt (file-other.rules) * 1:43627 <-> DISABLED <-> FILE-OTHER Schneider Electric MaxStream Configuration X-CTU code execution attempt (file-other.rules) * 1:43632 <-> DISABLED <-> FILE-EXECUTABLE SandboxEscaper WER download attempt (file-executable.rules) * 1:43633 <-> DISABLED <-> FILE-EXECUTABLE SandboxEscaper WER download attempt (file-executable.rules) * 1:43638 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (file-office.rules) * 1:43639 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (file-office.rules) * 1:43640 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (file-office.rules) * 1:43641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (file-office.rules) * 1:43642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox multiple vulnerabilities memory corruption attempt (browser-firefox.rules) * 1:43643 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox design mode deleted style memory corruption attempt (browser-firefox.rules) * 1:43644 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox display moz-deck style memory corruption attempt (browser-firefox.rules) * 1:43651 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox large window null pointer dereference attempt (browser-firefox.rules) * 1:43652 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox large window null pointer dereference attempt (browser-firefox.rules) * 1:43660 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Server information disclosure attempt (server-oracle.rules) * 1:43661 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Servlet information disclosure attempt (server-oracle.rules) * 1:43662 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Servlet information disclosure attempt (server-oracle.rules) * 1:43663 <-> DISABLED <-> SERVER-OTHER WSFTP IpSwitch custom SITE command execution attempt (server-other.rules) * 1:43669 <-> DISABLED <-> FILE-OTHER Node.js JS-YAML js function tag code execution attempt (file-other.rules) * 1:43670 <-> DISABLED <-> FILE-OTHER Node.js JS-YAML js function tag code execution attempt (file-other.rules) * 1:43672 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products obfuscated cross site scripting attempt (browser-firefox.rules) * 1:43673 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products obfuscated cross site scripting attempt (browser-firefox.rules) * 1:43676 <-> DISABLED <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt (file-pdf.rules) * 1:43677 <-> DISABLED <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt (file-pdf.rules) * 1:43682 <-> DISABLED <-> FILE-OTHER Xion Media Player AIFF denial of service attempt (file-other.rules) * 1:43683 <-> DISABLED <-> FILE-OTHER Xion Media Player AIFF denial of service attempt (file-other.rules) * 1:43684 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod variant file download (malware-other.rules) * 1:43685 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod variant outbound connection (malware-other.rules) * 1:43686 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.NemucodAES variant outbound connection (malware-other.rules) * 1:43700 <-> DISABLED <-> SERVER-OTHER Monkey HTTPD null request denial of service attempt (server-other.rules) * 1:43705 <-> DISABLED <-> SERVER-OTHER HPE LoadRunner buffer overflow exploitation attempt (server-other.rules) * 1:43728 <-> DISABLED <-> SERVER-OTHER XChat heap buffer overflow attempt (server-other.rules) * 1:43730 <-> DISABLED <-> SERVER-OTHER multiple vulnerabilities malformed mp3 buffer overflow attempt (server-other.rules) * 1:43748 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox BOM character cross site scripting attempt (browser-firefox.rules) * 1:43749 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox BOM character cross site scripting attempt (browser-firefox.rules) * 1:43750 <-> DISABLED <-> FILE-OTHER Sorensoft Media Player asz file buffer overflow attempt (file-other.rules) * 1:43751 <-> DISABLED <-> FILE-OTHER Sorensoft Media Player asz file buffer overflow attempt (file-other.rules) * 1:43752 <-> DISABLED <-> SERVER-OTHER Sun Solaris dhcpd malformed bootp denial of service attempt (server-other.rules) * 1:43753 <-> DISABLED <-> SERVER-OTHER Sami FTP RETR denial of service attempt (server-other.rules) * 1:43760 <-> DISABLED <-> PROTOCOL-NNTP Control overflow attempt (protocol-nntp.rules) * 1:43761 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox wyciwgy domain forgery attempt (browser-firefox.rules) * 1:43763 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree node removal memory corruption attempt (browser-firefox.rules) * 1:43764 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree node removal memory corruption attempt (browser-firefox.rules) * 1:43765 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL null menu memory corruption attempt (browser-firefox.rules) * 1:43766 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL null menu memory corruption attempt (browser-firefox.rules) * 1:43767 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox floating layer denial of service attempt (browser-firefox.rules) * 1:43768 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox floating layer denial of service attempt (browser-firefox.rules) * 1:43769 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:43770 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:43771 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:43772 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:43773 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:43774 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:43784 <-> DISABLED <-> POLICY-OTHER D-Link DIR-645 router external authentication attempt (policy-other.rules) * 1:43794 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (file-other.rules) * 1:43795 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (file-other.rules) * 1:43797 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (file-other.rules) * 1:43798 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (file-other.rules) * 1:43806 <-> DISABLED <-> MALWARE-BACKDOOR HVL Rat inbound command (malware-backdoor.rules) * 1:43815 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (os-windows.rules) * 1:43816 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (os-windows.rules) * 1:43817 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (os-windows.rules) * 1:43818 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (os-windows.rules) * 1:43124 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Username read or write attempt (indicator-compromise.rules) * 1:43125 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Password read or write attempt (indicator-compromise.rules) * 1:43126 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Username read or write attempt (indicator-compromise.rules) * 1:43127 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration enumeration attempt (policy-other.rules) * 1:43128 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration overwrite attempt (policy-other.rules) * 1:43130 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:43131 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:43132 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:43133 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:43136 <-> DISABLED <-> SERVER-MAIL SysGauge SMTP response buffer overflow (server-mail.rules) * 1:43137 <-> DISABLED <-> FILE-OTHER INSAT MasterSCADA malicious project command execution attempt (file-other.rules) * 1:43138 <-> DISABLED <-> FILE-OTHER INSAT MasterSCADA malicious project command execution attempt (file-other.rules) * 1:43139 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large data allocation denial of service attempt (protocol-scada.rules) * 1:43140 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large size value denial of service attempt (protocol-scada.rules) * 1:43141 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large data allocation denial of service attempt (protocol-scada.rules) * 1:43142 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large size value denial of service attempt (protocol-scada.rules) * 1:43143 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX arbitrary memory disclosure attempt (protocol-scada.rules) * 1:43144 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX arbitrary memory disclosure attempt (protocol-scada.rules) * 1:43145 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:43146 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:43161 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:43162 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:43177 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIPROTEC V4.24 crafted packet denial of service attempt (protocol-scada.rules) * 1:43218 <-> DISABLED <-> PUA-ADWARE Win.Adware.Hotbar variant outbound connection (pua-adware.rules) * 1:43219 <-> DISABLED <-> PUA-ADWARE Win.Adware.Hotbar variant outbound connection (pua-adware.rules) * 1:43221 <-> ENABLED <-> MALWARE-OTHER Win.Trojan-Downloader.Jadtree GET request of RAR file to server (malware-other.rules) * 1:43225 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework CLI loader denial of service attempt (os-windows.rules) * 1:43226 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework CLI loader denial of service attempt (os-windows.rules) * 1:43227 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 force off denial of service attempt (protocol-scada.rules) * 1:43228 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 force on denial of service attempt (protocol-scada.rules) * 1:43229 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43230 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43233 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43234 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43235 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43236 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43239 <-> DISABLED <-> PROTOCOL-FTP WS-FTP REST command overly large file creation attempt (protocol-ftp.rules) * 1:43247 <-> DISABLED <-> SERVER-APACHE Apache Rave information disclosure attempt (server-apache.rules) * 1:43252 <-> DISABLED <-> PROTOCOL-SCADA IEC 61850 device connection enumeration attempt (protocol-scada.rules) * 1:43253 <-> DISABLED <-> PROTOCOL-SCADA IEC 61850 virtual manufacturing device domain variable enumeration attempt (protocol-scada.rules) * 1:43259 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:43260 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:43261 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:43262 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:43263 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:43264 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:43275 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:43276 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:43277 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:43278 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:43297 <-> DISABLED <-> SERVER-OTHER Cisco ASA 5500 series denial of service attempt (server-other.rules) * 1:43298 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit WebCore CSSSelector denial of service attempt (browser-webkit.rules) * 1:43300 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:43301 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:43302 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:43303 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:43333 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules) * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules) * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules) * 1:43348 <-> DISABLED <-> PROTOCOL-SCADA Advantech Studio DOS attempt (protocol-scada.rules) * 1:43349 <-> DISABLED <-> SERVER-OTHER Karjasoft Sami HTTP Server denial of service attempt (server-other.rules) * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (policy-other.rules) * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:43368 <-> DISABLED <-> FILE-OTHER Compface xbm long declaration buffer overflow attempt (file-other.rules) * 1:43369 <-> DISABLED <-> FILE-OTHER Compface xbm long declaration buffer overflow attempt (file-other.rules) * 1:43370 <-> DISABLED <-> NETBIOS DCERPC possible wmi remote process launch (netbios.rules) * 1:43384 <-> DISABLED <-> INDICATOR-COMPROMISE Wing FTP Server potentially malicious admin user creation attempt (indicator-compromise.rules) * 1:43385 <-> DISABLED <-> INDICATOR-COMPROMISE Wing FTP Server potentially malicious admin user creation attempt (indicator-compromise.rules) * 1:43386 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:43387 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:43388 <-> DISABLED <-> OS-OTHER Apple OSX CFNetwork HTTP response denial of service attempt (os-other.rules) * 1:43389 <-> DISABLED <-> INDICATOR-COMPROMISE Symantec Endpoint Protection potential binary planting RCE attempt (indicator-compromise.rules) * 1:43397 <-> DISABLED <-> SERVER-OTHER Proface GP-Pro EX EX-ED BeginPreRead stack buffer overflow attempt (server-other.rules) * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (policy-other.rules) * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (policy-other.rules) * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules) * 1:43442 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Sorebrect download attempt (malware-other.rules) * 1:43443 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Sorebrect download attempt (malware-other.rules) * 1:43450 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file double free attempt (file-office.rules) * 1:43514 <-> DISABLED <-> SERVER-OTHER Cisco IOS authentication proxy authentication request attempt (server-other.rules) * 1:43516 <-> DISABLED <-> BROWSER-OTHER Apple Safari nested xml tag denial of service attempt (browser-other.rules) * 1:43517 <-> DISABLED <-> BROWSER-OTHER Apple Safari nested xml tag denial of service attempt (browser-other.rules) * 1:43525 <-> DISABLED <-> SERVER-OTHER Cisco ASA malformed SCCP packet denial of service attempt (server-other.rules) * 1:43540 <-> DISABLED <-> FILE-OTHER Aktiv Player wma file buffer overflow attempt (file-other.rules) * 1:43541 <-> DISABLED <-> FILE-OTHER Aktiv Player wma file buffer overflow attempt (file-other.rules) * 1:43542 <-> DISABLED <-> SERVER-OTHER CCProxy telnet ping buffer overflow attempt (server-other.rules) * 1:43543 <-> DISABLED <-> FILE-OTHER multiple vulnerabilities malformed .m3u file buffer overflow attempt (file-other.rules) * 1:43546 <-> DISABLED <-> INDICATOR-COMPROMISE Juniper vSRX Application Firewall IPv6 REJECT buffer overflow attempt (indicator-compromise.rules) * 1:43826 <-> DISABLED <-> BROWSER-OTHER Opera animation element denial of service attempt (browser-other.rules) * 1:43827 <-> DISABLED <-> BROWSER-OTHER Opera animation element denial of service attempt (browser-other.rules) * 1:43828 <-> DISABLED <-> FILE-OTHER Snackamp malformed AIFF buffer overflow attempt (file-other.rules) * 1:43834 <-> DISABLED <-> FILE-OTHER Bmxplay malformed BMX buffer overflow attempt (file-other.rules) * 1:43840 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP response format string exploit attempt (file-other.rules) * 1:43841 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:43842 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP response format string exploit attempt (file-other.rules) * 1:43843 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:43844 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:43845 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:43871 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (file-image.rules) * 1:43872 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (file-image.rules) * 1:43873 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (file-image.rules) * 1:43874 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (file-image.rules) * 1:43879 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF polygon heap buffer overflow attempt (file-other.rules) * 1:43880 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF polygon heap buffer overflow attempt (file-other.rules) * 1:43891 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules) * 1:43892 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules) * 1:43914 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode type confusion exploitation attempt (file-pdf.rules) * 1:43915 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode type confusion exploitation attempt (file-pdf.rules) * 1:43918 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43919 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43920 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43921 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43926 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA javascript use after free exploitation attempt (file-pdf.rules) * 1:43927 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA javascript use after free exploitation attempt (file-pdf.rules) * 1:43928 <-> DISABLED <-> PROTOCOL-OTHER NETBIOS Session Service header length field denial of service attempt (protocol-other.rules) * 1:43942 <-> DISABLED <-> FILE-OTHER Abbs Media Player LST buffer overflow attempt (file-other.rules) * 1:43943 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.DonaldDick variant outbound connection detection (malware-backdoor.rules) * 1:43944 <-> DISABLED <-> FILE-OTHER multiple products malformed CUE file buffer overflow attempt (file-other.rules) * 1:43945 <-> DISABLED <-> FILE-OTHER Magic Music Editor malformed CDA buffer overflow attempt (file-other.rules) * 1:43946 <-> DISABLED <-> FILE-OTHER Guitar Pro malformed GPX buffer overflow attempt (file-other.rules) * 1:43947 <-> DISABLED <-> FILE-OTHER Guitar Pro malformed GPX buffer overflow attempt (file-other.rules) * 1:43952 <-> DISABLED <-> FILE-OTHER VLC Media Player malformed AMR buffer overflow attempt (file-other.rules) * 1:43953 <-> DISABLED <-> FILE-OTHER VLC Media Player malformed AMR buffer overflow attempt (file-other.rules) * 1:43954 <-> DISABLED <-> BROWSER-FIREFOX Mozilla PLUGINSPAGE javascript execution attempt (browser-firefox.rules) * 1:43955 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine integer overflow attempt (browser-chrome.rules) * 1:43956 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine integer overflow attempt (browser-chrome.rules) * 1:43959 <-> DISABLED <-> SERVER-OTHER Sybase Open Server function pointer array code execution attempt (server-other.rules) * 1:43960 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products element style change memory corruption code execution attempt (browser-firefox.rules) * 1:43965 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .doc file denial of service attempt (os-windows.rules) * 1:43966 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .doc file denial of service attempt (os-windows.rules) * 1:43970 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIER16 out of bounds access attempt (file-multimedia.rules) * 1:43971 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIER16 out of bounds access attempt (file-multimedia.rules) * 1:43975 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Hermit variant malicious dropper download attempt (malware-other.rules) * 1:43976 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Hermit variant malicious dropper download attempt (malware-other.rules) * 1:43986 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electroc ModbusDrv.exe buffer overflow attempt (protocol-scada.rules) * 1:43987 <-> DISABLED <-> SERVER-OTHER Konqueror KDE ftp iframe denial of service attempt (server-other.rules) * 1:43988 <-> DISABLED <-> SERVER-OTHER Konqueror KDE ftp iframe denial of service attempt (server-other.rules) * 1:44004 <-> DISABLED <-> POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected (policy-other.rules) * 1:44009 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox empty lookupGetter dangling pointer attempt (browser-firefox.rules) * 1:44010 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox empty lookupGetter dangling pointer attempt (browser-firefox.rules) * 1:44015 <-> DISABLED <-> PROTOCOL-OTHER STCP heartbeat chunk denial of service attempt (protocol-other.rules) * 1:44019 <-> DISABLED <-> FILE-IMAGE malformed png missing IHDR (file-image.rules) * 1:44020 <-> DISABLED <-> FILE-IMAGE malformed png missing IHDR (file-image.rules) * 1:44024 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44026 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules) * 1:44038 <-> DISABLED <-> SERVER-OTHER LCDproc parse_all_client_messages buffer overflow attempt (server-other.rules) * 1:44039 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Launch action buffer overflow attempt (file-pdf.rules) * 1:44040 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Launch action buffer overflow attempt (file-pdf.rules) * 1:44041 <-> DISABLED <-> SERVER-OTHER LCDproc test_func buffer overflow attempt (server-other.rules) * 1:44050 <-> DISABLED <-> BROWSER-OTHER Apple Safari document.write buffer overflow attempt (browser-other.rules) * 1:44051 <-> DISABLED <-> BROWSER-OTHER Apple Safari document.write buffer overflow attempt (browser-other.rules) * 1:44055 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules) * 1:44056 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules) * 1:44057 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file EMR_ALPHABLEND record memory corruption attempt (file-other.rules) * 1:44058 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file EMR_ALPHABLEND record memory corruption attempt (file-other.rules) * 1:44064 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:44065 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:44066 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:44067 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:44078 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod file download (malware-other.rules) * 1:44096 <-> DISABLED <-> MALWARE-TOOLS Request to service that provices external IP address detected (malware-tools.rules) * 1:44103 <-> DISABLED <-> FILE-PDF Multiple products PDF JavaScript saveAs arbitrary file write attempt (file-pdf.rules) * 1:44104 <-> DISABLED <-> FILE-PDF Multiple products PDF JavaScript saveAs arbitrary file write attempt (file-pdf.rules) * 1:44105 <-> DISABLED <-> SERVER-OTHER WebPageTests upload feature remote file upload attempt (server-other.rules) * 1:44108 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44109 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44110 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44111 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44112 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44113 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44114 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44115 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44119 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record crash attempt (file-other.rules) * 1:44120 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record crash attempt (file-other.rules) * 1:44121 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (file-other.rules) * 1:44122 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (file-other.rules) * 1:44123 <-> DISABLED <-> FILE-OTHER EMF EMR_EXTTEXTOUTW record memory corruption attempt (file-other.rules) * 1:44124 <-> DISABLED <-> FILE-OTHER EMF EMR_EXTTEXTOUTW record memory corruption attempt (file-other.rules) * 1:44143 <-> DISABLED <-> SERVER-OTHER LCDproc test_func format string code execution attempt (server-other.rules) * 1:44151 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:44152 <-> DISABLED <-> SERVER-OTHER Multmedia Builder MEF buffer overflow attempt (server-other.rules) * 1:44155 <-> DISABLED <-> SERVER-APACHE Apache Qpid AMQP denial of service attempt (server-apache.rules) * 1:44156 <-> DISABLED <-> SERVER-APACHE Apache Qpid AMQP denial of service attempt (server-apache.rules) * 1:44158 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media Player malformed au denial of service attempt (file-other.rules) * 1:44159 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media Player malformed au denial of service attempt (file-other.rules) * 1:44172 <-> DISABLED <-> INDICATOR-OBFUSCATION suspicious dynamic http link creation attempt (indicator-obfuscation.rules) * 1:44180 <-> DISABLED <-> FILE-OTHER Bluezone Desktop buffer overflow attempt (file-other.rules) * 1:44181 <-> DISABLED <-> FILE-OTHER Bluezone Desktop buffer overflow attempt (file-other.rules) * 1:44194 <-> DISABLED <-> FILE-MULTIMEDIA multiple audio players playlist file handling heap overflow attempt (file-multimedia.rules) * 1:44201 <-> DISABLED <-> SERVER-OTHER Verso NetPerformer frame relay access device telnet buffer overflow attempt (server-other.rules) * 1:44202 <-> DISABLED <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt (server-other.rules) * 1:44203 <-> DISABLED <-> SERVER-OTHER HP Data Protector memory corruption attempt (server-other.rules) * 1:44204 <-> DISABLED <-> FILE-OTHER VideoLAN VLC Media Player Ogg/Vorbis denial of service attempt (file-other.rules) * 1:44205 <-> DISABLED <-> FILE-OTHER VideoLAN VLC Media Player Ogg/Vorbis denial of service attempt (file-other.rules) * 1:44206 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules) * 1:44207 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules) * 1:44208 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules) * 1:44209 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules) * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (file-identify.rules) * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:44286 <-> DISABLED <-> FILE-IMAGE Real-DRAW PRO malformed PNG denial of service attempt (file-image.rules) * 1:44303 <-> DISABLED <-> FILE-OFFICE Microsoft PowerPoint CString atom overflow attempt (file-office.rules) * 1:44304 <-> DISABLED <-> FILE-OFFICE Microsoft PowerPoint CString atom overflow attempt (file-office.rules) * 1:44320 <-> DISABLED <-> SERVER-OTHER Symantec Firewalls DNS response denial of service attempt (server-other.rules) * 1:44323 <-> DISABLED <-> FILE-OTHER RAR file malformed header antivirus evasion attempt (file-other.rules) * 1:44324 <-> DISABLED <-> POLICY-OTHER vsFTPd denial of service attempt (policy-other.rules) * 1:44325 <-> DISABLED <-> FILE-OTHER ZIP file malformed header antivirus evasion attempt (file-other.rules) * 1:44326 <-> DISABLED <-> SERVER-OTHER Novell iPrint Client buffer overflow attempt (server-other.rules) * 1:44355 <-> DISABLED <-> FILE-IMAGE Free Opener malformed JPEG file buffer overflow attempt (file-image.rules) * 1:44358 <-> DISABLED <-> PUA-ADWARE DealPly Adware variant outbound connection (pua-adware.rules) * 1:44368 <-> DISABLED <-> PROTOCOL-SCADA CoDeSys GatewayService heap overrun attempt (protocol-scada.rules) * 1:44369 <-> DISABLED <-> FILE-PDF Nitro Pro malformed object index buffer overflow attempt (file-pdf.rules) * 1:44370 <-> DISABLED <-> FILE-PDF Nitro Pro malformed object index buffer overflow attempt (file-pdf.rules) * 1:44374 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid hash algorithm (server-other.rules) * 1:44375 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid signature algorithm (server-other.rules) * 1:44382 <-> DISABLED <-> SERVER-OTHER D-Link router remote reboot attempt (server-other.rules) * 1:44394 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab variant outbound connection detected (pua-adware.rules) * 1:44395 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab variant outbound connection detected (pua-adware.rules) * 1:44416 <-> DISABLED <-> INDICATOR-COMPROMISE png file attachment without matching file magic (indicator-compromise.rules) * 1:44418 <-> DISABLED <-> SERVER-OTHER Tipping Point IPS reverse DNS lookup format string exploit attempt (server-other.rules) * 1:44434 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server possible OPTIONS method memory leak attempt (server-apache.rules) * 1:44441 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules) * 1:44442 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules) * 1:44468 <-> DISABLED <-> SERVER-OTHER SAP Netweaver Dynpro Engine denial of service attempt (server-other.rules) * 1:44474 <-> DISABLED <-> MALWARE-OTHER GHBkdr TLS Change Cipher spoof runtime detection (malware-other.rules) * 1:44475 <-> DISABLED <-> MALWARE-OTHER GHBkdr TLS Handshake spoof runtime detection (malware-other.rules) * 1:44476 <-> DISABLED <-> PUA-ADWARE Win.Adware.OutBrowse variant outbound connection detected (pua-adware.rules) * 1:44479 <-> DISABLED <-> PROTOCOL-DNS dnsmasq overly large DNS query denial of service attempt (protocol-dns.rules) * 1:44481 <-> DISABLED <-> SERVER-OTHER dnsmasq IPv6 heap overflow attempt (server-other.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44574 <-> DISABLED <-> SERVER-OTHER Ipass Client control pipe remote code execution attempt (server-other.rules) * 1:44576 <-> DISABLED <-> SERVER-OTHER Samsung Security Manager ActiveMQ arbitrary file upload attempt (server-other.rules) * 1:44577 <-> DISABLED <-> SERVER-OTHER Samsung Security Manager ActiveMQ cross site scripting attempt (server-other.rules) * 1:44581 <-> DISABLED <-> SERVER-OTHER TrendMicro OfficeScan LogonUser buffer overflow attempt (server-other.rules) * 1:44585 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx object type confusion attempt (file-office.rules) * 1:44586 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx object type confusion attempt (file-office.rules) * 1:44615 <-> DISABLED <-> INDICATOR-OBFUSCATION suspicious javascript deobfuscation calls attempt (indicator-obfuscation.rules) * 1:44623 <-> DISABLED <-> POLICY-OTHER EMC Autostart default domain login attempt (policy-other.rules) * 1:44633 <-> DISABLED <-> SERVER-OTHER Colorado FTP Server directory traversal attempt (server-other.rules) * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (policy-other.rules) * 1:44643 <-> DISABLED <-> SERVER-OTHER Mikrotik RouterOS denial of service attempt (server-other.rules) * 1:44647 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB2 transfer attempt (malware-other.rules) * 1:44648 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB transfer attempt (malware-other.rules) * 1:44649 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB2 transfer attempt (malware-other.rules) * 1:44650 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB transfer attempt (malware-other.rules) * 1:44651 <-> DISABLED <-> NETBIOS SMB NTLMSSP authentication brute force attempt (netbios.rules) * 1:44660 <-> DISABLED <-> SERVER-OTHER D-Link DIR-300 and DIR-600 command execution attempt (server-other.rules) * 1:44661 <-> DISABLED <-> SERVER-OTHER D-Link DIR-300 and DIR-600 information disclosure attempt (server-other.rules) * 1:44662 <-> DISABLED <-> SERVER-OTHER D-Link DIR-300 and DIR-600 information disclosure attempt (server-other.rules) * 1:44663 <-> DISABLED <-> SERVER-OTHER Mikrotik RouterOS SNMP security bypass attempt (server-other.rules) * 1:44665 <-> DISABLED <-> SERVER-OTHER Easy Chat Server buffer overflow attempt (server-other.rules) * 1:44666 <-> DISABLED <-> SERVER-OTHER Easy Chat Server buffer overflow attempt (server-other.rules) * 1:44674 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query integer overflow attempt (server-mysql.rules) * 1:44676 <-> DISABLED <-> SERVER-OTHER Wireshark Sigcomp buffer overflow attempt (server-other.rules) * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (policy-other.rules) * 1:44679 <-> DISABLED <-> SERVER-OTHER Beetel Connection Manager username buffer overflow attempt (server-other.rules) * 1:44680 <-> DISABLED <-> SERVER-OTHER Beetel Connection Manager username buffer overflow attempt (server-other.rules) * 1:44685 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules) * 1:44686 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules) * 1:44690 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:44691 <-> DISABLED <-> PUA-ADWARE Win.Adware.Clover outbound connection (pua-adware.rules) * 1:44694 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules) * 1:44695 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules) * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (policy-other.rules) * 1:44703 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44704 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44705 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44706 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44715 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate Collector process remote start attempt (server-other.rules) * 1:44716 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (server-other.rules) * 1:44717 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate Collector process remote start attempt (server-other.rules) * 1:44718 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (server-other.rules) * 1:44719 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (server-other.rules) * 1:44720 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (server-other.rules) * 1:44721 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate Manager process arbitrary file execution attempt (server-other.rules) * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules) * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules) * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44743 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:44756 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK denial of service attempt (server-other.rules) * 1:44757 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (file-other.rules) * 1:44758 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (file-other.rules) * 1:44759 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (file-other.rules) * 1:44783 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (file-identify.rules) * 1:44784 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (file-identify.rules) * 1:44785 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (file-identify.rules) * 1:44786 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (file-identify.rules) * 1:44795 <-> DISABLED <-> FILE-OFFICE Hewlett-Packard Autonomy KeyView library stack-based buffer overflow attempt (file-office.rules) * 1:44796 <-> DISABLED <-> FILE-OFFICE Hewlett-Packard Autonomy KeyView library stack-based buffer overflow attempt (file-office.rules) * 1:44808 <-> DISABLED <-> INDICATOR-COMPROMISE Apache HTTP Server possible mod_dav.c remote denial of service vulnerability attempt (indicator-compromise.rules) * 1:44825 <-> DISABLED <-> OS-WINDOWS Microsoft Edge out of bounds write attempt (os-windows.rules) * 1:44826 <-> DISABLED <-> OS-WINDOWS Microsoft Edge out of bounds write attempt (os-windows.rules) * 1:44838 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF memory corruption attempt (file-office.rules) * 1:44839 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF memory corruption attempt (file-office.rules) * 1:44864 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer OLE auto-open attempt (indicator-compromise.rules) * 1:44865 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer OLE auto-open attempt (indicator-compromise.rules) * 1:44878 <-> DISABLED <-> SERVER-OTHER Mako Web Server arbitrary file upload attempt (server-other.rules) * 1:44889 <-> DISABLED <-> PUA-TOOLBARS WidgiToolbar toolbar runtime detection (pua-toolbars.rules) * 1:44904 <-> DISABLED <-> FILE-PDF Adobe Acrobat untrusted pointer dereference attempt (file-pdf.rules) * 1:44905 <-> DISABLED <-> FILE-PDF Adobe Acrobat untrusted pointer dereference attempt (file-pdf.rules) * 1:44906 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javscript use after free attempt (file-pdf.rules) * 1:44907 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javscript use after free attempt (file-pdf.rules) * 1:44914 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PrintParams out of bounds array index attempt (file-pdf.rules) * 1:44915 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PrintParams out of bounds array index attempt (file-pdf.rules) * 1:44919 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusRectF out of bounds read attempt (file-other.rules) * 1:44920 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusRectF out of bounds read attempt (file-other.rules) * 1:44931 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file embedded JPEG invalid SOS data memory corruption attempt (file-other.rules) * 1:44932 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file embedded JPEG invalid SOS data memory corruption attempt (file-other.rules) * 1:44935 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:44936 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:44941 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader FDF file security bypass attempt (file-other.rules) * 1:44942 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader FDF file security bypass attempt (file-other.rules) * 1:44947 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:44948 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:44957 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed XObject use after free attempt (file-pdf.rules) * 1:44958 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed XObject use after free attempt (file-pdf.rules) * 1:44971 <-> DISABLED <-> SERVER-OTHER QNAP transcode server command injection attempt (server-other.rules) * 1:44974 <-> DISABLED <-> SERVER-OTHER Cisco IOS Smart Install identification attempt (server-other.rules) * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:44979 <-> DISABLED <-> FILE-PDF Foxit Reader util printf information disclosure attempt (file-pdf.rules) * 1:44980 <-> DISABLED <-> FILE-PDF Foxit Reader util printf information disclosure attempt (file-pdf.rules) * 1:44981 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Kristina encryption over SMB attempt (malware-other.rules) * 1:44982 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Kristina encryption over SMB attempt (malware-other.rules) * 1:44985 <-> DISABLED <-> SERVER-OTHER Galil RIO-47100 denial of service attempt (server-other.rules) * 1:44991 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules) * 1:45023 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules) * 1:45024 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules) * 1:45027 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules) * 1:45028 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules) * 1:45029 <-> DISABLED <-> FILE-PDF JPEG2000 image coding style default information disclosure attempt (file-pdf.rules) * 1:45030 <-> DISABLED <-> FILE-PDF JPEG2000 image coding style default information disclosure attempt (file-pdf.rules) * 1:45042 <-> DISABLED <-> BROWSER-OTHER Adobe Acrobat Pro WebCapture information disclosure attempt (browser-other.rules) * 1:45043 <-> DISABLED <-> BROWSER-OTHER Adobe Acrobat Pro WebCapture information disclosure attempt (browser-other.rules) * 1:45058 <-> DISABLED <-> FILE-OTHER Microsoft Windows UAC bypass attempt (file-other.rules) * 1:45059 <-> DISABLED <-> FILE-OTHER Microsoft Windows UAC bypass attempt (file-other.rules) * 1:45068 <-> DISABLED <-> SERVER-OTHER Oracle Identity Manager default login attempt (server-other.rules) * 1:45069 <-> DISABLED <-> SERVER-SAMBA Samba write andx command memory leak attempt (server-samba.rules) * 1:45070 <-> DISABLED <-> SERVER-SAMBA Samba write and close command memory leak attempt (server-samba.rules) * 1:45071 <-> DISABLED <-> SERVER-SAMBA Samba write and unlock command memory leak attempt (server-samba.rules) * 1:45072 <-> DISABLED <-> SERVER-SAMBA Samba write command memory leak attempt (server-samba.rules) * 1:45085 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:45101 <-> DISABLED <-> PROTOCOL-SCADA vxworks rpc credential flavor integer overflow device crash attempt (protocol-scada.rules) * 1:45108 <-> DISABLED <-> PROTOCOL-RPC XDR string allocation denial of service attempt (protocol-rpc.rules) * 1:45125 <-> DISABLED <-> FILE-OTHER Adobe Shockwave newModel memory disclosure attempt (file-other.rules) * 1:45126 <-> DISABLED <-> FILE-OTHER Adobe Shockwave newModel memory disclosure attempt (file-other.rules) * 1:45152 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft MsMpEng shrink compressed zip code execution attempt (indicator-compromise.rules) * 1:45153 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft MsMpEng shrink compressed zip code execution attempt (indicator-compromise.rules) * 1:45157 <-> DISABLED <-> SERVER-OTHER SSDP M-SEARCH ssdp-all potential amplified distributed denial-of-service attempt (server-other.rules) * 1:45164 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 3 dump request attempt (policy-other.rules) * 1:45165 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 2 dump request attempt (policy-other.rules) * 1:45166 <-> DISABLED <-> POLICY-OTHER RPC Portmapper getstat request attempt (policy-other.rules) * 1:45173 <-> DISABLED <-> BROWSER-FIREFOX Mozilla download directory file deletion attempt (browser-firefox.rules) * 1:45174 <-> DISABLED <-> BROWSER-FIREFOX Mozilla download directory file deletion attempt (browser-firefox.rules) * 1:45187 <-> DISABLED <-> SERVER-OTHER WinRadius long password denial of service attempt (server-other.rules) * 1:45188 <-> DISABLED <-> SERVER-OTHER ElectraSoft 32bit FTP PASV reply stack buffer overflow attempt (server-other.rules) * 1:45206 <-> DISABLED <-> BROWSER-FIREFOX Multiple browser pressure function denial of service attempt (browser-firefox.rules) * 1:45207 <-> DISABLED <-> PROTOCOL-SCADA WelinTech Kingview History Server denial of service attempt (protocol-scada.rules) * 1:45224 <-> DISABLED <-> FILE-FLASH Adobe Flash memory corruption exploit attempt (file-flash.rules) * 1:45225 <-> DISABLED <-> FILE-FLASH Adobe Flash memory corruption exploit attempt (file-flash.rules) * 1:45227 <-> DISABLED <-> SERVER-OTHER Docker Rancher Server remote code execution attempt (server-other.rules) * 1:45228 <-> DISABLED <-> SERVER-OTHER Medal Of Honor Allied Assault getinfo buffer overflow attempt (server-other.rules) * 1:45233 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon Quantum modbus stop command attempt (protocol-scada.rules) * 1:45234 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon Quantum modbus start command attempt (protocol-scada.rules) * 1:45246 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox DOM event handler privilege escalation attempt (browser-firefox.rules) * 1:45247 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox DOM event handler privilege escalation attempt (browser-firefox.rules) * 1:45253 <-> DISABLED <-> SERVER-OTHER Dahua DVR hard-coded root login attempt (server-other.rules) * 1:45256 <-> DISABLED <-> BROWSER-OTHER IBM Notes denial of service attempt (browser-other.rules) * 1:45257 <-> DISABLED <-> BROWSER-OTHER IBM Notes denial of service attempt (browser-other.rules) * 1:45307 <-> DISABLED <-> SERVER-APACHE Apache SSI error page cross-site scripting attempt (server-apache.rules) * 1:45311 <-> DISABLED <-> POLICY-OTHER Vicon Security and Infinova IP cameras IP filer state change (policy-other.rules) * 1:45348 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules) * 1:45349 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules) * 1:45350 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules) * 1:45351 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules) * 1:45356 <-> DISABLED <-> FILE-FLASH Adobe Flash Player null pointer dereference attempt (file-flash.rules) * 1:45380 <-> DISABLED <-> SERVER-OTHER Sixnet SixView Manager directory traversal attempt (server-other.rules) * 1:45385 <-> DISABLED <-> OS-OTHER Mac OS X setuid privilege esclatation exploit attempt (os-other.rules) * 1:45386 <-> DISABLED <-> OS-OTHER Mac OS X setuid privilege esclatation exploit attempt (os-other.rules) * 1:45394 <-> DISABLED <-> SERVER-OTHER Quest Privilege Manager pmmasterd denial of service attempt (server-other.rules) * 1:45397 <-> DISABLED <-> PUA-ADWARE Osx.Adware.SurfBuyer adware outbound connection detected (pua-adware.rules) * 1:45398 <-> DISABLED <-> PUA-ADWARE Osx.Adware.SurfBuyer adware outbound connection detected (pua-adware.rules) * 1:45402 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word memory corruption exploit attempt (file-office.rules) * 1:45403 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word memory corruption exploit attempt (file-office.rules) * 1:45411 <-> DISABLED <-> POLICY-OTHER TrendMicro ServerProtect server configuration file download detected (policy-other.rules) * 1:45417 <-> DISABLED <-> POLICY-OTHER Stratum mining protocol outbound connection attempt (policy-other.rules) * 1:45423 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU (protocol-scada.rules) * 1:45424 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ResponsePDU (protocol-scada.rules) * 1:45425 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ErrorPDU (protocol-scada.rules) * 1:45426 <-> DISABLED <-> PROTOCOL-SCADA MMS UnconfirmedPDU (protocol-scada.rules) * 1:45427 <-> DISABLED <-> PROTOCOL-SCADA MMS RejectPDU (protocol-scada.rules) * 1:45428 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-RequestPDU (protocol-scada.rules) * 1:45429 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ResponsePDU (protocol-scada.rules) * 1:45430 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ErrorPDU (protocol-scada.rules) * 1:45431 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-RequestPDU (protocol-scada.rules) * 1:45432 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ResponsePDU (protocol-scada.rules) * 1:45433 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ErrorPDU (protocol-scada.rules) * 1:45434 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-RequestPDU (protocol-scada.rules) * 1:45435 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ResponsePDU (protocol-scada.rules) * 1:45436 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ErrorPDU (protocol-scada.rules) * 1:45440 <-> DISABLED <-> SERVER-OTHER HP LoadRunner remote command execution attempt (server-other.rules) * 1:45476 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox HTTP index format out of bounds read attempt (browser-firefox.rules) * 1:45491 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word PlfLfo use after free attempt (file-office.rules) * 1:45492 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word PlfLfo use after free attempt (file-office.rules) * 1:45499 <-> DISABLED <-> SERVER-OTHER ISC DHCPD remote denial of service attempt (server-other.rules) * 1:45515 <-> ENABLED <-> NETBIOS SMB SESSION_SETUP subcommand detected (netbios.rules) * 1:45533 <-> DISABLED <-> FILE-OTHER Ghostscript rsdparams type confusion attempt (file-other.rules) * 1:45534 <-> DISABLED <-> FILE-OTHER Ghostscript rsdparams type confusion attempt (file-other.rules) * 1:45535 <-> DISABLED <-> FILE-OTHER Ghostscript eqproc type confusion attempt (file-other.rules) * 1:45536 <-> DISABLED <-> FILE-OTHER Ghostscript eqproc type confusion attempt (file-other.rules) * 1:45543 <-> DISABLED <-> FILE-OTHER WinAce RAR file directory traversal attempt (file-other.rules) * 1:45544 <-> DISABLED <-> FILE-OTHER WinAce RAR file directory traversal attempt (file-other.rules) * 1:45545 <-> DISABLED <-> PUA-ADWARE Osx.Adware.Mughthesec outbound connection attempt (pua-adware.rules) * 1:45550 <-> ENABLED <-> PUA-OTHER CPUMiner-Multi cryptocurrency mining pool connection attempt (pua-other.rules) * 1:45565 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant download attempt (malware-other.rules) * 1:45571 <-> DISABLED <-> SERVER-OTHER Commvault Communications Service command injection attempt (server-other.rules) * 1:45576 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Function focus overflow attempt (browser-firefox.rules) * 1:45577 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules) * 1:45578 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules) * 1:45579 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules) * 1:45580 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules) * 1:45581 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules) * 1:45582 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules) * 1:45583 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP SIP servers discovery attempt (protocol-voip.rules) * 1:45584 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP SIP servers discovery attempt (protocol-voip.rules) * 1:45587 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:45588 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:45589 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:45590 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:45591 <-> DISABLED <-> PROTOCOL-FTP LabF nfsAxe FTP Client buffer overflow attempt (protocol-ftp.rules) * 1:45611 <-> DISABLED <-> PROTOCOL-SNMP Cambium cnPilot SNMP request with read-only community string attempt (protocol-snmp.rules) * 1:45612 <-> DISABLED <-> PROTOCOL-TFTP WRITE long filename attempt (protocol-tftp.rules) * 1:45618 <-> DISABLED <-> PROTOCOL-SNMP Cambium ePMP SNMP request with read-only community string attempt (protocol-snmp.rules) * 1:45619 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules) * 1:45630 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS privilege escalation attempt (file-other.rules) * 1:45631 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS privilege escalation attempt (file-other.rules) * 1:45638 <-> DISABLED <-> SERVER-MAIL SqWebMail print_header_ua cross site scripting attempt (server-mail.rules) * 1:45639 <-> DISABLED <-> SERVER-MAIL SqWebMail print_header_ua cross site scripting attempt (server-mail.rules) * 1:45640 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:45641 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:45669 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:45670 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:45671 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:45672 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:45684 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro BMP out of bounds read attempt (file-image.rules) * 1:45685 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro BMP out of bounds read attempt (file-image.rules) * 1:45686 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded JPEG out of bounds read attempt (file-other.rules) * 1:45687 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded JPEG out of bounds read attempt (file-other.rules) * 1:45719 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader OCG heap overflow attempt (file-pdf.rules) * 1:45720 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader OCG heap overflow attempt (file-pdf.rules) * 1:45745 <-> DISABLED <-> SERVER-OTHER CloudMe Sync Client stack buffer overflow attempt (server-other.rules) * 1:45746 <-> DISABLED <-> SERVER-OTHER CloudMe Sync Client stack buffer overflow attempt (server-other.rules) * 1:45747 <-> DISABLED <-> SERVER-OTHER CloudMe Sync Client stack buffer overflow attempt (server-other.rules) * 1:45758 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View guest login attempt (policy-other.rules) * 1:45759 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View built-in function WebGetFile usage attempt (policy-other.rules) * 1:45770 <-> DISABLED <-> POLICY-OTHER Polycom VoIP config download attempt (policy-other.rules) * 1:45776 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:45777 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:45780 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:45781 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:45784 <-> DISABLED <-> FILE-PDF Adobe Reader annotation object out of bounds read attempt (file-pdf.rules) * 1:45785 <-> DISABLED <-> FILE-PDF Adobe Reader annotation object out of bounds read attempt (file-pdf.rules) * 1:45802 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:45803 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:45871 <-> DISABLED <-> PROTOCOL-SCADA IntegraXor 6x denial of service attempt (protocol-scada.rules) * 1:45879 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF listoverride memory corruption attempt (file-office.rules) * 1:45880 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF listoverride memory corruption attempt (file-office.rules) * 1:45919 <-> DISABLED <-> EXPLOIT-KIT Sundown/Terror EK landing page attempt (exploit-kit.rules) * 1:45933 <-> DISABLED <-> FILE-EXECUTABLE Binutils objdump integer overflow attempt (file-executable.rules) * 1:45934 <-> DISABLED <-> FILE-EXECUTABLE Binutils objdump integer overflow attempt (file-executable.rules) * 1:45983 <-> DISABLED <-> POLICY-OTHER Sandvine PacketLogic http redirection attempt (policy-other.rules) * 1:46072 <-> DISABLED <-> FILE-OTHER Python lib wave.py wav zero channel denial of service attempt (file-other.rules) * 1:46073 <-> DISABLED <-> FILE-OTHER Python lib wave.py wav zero channel denial of service attempt (file-other.rules) * 1:46074 <-> DISABLED <-> FILE-OTHER Microsoft Windows Remote Assistance external entity remote file download attempt (file-other.rules) * 1:46075 <-> DISABLED <-> FILE-OTHER Microsoft Windows Remote Assistance external entity remote file download attempt (file-other.rules) * 1:46077 <-> DISABLED <-> FILE-IMAGE Gifsicle gifread double-free attempt (file-image.rules) * 1:46078 <-> DISABLED <-> FILE-IMAGE Gifsicle gifread double-free attempt (file-image.rules) * 1:46098 <-> DISABLED <-> PROTOCOL-OTHER Routing Information Protocol version 1 potential amplified distributed denial of service attempt (protocol-other.rules) * 1:46115 <-> DISABLED <-> SERVER-APACHE FrontPage privilege escalation attempt (server-apache.rules) * 1:46116 <-> DISABLED <-> SERVER-APACHE FrontPage privilege escalation attempt (server-apache.rules) * 1:46121 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46122 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46123 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46124 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46258 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip out of bounds write attempt (file-flash.rules) * 1:46259 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip out of bounds write attempt (file-flash.rules) * 1:46289 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell transfer attempt (malware-backdoor.rules) * 1:46304 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ JMS ObjectMessage deserialization attempt (server-other.rules) * 1:46317 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules) * 1:46318 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules) * 1:46324 <-> ENABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:46326 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed PageManagementService persistent XSS attempt (server-apache.rules) * 1:46327 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed PageManagementService persistent XSS attempt (server-apache.rules) * 1:46335 <-> DISABLED <-> SERVER-OTHER QNAP QTS hard coded credential access attempt (server-other.rules) * 1:46336 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed User Manager service unauthorized API access attempt (server-apache.rules) * 1:46342 <-> DISABLED <-> SERVER-OTHER QNAP QTS cross site request forgery attempt (server-other.rules) * 1:46366 <-> ENABLED <-> PUA-OTHER CryptoNight webassembly download attempt (pua-other.rules) * 1:46367 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file download detected (file-identify.rules) * 1:46373 <-> DISABLED <-> PROTOCOL-OTHER CLDAP potential reflected distributed denial of service attempt (protocol-other.rules) * 1:46715 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader use after free attempt (file-pdf.rules) * 1:46716 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader use after free attempt (file-pdf.rules) * 1:46725 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (file-image.rules) * 1:46726 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (file-image.rules) * 1:46729 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS out of bounds read attempt (file-other.rules) * 1:46730 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS out of bounds read attempt (file-other.rules) * 1:46765 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46766 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46767 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46781 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46797 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:46798 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:46848 <-> DISABLED <-> INDICATOR-COMPROMISE Possible Samba internal DNS forged response (indicator-compromise.rules) * 1:46878 <-> DISABLED <-> SERVER-OTHER BMC Server Automation RSCD Agent remote code execution attempt (server-other.rules) * 1:46879 <-> DISABLED <-> SERVER-OTHER BMC Server Automation RSCD Agent remote code execution attempt (server-other.rules) * 1:46880 <-> DISABLED <-> SERVER-OTHER BMC Server Automation RSCD Agent remote code execution attempt (server-other.rules) * 1:46903 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows SYSTEM token stealing attempt (indicator-compromise.rules) * 1:46904 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows SYSTEM token stealing attempt (indicator-compromise.rules) * 1:46905 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows malicious CONTEXT structure creation attempt (indicator-compromise.rules) * 1:46906 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows malicious CONTEXT structure creation attempt (indicator-compromise.rules) * 1:46907 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows processor modification return to user-mode attempt (indicator-compromise.rules) * 1:46908 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows processor modification return to user-mode attempt (indicator-compromise.rules) * 1:46909 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows Interrupt Service Routine stack rollback attempt (indicator-compromise.rules) * 1:46910 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows Interrupt Service Routine stack rollback attempt (indicator-compromise.rules) * 1:46915 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:46916 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:46931 <-> DISABLED <-> INDICATOR-COMPROMISE dynamic Excel web query file download attempt (indicator-compromise.rules) * 1:46932 <-> DISABLED <-> INDICATOR-COMPROMISE dynamic Excel web query file download attempt (indicator-compromise.rules) * 1:46957 <-> DISABLED <-> OS-WINDOWS Microsoft Windows hidparse.sys privilege escalation attempt (os-windows.rules) * 1:46958 <-> DISABLED <-> OS-WINDOWS Microsoft Windows hidparse.sys privilege escalation attempt (os-windows.rules) * 1:46960 <-> DISABLED <-> FILE-OTHER Adobe Flash Player AMF0 Shared Object integer overflow attempt (file-other.rules) * 1:46975 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (browser-chrome.rules) * 1:46976 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (browser-chrome.rules) * 1:46977 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (browser-chrome.rules) * 1:46978 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (browser-chrome.rules) * 1:46979 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office Discovery User-Agent to a potential URL shortener service (indicator-compromise.rules) * 1:46980 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office Discovery User-Agent to a potential URL shortener service (indicator-compromise.rules) * 1:47018 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 __defineGetter__ memory corruption attempt (browser-chrome.rules) * 1:47019 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 __defineGetter__ memory corruption attempt (browser-chrome.rules) * 1:47024 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (indicator-compromise.rules) * 1:47032 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:47033 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:47043 <-> DISABLED <-> INDICATOR-COMPROMISE Atvise SCADA user enumeration attempt (indicator-compromise.rules) * 1:47044 <-> DISABLED <-> INDICATOR-COMPROMISE Atvise SCADA privilege escalation attempt (indicator-compromise.rules) * 1:47059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-image.rules) * 1:47060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-image.rules) * 1:47070 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:47093 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules) * 1:47094 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules) * 1:47095 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules) * 1:47115 <-> DISABLED <-> SERVER-MAIL Zerofont phishing attempt (server-mail.rules) * 1:47116 <-> DISABLED <-> SERVER-MAIL Zerofont phishing attempt (server-mail.rules) * 1:47129 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules) * 1:47130 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules) * 1:47146 <-> DISABLED <-> POLICY-OTHER Siemens SICAM PAS hard coded factory account usage attempt (policy-other.rules) * 1:47153 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47154 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47157 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (file-image.rules) * 1:47158 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (file-image.rules) * 1:47187 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules) * 1:47188 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules) * 1:47195 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47196 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47230 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules) * 1:47231 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules) * 1:47232 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47233 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47251 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47252 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47266 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47267 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47268 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47269 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47274 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47275 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47279 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47280 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47312 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47313 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47314 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (file-image.rules) * 1:47315 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (file-image.rules) * 1:47318 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds write attempt (file-pdf.rules) * 1:47319 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds write attempt (file-pdf.rules) * 1:47328 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:47329 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:47330 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:47331 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:47332 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (file-other.rules) * 1:47333 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (file-other.rules) * 1:47334 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out of bounds write attempt (file-pdf.rules) * 1:47335 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out of bounds write attempt (file-pdf.rules) * 1:47343 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47344 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47350 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47351 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47352 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47353 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47356 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47357 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47359 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47360 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47361 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47362 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47365 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:47366 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:47369 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (file-other.rules) * 1:47370 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (file-other.rules) * 1:47378 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (file-pdf.rules) * 1:47379 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (file-pdf.rules) * 1:47382 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (file-image.rules) * 1:47383 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (file-image.rules) * 1:47384 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47385 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47413 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic T3 inbound connection detected (policy-other.rules) * 1:47422 <-> DISABLED <-> FILE-OTHER SAP GUI ABAP code arbitrary dll-load attempt (file-other.rules) * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (policy-other.rules) * 1:47541 <-> DISABLED <-> SERVER-MAIL EHLO user overflow attempt (server-mail.rules) * 1:47585 <-> DISABLED <-> SERVER-OTHER ntpq decode array buffer overflow attempt (server-other.rules) * 1:47611 <-> DISABLED <-> FILE-OTHER Easy MPEG to DVD Burner buffer overflow attempt (file-other.rules) * 1:47612 <-> DISABLED <-> FILE-OTHER Easy MPEG to DVD Burner buffer overflow attempt (file-other.rules) * 1:47625 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (file-other.rules) * 1:47626 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (file-other.rules) * 1:47639 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling (indicator-obfuscation.rules) * 1:47685 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules) * 1:47686 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules) * 1:47687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules) * 1:47688 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules) * 1:47820 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid Diffie-Hellman parameter NULL pointer dereference attempt (server-other.rules) * 1:47821 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid Diffie-Hellman parameter NULL pointer dereference attempt (server-other.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules) * 1:47838 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules) * 1:47839 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules) * 1:47874 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (file-image.rules) * 1:47875 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (file-image.rules) * 1:47883 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (file-other.rules) * 1:47884 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (file-other.rules) * 1:47885 <-> DISABLED <-> FILE-OTHER Microsoft Windows JET Database Engine out-of-bounds write attempt (file-other.rules) * 1:47886 <-> DISABLED <-> FILE-OTHER Microsoft Windows JET Database Engine out-of-bounds write attempt (file-other.rules) * 1:47889 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:47890 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:47896 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules) * 1:47897 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules) * 1:47907 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules) * 1:47908 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules) * 1:47909 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules) * 1:47910 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules) * 1:47939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules) * 1:47940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules) * 1:47943 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules) * 1:47944 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules) * 1:47961 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules) * 1:47962 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules) * 1:47989 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:47990 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:48029 <-> DISABLED <-> SERVER-MAIL PHPMailer information disclosure attempt (server-mail.rules) * 1:48039 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules) * 1:48040 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules) * 1:48109 <-> DISABLED <-> SERVER-OTHER Aktakom oscilloscope denial of service attempt (server-other.rules) * 1:48114 <-> DISABLED <-> SERVER-OTHER Delta Industrial Automation Robot DRAStudio Arbitrary File Disclosure attempt (server-other.rules) * 1:48121 <-> DISABLED <-> SERVER-OTHER LSIS wXP Denial of Service attempt (server-other.rules) * 1:48127 <-> DISABLED <-> SERVER-OTHER Reliance SCADA Control Server Denial of Service attempt (server-other.rules) * 1:48134 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules) * 1:48135 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules) * 1:48144 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules) * 1:48145 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules) * 1:48146 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip variant runtime detection (malware-backdoor.rules) * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules) * 1:48167 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48168 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48169 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Filter Manager Elevation Of Privilege attempt (os-windows.rules) * 1:48211 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out-of-bounds write attempt (file-pdf.rules) * 1:48212 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out-of-bounds write attempt (file-pdf.rules) * 1:48221 <-> DISABLED <-> SERVER-OTHER Oracle MySQL uninitialized variable remote code execution attempt (server-other.rules) * 1:48222 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantomPDF use after free exploitation attempt (file-pdf.rules) * 1:48223 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantomPDF use after free exploitation attempt (file-pdf.rules) * 1:48224 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox sandbox escape attempt (browser-firefox.rules) * 1:48225 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox sandbox escape attempt (browser-firefox.rules) * 1:48249 <-> DISABLED <-> SERVER-OTHER GP ProEX WinGP Runtime directory traversal attempt (server-other.rules) * 1:48295 <-> DISABLED <-> FILE-OTHER out-of-bounds write attempt with malicious MAR file detected (file-other.rules) * 1:48296 <-> DISABLED <-> FILE-OTHER out-of-bounds write attempt with malicious MAR file detected (file-other.rules) * 1:48309 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48310 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48311 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48312 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48313 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48314 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48315 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48316 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48317 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48318 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48319 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48320 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48321 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48322 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48323 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48324 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48325 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48326 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48327 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48328 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48329 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48330 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48331 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48332 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48333 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48334 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48335 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48336 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48337 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48338 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48339 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48340 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48341 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48342 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48343 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48344 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48345 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48346 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48347 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48348 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48349 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48350 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48351 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48352 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48400 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds read attempt (file-flash.rules) * 1:48401 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds read attempt (file-flash.rules) * 1:48439 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address/location detected (indicator-compromise.rules) * 1:48553 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file download request (file-identify.rules) * 1:48554 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:48555 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:48556 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:48569 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell download (malware-tools.rules) * 1:48570 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell commands sent in X-JEX headers (malware-tools.rules) * 1:48571 <-> DISABLED <-> MALWARE-TOOLS JexBoss User-Agent detected (malware-tools.rules) * 1:48576 <-> DISABLED <-> PROTOCOL-SCADA PNIO-CM Connect Operation (protocol-scada.rules) * 1:48577 <-> DISABLED <-> PROTOCOL-SCADA PNIO-CM Connect Operation (protocol-scada.rules) * 1:48584 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript resolveNode use-after-free attempt (file-pdf.rules) * 1:48585 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript resolveNode use-after-free attempt (file-pdf.rules) * 1:35188 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:35187 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:49062 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49063 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49064 <-> DISABLED <-> SERVER-OTHER Westermo router default credential login attempt (server-other.rules) * 1:49065 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner getSystemState attempt (server-other.rules) * 1:49066 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules) * 1:49067 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules) * 1:48862 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48863 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48864 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48894 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - Web Open Font Format evasion attempt (policy-spam.rules) * 1:48895 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - Web Open Font Format evasion attempt (policy-spam.rules) * 1:48909 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48910 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48911 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48912 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48913 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48914 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48915 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48916 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48917 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48918 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48919 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48920 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48921 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48922 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48923 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48924 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48925 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48926 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48927 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48928 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48929 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48930 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48931 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48932 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48933 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48934 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48935 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48936 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48965 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:48966 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:48967 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:48968 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:48984 <-> DISABLED <-> PROTOCOL-SCADA PCOM Identification ASCII request (protocol-scada.rules) * 1:48985 <-> DISABLED <-> PROTOCOL-SCADA PCOM Init Device ASCII request (protocol-scada.rules) * 1:48986 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set UnitID ASCII request (protocol-scada.rules) * 1:48987 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get UnitID ASCII request (protocol-scada.rules) * 1:48988 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Inputs ASCII request (protocol-scada.rules) * 1:48989 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set RTC ASCII request (protocol-scada.rules) * 1:48990 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Ouputs ASCII request (protocol-scada.rules) * 1:48991 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Bits ASCII request (protocol-scada.rules) * 1:48992 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Integers ASCII request (protocol-scada.rules) * 1:48993 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Longs ASCII request (protocol-scada.rules) * 1:48994 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Integers ASCII request (protocol-scada.rules) * 1:48995 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Bits ASCII request (protocol-scada.rules) * 1:48996 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Longs ASCII request (protocol-scada.rules) * 1:48997 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Integers ASCII request (protocol-scada.rules) * 1:48998 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Bits ASCII request (protocol-scada.rules) * 1:48999 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Ouputs ASCII request (protocol-scada.rules) * 1:49000 <-> DISABLED <-> PROTOCOL-SCADA PCOM Stop Device ASCII request (protocol-scada.rules) * 1:49001 <-> DISABLED <-> PROTOCOL-SCADA PCOM Start Device ASCII request (protocol-scada.rules) * 1:49002 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Longs ASCII request (protocol-scada.rules) * 1:49003 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get RTC ASCII request (protocol-scada.rules) * 1:49004 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Bits ASCII request (protocol-scada.rules) * 1:49005 <-> DISABLED <-> PROTOCOL-SCADA PCOM Reset Device ASCII request (protocol-scada.rules) * 1:49006 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Longs ASCII request (protocol-scada.rules) * 1:49007 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Integers ASCII request (protocol-scada.rules) * 1:49008 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Operands binary request (protocol-scada.rules) * 1:49009 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set UnitID ASCII reply (protocol-scada.rules) * 1:49010 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get RTC ASCII reply (protocol-scada.rules) * 1:49011 <-> DISABLED <-> PROTOCOL-SCADA PCOM Identification ASCII reply (protocol-scada.rules) * 1:49012 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Data Table binary request (protocol-scada.rules) * 1:49013 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get UnitID ASCII reply (protocol-scada.rules) * 1:49014 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Data Table binary request (protocol-scada.rules) * 1:49015 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get PLC Name binary request (protocol-scada.rules) * 1:49016 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set RTC ASCII reply (protocol-scada.rules) * 1:49017 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Inputs ASCII reply (protocol-scada.rules) * 1:49018 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Bits ASCII reply (protocol-scada.rules) * 1:49019 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Longs ASCII reply (protocol-scada.rules) * 1:49020 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Integers ASCII reply (protocol-scada.rules) * 1:49021 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Ouputs ASCII reply (protocol-scada.rules) * 1:49022 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Bits ASCII reply (protocol-scada.rules) * 1:49023 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Integers ASCII reply (protocol-scada.rules) * 1:49024 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Bits ASCII reply (protocol-scada.rules) * 1:49025 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Integers ASCII reply (protocol-scada.rules) * 1:49026 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Bits ASCII reply (protocol-scada.rules) * 1:49027 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Ouputs ASCII reply (protocol-scada.rules) * 1:49028 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Integers ASCII reply (protocol-scada.rules) * 1:49029 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Longs ASCII reply (protocol-scada.rules) * 1:49030 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Operands binary reply (protocol-scada.rules) * 1:49031 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get PLC Name binary reply (protocol-scada.rules) * 1:49032 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Data Table binary reply (protocol-scada.rules) * 1:49033 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Data Table binary reply (protocol-scada.rules) * 1:49050 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC S7-1500 remote denial of service attempt (protocol-scada.rules) * 1:49051 <-> DISABLED <-> SERVER-OTHER Ewon router default credential login attempt (server-other.rules) * 1:49052 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49053 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49054 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49055 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49056 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49057 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49058 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49059 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49060 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49061 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:35186 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:35189 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:48823 <-> DISABLED <-> POLICY-OTHER C-More Programming Simulator denial of service attempt (policy-other.rules) * 1:48861 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:26906 <-> DISABLED <-> SERVER-OTHER Foswiki/Twiki MAKETEXT command execution attempt (server-other.rules) * 1:26909 <-> DISABLED <-> FILE-IMAGE Microsoft Windows WMF denial of service attempt (file-image.rules) * 1:26921 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Kazy download attempt (malware-other.rules) * 1:26922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:26926 <-> DISABLED <-> FILE-OTHER Multiple products ZIP archive virus detection bypass attempt (file-other.rules) * 1:26933 <-> ENABLED <-> MALWARE-OTHER Clickserver ad harvesting redirection attempt (malware-other.rules) * 1:26934 <-> ENABLED <-> MALWARE-OTHER Clickserver ad harvesting redirection attempt (malware-other.rules) * 1:26938 <-> DISABLED <-> OS-MOBILE Android Tetus device information leakage (os-mobile.rules) * 1:26939 <-> DISABLED <-> OS-MOBILE Android Tetus device information leakage variant (os-mobile.rules) * 1:26949 <-> ENABLED <-> EXPLOIT-KIT DotkaChef/Rmayana/DotCache exploit kit landing page (exploit-kit.rules) * 1:26951 <-> ENABLED <-> EXPLOIT-KIT DotkaChef/Rmayana/DotCache exploit kit Malvertising Campaign URI request (exploit-kit.rules) * 1:26956 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 1 (exploit-kit.rules) * 1:26957 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 2 (exploit-kit.rules) * 1:26958 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 3 (exploit-kit.rules) * 1:26959 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 4 (exploit-kit.rules) * 1:26960 <-> ENABLED <-> EXPLOIT-KIT Zuponcic exploit kit landing page (exploit-kit.rules) * 1:26961 <-> ENABLED <-> EXPLOIT-KIT Flim exploit kit landing page (exploit-kit.rules) * 1:26962 <-> ENABLED <-> EXPLOIT-KIT Flim exploit kit portable executable download (exploit-kit.rules) * 1:26963 <-> DISABLED <-> EXPLOIT-KIT Flim exploit kit outbound jar request (exploit-kit.rules) * 1:26964 <-> DISABLED <-> EXPLOIT-KIT Flim exploit kit outbound jnlp request (exploit-kit.rules) * 1:26982 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules) * 1:26983 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules) * 1:26985 <-> ENABLED <-> EXPLOIT-KIT Rawin exploit kit outbound java retrieval (exploit-kit.rules) * 1:26989 <-> DISABLED <-> FILE-OTHER Multiple products ZIP archive virus detection bypass attempt (file-other.rules) * 1:27005 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Portable Executable downloaded when mp3 is declared (exploit-kit.rules) * 1:27016 <-> DISABLED <-> OS-MOBILE Android AnserverBot initial contact (os-mobile.rules) * 1:27024 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Netweird.A file download attempt (malware-other.rules) * 1:27025 <-> DISABLED <-> MALWARE-OTHER UNIX.Trojan.Netweird.A file download attempt (malware-other.rules) * 1:27026 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit landing page (exploit-kit.rules) * 1:27031 <-> DISABLED <-> OS-MOBILE Android Satfi device information leakage (os-mobile.rules) * 1:27032 <-> DISABLED <-> OS-MOBILE Android Walkinwat / Wandt information leakage generic (os-mobile.rules) * 1:27034 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.Transhell file download (malware-other.rules) * 1:27035 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.Transhell file download (malware-other.rules) * 1:27037 <-> DISABLED <-> OS-MOBILE Android Vidro / EClips sms send instructions (os-mobile.rules) * 1:27038 <-> DISABLED <-> OS-MOBILE Android Vidro / EClips device information leakage (os-mobile.rules) * 1:27046 <-> DISABLED <-> APP-DETECT iodine dns tunneling handshake server ACK (app-detect.rules) * 1:27047 <-> DISABLED <-> INDICATOR-COMPROMISE Unknown ?1 redirect (indicator-compromise.rules) * 1:27050 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Dokstormac file download (malware-other.rules) * 1:27051 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Dokstormac file download (malware-other.rules) * 1:27052 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.JVDrop.A jar file download attempt (malware-other.rules) * 1:27053 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.JVDrop.A jar file download attempt (malware-other.rules) * 1:27055 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Yakes download attempt (malware-other.rules) * 1:27056 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Yakes download attempt (malware-other.rules) * 1:27059 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.HackBack file download attempt (malware-other.rules) * 1:27060 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.HackBack file upload attempt (malware-other.rules) * 1:27064 <-> DISABLED <-> OS-MOBILE Android Spy2Mobile device information leakage (os-mobile.rules) * 1:27068 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious jar file download (exploit-kit.rules) * 1:27069 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious portable executable download (exploit-kit.rules) * 1:27078 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit landing page - specific structure (exploit-kit.rules) * 1:27079 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit landing page stage 2 (exploit-kit.rules) * 1:27080 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit Firefox exploit download - autopwn (exploit-kit.rules) * 1:27084 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit rhino remote code execution exploit download - autopwn (exploit-kit.rules) * 1:27085 <-> ENABLED <-> EXPLOIT-KIT Unknown Malvertising exploit kit Hostile Jar pipe.class (exploit-kit.rules) * 1:27086 <-> ENABLED <-> EXPLOIT-KIT Unknown Malvertising exploit kit stage-1 redirect (exploit-kit.rules) * 1:27089 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules) * 1:27090 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules) * 1:27094 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeToken information disclosure attempt (os-mobile.rules) * 1:27095 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeToken APK file download attempt (os-mobile.rules) * 1:27096 <-> DISABLED <-> FILE-OTHER XML exponential entity expansion attack attempt (file-other.rules) * 1:27097 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSSilence APK file download attempt (os-mobile.rules) * 1:27098 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSSilence unsolicited sms attempt (os-mobile.rules) * 1:27099 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSSilence device information disclosure attempt (os-mobile.rules) * 1:27102 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime enof atom parsing heap buffer overflow attempt (file-multimedia.rules) * 1:27103 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime enof atom parsing heap buffer overflow attempt (file-multimedia.rules) * 1:27106 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious jar download (exploit-kit.rules) * 1:27107 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious jar download (exploit-kit.rules) * 1:27108 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit malicious jar file downloaded when exe is declared (exploit-kit.rules) * 1:27109 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit malicious jar download (exploit-kit.rules) * 1:27115 <-> ENABLED <-> MALWARE-OTHER DirtJumper denial of service attack traffic (malware-other.rules) * 1:27116 <-> DISABLED <-> OS-MOBILE Android Androrat device information leakage (os-mobile.rules) * 1:27117 <-> DISABLED <-> OS-MOBILE Android Androrat sms message leakage (os-mobile.rules) * 1:27118 <-> DISABLED <-> OS-MOBILE Android Androrat contact list leakage (os-mobile.rules) * 1:27119 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple plugin version detection attempt (indicator-obfuscation.rules) * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:27136 <-> ENABLED <-> OS-WINDOWS Microsoft Windows .NET CLR mutlidimensional array handling remote code execution attempt (os-windows.rules) * 1:27139 <-> ENABLED <-> OS-WINDOWS Microsoft Windows .NET CLR mutlidimensional array handling remote code execution attempt (os-windows.rules) * 1:27193 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules) * 1:27194 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules) * 1:27195 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules) * 1:27197 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Pintsized file download attempt (malware-other.rules) * 1:27198 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Pintsized file download attempt (malware-other.rules) * 1:27203 <-> DISABLED <-> INDICATOR-COMPROMISE Apache auto_prepend_file a.control.bin C2 traffic (indicator-compromise.rules) * 1:27210 <-> ENABLED <-> SERVER-OTHER IPMI RAKP cipher zero remote authentication bypass attempt (server-other.rules) * 1:27224 <-> ENABLED <-> SERVER-OTHER Adobe ColdFusion websocket invoke method access (server-other.rules) * 1:27225 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion JRun error page getWriter denial of service attempt (server-other.rules) * 1:27228 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.Janicab file download attempt (malware-other.rules) * 1:27229 <-> ENABLED <-> MALWARE-OTHER IFRAMEr Tool code injection attack (malware-other.rules) * 1:27231 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:27234 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory LDAP search denial of service attempt (server-other.rules) * 1:27236 <-> DISABLED <-> SERVER-OTHER Citrix XenApp password buffer overflow attempt (server-other.rules) * 1:27237 <-> DISABLED <-> SERVER-OTHER IPMI default username - root (server-other.rules) * 1:27238 <-> DISABLED <-> SERVER-OTHER IPMI default username - admin (server-other.rules) * 1:27239 <-> DISABLED <-> SERVER-OTHER IPMI default username - USERID (server-other.rules) * 1:27240 <-> DISABLED <-> SERVER-OTHER multiple vendors IPMI RAKP username brute force attempt (server-other.rules) * 1:27241 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page detected (exploit-kit.rules) * 1:27242 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:27246 <-> ENABLED <-> MALWARE-OTHER Mac OSX FBI ransomware (malware-other.rules) * 1:27249 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:27255 <-> DISABLED <-> INDICATOR-COMPROMISE All Numbers .EXE file name from abnormally ordered HTTP headers - Potential Yakes Trojan Download (indicator-compromise.rules) * 1:27258 <-> DISABLED <-> INDICATOR-OBFUSCATION eval large block of fromCharCode (indicator-obfuscation.rules) * 1:27259 <-> DISABLED <-> INDICATOR-OBFUSCATION eval large block of fromCharCode (indicator-obfuscation.rules) * 1:27265 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap buffer overflow attempt (file-flash.rules) * 1:27266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap buffer overflow attempt (file-flash.rules) * 1:27267 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript user-supplied PCM resampling integer overflow attempt (file-flash.rules) * 1:27268 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript user-supplied PCM resampling integer overflow attempt (file-flash.rules) * 1:27269 <-> DISABLED <-> SERVER-OTHER GuildFTPd CWD command heap overflow attempt (server-other.rules) * 1:27270 <-> DISABLED <-> SERVER-OTHER GuildFTPd LIST command heap overflow attempt (server-other.rules) * 1:27273 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit iframe redirection (exploit-kit.rules) * 1:27274 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java Exploit request structure (exploit-kit.rules) * 1:27275 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:27276 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:27277 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file download request (file-identify.rules) * 1:27278 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (file-other.rules) * 1:27279 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (file-other.rules) * 1:27280 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (file-other.rules) * 1:27281 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (file-other.rules) * 1:27525 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:27526 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:27527 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:27528 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:27529 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:27530 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:27532 <-> DISABLED <-> SERVER-MAIL Exim and Dovecot mail from remote command execution attempt (server-mail.rules) * 1:27536 <-> DISABLED <-> APP-DETECT TCP over DNS response attempt (app-detect.rules) * 1:27538 <-> DISABLED <-> MALWARE-OTHER self-signed SSL certificate with default MyCompany Ltd organization name (malware-other.rules) * 1:27540 <-> DISABLED <-> APP-DETECT OzymanDNS dns tunneling up attempt (app-detect.rules) * 1:27541 <-> DISABLED <-> APP-DETECT OzymanDNS dns tunneling down attempt (app-detect.rules) * 1:27542 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:27543 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:27550 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules) * 1:27552 <-> DISABLED <-> OS-MOBILE Android Exploit Extra_Field APK file download attempt (os-mobile.rules) * 1:27565 <-> ENABLED <-> MALWARE-OTHER HideMeBetter spam injection variant (malware-other.rules) * 1:27569 <-> DISABLED <-> FILE-IMAGE JPEG parser multipacket heap overflow attempt (file-image.rules) * 1:27572 <-> ENABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:27573 <-> ENABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:27574 <-> ENABLED <-> SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt (server-apache.rules) * 1:27575 <-> ENABLED <-> SERVER-APACHE Apache Struts arbitrary OGNL remote code execution attempt (server-apache.rules) * 1:27576 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font maxComponentPoints overflow attempt (file-other.rules) * 1:27578 <-> DISABLED <-> SERVER-OTHER OpenX POST to known backdoored file (server-other.rules) * 1:27579 <-> DISABLED <-> SERVER-OTHER Sybase Open Server function pointer array code execution attempt (server-other.rules) * 1:27593 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split (indicator-obfuscation.rules) * 1:27594 <-> ENABLED <-> MALWARE-OTHER Fake Adobe Flash Player update warning enticing clicks to malware payload (malware-other.rules) * 1:27595 <-> ENABLED <-> MALWARE-OTHER Fake Adobe Flash Player malware binary requested (malware-other.rules) * 1:27602 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:27603 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:27604 <-> DISABLED <-> POLICY-SPAM FedEX spam campaign outbound connection (policy-spam.rules) * 1:27609 <-> DISABLED <-> POLICY-OTHER Microsoft ADFS endpoint information disclosure attempt (policy-other.rules) * 1:27610 <-> DISABLED <-> PROTOCOL-ICMP Truncated ICMPv6 denial of service attempt (protocol-icmp.rules) * 1:27611 <-> DISABLED <-> PROTOCOL-ICMP Truncated ICMPv6 denial of service attempt (protocol-icmp.rules) * 1:27623 <-> DISABLED <-> SERVER-OTHER Joomla media.php arbitrary file upload attempt (server-other.rules) * 1:27624 <-> DISABLED <-> OS-WINDOWS Microsoft ICMPv6 mismatched prefix length and length field denial of service attempt (os-windows.rules) * 1:27668 <-> DISABLED <-> APP-DETECT Heyoka initial outbound connection attempt (app-detect.rules) * 1:27669 <-> DISABLED <-> APP-DETECT Heyoka outbound communication attempt (app-detect.rules) * 1:27689 <-> DISABLED <-> FILE-PDF Foxit PDF Reader authentication bypass attempt (file-pdf.rules) * 1:27690 <-> DISABLED <-> FILE-PDF Foxit PDF Reader authentication bypass attempt (file-pdf.rules) * 1:27693 <-> DISABLED <-> FILE-JAVA Oracle Java 2D ImagingLib BytePackedRaster signed integer overflow attempt (file-java.rules) * 1:27694 <-> DISABLED <-> FILE-JAVA Oracle Java 2D ImagingLib BytePackedRaster signed integer overflow attempt (file-java.rules) * 1:27700 <-> DISABLED <-> APP-DETECT NSTX DNS tunnel outbound connection attempt (app-detect.rules) * 1:27712 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection injection (exploit-kit.rules) * 1:27713 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection injection (exploit-kit.rules) * 1:27715 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page (exploit-kit.rules) * 1:27721 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .su dns query (indicator-compromise.rules) * 1:27723 <-> DISABLED <-> SQL McAfee ePolicy Orchestrator timing based SQL injection attempt (sql.rules) * 1:27724 <-> DISABLED <-> SQL McAfee ePolicy Orchestrator timing based SQL injection attempt (sql.rules) * 1:27725 <-> DISABLED <-> OS-MOBILE Android SMSAgent.C outbound SMTP communication (os-mobile.rules) * 1:27729 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /Silic.jsp (indicator-compromise.rules) * 1:27730 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /css3.jsp (indicator-compromise.rules) * 1:27731 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /inback.jsp (indicator-compromise.rules) * 1:27732 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /jspspy.jsp (indicator-compromise.rules) * 1:27733 <-> DISABLED <-> EXPLOIT-KIT IFRAMEr Tool embedded javascript attack method - generic structure (exploit-kit.rules) * 1:27734 <-> ENABLED <-> EXPLOIT-KIT IFRAMEr Tool embedded javascript attack method - specific structure (exploit-kit.rules) * 1:27738 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit landing page (exploit-kit.rules) * 1:27739 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit redirection page (exploit-kit.rules) * 1:27754 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:27755 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:27764 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:27765 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:27783 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit plugin detection page (exploit-kit.rules) * 1:27786 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:27787 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:27810 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit redirection (exploit-kit.rules) * 1:27818 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint denial of service attempt (server-other.rules) * 1:27819 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint denial of service attempt (server-other.rules) * 1:27820 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel PtgMemFunc zero-value cce-field read access violation attempt (file-office.rules) * 1:27821 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel PtgMemFunc zero-value cce-field read access violation attempt (file-office.rules) * 1:27824 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid external defined names read AV attempt (file-office.rules) * 1:27825 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid external defined names read AV attempt (file-office.rules) * 1:27850 <-> ENABLED <-> FILE-OFFICE Microsoft Office SDTI signed integer underflow attempt (file-office.rules) * 1:27851 <-> ENABLED <-> FILE-OFFICE Microsoft Office SDTI signed integer underflow attempt (file-office.rules) * 1:27852 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word invalid number of cells memory corruption attempt (file-office.rules) * 1:27853 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word invalid number of cells memory corruption attempt (file-office.rules) * 1:27854 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (file-office.rules) * 1:27855 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (file-office.rules) * 1:27856 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (file-office.rules) * 1:27857 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (file-office.rules) * 1:27858 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word malformed OCXINFO element EoP attempt (file-office.rules) * 1:27859 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word malformed OCXINFO element EoP attempt (file-office.rules) * 1:27860 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt (os-windows.rules) * 1:27861 <-> DISABLED <-> SERVER-ORACLE Oracle Enterprise Manager Database Control directory traversal attempt (server-oracle.rules) * 1:27879 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Acrobat Reader 8 (exploit-kit.rules) * 1:27880 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Acrobat Reader 9 (exploit-kit.rules) * 1:27882 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Flash Player (exploit-kit.rules) * 1:27887 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27888 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27889 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27890 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit secondary payload (exploit-kit.rules) * 1:27891 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit secondary payload (exploit-kit.rules) * 1:27899 <-> DISABLED <-> PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt (protocol-voip.rules) * 1:27900 <-> DISABLED <-> PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt (protocol-voip.rules) * 1:27901 <-> DISABLED <-> PROTOCOL-VOIP Ghost call attack attempt (protocol-voip.rules) * 1:27902 <-> DISABLED <-> PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt (protocol-voip.rules) * 1:27903 <-> DISABLED <-> PROTOCOL-VOIP Ghost call attack attempt (protocol-voip.rules) * 1:27904 <-> DISABLED <-> PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt (protocol-voip.rules) * 1:27907 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit payload download attempt (exploit-kit.rules) * 1:27911 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit landing page (exploit-kit.rules) * 1:27912 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit landing page (exploit-kit.rules) * 1:27913 <-> DISABLED <-> PUA-ADWARE Vittalia adware - get ads (pua-adware.rules) * 1:27914 <-> DISABLED <-> PUA-ADWARE Vittalia adware - post install (pua-adware.rules) * 1:27915 <-> DISABLED <-> PUA-ADWARE Vittalia adware outbound connection - pre install (pua-adware.rules) * 1:27916 <-> DISABLED <-> PUA-TOOLBARS Vittalia adware outbound connection - Eazel toolbar install (pua-toolbars.rules) * 1:27917 <-> DISABLED <-> PUA-TOOLBARS Vittalia adware outbound connection - offers (pua-toolbars.rules) * 1:27922 <-> DISABLED <-> APP-DETECT Splashtop outbound connection attempt (app-detect.rules) * 1:27923 <-> DISABLED <-> APP-DETECT Splashtop connection negotiation attempt (app-detect.rules) * 1:27924 <-> DISABLED <-> APP-DETECT Splashtop Streamer download attempt (app-detect.rules) * 1:27925 <-> DISABLED <-> APP-DETECT Splashtop Personal download attempt (app-detect.rules) * 1:27926 <-> DISABLED <-> APP-DETECT Splashtop Streamer certificate server connect attempt (app-detect.rules) * 1:27927 <-> DISABLED <-> APP-DETECT Splashtop inbound connection negotiation attempt (app-detect.rules) * 1:27928 <-> DISABLED <-> APP-DETECT Splashtop connection attempt (app-detect.rules) * 1:27929 <-> DISABLED <-> APP-DETECT Splashtop communication attempt (app-detect.rules) * 1:27930 <-> DISABLED <-> APP-DETECT DNS request for Splashtop domain splashtop.com (app-detect.rules) * 1:27931 <-> DISABLED <-> APP-DETECT DNS request for Splashtop domain splashtop.net (app-detect.rules) * 1:27932 <-> DISABLED <-> APP-DETECT DNS request for Splashtop domain devicevm.com (app-detect.rules) * 1:27933 <-> DISABLED <-> APP-DETECT Splashtop streamer download attempt (app-detect.rules) * 1:27934 <-> DISABLED <-> APP-DETECT Splashtop personal download attempt (app-detect.rules) * 1:27935 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit landing page (exploit-kit.rules) * 1:27936 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit portable executable download (exploit-kit.rules) * 1:27938 <-> DISABLED <-> PROTOCOL-DNS IPv6 host name enumeration (protocol-dns.rules) * 1:27956 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit download attempt (malware-other.rules) * 1:27957 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit download attempt (malware-other.rules) * 1:27958 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit download attempt (malware-other.rules) * 1:27959 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit upload attempt (malware-other.rules) * 1:27960 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit upload attempt (malware-other.rules) * 1:27961 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit upload attempt (malware-other.rules) * 1:27982 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application executable download attempt (app-detect.rules) * 1:27983 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application zip download attempt (app-detect.rules) * 1:27984 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dfgvx.com (app-detect.rules) * 1:27985 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain hjuyv.com (app-detect.rules) * 1:27986 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain rfvcd.com (app-detect.rules) * 1:27987 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain vfrtg.com (app-detect.rules) * 1:27988 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dongtaiwang.com (app-detect.rules) * 1:27989 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain mjuyh.com (app-detect.rules) * 1:27990 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain umikl.com (app-detect.rules) * 1:27991 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain ziyouforever.com (app-detect.rules) * 1:27992 <-> DISABLED <-> APP-DETECT DNS response for Dynamic Internet Technology domain ziyouforever.com (app-detect.rules) * 1:27993 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain xcder.com (app-detect.rules) * 1:27994 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dit-inc.us (app-detect.rules) * 1:27995 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain ewsxz.com (app-detect.rules) * 1:27996 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain nbgtr.com (app-detect.rules) * 1:27997 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dongtaiwang.net (app-detect.rules) * 1:27998 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain washingtonchinareview.org (app-detect.rules) * 1:27999 <-> DISABLED <-> APP-DETECT Possible Dynamic Internet Technology Frontgate application PING (app-detect.rules) * 1:28000 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application executable download attempt (app-detect.rules) * 1:28001 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application zip download attempt (app-detect.rules) * 1:28002 <-> DISABLED <-> INDICATOR-SCAN UPnP WANPPPConnection (indicator-scan.rules) * 1:28003 <-> DISABLED <-> INDICATOR-SCAN UPnP WANIPConnection (indicator-scan.rules) * 1:28006 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kuluoz outbound download request (malware-other.rules) * 1:28015 <-> ENABLED <-> EXPLOIT-KIT g01pack exploit kit redirection attempt (exploit-kit.rules) * 1:28016 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28017 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28018 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28019 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28020 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28021 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28022 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - IFRAMEr injection tool (exploit-kit.rules) * 1:28026 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:28028 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit exploit download attempt (exploit-kit.rules) * 1:28038 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit successful redirection (exploit-kit.rules) * 1:28043 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:28046 <-> DISABLED <-> OS-MOBILE Android fake iMessage app download (os-mobile.rules) * 1:28054 <-> ENABLED <-> MALWARE-OTHER VBScript potential executable write attempt (malware-other.rules) * 1:28055 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV outbound communication attempt (os-mobile.rules) * 1:28056 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV APK file download attempt (os-mobile.rules) * 1:28057 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV APK file download attempt (os-mobile.rules) * 1:28068 <-> DISABLED <-> APP-DETECT 360.cn Safeguard runtime outbound communication (app-detect.rules) * 1:28069 <-> DISABLED <-> APP-DETECT DNS request for potential malware SafeGuard to domain 360.cn (app-detect.rules) * 1:28070 <-> DISABLED <-> APP-DETECT DNS request for potential malware SafeGuard to domain 360safe.com (app-detect.rules) * 1:28071 <-> DISABLED <-> APP-DETECT 360.cn SafeGuard local HTTP management console access attempt (app-detect.rules) * 1:28081 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Malapp APK file download attempt (os-mobile.rules) * 1:28082 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Malapp APK file download attempt (os-mobile.rules) * 1:28086 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SmsSpy APK file download attempt (os-mobile.rules) * 1:28087 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SmsSpy APK file download attempt (os-mobile.rules) * 1:28088 <-> DISABLED <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt (policy-social.rules) * 1:28089 <-> DISABLED <-> POLICY-SOCIAL multiple chat protocols link to local file attempt (policy-social.rules) * 1:28090 <-> DISABLED <-> POLICY-SOCIAL multiple chat protocols link to local file attempt (policy-social.rules) * 1:28098 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS reGenerateReports/DeleteReports SQL injection attempt (server-other.rules) * 1:28099 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS reGenerateReports/DeleteReports SQL injection attempt (server-other.rules) * 1:28100 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS deleteReportFilter SQL injection attempt (server-other.rules) * 1:28101 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS reGenerateReports/DeleteReports SQL injection attempt (server-other.rules) * 1:28102 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS ReportFilterID/reportTemplateID SQL injection attempt (server-other.rules) * 1:28103 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Workspace file FontCount record memory corruption attempt (file-office.rules) * 1:28137 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ShrFmla record use after free attempt (file-office.rules) * 1:28138 <-> ENABLED <-> EXPLOIT-KIT DotkaChef/Rmayana exploit kit redirection attempt (exploit-kit.rules) * 1:28140 <-> DISABLED <-> PUA-ADWARE Win.Adware.Schmidti outbound communication attempt (pua-adware.rules) * 1:28149 <-> DISABLED <-> SERVER-OTHER Quest Software Big Brother attempted arbitrary file deletion (server-other.rules) * 1:28150 <-> DISABLED <-> SERVER-OTHER Quest Software Big Brother attempted arbitrary file upload (server-other.rules) * 1:28156 <-> DISABLED <-> PUA-ADWARE Linkury outbound time check (pua-adware.rules) * 1:28161 <-> DISABLED <-> FILE-OTHER Microsoft .NET XML digital signature denial of service attempt (file-other.rules) * 1:28162 <-> DISABLED <-> FILE-OTHER Microsoft .NET XML digital signature denial of service attempt (file-other.rules) * 1:28165 <-> DISABLED <-> PROTOCOL-VOIP attempted DOS detected (protocol-voip.rules) * 1:28190 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cc dns query (indicator-compromise.rules) * 1:28194 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit landing page (exploit-kit.rules) * 1:28195 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit post java exploit download attempt (exploit-kit.rules) * 1:28201 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint XSS attempt (server-other.rules) * 1:28202 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules) * 1:28203 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules) * 1:28205 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2003 macro byte opcode large data structure arbitrary code execution attempt (file-office.rules) * 1:28206 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2003 macro byte opcode large data structure arbitrary code execution attempt (file-office.rules) * 1:28213 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit redirection received (exploit-kit.rules) * 1:28233 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit payload download attempt (exploit-kit.rules) * 1:28238 <-> DISABLED <-> EXPLOIT-KIT Multiple exploit kits malicious pdf download (exploit-kit.rules) * 1:28245 <-> DISABLED <-> APP-DETECT Bizhi Sogou Wallpaper application outbound connection attempt (app-detect.rules) * 1:28246 <-> DISABLED <-> APP-DETECT Bizhi Sogou Wallpaper application download schema response (app-detect.rules) * 1:28264 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit java compromise successful (exploit-kit.rules) * 1:28265 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page attempt (exploit-kit.rules) * 1:28279 <-> ENABLED <-> PUA-ADWARE Wajam outbound connection - post install (pua-adware.rules) * 1:28280 <-> ENABLED <-> PUA-ADWARE Wajam outbound connection - post install (pua-adware.rules) * 1:28286 <-> ENABLED <-> FILE-OTHER overly large XML file MSXML heap overflow attempt (file-other.rules) * 1:28291 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit exploit download attempt (exploit-kit.rules) * 1:28292 <-> DISABLED <-> PROTOCOL-ICMP IPv6 0xfacebabe ICMP ping attempt (protocol-icmp.rules) * 1:28301 <-> DISABLED <-> INDICATOR-SCAN User-Agent known malicious user-agent Masscan (indicator-scan.rules) * 1:28308 <-> ENABLED <-> EXPLOIT-KIT Himan exploit kit payload - Adobe Reader compromise (exploit-kit.rules) * 1:28310 <-> ENABLED <-> EXPLOIT-KIT Himan exploit kit payload - Oracle Java compromise (exploit-kit.rules) * 1:28324 <-> ENABLED <-> PUA-ADWARE FakeAV runtime detection (pua-adware.rules) * 1:28344 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to chr function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:28347 <-> DISABLED <-> MALWARE-OTHER SimpleTDS - page redirecting to a SimpleTDS (malware-other.rules) * 1:28348 <-> DISABLED <-> MALWARE-OTHER SimpleTDS - request to go.php (malware-other.rules) * 1:28365 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Stoberox outbound communication attempt (malware-other.rules) * 1:28367 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:28368 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:28369 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:28370 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:28371 <-> ENABLED <-> PUA-ADWARE UpdateStar CIS file retrieval attempt (pua-adware.rules) * 1:28372 <-> ENABLED <-> PUA-ADWARE UpdateStar encapsulated installer outbound connection (pua-adware.rules) * 1:28382 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index file download request (file-identify.rules) * 1:28383 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules) * 1:28384 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules) * 1:28386 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTML Help security zone bypass attempt (os-windows.rules) * 1:28387 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTML Help security zone bypass attempt (os-windows.rules) * 1:28390 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:28391 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:28392 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (file-multimedia.rules) * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules) * 1:28423 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit single digit exe detection (exploit-kit.rules) * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:28450 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retrieve attempt (exploit-kit.rules) * 1:28483 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Magitart outbound communication attempt (malware-other.rules) * 1:28497 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules) * 1:28498 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:28499 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:28500 <-> DISABLED <-> FILE-OTHER WordPerfect file magic with .doc extension (file-other.rules) * 1:28501 <-> DISABLED <-> FILE-OTHER WordPerfect file magic with .doc extension (file-other.rules) * 1:28502 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:28503 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:28521 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:28530 <-> DISABLED <-> PUA-TOOLBARS Babylon toolbar outbound connection (pua-toolbars.rules) * 1:28531 <-> DISABLED <-> PUA-ADWARE FreePDS installer outbound connection (pua-adware.rules) * 1:28532 <-> DISABLED <-> MALWARE-TOOLS PyLoris http DoS tool (malware-tools.rules) * 1:28534 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28535 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28536 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28537 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28544 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules) * 1:28545 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules) * 1:28546 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules) * 1:28549 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:28550 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:28552 <-> DISABLED <-> INDICATOR-SCAN inbound probing for IPTUX messenger port (indicator-scan.rules) * 1:28555 <-> DISABLED <-> MALWARE-OTHER SQL Slammer worm propagation attempt inbound (malware-other.rules) * 1:28567 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free race condition (file-flash.rules) * 1:28568 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules) * 1:28569 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules) * 1:28570 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:28571 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:28572 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:28573 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:28574 <-> ENABLED <-> FILE-IDENTIFY FDF file download request (file-identify.rules) * 1:28575 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader FDF submitForm cross-site scripting attempt (file-other.rules) * 1:28576 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader FDF submitForm cross-site scripting attempt (file-other.rules) * 1:28577 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader memory disclosure attempt (file-pdf.rules) * 1:28578 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader memory disclosure attempt (file-pdf.rules) * 1:28587 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GlyphOffset memory disclosure attempt (file-flash.rules) * 1:28588 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GlyphOffset memory disclosure attempt (file-flash.rules) * 1:28589 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28590 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28591 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF remote code execution attempt (file-pdf.rules) * 1:28592 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF remote code execution attempt (file-pdf.rules) * 1:28593 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit payload download (exploit-kit.rules) * 1:28594 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit Microsoft Internet Explorer vulnerability request (exploit-kit.rules) * 1:28597 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader field dictionary null pointer dereference attempt (file-pdf.rules) * 1:28598 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader field dictionary null pointer dereference attempt (file-pdf.rules) * 1:28600 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (file-pdf.rules) * 1:28601 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (file-pdf.rules) * 1:28602 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (file-pdf.rules) * 1:28603 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (file-pdf.rules) * 1:28608 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit Atomic exploit download - specific-structure (exploit-kit.rules) * 1:28609 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit obfuscated exploit payload download (exploit-kit.rules) * 1:28610 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retreive attempt (exploit-kit.rules) * 1:28617 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDSElementGetPageRangeList recursive call denial of service attempt (file-pdf.rules) * 1:28618 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDSElementGetPageRangeList recursive call denial of service attempt (file-pdf.rules) * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:28796 <-> ENABLED <-> EXPLOIT-KIT iFRAMEr successful cnt.php redirection (exploit-kit.rules) * 1:28797 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit binkey xored binary download attempt (exploit-kit.rules) * 1:28798 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit possibly malicious iframe embedded into a webpage (exploit-kit.rules) * 1:28818 <-> DISABLED <-> FILE-OTHER 7-Zip ARJ archive handling buffer overflow attempt (file-other.rules) * 1:28819 <-> DISABLED <-> FILE-OTHER 7-Zip ARJ archive handling buffer overflow attempt (file-other.rules) * 1:28821 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28822 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28823 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28824 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28825 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28826 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28827 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28831 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro d2d1.dll dll-load exploit attempt (file-other.rules) * 1:28833 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules) * 1:28834 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules) * 1:28835 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules) * 1:28836 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wintab32.dll dll-load exploit attempt (file-other.rules) * 1:28837 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro d2d1.dll dll-load exploit attempt (file-other.rules) * 1:28839 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules) * 1:28840 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules) * 1:28841 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules) * 1:28842 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wintab32.dll dll-load exploit attempt (file-other.rules) * 1:28847 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Tavdig download attempt (malware-other.rules) * 1:28848 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Tavdig download attempt (malware-other.rules) * 1:28867 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28871 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28872 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28883 <-> ENABLED <-> PUA-ADWARE Apponic CIS file retrieval attempt (pua-adware.rules) * 1:28884 <-> ENABLED <-> PUA-ADWARE Apponic encapsulated installer outbound connection (pua-adware.rules) * 1:28885 <-> ENABLED <-> PUA-ADWARE Apponic encapsulated installer outbound connection (pua-adware.rules) * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (file-identify.rules) * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (file-identify.rules) * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28908 <-> DISABLED <-> SERVER-OTHER Nagios core config manager tfpassword sql injection attempt (server-other.rules) * 1:28913 <-> DISABLED <-> MALWARE-BACKDOOR Zollard variant outbound connection attempt (malware-backdoor.rules) * 1:28917 <-> DISABLED <-> PROTOCOL-SCADA Microsys Promotic directory traversal attempt (protocol-scada.rules) * 1:28926 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:28927 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:28929 <-> ENABLED <-> PUA-ADWARE Amonetize installer outbound connection attempt (pua-adware.rules) * 1:28934 <-> DISABLED <-> PUA-ADWARE InstallBrain software download attempt (pua-adware.rules) * 1:28935 <-> DISABLED <-> PUA-ADWARE InstallBrain software download attempt (pua-adware.rules) * 1:28945 <-> DISABLED <-> INDICATOR-COMPROMISE exe.exe download (indicator-compromise.rules) * 1:28963 <-> ENABLED <-> EXPLOIT-KIT HiMan exploit kit Flash Exploit landing page (exploit-kit.rules) * 1:28966 <-> ENABLED <-> EXPLOIT-KIT HiMan exploit kit outbound POST connection (exploit-kit.rules) * 1:28968 <-> ENABLED <-> EXPLOIT-KIT HiMan exploit kit outbound flash exploit retrieval attempt (exploit-kit.rules) * 1:28978 <-> DISABLED <-> FILE-OTHER CHM LZX compression reset interval anti-virus evasion attempt (file-other.rules) * 1:28979 <-> DISABLED <-> FILE-OTHER CHM LZX compression reset interval anti-virus evasion attempt (file-other.rules) * 1:28993 <-> DISABLED <-> PROTOCOL-VOIP Sipvicious User-Agent detected (protocol-voip.rules) * 1:28998 <-> DISABLED <-> OS-LINUX Linux kernel ARM put_user write outside process address space privilege escalation attempt (os-linux.rules) * 1:28999 <-> DISABLED <-> OS-LINUX Linux kernel ARM put_user write outside process address space privilege escalation attempt (os-linux.rules) * 1:29001 <-> ENABLED <-> EXPLOIT-KIT SPL2 exploit kit landing page detection (exploit-kit.rules) * 1:29002 <-> ENABLED <-> EXPLOIT-KIT SPL2 exploit kit Silverlight plugin outbound connection attempt (exploit-kit.rules) * 1:29006 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules) * 1:29007 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules) * 1:29008 <-> ENABLED <-> FILE-IDENTIFY XWD image file download request (file-identify.rules) * 1:29009 <-> DISABLED <-> FILE-OTHER GIMP XWD file heap buffer overflow attempt (file-other.rules) * 1:29010 <-> DISABLED <-> FILE-OTHER GIMP XWD file heap buffer overflow attempt (file-other.rules) * 1:29012 <-> ENABLED <-> MALWARE-OTHER Possible Win.Trojan.Zbot variant outbound connection (malware-other.rules) * 1:29013 <-> ENABLED <-> MALWARE-OTHER Possible Win.Trojan.Zbot variant outbound connection (malware-other.rules) * 1:29014 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded OpenType font engine LZX decompression buffer overflow attempt (os-windows.rules) * 1:29023 <-> ENABLED <-> MALWARE-OTHER multi-hop iframe campaign client-side exploit attempt (malware-other.rules) * 1:29024 <-> ENABLED <-> MALWARE-OTHER multi-hop iframe campaign client-side exploit attempt (malware-other.rules) * 1:29025 <-> ENABLED <-> MALWARE-OTHER multi-hop iframe campaign client-side exploit attempt (malware-other.rules) * 1:29028 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server TDS packet fragment handling remote denial of service attempt (server-mssql.rules) * 1:29029 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server TDS packet fragment handling remote denial of service attempt (server-mssql.rules) * 1:29047 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29048 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29049 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29050 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29051 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29052 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29053 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29054 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29055 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Descrantol variant data exfiltration attempt (malware-backdoor.rules) * 1:29061 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:29062 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed JBIG2 decode segment null pointer crash attempt (file-pdf.rules) * 1:29063 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed JBIG2 decode segment null pointer crash attempt (file-pdf.rules) * 1:29094 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.Shatekrat variant initial outbound connection (malware-backdoor.rules) * 1:29096 <-> ENABLED <-> MALWARE-TOOLS Browser Password Decryptor - Password List sent via FTP (malware-tools.rules) * 1:29124 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.InstallMonster variant outbound connection (malware-other.rules) * 1:29162 <-> ENABLED <-> FILE-IDENTIFY CIS file download request (file-identify.rules) * 1:29164 <-> DISABLED <-> EXPLOIT-KIT CritX exploit kit outbound flash request (exploit-kit.rules) * 1:29182 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29183 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29184 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29185 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29186 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound connection (exploit-kit.rules) * 1:29188 <-> DISABLED <-> EXPLOIT-KIT Magnitude exploit kit embedded open type font file request (exploit-kit.rules) * 1:29194 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding registers - too many inputs (protocol-scada.rules) * 1:29195 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input register - too many inputs (protocol-scada.rules) * 1:29196 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input status - too many inputs (protocol-scada.rules) * 1:29197 <-> DISABLED <-> PROTOCOL-SCADA Modbus read write multiple registers - too many writes (protocol-scada.rules) * 1:29198 <-> DISABLED <-> PROTOCOL-SCADA Modbus read write multiple registers - too many writes (protocol-scada.rules) * 1:29199 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple registers - too many registers (protocol-scada.rules) * 1:29200 <-> DISABLED <-> PROTOCOL-SCADA Modbus write single coil - invalid state (protocol-scada.rules) * 1:29201 <-> DISABLED <-> PROTOCOL-SCADA Modbus read coil status response - too many coils (protocol-scada.rules) * 1:29202 <-> DISABLED <-> PROTOCOL-SCADA Modbus read coil status response - too many coils (protocol-scada.rules) * 1:29203 <-> DISABLED <-> PROTOCOL-SCADA Modbus read fifo response invalid byte count (protocol-scada.rules) * 1:29204 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding register response - invalid byte count (protocol-scada.rules) * 1:29205 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input registers response invalid byte count (protocol-scada.rules) * 1:29206 <-> DISABLED <-> PROTOCOL-SCADA Modbus read write register response - invalid byte count (protocol-scada.rules) * 1:29207 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29208 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29209 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29210 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29211 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29212 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29214 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules) * 1:29215 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules) * 1:29218 <-> ENABLED <-> FILE-JAVA Oracle Java and JavaFX JPEGImageReader memory corruption attempt (file-java.rules) * 1:29219 <-> ENABLED <-> FILE-JAVA Oracle Java and JavaFX JPEGImageReader memory corruption attempt (file-java.rules) * 1:29266 <-> DISABLED <-> SERVER-OTHER Cisco Prime Data Center Network Manager arbitrary file read attempt (server-other.rules) * 1:29268 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules) * 1:29269 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules) * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (file-identify.rules) * 1:29282 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29283 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29284 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29286 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29287 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29288 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29314 <-> DISABLED <-> PROTOCOL-SCADA Modbus function scan (protocol-scada.rules) * 1:29315 <-> DISABLED <-> PROTOCOL-SCADA Modbus list scan (protocol-scada.rules) * 1:29316 <-> DISABLED <-> PROTOCOL-SCADA Modbus value scan (protocol-scada.rules) * 1:29317 <-> DISABLED <-> PROTOCOL-SCADA Modbus invalid exception message (protocol-scada.rules) * 1:29318 <-> DISABLED <-> PROTOCOL-SCADA Modbus invalid encapsulated interface response (protocol-scada.rules) * 1:29319 <-> DISABLED <-> PROTOCOL-SCADA Modbus invalid encapsulated interface request (protocol-scada.rules) * 1:29320 <-> DISABLED <-> APP-DETECT Baidu IME download attempt (app-detect.rules) * 1:29321 <-> DISABLED <-> APP-DETECT Baidu IME download attempt (app-detect.rules) * 1:29322 <-> DISABLED <-> APP-DETECT Baidu IME runtime detection - remote sync (app-detect.rules) * 1:29354 <-> DISABLED <-> APP-DETECT Foca file scanning attempt (app-detect.rules) * 1:29357 <-> DISABLED <-> PUA-P2P Vuze BitTorrent client outbound connection (pua-p2p.rules) * 1:29360 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit encrypted binary download (exploit-kit.rules) * 1:29361 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules) * 1:29362 <-> DISABLED <-> SERVER-OTHER Novell NetWare AFP denial of service attempt (server-other.rules) * 1:29364 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Esjey outbound communication attempt (malware-other.rules) * 1:29381 <-> DISABLED <-> APP-DETECT VPN Over DNS outbound traffic attempt (app-detect.rules) * 1:29382 <-> DISABLED <-> APP-DETECT VPN Over DNS application download attempt (app-detect.rules) * 1:29383 <-> DISABLED <-> APP-DETECT VPN Over DNS application download attempt (app-detect.rules) * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (file-identify.rules) * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:29393 <-> DISABLED <-> SERVER-OTHER ntp monlist denial of service attempt (server-other.rules) * 1:29396 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same (policy-spam.rules) * 1:29397 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same (policy-spam.rules) * 1:29398 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same (policy-spam.rules) * 1:29399 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same (policy-spam.rules) * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (file-identify.rules) * 1:29411 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page (exploit-kit.rules) * 1:29412 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Java download attempt (exploit-kit.rules) * 1:29413 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:29414 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:29418 <-> DISABLED <-> OS-MOBILE Android signature validation bypass APK file download attempt (os-mobile.rules) * 1:29419 <-> DISABLED <-> OS-MOBILE Android signature validation bypass APK file download attempt (os-mobile.rules) * 1:29433 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:29437 <-> DISABLED <-> OS-MOBILE Android Goodix gt915 touchscreen driver improper bounds-check privileged access attempt (os-mobile.rules) * 1:29438 <-> DISABLED <-> OS-MOBILE Android Goodix gt915 touchscreen driver improper bounds-check privileged access attempt (os-mobile.rules) * 1:29444 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit flashplayer11 payload download (exploit-kit.rules) * 1:29447 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit payload download - scandsk.exe (exploit-kit.rules) * 1:29454 <-> DISABLED <-> PROTOCOL-ICMP Unusual L3retriever Ping detected (protocol-icmp.rules) * 1:29455 <-> DISABLED <-> PROTOCOL-ICMP Unusual Microsoft Windows Ping detected (protocol-icmp.rules) * 1:29456 <-> DISABLED <-> PROTOCOL-ICMP Unusual PING detected (protocol-icmp.rules) * 1:29457 <-> DISABLED <-> PROTOCOL-ICMP Unusual Microsoft Windows 7 Ping detected (protocol-icmp.rules) * 1:29490 <-> ENABLED <-> FILE-JAVA Oracle Java ShortComponentRaster integer overflow attempt (file-java.rules) * 1:29491 <-> ENABLED <-> FILE-JAVA Oracle Java ShortComponentRaster integer overflow attempt (file-java.rules) * 1:29500 <-> DISABLED <-> PUA-ADWARE 4Shared Downloader outbound connection attempt (pua-adware.rules) * 1:29501 <-> DISABLED <-> PUA-ADWARE 4Shared Downloader executable file download attempt (pua-adware.rules) * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:29515 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:29516 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29517 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules) * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules) * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:29534 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:29539 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29540 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29541 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29542 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29543 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29544 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29545 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29546 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29551 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (file-flash.rules) * 1:29552 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (file-flash.rules) * 1:29553 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (file-flash.rules) * 1:29554 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (file-flash.rules) * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:29582 <-> DISABLED <-> SERVER-OTHER Mediawiki DjVu and PDF handling code execution attempt (server-other.rules) * 1:29585 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt (server-other.rules) * 1:29586 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29587 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29588 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:29589 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:29590 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:29591 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:29604 <-> DISABLED <-> OS-OTHER CoDeSys Gateway Server Denial of Service attempt detected (os-other.rules) * 1:29605 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:29606 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules) * 1:29611 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules) * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules) * 1:29626 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29628 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29629 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29640 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules) * 1:29641 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules) * 1:29642 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules) * 1:29643 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules) * 1:29660 <-> DISABLED <-> FILE-OTHER Norton Anti-Virus decompression bomb denial of service attempt (file-other.rules) * 1:29661 <-> DISABLED <-> FILE-OTHER Norton Anti-Virus decompression bomb denial of service attempt (file-other.rules) * 1:29669 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader pattern object memory corruption attempt (file-pdf.rules) * 1:29715 <-> DISABLED <-> SERVER-IIS Microsoft Windows ASP .NET denial of service attempt (server-iis.rules) * 1:29723 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (file-office.rules) * 1:29724 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (file-office.rules) * 1:29725 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (file-office.rules) * 1:29726 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (file-office.rules) * 1:29745 <-> DISABLED <-> INDICATOR-OBFUSCATION Alternating character encodings - JS variable (indicator-obfuscation.rules) * 1:29755 <-> DISABLED <-> BROWSER-CHROME Google Chrome and Apple Safari Ruby before and after memory corruption (browser-chrome.rules) * 1:29792 <-> DISABLED <-> SERVER-OTHER Novell iPrint Server remote code execution attempt (server-other.rules) * 1:29793 <-> DISABLED <-> SERVER-OTHER D-Link IP Cameras execution of commands from administration web interface (server-other.rules) * 1:29794 <-> DISABLED <-> SERVER-OTHER D-Link IP Cameras access to the video stream via HTTP (server-other.rules) * 1:29795 <-> DISABLED <-> SERVER-OTHER D-Link IP Cameras access the ASCII video stream via image luminance (server-other.rules) * 1:29800 <-> DISABLED <-> FILE-OTHER XML exponential entity expansion attack attempt (file-other.rules) * 1:29807 <-> DISABLED <-> INDICATOR-OBFUSCATION Alternating character encodings - JS array (indicator-obfuscation.rules) * 1:29809 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (browser-webkit.rules) * 1:29810 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (browser-webkit.rules) * 1:29811 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (browser-webkit.rules) * 1:29812 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (browser-webkit.rules) * 1:29823 <-> DISABLED <-> OS-WINDOWS Microsoft Windows secure channel malformed certificate request memory corruption attempt (os-windows.rules) * 1:29835 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode object type confusion information disclosure attempt (file-flash.rules) * 1:29836 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode object type confusion information disclosure attempt (file-flash.rules) * 1:29864 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit payload request (exploit-kit.rules) * 1:29866 <-> DISABLED <-> SERVER-IIS Microsoft Windows Server 2012 IIS OData protocol nested replace filter dos attempt (server-iis.rules) * 1:29871 <-> DISABLED <-> SERVER-ORACLE Oracle Reports server remote code execution attempt (server-oracle.rules) * 1:29874 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Dremseko outbound username enumeration (malware-backdoor.rules) * 1:29888 <-> DISABLED <-> FILE-OTHER Clam Anti-Virus TNEF file handling denial of service attempt (file-other.rules) * 1:29889 <-> DISABLED <-> FILE-OTHER Clam Anti-Virus TNEF file handling denial of service attempt (file-other.rules) * 1:29896 <-> DISABLED <-> SERVER-APACHE Apache Tomcat infinite loop denial of service attempt (server-apache.rules) * 1:29902 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:29903 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:29904 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:29905 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:29918 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Vacky system information disclosure (malware-other.rules) * 1:29926 <-> ENABLED <-> FILE-FLASH Adobe Flash Player buffer overflow attempt (file-flash.rules) * 1:29927 <-> ENABLED <-> FILE-FLASH Adobe Flash Player buffer overflow attempt (file-flash.rules) * 1:29932 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE regexp out of bounds memory leak ASLR bypass attempt (file-flash.rules) * 1:29933 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE regexp out of bounds memory leak ASLR bypass attempt (file-flash.rules) * 1:29934 <-> DISABLED <-> FILE-FLASH Adobe Flash regular expression grouping depth buffer overflow attempt (file-flash.rules) * 1:29935 <-> DISABLED <-> PROTOCOL-DNS ISC libdns client NAPTR record regular expression handling denial of service attempt (protocol-dns.rules) * 1:29938 <-> DISABLED <-> SERVER-OTHER InduSoft Web Studio Remote Agent buffer overflow attempt (server-other.rules) * 1:29939 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29940 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29941 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29942 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29950 <-> DISABLED <-> SERVER-OTHER TP-Link TL-WR740N wireless router remote denial of service attempt (server-other.rules) * 1:29951 <-> DISABLED <-> SERVER-OTHER HylaFAX plus LDAP authentication username buffer overflow attempt (server-other.rules) * 1:29952 <-> DISABLED <-> SERVER-OTHER HP LoadRunner XDR handling heap buffer overflow (server-other.rules) * 1:29953 <-> DISABLED <-> SERVER-OTHER Ubiquiti airCam RTSP service buffer overflow attempt (server-other.rules) * 1:29954 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server heap buffer overflow attempt (protocol-scada.rules) * 1:29958 <-> DISABLED <-> SERVER-OTHER multiple products HTTP HEAD request buffer overflow attempt (server-other.rules) * 1:29959 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:29960 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (protocol-scada.rules) * 1:29961 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (protocol-scada.rules) * 1:29962 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (protocol-scada.rules) * 1:29963 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (protocol-scada.rules) * 1:29964 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime directory traversal attempt (protocol-scada.rules) * 1:29965 <-> DISABLED <-> PROTOCOL-SCADA Tri PLC Nano 10 PLC denial of service attempt (protocol-scada.rules) * 1:29966 <-> DISABLED <-> SERVER-OTHER Ubiquiti airCam RTSP service buffer overflow attempt (server-other.rules) * 1:29967 <-> DISABLED <-> SERVER-OTHER Python socket.recvfrom_into remote buffer overflow attempt (server-other.rules) * 1:29968 <-> DISABLED <-> SERVER-OTHER Python socket.recvfrom_into remote buffer overflow attempt (server-other.rules) * 1:29969 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (file-java.rules) * 1:29970 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (file-java.rules) * 1:29971 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (file-java.rules) * 1:29972 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (file-java.rules) * 1:29991 <-> DISABLED <-> PUA-ADWARE The Best All Codecs App runtime detection (pua-adware.rules) * 1:30000 <-> DISABLED <-> MALWARE-BACKDOOR FireCrotch exploit kit backdoor attempt (malware-backdoor.rules) * 1:30010 <-> DISABLED <-> SERVER-APACHE Apache Solr SolrResourceLoader directory traversal attempt (server-apache.rules) * 1:30014 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:30017 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:30018 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (file-identify.rules) * 1:30032 <-> DISABLED <-> SERVER-OTHER Borland VisiBroker Smart Agent heap overflow attempt (server-other.rules) * 1:30038 <-> DISABLED <-> PUA-TOOLBARS Babylon toolbar outbound connection (pua-toolbars.rules) * 1:30070 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.iBanking outbound connection attempt (malware-other.rules) * 1:30071 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.iBanking outbound connection attempt (malware-other.rules) * 1:30072 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.iBanking outbound connection attempt (malware-other.rules) * 1:30133 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit landing page (exploit-kit.rules) * 1:30134 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit malicious payload delivery - specific string (exploit-kit.rules) * 1:30137 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - RULEZ cookie set (malware-other.rules) * 1:30138 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - RULEZ cookie (malware-other.rules) * 1:30146 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (file-flash.rules) * 1:30147 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (file-flash.rules) * 1:30148 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (file-flash.rules) * 1:30149 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (file-flash.rules) * 1:30150 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:30151 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:30152 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:30195 <-> DISABLED <-> APP-DETECT Paros proxy outbound connection attempt (app-detect.rules) * 1:30202 <-> DISABLED <-> SERVER-MAIL Mortal Universe POP Peeper uidl header overflow attempt (server-mail.rules) * 1:30205 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (server-other.rules) * 1:30206 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (server-other.rules) * 1:30207 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (server-other.rules) * 1:30212 <-> DISABLED <-> FILE-IMAGE GIMP heap buffer overflow vulnerability attempt (file-image.rules) * 1:30213 <-> DISABLED <-> FILE-IMAGE GIMP heap buffer overflow vulnerability attempt (file-image.rules) * 1:30215 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow attempt (file-multimedia.rules) * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:30218 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:30221 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit linux/x86 reverse_tcp stager transfer attempt (indicator-shellcode.rules) * 1:30222 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit shellcode linux/x86/meterpreter stage transfer attempt (indicator-shellcode.rules) * 1:30223 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit shellcode linux/x86/shell stage transfer attempt (indicator-shellcode.rules) * 1:30224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit shellcode linux/x86/shell_reverse_tcp single stage transfer attempt (indicator-shellcode.rules) * 1:30225 <-> DISABLED <-> INDICATOR-SHELLCODE possible /bin/sh shellcode transfer attempt (indicator-shellcode.rules) * 1:30226 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/meterpreter stage transfer attempt (indicator-shellcode.rules) * 1:30227 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/reverse_tcp stager transfer attempt (indicator-shellcode.rules) * 1:30228 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/shell stage transfer attempt (indicator-shellcode.rules) * 1:30229 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/shell stage transfer attempt (indicator-shellcode.rules) * 1:30236 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader field flags exploit attempt (file-pdf.rules) * 1:30237 <-> DISABLED <-> PUA-ADWARE InstallMonster initial runtime outbound connection (pua-adware.rules) * 1:30238 <-> DISABLED <-> PUA-ADWARE InstallMonster follow-up outbound connection (pua-adware.rules) * 1:30240 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules) * 1:30241 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules) * 1:30242 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:30243 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:30244 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fOdbcConn parsing remote code execution attempt (file-office.rules) * 1:30245 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules) * 1:30246 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules) * 1:30247 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules) * 1:30248 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules) * 1:30252 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor filter security policy bypass attempt (browser-chrome.rules) * 1:30253 <-> DISABLED <-> APP-DETECT Anyplace proxy header detected (app-detect.rules) * 1:30254 <-> DISABLED <-> APP-DETECT Anyplace usage attempt (app-detect.rules) * 1:30260 <-> ENABLED <-> PUA-ADWARE Lucky Leap Adware outbound connection (pua-adware.rules) * 1:30261 <-> ENABLED <-> PUA-ADWARE Lucky Leap Adware outbound connection (pua-adware.rules) * 1:30272 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Onimiki redirected client DNS request (malware-other.rules) * 1:30273 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Onimiki DNS compromised server response (malware-other.rules) * 1:30281 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool SMBv2 (policy-other.rules) * 1:30306 <-> ENABLED <-> EXPLOIT-KIT SofosFO/Stamp exploit kit plugin detection page (exploit-kit.rules) * 1:30312 <-> ENABLED <-> EXPLOIT-KIT WhiteLotus exploit kit plugin outbound detection (exploit-kit.rules) * 1:30316 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules) * 1:30317 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules) * 1:30320 <-> ENABLED <-> MALWARE-OTHER connection to malware sinkhole (malware-other.rules) * 1:30325 <-> ENABLED <-> MALWARE-OTHER malicious iframe injection redirect attempt (malware-other.rules) * 1:30326 <-> DISABLED <-> OS-LINUX Linux kernel SCTP duplicate cookie denial of service attempt (os-linux.rules) * 1:30329 <-> DISABLED <-> SERVER-OTHER McAfee Asset Manager downloadReport information disclosure attempt (server-other.rules) * 1:30330 <-> DISABLED <-> SERVER-OTHER McAfee Asset Manager downloadReport information disclosure attempt (server-other.rules) * 1:30337 <-> DISABLED <-> SERVER-OTHER Cisco Catalyst SSH protocol mismatch denial of service attempt (server-other.rules) * 1:30338 <-> DISABLED <-> SERVER-OTHER Cisco 677-678 telnet buffer overflow attempt (server-other.rules) * 1:30339 <-> DISABLED <-> SERVER-OTHER Cisco Catalyst telnet memory leak denial of service attempt (server-other.rules) * 1:30347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (file-flash.rules) * 1:30348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (file-flash.rules) * 1:30349 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (file-flash.rules) * 1:30350 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_bind_tcp (indicator-shellcode.rules) * 1:30351 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_find_port (indicator-shellcode.rules) * 1:30352 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_interact (indicator-shellcode.rules) * 1:30353 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_reverse_tcp (indicator-shellcode.rules) * 1:30354 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload android_shell_reverse_tcp (indicator-shellcode.rules) * 1:30355 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_sparc_shell_bind_tcp (indicator-shellcode.rules) * 1:30356 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_sparc_shell_reverse_tcp (indicator-shellcode.rules) * 1:30357 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_exec (indicator-shellcode.rules) * 1:30358 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_bind_ipv6_tcp (indicator-shellcode.rules) * 1:30359 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_bind_tcp (indicator-shellcode.rules) * 1:30360 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_find_port (indicator-shellcode.rules) * 1:30361 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_reverse_ipv6_tcp (indicator-shellcode.rules) * 1:30362 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_reverse_tcp (indicator-shellcode.rules) * 1:30363 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsdi_x86_shell_find_port (indicator-shellcode.rules) * 1:30364 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_awk (indicator-shellcode.rules) * 1:30365 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_inetd (indicator-shellcode.rules) * 1:30366 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_lua (indicator-shellcode.rules) * 1:30367 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_netcat (indicator-shellcode.rules) * 1:30368 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_netcat_gaping (indicator-shellcode.rules) * 1:30369 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_netcat_gaping_ipv6 (indicator-shellcode.rules) * 1:30370 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_nodejs (indicator-shellcode.rules) * 1:30371 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_perl (indicator-shellcode.rules) * 1:30372 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_perl_ipv6 (indicator-shellcode.rules) * 1:30373 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_ruby (indicator-shellcode.rules) * 1:30374 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_zsh (indicator-shellcode.rules) * 1:30375 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse (indicator-shellcode.rules) * 1:30376 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_awk (indicator-shellcode.rules) * 1:30377 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_lua (indicator-shellcode.rules) * 1:30378 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_openssl (indicator-shellcode.rules) * 1:30379 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (indicator-shellcode.rules) * 1:30380 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl_ssl (indicator-shellcode.rules) * 1:30381 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_php_ssl (indicator-shellcode.rules) * 1:30382 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_python (indicator-shellcode.rules) * 1:30383 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_ruby (indicator-shellcode.rules) * 1:30384 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_ruby_ssl (indicator-shellcode.rules) * 1:30385 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_zsh (indicator-shellcode.rules) * 1:30386 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_adduser (indicator-shellcode.rules) * 1:30387 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_bind_perl (indicator-shellcode.rules) * 1:30388 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_bind_perl_ipv6 (indicator-shellcode.rules) * 1:30389 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_bind_ruby (indicator-shellcode.rules) * 1:30390 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_download_exec_vbs (indicator-shellcode.rules) * 1:30391 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_reverse_perl (indicator-shellcode.rules) * 1:30392 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_reverse_powershell (indicator-shellcode.rules) * 1:30393 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_reverse_ruby (indicator-shellcode.rules) * 1:30394 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload firefox_exec (indicator-shellcode.rules) * 1:30395 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload firefox_shell_bind_tcp (indicator-shellcode.rules) * 1:30396 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload java_jsp_shell_bind_tcp (indicator-shellcode.rules) * 1:30397 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload java_shell_reverse_tcp (indicator-shellcode.rules) * 1:30398 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_adduser (indicator-shellcode.rules) * 1:30399 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_exec (indicator-shellcode.rules) * 1:30400 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_shell_bind_tcp (indicator-shellcode.rules) * 1:30401 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_shell_reverse_tcp (indicator-shellcode.rules) * 1:30402 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsbe_shell_bind_tcp (indicator-shellcode.rules) * 1:30403 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsbe_shell_reverse_tcp (indicator-shellcode.rules) * 1:30404 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsle_reboot (indicator-shellcode.rules) * 1:30405 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsle_shell_bind_tcp (indicator-shellcode.rules) * 1:30406 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsle_shell_reverse_tcp (indicator-shellcode.rules) * 1:30407 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc64_shell_bind_tcp (indicator-shellcode.rules) * 1:30408 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc64_shell_find_port (indicator-shellcode.rules) * 1:30409 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc_shell_bind_tcp (indicator-shellcode.rules) * 1:30410 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc_shell_find_port (indicator-shellcode.rules) * 1:30411 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_exec (indicator-shellcode.rules) * 1:30412 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_bind_tcp (indicator-shellcode.rules) * 1:30413 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_bind_tcp_random_port (indicator-shellcode.rules) * 1:30414 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_find_port (indicator-shellcode.rules) * 1:30415 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_reverse_tcp (indicator-shellcode.rules) * 1:30416 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_adduser (indicator-shellcode.rules) * 1:30417 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_chmod (indicator-shellcode.rules) * 1:30418 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_exec (indicator-shellcode.rules) * 1:30419 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_bind_ipv6_tcp (indicator-shellcode.rules) * 1:30420 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_bind_nonx_tcp (indicator-shellcode.rules) * 1:30421 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_bind_tcp (indicator-shellcode.rules) * 1:30422 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_find_tag (indicator-shellcode.rules) * 1:30423 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_reverse_ipv6_tcp (indicator-shellcode.rules) * 1:30424 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_reverse_nonx_tcp (indicator-shellcode.rules) * 1:30425 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_reverse_tcp (indicator-shellcode.rules) * 1:30426 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_bind_ipv6_tcp (indicator-shellcode.rules) * 1:30427 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_bind_tcp (indicator-shellcode.rules) * 1:30428 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_bind_tcp_random_port (indicator-shellcode.rules) * 1:30429 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_find_port (indicator-shellcode.rules) * 1:30430 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_reverse_tcp (indicator-shellcode.rules) * 1:30431 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_reverse_tcp2 (indicator-shellcode.rules) * 1:30432 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload netware_shell_reverse_tcp (indicator-shellcode.rules) * 1:30433 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload nodejs_shell_bind_tcp (indicator-shellcode.rules) * 1:30434 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_armle_shell_bind_tcp (indicator-shellcode.rules) * 1:30435 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_armle_shell_reverse_tcp (indicator-shellcode.rules) * 1:30436 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_armle_vibrate (indicator-shellcode.rules) * 1:30437 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_ppc_shell_bind_tcp (indicator-shellcode.rules) * 1:30438 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_ppc_shell_find_tag (indicator-shellcode.rules) * 1:30439 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_ppc_shell_reverse_tcp (indicator-shellcode.rules) * 1:30440 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_dupandexecve_bind_tcp (indicator-shellcode.rules) * 1:30441 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_dupandexecve_reverse_tcp (indicator-shellcode.rules) * 1:30442 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_exec (indicator-shellcode.rules) * 1:30443 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_say (indicator-shellcode.rules) * 1:30444 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_shell_find_tag (indicator-shellcode.rules) * 1:30445 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_shell_reverse_tcp (indicator-shellcode.rules) * 1:30446 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_exec (indicator-shellcode.rules) * 1:30447 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_isight_bind_tcp (indicator-shellcode.rules) * 1:30448 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_isight_reverse_tcp (indicator-shellcode.rules) * 1:30449 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_shell_find_port (indicator-shellcode.rules) * 1:30450 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_vforkshell_bind_tcp (indicator-shellcode.rules) * 1:30451 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_vforkshell_reverse_tcp (indicator-shellcode.rules) * 1:30452 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_bind_perl (indicator-shellcode.rules) * 1:30453 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_download_exec (indicator-shellcode.rules) * 1:30454 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_exec (indicator-shellcode.rules) * 1:30455 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_meterpreter_bind_tcp (indicator-shellcode.rules) * 1:30456 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_meterpreter_reverse_tcp (indicator-shellcode.rules) * 1:30457 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_reverse_perl (indicator-shellcode.rules) * 1:30458 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_reverse_php (indicator-shellcode.rules) * 1:30459 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_shell_findsock (indicator-shellcode.rules) * 1:30460 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload python_meterpreter_bind_tcp (indicator-shellcode.rules) * 1:30461 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload python_shell_reverse_tcp_ssl (indicator-shellcode.rules) * 1:30462 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload ruby_shell_bind_tcp (indicator-shellcode.rules) * 1:30463 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload ruby_shell_reverse_tcp (indicator-shellcode.rules) * 1:30464 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload ruby_shell_reverse_tcp_ssl (indicator-shellcode.rules) * 1:30465 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_sparc_shell_bind_tcp (indicator-shellcode.rules) * 1:30466 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_sparc_shell_find_port (indicator-shellcode.rules) * 1:30467 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_sparc_shell_reverse_tcp (indicator-shellcode.rules) * 1:30468 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_x86_shell_bind_tcp (indicator-shellcode.rules) * 1:30469 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_x86_shell_find_port (indicator-shellcode.rules) * 1:30470 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_x86_shell_reverse_tcp (indicator-shellcode.rules) * 1:30471 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_adduser (indicator-shellcode.rules) * 1:30472 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_messagebox (indicator-shellcode.rules) * 1:30473 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_bind_nonx_tcp (indicator-shellcode.rules) * 1:30474 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_bind_tcp (indicator-shellcode.rules) * 1:30475 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_find_tag (indicator-shellcode.rules) * 1:30476 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_reverse_ord_tcp (indicator-shellcode.rules) * 1:30477 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_shell_bind_tcp_xpfw (indicator-shellcode.rules) * 1:30478 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_speak_pwned (indicator-shellcode.rules) * 1:30479 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_x64_exec (indicator-shellcode.rules) * 1:30480 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_x64_meterpreter_reverse_https (indicator-shellcode.rules) * 1:30485 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:30486 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:30487 <-> DISABLED <-> SERVER-OTHER Zilab Chat and Instant Messaging server heap overflow attempt (server-other.rules) * 1:30488 <-> DISABLED <-> SERVER-OTHER Zilab Chat and Instant Messaging server channel join heap overflow attempt (server-other.rules) * 1:30489 <-> DISABLED <-> SERVER-OTHER Zilab Chat and Instant Messaging server connection heap overflow attempt (server-other.rules) * 1:30492 <-> DISABLED <-> PUA-ADWARE Win.Adware.Boaxxe suspicious advert traffic related to click fraud (pua-adware.rules) * 1:30493 <-> DISABLED <-> PUA-ADWARE Win.Adware.Boaxxe suspicious advert traffic related to click fraud (pua-adware.rules) * 1:30496 <-> DISABLED <-> PUA-ADWARE Win.Adware.Boaxxe suspicious advert traffic related to click fraud (pua-adware.rules) * 1:30507 <-> DISABLED <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt (server-other.rules) * 1:30510 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30511 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30512 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30513 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30514 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30515 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30516 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30517 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30520 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 heartbeat read overrun attempt - vulnerable client response (server-other.rules) * 1:30521 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 heartbeat read overrun attempt - vulnerable client response (server-other.rules) * 1:30522 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - vulnerable client response (server-other.rules) * 1:30523 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt - vulnerable client response (server-other.rules) * 1:30524 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30525 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30530 <-> DISABLED <-> FILE-MULTIMEDIA CoCSoft Stream Down SEH based buffer overflow attempt (file-multimedia.rules) * 1:30531 <-> DISABLED <-> FILE-MULTIMEDIA CoCSoft Stream Down SEH based buffer overflow attempt (file-multimedia.rules) * 1:30532 <-> ENABLED <-> FILE-MULTIMEDIA CoCSoft Stream Download session (file-multimedia.rules) * 1:30535 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:30536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:30537 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:30538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:30539 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigateToUrl hidden channel to file creation (file-flash.rules) * 1:30540 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigateToUrl hidden channel to file creation (file-flash.rules) * 1:30549 <-> ENABLED <-> SERVER-OTHER OpenSSL Heartbleed masscan access exploitation attempt (server-other.rules) * 1:30562 <-> ENABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 stack buffer overflow attempt (protocol-scada.rules) * 1:30564 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime long rnet atom size buffer overflow attempt (file-multimedia.rules) * 1:30565 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime long rnet atom size buffer overflow attempt (file-multimedia.rules) * 1:30567 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent E-FAX phishing attempt (malware-other.rules) * 1:30568 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent E-FAX phishing attempt (malware-other.rules) * 1:30569 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent Funeral ceremony phishing attempt (malware-other.rules) * 1:30711 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30712 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30713 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30714 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30715 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30716 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30717 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30718 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30719 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30720 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30721 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30722 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30723 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30724 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30725 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30726 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30727 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30728 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30729 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30730 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30731 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30732 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30733 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30734 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30735 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30736 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30737 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30738 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30739 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30740 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30741 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30742 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30756 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30757 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30758 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30759 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30760 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file download request (file-identify.rules) * 1:30761 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:30762 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:30763 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:30764 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:30765 <-> DISABLED <-> PUA-TOOLBARS Inbox Public Transport Toolbar outbound connection (pua-toolbars.rules) * 1:30766 <-> ENABLED <-> EXPLOIT-KIT Magnitude exploit kit landing page (exploit-kit.rules) * 1:30770 <-> DISABLED <-> FILE-PDF Foxit Reader CFF CharStrings buffer overflow attempt (file-pdf.rules) * 1:30771 <-> DISABLED <-> FILE-PDF Foxit Reader CFF CharStrings buffer overflow attempt (file-pdf.rules) * 1:30777 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30778 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30779 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30780 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30781 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30782 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30783 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30784 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30785 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30786 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30787 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30788 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30790 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30791 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30792 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30793 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30797 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 RETR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30798 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 STOR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30799 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 ATTR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30800 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 XATR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30801 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 PMODE bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30802 <-> ENABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 bkclogserv buffer overflow attempt (protocol-scada.rules) * 1:30816 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - invalid reference type (protocol-scada.rules) * 1:30817 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large byte count (protocol-scada.rules) * 1:30818 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large reference value (protocol-scada.rules) * 1:30819 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - small byte count (protocol-scada.rules) * 1:30820 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - invalid reference type (protocol-scada.rules) * 1:30821 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large byte count (protocol-scada.rules) * 1:30822 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large reference value (protocol-scada.rules) * 1:30823 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - small byte count (protocol-scada.rules) * 1:30843 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Reader cross-site scripting attempt (file-flash.rules) * 1:30844 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Reader cross-site scripting attempt (file-flash.rules) * 1:30845 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF ActionScript exploit attempt (file-flash.rules) * 1:30846 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF ActionScript exploit attempt (file-flash.rules) * 1:30852 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page - base64 encoded xml/jnlp statement (exploit-kit.rules) * 1:30853 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain bitseed.xf2.org (app-detect.rules) * 1:30854 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.btcltcftc.com (app-detect.rules) * 1:30855 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.fc.altcointech.net (app-detect.rules) * 1:30856 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.feathercoin.com (app-detect.rules) * 1:30857 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.koin-project.com (app-detect.rules) * 1:30858 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.litecoinpool.org (app-detect.rules) * 1:30859 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.litecointools.com (app-detect.rules) * 1:30860 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.ltc.xurious.com (app-detect.rules) * 1:30861 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.ppc.altcointech.net (app-detect.rules) * 1:30862 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.xpm.altcointech.net (app-detect.rules) * 1:30863 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dvcstable01.dvcnode.org (app-detect.rules) * 1:30864 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dvcstable02.dvcnode.org (app-detect.rules) * 1:30865 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.bitcoinstats.com (app-detect.rules) * 1:30866 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.dglibrary.org (app-detect.rules) * 1:30867 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.dogechain.info (app-detect.rules) * 1:30868 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.dogecoin.com (app-detect.rules) * 1:30869 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.mophides.com (app-detect.rules) * 1:30870 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.ppcoin.net (app-detect.rules) * 1:30871 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed1.metiscoininvest.info (app-detect.rules) * 1:30872 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed1.net.terracoin.org (app-detect.rules) * 1:30873 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed1.qrkcoin.org (app-detect.rules) * 1:30874 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed2.net.terracoin.org (app-detect.rules) * 1:30875 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain tnseed.ppcoin.net (app-detect.rules) * 1:30878 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit mp3 requested by Java (exploit-kit.rules) * 1:30898 <-> DISABLED <-> FILE-OTHER Microsoft Windows Briefcase integer underflow (file-other.rules) * 1:30904 <-> DISABLED <-> FILE-OTHER RARLAB WinRAR ZIP format filename spoof attempt (file-other.rules) * 1:30907 <-> DISABLED <-> FILE-OTHER RARLAB WinRAR ZIP format filename spoof attempt (file-other.rules) * 1:30920 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit redirection gate (exploit-kit.rules) * 1:30927 <-> DISABLED <-> PUA-ADWARE Win.Adware.Linkular variant outbound connection (pua-adware.rules) * 1:30930 <-> DISABLED <-> PUA-ADWARE Win.Adware.FakeAV variant outbound connection (pua-adware.rules) * 1:30934 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity/Rig exploit kit encrypted binary download (exploit-kit.rules) * 1:30935 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity/Rig exploit kit landing page - specific structure (exploit-kit.rules) * 1:30939 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows NtUserMessageCall implementation exploitation attempt (file-executable.rules) * 1:30940 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows NtUserMessageCall implementation exploitation attempt (file-executable.rules) * 1:30946 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Wysotot variant download attempt (malware-other.rules) * 1:30948 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Hikit outbound banner response (malware-backdoor.rules) * 1:30950 <-> DISABLED <-> SERVER-MAIL BitDefender Antivirus logging function format string remote code execution attempt (server-mail.rules) * 1:30960 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit outbound jnlp request (exploit-kit.rules) * 1:30965 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Oracle Java exploit (exploit-kit.rules) * 1:30966 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Microsoft Internet Explorer exploit (exploit-kit.rules) * 1:30967 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Adobe Flash exploit (exploit-kit.rules) * 1:30968 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to font exploit (exploit-kit.rules) * 1:30969 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Internet Explorer landing page (exploit-kit.rules) * 1:30970 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Adobe Flash landing page (exploit-kit.rules) * 1:30971 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Oracle Java landing page (exploit-kit.rules) * 1:30972 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Silverlight landing page (exploit-kit.rules) * 1:30975 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Oracle Java exploit (exploit-kit.rules) * 1:30976 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Adobe Flash exploit (exploit-kit.rules) * 1:30992 <-> DISABLED <-> FILE-OTHER invalid ELF padding field value attempt (file-other.rules) * 1:30993 <-> DISABLED <-> FILE-OTHER invalid ELF padding field value attempt (file-other.rules) * 1:30994 <-> DISABLED <-> INDICATOR-COMPROMISE possible TAR file oversize length field (indicator-compromise.rules) * 1:30995 <-> DISABLED <-> INDICATOR-COMPROMISE possible TAR file oversize length field (indicator-compromise.rules) * 1:31008 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader length-compute UTF-16 string buffer overflow attempt (file-pdf.rules) * 1:31009 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader length-compute UTF-16 string buffer overflow attempt (file-pdf.rules) * 1:31011 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader DCT encoded stream null pointer dereference attempt (file-pdf.rules) * 1:31012 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader DCT encoded stream null pointer dereference attempt (file-pdf.rules) * 1:31013 <-> DISABLED <-> SERVER-OTHER UNIX platform forwardslash directory traversal (server-other.rules) * 1:31015 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (file-pdf.rules) * 1:31016 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (file-pdf.rules) * 1:31019 <-> DISABLED <-> PUA-ADWARE Win.Adware.OptimumInstaller variant outbound connection (pua-adware.rules) * 1:31021 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader api call handling arbitrary execution attempt (file-pdf.rules) * 1:31022 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader api call handling arbitrary execution attempt (file-pdf.rules) * 1:31023 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:31024 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:31025 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:31026 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:31037 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CS3000 BKESimmgr.exe buffer overflow attempt (protocol-scada.rules) * 1:31038 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (file-image.rules) * 1:31039 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (file-image.rules) * 1:31040 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (file-image.rules) * 1:31041 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (file-image.rules) * 1:31042 <-> DISABLED <-> PUA-ADWARE Win.Adware.Outbrowse installation attempt (pua-adware.rules) * 1:31045 <-> DISABLED <-> SERVER-OTHER Oracle Demantra arbitrary file retrieval with authentication bypass attempt (server-other.rules) * 1:31048 <-> DISABLED <-> PUA-ADWARE Win.Adware.PCSpeedUp variant outbound connection (pua-adware.rules) * 1:31052 <-> DISABLED <-> PUA-ADWARE Win.Adware.Kdupd variant outbound connection (pua-adware.rules) * 1:31056 <-> DISABLED <-> PROTOCOL-SNMP Motorola Netopia 3347 series WEP key enumeration attempt (protocol-snmp.rules) * 1:31057 <-> DISABLED <-> PROTOCOL-SNMP Motorola Netopia 3347 series WPA key enumeration attempt (protocol-snmp.rules) * 1:31058 <-> DISABLED <-> PROTOCOL-SNMP Brocade snAgentUserAccntName enumeration attempt (protocol-snmp.rules) * 1:31059 <-> DISABLED <-> PROTOCOL-SNMP Brocade snAgentUserAccntPassword enumeration attempt (protocol-snmp.rules) * 1:31074 <-> DISABLED <-> PUA-TOOLBARS AVG anti-virus toolbar download attempt - download-toolbar.avg.com (pua-toolbars.rules) * 1:31075 <-> DISABLED <-> PUA-TOOLBARS AVG anti-virus toolbar download attempt - mmi.explabs.net (pua-toolbars.rules) * 1:31076 <-> DISABLED <-> PUA-TOOLBARS Babylon toolbar download attempt - stat.info-stream.net (pua-toolbars.rules) * 1:31082 <-> DISABLED <-> SERVER-OTHER Vino VNC multiple client authentication denial of service attempt (server-other.rules) * 1:31085 <-> DISABLED <-> FILE-OTHER Autodesk AutoCAD insecure acad.fas file load attempt (file-other.rules) * 1:31086 <-> DISABLED <-> FILE-OTHER Autodesk AutoCAD insecure acad.fas file load attempt (file-other.rules) * 1:31087 <-> DISABLED <-> FILE-OTHER Sophos RAR virtual machine filters memory corruption attempt (file-other.rules) * 1:31088 <-> DISABLED <-> FILE-OTHER Sophos RAR virtual machine filters memory corruption attempt (file-other.rules) * 1:31089 <-> ENABLED <-> PUA-ADWARE Win.Adware.CloseApp variant outbound connection (pua-adware.rules) * 1:31091 <-> ENABLED <-> PUA-ADWARE Win.Adware.Inbox/PCFixSpeed/RebateInformer variant outbound connection (pua-adware.rules) * 1:31095 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series WEP key enumeration attempt (protocol-snmp.rules) * 1:31096 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series WPA key enumeration attempt (protocol-snmp.rules) * 1:31097 <-> DISABLED <-> PROTOCOL-SNMP CableHome Devices cabhPsDevUIPassword enumeration attempt (protocol-snmp.rules) * 1:31098 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series WEP key enumeration attempt (protocol-snmp.rules) * 1:31099 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series WPA key enumeration attempt (protocol-snmp.rules) * 1:31100 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series password enumeration attempt (protocol-snmp.rules) * 1:31101 <-> DISABLED <-> SERVER-OTHER Sharetronix cross site request forgery attempt (server-other.rules) * 1:31102 <-> DISABLED <-> SERVER-OTHER TrendMicro InterScan Viruswall directory traversal attempt (server-other.rules) * 1:31125 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:31126 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:31127 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:31128 <-> DISABLED <-> PROTOCOL-FTP CoreFTP FTP Server TYPE command denial of service attempt (protocol-ftp.rules) * 1:31130 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31146 <-> DISABLED <-> PUA-ADWARE Win.Adware.iBryte variant outbound connection (pua-adware.rules) * 1:31162 <-> DISABLED <-> SERVER-OTHER Beetel 450TC2 CSRF attempt (server-other.rules) * 1:31166 <-> DISABLED <-> PUA-ADWARE InstallRex bundled installer outbound activity (pua-adware.rules) * 1:31167 <-> DISABLED <-> PUA-ADWARE InstallRex bundled installer outbound activity (pua-adware.rules) * 1:31176 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31177 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31178 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31179 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31180 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules) * 1:31181 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules) * 1:31184 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ZBerp variant download attempt (malware-other.rules) * 1:31185 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ZBerp variant download attempt (malware-other.rules) * 1:31212 <-> DISABLED <-> INDICATOR-COMPROMISE http GET request smuggling attempt (indicator-compromise.rules) * 1:31213 <-> DISABLED <-> INDICATOR-COMPROMISE http POST request smuggling attempt (indicator-compromise.rules) * 1:31217 <-> DISABLED <-> OS-WINDOWS Microsoft Lync Server meeting URL XSS attempt (os-windows.rules) * 1:31229 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:31230 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit outbound connection (exploit-kit.rules) * 1:31231 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit outbound connection (exploit-kit.rules) * 1:31237 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound swf request (exploit-kit.rules) * 1:31245 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:31246 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:31274 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit encrypted binary download (exploit-kit.rules) * 1:31275 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit landing page (exploit-kit.rules) * 1:31281 <-> DISABLED <-> FILE-FLASH Adobe Flash Player redirect attempt (file-flash.rules) * 1:31282 <-> DISABLED <-> FILE-FLASH Adobe Flash Player redirect attempt (file-flash.rules) * 1:31283 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31291 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DynamicAnnotStore exploit attempt (file-pdf.rules) * 1:31292 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DynamicAnnotStore exploit attempt (file-pdf.rules) * 1:31298 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules) * 1:31313 <-> DISABLED <-> PUA-ADWARE Ticno Multibar installation attempt (pua-adware.rules) * 1:31329 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Zbot variant download attempt (malware-other.rules) * 1:31331 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31337 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules) * 1:31338 <-> DISABLED <-> SERVER-OTHER OpenAFS GetStatistics buffer overflow attempt (server-other.rules) * 1:31347 <-> ENABLED <-> FILE-FLASH Adobe AS3 pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31348 <-> ENABLED <-> FILE-FLASH Adobe AS3 pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31349 <-> ENABLED <-> FILE-FLASH Adobe AS3 simplified pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31350 <-> ENABLED <-> FILE-FLASH Adobe AS3 simplified pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31351 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31352 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31353 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31354 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31370 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit redirection page (exploit-kit.rules) * 1:31376 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer mpeg width integer memory underflow attempt (file-multimedia.rules) * 1:31378 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules) * 1:31379 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTTextFflow overflow attempt (file-office.rules) * 1:31392 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31393 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31394 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31395 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31396 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31397 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31405 <-> DISABLED <-> SERVER-APACHE Apache Chunked-Encoding worm attempt (server-apache.rules) * 1:31411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31412 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31413 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31415 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31416 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31435 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB record memory corruption attempt (file-office.rules) * 1:31436 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB record memory corruption attempt (file-office.rules) * 1:31455 <-> DISABLED <-> EXPLOIT-KIT Rig Exploit Kit Outbound DGA Request (exploit-kit.rules) * 1:31477 <-> DISABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31478 <-> DISABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31479 <-> DISABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31480 <-> DISABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31481 <-> ENABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31482 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31483 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31484 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31487 <-> ENABLED <-> MALWARE-OTHER Game Over Zeus executable download detected (malware-other.rules) * 1:31488 <-> ENABLED <-> MALWARE-OTHER Game Over Zeus executable download detected (malware-other.rules) * 1:31489 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31490 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31510 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Injector outbound traffic (malware-other.rules) * 1:31511 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:31512 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:31513 <-> DISABLED <-> BROWSER-FIREFOX Multiple browser pressure function denial of service attempt (browser-firefox.rules) * 1:31532 <-> DISABLED <-> APP-DETECT Xolominer outbound connection attempt (app-detect.rules) * 1:31534 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31535 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31536 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31537 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules) * 1:31552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31554 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules) * 1:31555 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt (file-pdf.rules) * 1:31558 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Andromeda variant outbound connection (malware-backdoor.rules) * 1:31559 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Andromeda variant outbound connection (malware-backdoor.rules) * 1:31570 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB mysql.cc buffer overflow attempt (server-mysql.rules) * 1:31571 <-> DISABLED <-> FILE-IMAGE GIMP XWD BlueMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31572 <-> DISABLED <-> FILE-IMAGE GIMP XWD GreenMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31573 <-> DISABLED <-> FILE-IMAGE GIMP XWD RedMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31574 <-> DISABLED <-> FILE-IMAGE GIMP XWD BlueMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31575 <-> DISABLED <-> FILE-IMAGE GIMP XWD GreenMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31576 <-> DISABLED <-> FILE-IMAGE GIMP XWD RedMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31577 <-> DISABLED <-> PROTOCOL-SNMP HP Huawei password disclosure attempt (protocol-snmp.rules) * 1:31578 <-> DISABLED <-> PROTOCOL-SNMP HP Huawei password disclosure attempt (protocol-snmp.rules) * 1:31579 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record attempt (file-office.rules) * 1:31587 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XDP encoded download attempt (file-pdf.rules) * 1:31589 <-> DISABLED <-> PROTOCOL-SERVICES Linux iscsi_add_notunderstood_response request buffer overflow attempt (protocol-services.rules) * 1:31590 <-> DISABLED <-> PROTOCOL-SERVICES Linux iscsi_add_notunderstood_response request buffer overflow attempt (protocol-services.rules) * 1:31594 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (browser-chrome.rules) * 1:31595 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (browser-chrome.rules) * 1:31596 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (browser-chrome.rules) * 1:31597 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (browser-chrome.rules) * 1:31598 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (browser-chrome.rules) * 1:31599 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (browser-chrome.rules) * 1:31612 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded PRC stream NULL dereference denial of service attempt (file-pdf.rules) * 1:31613 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded PRC stream NULL dereference denial of service attempt (file-pdf.rules) * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player possible cross-domain bypass attempt (policy-other.rules) * 1:31670 <-> DISABLED <-> FILE-OTHER Symantec Endpoint Protection Sysplant kernel pool overflow exploit attempt (file-other.rules) * 1:31671 <-> DISABLED <-> FILE-OTHER Symantec Endpoint Protection Sysplant kernel pool overflow exploit attempt (file-other.rules) * 1:31673 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URL handling remote code execution attempt (file-flash.rules) * 1:31674 <-> DISABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31675 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31676 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31677 <-> DISABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31678 <-> ENABLED <-> FILE-FLASH Adobe Flash valueOf memory leak attempt (file-flash.rules) * 1:31679 <-> ENABLED <-> FILE-FLASH Adobe Flash valueOf memory leak attempt (file-flash.rules) * 1:31684 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-origin security policy bypass attempt (file-flash.rules) * 1:31685 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-origin security policy bypass attempt (file-flash.rules) * 1:31692 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page detected (exploit-kit.rules) * 1:31695 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31699 <-> ENABLED <-> EXPLOIT-KIT Hanjuan exploit kit encrypted binary download (exploit-kit.rules) * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31704 <-> DISABLED <-> SERVER-OTHER FCKeditor textinputs cross site scripting attempt (server-other.rules) * 1:31708 <-> DISABLED <-> SERVER-OTHER Cougar-LG SSH key path access attempt (server-other.rules) * 1:31709 <-> DISABLED <-> SERVER-OTHER Cougar-LG configuration file access attempt (server-other.rules) * 1:31719 <-> DISABLED <-> FILE-IMAGE Microsoft Multiple Products JPEG parser heap overflow attempt (file-image.rules) * 1:31723 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules) * 1:31724 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules) * 1:31725 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules) * 1:31726 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules) * 1:31727 <-> DISABLED <-> SERVER-OTHER Cistron-LG configuration file access attempt (server-other.rules) * 1:31732 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MMgc use-after-free attempt (file-flash.rules) * 1:31733 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MMgc use-after-free attempt (file-flash.rules) * 1:31734 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detection (exploit-kit.rules) * 1:31739 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (file-flash.rules) * 1:31740 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (file-flash.rules) * 1:31741 <-> ENABLED <-> SERVER-OTHER Multi-Router Looking Glass remote command injection attempt (server-other.rules) * 1:31746 <-> ENABLED <-> MALWARE-BACKDOOR Backdoor.Perl.Shellbot outbound communication attempt (malware-backdoor.rules) * 1:31749 <-> DISABLED <-> FILE-FLASH Adobe Flash Player marshallException through JavaScript XSS attempt (file-flash.rules) * 1:31750 <-> DISABLED <-> FILE-FLASH Adobe Flash Player marshallException through JavaScript XSS attempt (file-flash.rules) * 1:31764 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC TGS request cross-realm referral null pointer dereference denial of service attempt (server-other.rules) * 1:31765 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC TGS request cross-realm referral null pointer dereference denial of service attempt (server-other.rules) * 1:31766 <-> DISABLED <-> SERVER-OTHER Cougar-LG addr parameter XSS attempt (server-other.rules) * 1:31767 <-> DISABLED <-> SERVER-OTHER MRLG fastping echo reply memory corruption attempt (server-other.rules) * 1:31769 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit outbound connection on non-standard port (exploit-kit.rules) * 1:31770 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit jquery_datepicker domain decode attempt (exploit-kit.rules) * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31817 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Graftor variant retrieval of a DLL hosted as a JPG (malware-other.rules) * 1:31821 <-> DISABLED <-> FILE-OTHER Mozilla products clipPath element stroke-width buffer overflow attempt (file-other.rules) * 1:31822 <-> DISABLED <-> FILE-OTHER Mozilla products clipPath element stroke-width buffer overflow attempt (file-other.rules) * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules) * 1:31839 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules) * 1:31840 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules) * 1:31841 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules) * 1:31842 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules) * 1:31847 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (file-flash.rules) * 1:31848 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (file-flash.rules) * 1:31849 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (file-flash.rules) * 1:31850 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (file-flash.rules) * 1:31851 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A 128 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31852 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A 64 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31853 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A WPA key enumeration attempt (protocol-snmp.rules) * 1:31854 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 128 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31855 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 64 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31856 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products WPA key enumeration attempt (protocol-snmp.rules) * 1:31857 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit enumeration code detected (exploit-kit.rules) * 1:31858 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit enumeration code detected (exploit-kit.rules) * 1:31859 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit exfiltration attempt (exploit-kit.rules) * 1:31860 <-> DISABLED <-> SERVER-OTHER Apple CUPS web interface cross site scripting attempt (server-other.rules) * 1:31861 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (file-flash.rules) * 1:31862 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (file-flash.rules) * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:31898 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:31899 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash encoded shellcode detected (exploit-kit.rules) * 1:31900 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Internet Explorer encoded shellcode detected (exploit-kit.rules) * 1:31902 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit flash file download (exploit-kit.rules) * 1:31903 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit flash file download (exploit-kit.rules) * 1:31966 <-> DISABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules) * 1:31967 <-> DISABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules) * 1:31972 <-> DISABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules) * 1:31986 <-> ENABLED <-> FILE-OTHER Wireshark MPEG dissector stack buffer overflow attempt (file-other.rules) * 1:31987 <-> ENABLED <-> FILE-OTHER Wireshark MPEG dissector stack buffer overflow attempt (file-other.rules) * 1:31988 <-> ENABLED <-> EXPLOIT-KIT Gong Da exploit kit landing page (exploit-kit.rules) * 1:32005 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules) * 1:32006 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules) * 1:32008 <-> ENABLED <-> MALWARE-OTHER Fake Delta Ticket HTTP Response phishing attack (malware-other.rules) * 1:32021 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D format Line Set Continuation out-of-bounds memory access attempt (file-pdf.rules) * 1:32022 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D format Line Set Continuation out-of-bounds memory access attempt (file-pdf.rules) * 1:32024 <-> ENABLED <-> FILE-FLASH Adobe Flash Player unsupported bitmapFormat value memory disclosure attempt (file-flash.rules) * 1:32025 <-> ENABLED <-> FILE-FLASH Adobe Flash Player unsupported bitmapFormat value memory disclosure attempt (file-flash.rules) * 1:32026 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules) * 1:32027 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules) * 1:32029 <-> DISABLED <-> BROWSER-OTHER Android WebView same origin policy bypass attempt (browser-other.rules) * 1:32045 <-> ENABLED <-> OS-OTHER Bash redir_stack here document handling denial of service attempt (os-other.rules) * 1:32046 <-> ENABLED <-> OS-OTHER Bash redir_stack here document handling denial of service attempt (os-other.rules) * 1:32047 <-> ENABLED <-> OS-OTHER Bash CGI nested loops word_lineno denial of service attempt (os-other.rules) * 1:32049 <-> ENABLED <-> OS-OTHER Bash CGI nested loops word_lineno denial of service attempt (os-other.rules) * 1:32055 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Blohi variant outbound connection (malware-backdoor.rules) * 1:32059 <-> ENABLED <-> PROTOCOL-SCADA KingSCADA Alarm Server stack buffer overflow attempt (protocol-scada.rules) * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (policy-other.rules) * 1:32076 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 directory traversal attempt (server-other.rules) * 1:32077 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP ping abort message double free attempt (file-flash.rules) * 1:32080 <-> ENABLED <-> MALWARE-BACKDOOR Linux.Backdoor.Starysu variant inbound connection (malware-backdoor.rules) * 1:32081 <-> ENABLED <-> MALWARE-BACKDOOR Linux.Backdoor.Starysu variant inbound connection (malware-backdoor.rules) * 1:32084 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32085 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32087 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules) * 1:32088 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules) * 1:32089 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules) * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (policy-other.rules) * 1:32099 <-> DISABLED <-> FILE-OTHER Adobe Flash Player integer overflow out-of-bounds read attempt (file-other.rules) * 1:32100 <-> DISABLED <-> FILE-OTHER Adobe Flash Player integer overflow out-of-bounds read attempt (file-other.rules) * 1:32117 <-> DISABLED <-> PUA-ADWARE MplayerX malvertising browser hijacker (pua-adware.rules) * 1:32118 <-> DISABLED <-> PUA-ADWARE MplayerX malvertising connectivity check (pua-adware.rules) * 1:32119 <-> DISABLED <-> PUA-ADWARE Vsearch installer User-Agent (pua-adware.rules) * 1:32120 <-> DISABLED <-> PUA-ADWARE Vsearch installer request (pua-adware.rules) * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:32141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32142 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32143 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32146 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32147 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word styleWithEffects use-after-free attempt (file-office.rules) * 1:32148 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word styleWithEffects use-after-free attempt (file-office.rules) * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (file-identify.rules) * 1:32166 <-> ENABLED <-> FILE-OTHER Microsoft Internet Explorer SVG heap corruption attempt (file-other.rules) * 1:32167 <-> ENABLED <-> FILE-OTHER Microsoft Internet Explorer SVG heap corruption attempt (file-other.rules) * 1:32170 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader string replacement heap overflow attempt (file-pdf.rules) * 1:32171 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader string replacement heap overflow attempt (file-pdf.rules) * 1:32190 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font parsing remote code execution attempt (os-windows.rules) * 1:32191 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font parsing remote code execution attempt (os-windows.rules) * 1:32199 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 305 directory traversal attempt (server-other.rules) * 1:32204 <-> DISABLED <-> SERVER-OTHER SSLv3 POODLE CBC padding brute force attempt (server-other.rules) * 1:32205 <-> DISABLED <-> SERVER-OTHER SSLv3 POODLE CBC padding brute force attempt (server-other.rules) * 1:32236 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (file-flash.rules) * 1:32237 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (file-flash.rules) * 1:32238 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (file-flash.rules) * 1:32239 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (file-flash.rules) * 1:32240 <-> DISABLED <-> SERVER-OTHER rsyslog remote PRI out of bounds attempt (server-other.rules) * 1:32244 <-> DISABLED <-> BROWSER-FIREFOX Mozilla 1.0 Javascript arbitrary cookie access attempt (browser-firefox.rules) * 1:32247 <-> ENABLED <-> MALWARE-BACKDOOR PHP IRCBot command execution attempt (malware-backdoor.rules) * 1:32248 <-> ENABLED <-> MALWARE-BACKDOOR PHP IRCBot file edit attempt (malware-backdoor.rules) * 1:32249 <-> ENABLED <-> MALWARE-BACKDOOR PHP IRCBot port bind attempt (malware-backdoor.rules) * 1:32251 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:32252 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:32253 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file download request (file-identify.rules) * 1:32260 <-> ENABLED <-> MALWARE-OTHER Sinkhole reply - irc-sinkhole.cert.pl (malware-other.rules) * 1:32274 <-> DISABLED <-> OS-MOBILE Apple iOS 8.x jailbreak download attempt (os-mobile.rules) * 1:32275 <-> DISABLED <-> OS-MOBILE Apple iOS 8.x jailbreak download attempt (os-mobile.rules) * 1:32277 <-> DISABLED <-> SERVER-OTHER Novell ZENworks PreBoot directory traversal attempt (server-other.rules) * 1:32301 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32302 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32303 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32304 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32305 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32306 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32307 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32308 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32319 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink locationAttributeSetter use after free attempt (browser-chrome.rules) * 1:32320 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink locationAttributeSetter use after free attempt (browser-chrome.rules) * 1:32321 <-> DISABLED <-> SERVER-OTHER Generic JPEG stored cross site scripting attempt (server-other.rules) * 1:32322 <-> DISABLED <-> SERVER-OTHER Generic JPEG stored cross site scripting attempt (server-other.rules) * 1:32337 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader pattern object memory corruption attempt (file-pdf.rules) * 1:32339 <-> DISABLED <-> PUA-ADWARE Nosibay Bubble Dock freeware auto update outbound connection (pua-adware.rules) * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:32346 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 directory traversal attempt (server-other.rules) * 1:32358 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JpxDecode invalid crgn memory corruption attempt (file-pdf.rules) * 1:32361 <-> DISABLED <-> FILE-OTHER Microsoft Windows Briefcase integer overflow (file-other.rules) * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules) * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules) * 1:32371 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32376 <-> DISABLED <-> SERVER-OTHER Citrix NetScaler stack buffer overflow attempt (server-other.rules) * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (file-identify.rules) * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (file-identify.rules) * 1:32381 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules) * 1:32382 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules) * 1:32387 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit jar file download (exploit-kit.rules) * 1:32388 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules) * 1:32390 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:32399 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound Oracle Java request (exploit-kit.rules) * 1:32403 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32404 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32405 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32406 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32407 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32408 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32409 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32410 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32411 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32412 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32413 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32414 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32415 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32416 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32417 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32419 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel ECDH key exchange heap overflow attempt (os-windows.rules) * 1:32420 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel ECDH key exchange heap overflow attempt (os-windows.rules) * 1:32421 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel ECDH key exchange heap overflow attempt (os-windows.rules) * 1:32422 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DTLSv1.0 handshake cookie buffer overflow attempt (os-windows.rules) * 1:32423 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DTLSv1.0 hello verify request out of bounds read attempt (os-windows.rules) * 1:32428 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document malicious lcbSttbfBkmkArto value attempt (file-office.rules) * 1:32429 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document malicious lcbSttbfBkmkArto value attempt (file-office.rules) * 1:32432 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word lcbPlcffndTxt out-of-bounds attempt (file-office.rules) * 1:32433 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word fcPlfguidUim out-of-bounds attempt (file-office.rules) * 1:32434 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word lcbPlcffndTxt out-of-bounds attempt (file-office.rules) * 1:32435 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word fcPlfguidUim out-of-bounds attempt (file-office.rules) * 1:32465 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (server-other.rules) * 1:32466 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (server-other.rules) * 1:32467 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (server-other.rules) * 1:32468 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (server-other.rules) * 1:32474 <-> ENABLED <-> OS-WINDOWS .NET Framework BinaryServerFormatterSink-ProcessMessage IMessage corruption attempt (os-windows.rules) * 1:32475 <-> ENABLED <-> OS-WINDOWS .NET Framework BinaryServerFormatterSink-ProcessMessage IMessage corruption attempt (os-windows.rules) * 1:32476 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word bOffset value overflow attempt (file-office.rules) * 1:32477 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word bOffset value overflow attempt (file-office.rules) * 1:32489 <-> DISABLED <-> OS-WINDOWS Microsoft Windows tcpip.sys null pointer dereference attempt (os-windows.rules) * 1:32490 <-> DISABLED <-> OS-WINDOWS Microsoft Windows tcpip.sys null pointer dereference attempt (os-windows.rules) * 1:32499 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer EPM sandbox escape attempt (file-other.rules) * 1:32500 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer EPM sandbox escape attempt (file-other.rules) * 1:32501 <-> ENABLED <-> FILE-OTHER Microsoft XML invalid priority in xsl template (file-other.rules) * 1:32502 <-> ENABLED <-> FILE-OTHER Microsoft XML invalid priority in xsl template (file-other.rules) * 1:32514 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules) * 1:32515 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules) * 1:32516 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules) * 1:32517 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules) * 1:32518 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer registry symbolic link attack attempt (file-other.rules) * 1:32519 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer registry symbolic link attack attempt (file-other.rules) * 1:32525 <-> ENABLED <-> BROWSER-OTHER FreeBSD tnftp client detected (browser-other.rules) * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (policy-other.rules) * 1:32530 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32533 <-> ENABLED <-> SERVER-MYSQL Oracle MySQL Server XPath memory Corruption attempt (server-mysql.rules) * 1:32534 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32535 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32537 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32540 <-> ENABLED <-> FILE-FLASH Adobe Flash Player decompressed microphone object codec denial of service attempt (file-flash.rules) * 1:32541 <-> ENABLED <-> FILE-FLASH Adobe Flash Player decompressed microphone object codec denial of service attempt (file-flash.rules) * 1:32542 <-> ENABLED <-> FILE-FLASH Adobe Flash Player compressed microphone object codec denial of service attempt (file-flash.rules) * 1:32543 <-> ENABLED <-> FILE-FLASH Adobe Flash Player compressed microphone object codec denial of service attempt (file-flash.rules) * 1:32544 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML focus with no data denial of service attempt (file-flash.rules) * 1:32545 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML focus with no data denial of service attempt (file-flash.rules) * 1:32552 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect codec denial of service attempt (file-flash.rules) * 1:32553 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect codec denial of service attempt (file-flash.rules) * 1:32554 <-> ENABLED <-> EXPLOIT-KIT Hellspawn exploit kit landing page detected (exploit-kit.rules) * 1:32558 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (file-flash.rules) * 1:32559 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (file-flash.rules) * 1:32560 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (file-flash.rules) * 1:32561 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (file-flash.rules) * 1:32566 <-> DISABLED <-> POLICY-OTHER SSLv3 CBC client connection attempt (policy-other.rules) * 1:32567 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (file-flash.rules) * 1:32568 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (file-flash.rules) * 1:32569 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (file-flash.rules) * 1:32570 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (file-flash.rules) * 1:32571 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32572 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32573 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32574 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32575 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32576 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32578 <-> ENABLED <-> PUA-OTHER Request for known malware domain pierrejb.agora.eu.org (pua-other.rules) * 1:32587 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Series record exploit attempt (file-office.rules) * 1:32588 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules) * 1:32589 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules) * 1:32592 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed JPEG information leak attempt (file-flash.rules) * 1:32593 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed JPEG information leak attempt (file-flash.rules) * 1:32601 <-> DISABLED <-> SERVER-OTHER Hikvision DVR RTSP request buffer overflow attempt (server-other.rules) * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (policy-other.rules) * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (policy-other.rules) * 1:32616 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules) * 1:32617 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules) * 1:32618 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file download request (file-identify.rules) * 1:32619 <-> DISABLED <-> FILE-OTHER MostGear EasyLanFolderShare serial key overflow attempt (file-other.rules) * 1:32620 <-> DISABLED <-> FILE-OTHER MostGear EasyLanFolderShare serial key overflow attempt (file-other.rules) * 1:32628 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32636 <-> DISABLED <-> FILE-OTHER fCreateShellLink function use - potential attack (file-other.rules) * 1:32637 <-> DISABLED <-> PROTOCOL-TFTP UDP large packet use after free attempt (protocol-tftp.rules) * 1:32638 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit Adobe Flash exploit on defined port (exploit-kit.rules) * 1:32640 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit outbound payload detection (exploit-kit.rules) * 1:32641 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit Oracle Java jnlp file requested on defined port (exploit-kit.rules) * 1:32647 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32648 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32649 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32650 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32651 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32668 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray.uncompress use after free attempt (file-flash.rules) * 1:32669 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray.uncompress use after free attempt (file-flash.rules) * 1:32671 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (file-other.rules) * 1:32672 <-> DISABLED <-> SERVER-OTHER Cisco ios ftp proxy overflow attempt (server-other.rules) * 1:32673 <-> DISABLED <-> SERVER-OTHER Web Service on Devices API WSDAPI URL processing buffer corruption attempt (server-other.rules) * 1:32683 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel blip image use after free attempt (file-office.rules) * 1:32684 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel blip image use after free attempt (file-office.rules) * 1:32687 <-> DISABLED <-> FILE-OFFICE Microsoft Office use after free (file-office.rules) * 1:32688 <-> DISABLED <-> FILE-OFFICE Microsoft Office use after free (file-office.rules) * 1:32705 <-> DISABLED <-> SERVER-MAIL Microsoft Exchange OWA meeting invite XSS attempt (server-mail.rules) * 1:32707 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object use after free attempt (file-office.rules) * 1:32708 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object use after free attempt (file-office.rules) * 1:32711 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word array index out-of-bounds attempt (file-office.rules) * 1:32712 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word array index out-of-bounds attempt (file-office.rules) * 1:32713 <-> DISABLED <-> BROWSER-OTHER Microsoft Internet Explorer cross site scripting filter bypass attempt (browser-other.rules) * 1:32718 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel remote code execution attempt (file-office.rules) * 1:32719 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel remote code execution attempt (file-office.rules) * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (policy-other.rules) * 1:32731 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32732 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32737 <-> DISABLED <-> SERVER-OTHER Lianja SQL Server db_netserver Buffer Overflow attempt (server-other.rules) * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32748 <-> DISABLED <-> SERVER-OTHER Ecava IntegraXor HMI /res buffer overflow attempt (server-other.rules) * 1:32749 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules) * 1:32750 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules) * 1:32751 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules) * 1:32752 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules) * 1:32755 <-> DISABLED <-> SERVER-OTHER TLSv1.0 POODLE CBC padding brute force attempt (server-other.rules) * 1:32756 <-> DISABLED <-> SERVER-OTHER TLSv1.1 POODLE CBC padding brute force attempt (server-other.rules) * 1:32757 <-> DISABLED <-> SERVER-OTHER TLSv1.2 POODLE CBC padding brute force attempt (server-other.rules) * 1:32758 <-> DISABLED <-> SERVER-OTHER TLSv1.0 POODLE CBC padding brute force attempt (server-other.rules) * 1:32759 <-> DISABLED <-> SERVER-OTHER TLSv1.1 POODLE CBC padding brute force attempt (server-other.rules) * 1:32760 <-> DISABLED <-> SERVER-OTHER TLSv1.2 POODLE CBC padding brute force attempt (server-other.rules) * 1:32764 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (file-flash.rules) * 1:32765 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (file-flash.rules) * 1:32766 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (file-flash.rules) * 1:32767 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (file-flash.rules) * 1:32768 <-> DISABLED <-> SQL PK-CMS SQL injection attempt (sql.rules) * 1:32771 <-> DISABLED <-> MALWARE-OTHER Adobe Invoice email scam phishing attempt (malware-other.rules) * 1:32772 <-> DISABLED <-> MALWARE-OTHER Adobe License Key email scam phishing attempt (malware-other.rules) * 1:32787 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32788 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32789 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32790 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32793 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:32794 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:32795 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D light resource orphaned array use after free attempt (file-pdf.rules) * 1:32796 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D light resource orphaned array use after free attempt (file-pdf.rules) * 1:32797 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32798 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32799 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32800 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32801 <-> DISABLED <-> FILE-FLASH Adobe Flash Player orphaning MP3 crash attempt (file-flash.rules) * 1:32802 <-> DISABLED <-> FILE-FLASH Adobe Flash Player orphaning MP3 crash attempt (file-flash.rules) * 1:32805 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32806 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32807 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32808 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32809 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32813 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D object use after free attempt (file-pdf.rules) * 1:32814 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D object use after free attempt (file-pdf.rules) * 1:32815 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:32816 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:32817 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:32818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:32819 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 row out of bounds memory corruption attempt (file-pdf.rules) * 1:32820 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 row out of bounds memory corruption attempt (file-pdf.rules) * 1:32821 <-> DISABLED <-> FILE-PDF Cross Domain potentially malicious redirection attempt (file-pdf.rules) * 1:32822 <-> DISABLED <-> FILE-PDF Cross Domain potentially malicious redirection attempt (file-pdf.rules) * 1:32828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32832 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32833 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32834 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32835 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32836 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32837 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32838 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ANTrustPropgateAll privilege propagation attempt (file-pdf.rules) * 1:32839 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ANTrustPropgateAll privilege propagation attempt (file-pdf.rules) * 1:32845 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - 209.53.113.223 (app-detect.rules) * 1:32846 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - absolute.com (app-detect.rules) * 1:32847 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - bh.namequery.com (app-detect.rules) * 1:32848 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - namequery.nettrace.co.za (app-detect.rules) * 1:32849 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search.us.namequery.com (app-detect.rules) * 1:32850 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search2.namequery.com (app-detect.rules) * 1:32851 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search64.namequery.com (app-detect.rules) * 1:32864 <-> DISABLED <-> APP-DETECT I2P NetBIOS name resolution request attempt (app-detect.rules) * 1:32865 <-> DISABLED <-> APP-DETECT I2P DNS request attempt (app-detect.rules) * 1:32866 <-> DISABLED <-> APP-DETECT I2P UPNP query attempt (app-detect.rules) * 1:32867 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader resampling invalid graphic matrix value attempt (file-pdf.rules) * 1:32868 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader resampling invalid graphic matrix value attempt (file-pdf.rules) * 1:32872 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff exploit attempt (file-office.rules) * 1:32873 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray crash attempt (file-flash.rules) * 1:32874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray crash attempt (file-flash.rules) * 1:32875 <-> DISABLED <-> MALWARE-TOOLS BlackSpider Tool ali.txt file upload attempt (malware-tools.rules) * 1:32877 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:32878 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:32879 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit payload delivery (exploit-kit.rules) * 1:32880 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules) * 1:32883 <-> DISABLED <-> FILE-OTHER Adobe Reader MoveFileEx arbitrary file write attempt (file-other.rules) * 1:32884 <-> DISABLED <-> FILE-OTHER Adobe Reader MoveFileEx arbitrary file write attempt (file-other.rules) * 1:32889 <-> DISABLED <-> FILE-IMAGE Microsoft and libpng multiple products PNG large image width overflow attempt (file-image.rules) * 1:32890 <-> DISABLED <-> SERVER-OTHER ntpd configure buffer overflow attempt (server-other.rules) * 1:32898 <-> DISABLED <-> FILE-MULTIMEDIA Quicktime MJPEG Frame stsd Atom Heap Overflow attempt (file-multimedia.rules) * 1:32899 <-> DISABLED <-> FILE-MULTIMEDIA Quicktime MJPEG Frame stsd Atom Heap Overflow attempt (file-multimedia.rules) * 1:32900 <-> DISABLED <-> FILE-FLASH Adobe Flash pepper player 307 redirect custom header cross domain policy evasion attempt (file-flash.rules) * 1:32903 <-> DISABLED <-> FILE-OTHER Oracle Database Server XML stack buffer overflow attempt (file-other.rules) * 1:32904 <-> DISABLED <-> FILE-OTHER Oracle Database Server XML stack buffer overflow attempt (file-other.rules) * 1:32907 <-> DISABLED <-> POLICY-OTHER PirateBrowser User-Agent detected (policy-other.rules) * 1:32911 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper inbound communication attempt (malware-backdoor.rules) * 1:32912 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper outbound communication attempt (malware-backdoor.rules) * 1:32913 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper download attempt (malware-backdoor.rules) * 1:32914 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper download attempt (malware-backdoor.rules) * 1:32915 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper inbound communication attempt (malware-backdoor.rules) * 1:32916 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper outbound communication attempt (malware-backdoor.rules) * 1:32917 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper inbound communication attempt (malware-backdoor.rules) * 1:32918 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper download attempt (malware-backdoor.rules) * 1:32919 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32920 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32921 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32922 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32923 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32924 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32925 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32926 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32927 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32928 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32929 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32930 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32931 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32932 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32933 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32934 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32935 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32936 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Wiper proxy tools download attempt (malware-tools.rules) * 1:32937 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Wiper proxy communication attempt (malware-tools.rules) * 1:32938 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Wiper proxy tool download attempt (malware-tools.rules) * 1:32940 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed Label record exploit attempt (file-office.rules) * 1:32941 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules) * 1:32942 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules) * 1:32943 <-> DISABLED <-> FILE-OTHER Microsoft SYmbolic LinK stack overflow attempt (file-other.rules) * 1:32945 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules) * 1:32946 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules) * 1:32947 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file download request (file-identify.rules) * 1:32948 <-> DISABLED <-> INDICATOR-COMPROMISE Download of executable screensaver file (indicator-compromise.rules) * 1:32949 <-> DISABLED <-> MALWARE-OTHER Download of executable screensaver file (malware-other.rules) * 1:32951 <-> DISABLED <-> POLICY-OTHER base64 encoded executable file download (policy-other.rules) * 1:32953 <-> DISABLED <-> SERVER-OTHER XCat Blind XPath Injection attempt (server-other.rules) * 1:32954 <-> DISABLED <-> SERVER-OTHER XCat Blind XPath Injection attempt (server-other.rules) * 1:32955 <-> DISABLED <-> SERVER-OTHER XCat Blind XPath Injection attempt (server-other.rules) * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (protocol-dns.rules) * 1:32960 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules) * 1:32961 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules) * 1:32965 <-> DISABLED <-> OS-WINDOWS Microsoft Windows identity token authorization bypass attempt (os-windows.rules) * 1:32966 <-> DISABLED <-> OS-WINDOWS Microsoft Windows identity token authorization bypass attempt (os-windows.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules) * 1:32974 <-> DISABLED <-> OS-MOBILE Android ObjectInputStream privilege escalation attempt (os-mobile.rules) * 1:32975 <-> DISABLED <-> OS-MOBILE Android ObjectInputStream privilege escalation attempt (os-mobile.rules) * 1:32995 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit Adobe Flash download (exploit-kit.rules) * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules) * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules) * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (file-identify.rules) * 1:33048 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebdavRedirector privilege escalation attempt (os-windows.rules) * 1:33049 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebdavRedirector privilege escalation attempt (os-windows.rules) * 1:33062 <-> DISABLED <-> FILE-OTHER BulletProof FTP Client BPS file buffer overflow attempt (file-other.rules) * 1:33063 <-> DISABLED <-> FILE-OTHER BulletProof FTP Client BPS file buffer overflow attempt (file-other.rules) * 1:33155 <-> DISABLED <-> OS-WINDOWS CryptProtectMemory Impersonation Check Bypass attempt (os-windows.rules) * 1:33156 <-> DISABLED <-> OS-WINDOWS CryptProtectMemory Impersonation Check Bypass attempt (os-windows.rules) * 1:33159 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM2 opcode type confusion denial of service attempt (file-flash.rules) * 1:33160 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM2 opcode type confusion denial of service attempt (file-flash.rules) * 1:33162 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:33163 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:33164 <-> DISABLED <-> FILE-FLASH Adobe Flash Player RTMP out-of-bounds read attempt (file-flash.rules) * 1:33176 <-> ENABLED <-> FILE-FLASH Adobe Flash AWM2 out of bounds corruption attempt (file-flash.rules) * 1:33177 <-> ENABLED <-> FILE-FLASH Adobe Flash AWM2 out of bounds corruption attempt (file-flash.rules) * 1:33183 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:33185 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:33186 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (exploit-kit.rules) * 1:33187 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (exploit-kit.rules) * 1:33197 <-> DISABLED <-> SERVER-OTHER BMC Track-It FileStorageService directory traversal attempt (server-other.rules) * 1:33205 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC 2.1.5 Media Player libavcodex memory corruption attempt (file-multimedia.rules) * 1:33206 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC 2.1.5 Media Player libavcodex memory corruption attempt (file-multimedia.rules) * 1:33208 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bladbindi obfuscated with Yano Obfuscator download attempt (malware-other.rules) * 1:33212 <-> ENABLED <-> PUA-ADWARE SoftPulse variant HTTP response attempt (pua-adware.rules) * 1:33213 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader newfunction memory corruption attempt (file-pdf.rules) * 1:33214 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader newfunction memory corruption attempt (file-pdf.rules) * 1:33215 <-> DISABLED <-> INDICATOR-COMPROMISE DNS request for known malware domain icanhazip.com (indicator-compromise.rules) * 1:33216 <-> DISABLED <-> INDICATOR-COMPROMISE DNS request for known malware domain tor2web.org (indicator-compromise.rules) * 1:33224 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.Blocker variant outbound connection attempt (indicator-compromise.rules) * 1:33280 <-> DISABLED <-> PUA-ADWARE Win.Adware.iBryte variant outbound connection (pua-adware.rules) * 1:33286 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (exploit-kit.rules) * 1:33292 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:33295 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (file-flash.rules) * 1:33296 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (file-flash.rules) * 1:33297 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (file-flash.rules) * 1:33298 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (file-flash.rules) * 1:33304 <-> ENABLED <-> PUA-ADWARE Win.Adware.Gamevance variant outbound connection (pua-adware.rules) * 1:33306 <-> ENABLED <-> MALWARE-OTHER connection to malware sinkhole (malware-other.rules) * 1:33307 <-> DISABLED <-> FILE-OTHER Microsoft Visio packed object parsing memory corruption attempt (file-other.rules) * 1:33308 <-> DISABLED <-> FILE-OTHER Microsoft Visio packed object parsing memory corruption attempt (file-other.rules) * 1:33309 <-> DISABLED <-> FILE-OTHER libxml2 entity reference name heap buffer overflow attempt (file-other.rules) * 1:33310 <-> DISABLED <-> FILE-OTHER libxml2 entity reference name heap buffer overflow attempt (file-other.rules) * 1:33311 <-> ENABLED <-> PUA-ADWARE Win.Adware.OptimizerPro variant outbound connection (pua-adware.rules) * 1:33343 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 x64 linked cursor double free attempt (os-windows.rules) * 1:33344 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 x64 linked cursor double free attempt (os-windows.rules) * 1:33355 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys use-after-free attempt (os-windows.rules) * 1:33363 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules) * 1:33364 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules) * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (policy-other.rules) * 1:33430 <-> DISABLED <-> APP-DETECT I2P traffic transmission attempt (app-detect.rules) * 1:33436 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font integer overflow attempt (file-other.rules) * 1:33437 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font integer overflow attempt (file-other.rules) * 1:33441 <-> DISABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (file-office.rules) * 1:33442 <-> DISABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (file-office.rules) * 1:33445 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP channel driver denial of service attempt (protocol-voip.rules) * 1:33452 <-> ENABLED <-> PUA-TOOLBARS Win.Toolbar.Crossrider variant outbound connection (pua-toolbars.rules) * 1:33454 <-> ENABLED <-> FILE-OTHER Adobe Reader CoolType.DLL out-of-bounds memory access attempt (file-other.rules) * 1:33455 <-> ENABLED <-> FILE-OTHER Adobe Reader CoolType.DLL out-of-bounds memory access attempt (file-other.rules) * 1:33475 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (file-flash.rules) * 1:33476 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (file-flash.rules) * 1:33477 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (file-flash.rules) * 1:33478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (file-flash.rules) * 1:33480 <-> DISABLED <-> PUA-ADWARE Win.Adware.DownloadGuide variant outbound connection (pua-adware.rules) * 1:33483 <-> ENABLED <-> PUA-ADWARE Win.Adware.InstallMonster variant outbound connection (pua-adware.rules) * 1:33515 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33516 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33517 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33518 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33525 <-> DISABLED <-> FILE-OTHER Apple OSX Safari format string validation corruption attempt (file-other.rules) * 1:33526 <-> DISABLED <-> FILE-OTHER Apple OSX Safari format string validation corruption attempt (file-other.rules) * 1:33527 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33528 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33529 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33530 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33531 <-> DISABLED <-> PUA-ADWARE MediaBuzz malvertising browser redirect attempt (pua-adware.rules) * 1:33532 <-> DISABLED <-> PUA-ADWARE MediaBuzz malvertising browser redirect attempt (pua-adware.rules) * 1:33549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33553 <-> DISABLED <-> PUA-ADWARE Win.Adware.iBryte variant outbound connection (pua-adware.rules) * 1:33561 <-> DISABLED <-> SERVER-OTHER OpenSSL fragmented protocol downgrade attempt (server-other.rules) * 1:33562 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document with embedded networking script (file-office.rules) * 1:33563 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document with embedded networking script (file-office.rules) * 1:33564 <-> DISABLED <-> SERVER-MAIL GNU Mailman date field buffer overflow attempt (server-mail.rules) * 1:33565 <-> DISABLED <-> SERVER-OTHER McAfee E-Business Server remote preauth code execution attempt (server-other.rules) * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules) * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules) * 1:33580 <-> DISABLED <-> PUA-ADWARE SuperFish adware outbound connection attempt (pua-adware.rules) * 1:33583 <-> DISABLED <-> PROTOCOL-DNS ISC BIND recursive resolver resource consumption denial of service attempt (protocol-dns.rules) * 1:33588 <-> DISABLED <-> FILE-OTHER Oracle Java WebStart JNLP stack buffer overflow attempt (file-other.rules) * 1:33592 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player SwDir.dll PlayerVersion Buffer Overflow attempt (file-other.rules) * 1:33593 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player SwDir.dll PlayerVersion Buffer Overflow attempt (file-other.rules) * 1:33595 <-> DISABLED <-> SERVER-OTHER GnuTLS TLSA record heap buffer overflow attempt (server-other.rules) * 1:33596 <-> DISABLED <-> SERVER-OTHER GnuTLS TLSA record heap buffer overflow attempt (server-other.rules) * 1:33603 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption attempt (file-other.rules) * 1:33604 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption attempt (file-other.rules) * 1:33615 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules) * 1:33618 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.lubot download (malware-backdoor.rules) * 1:33619 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.lubot download (malware-backdoor.rules) * 1:33622 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33624 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33625 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33626 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33627 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33628 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33629 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33630 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33631 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33634 <-> DISABLED <-> FILE-FLASH Adobe Flash Player decompressing denial of service attempt (file-flash.rules) * 1:33635 <-> DISABLED <-> FILE-FLASH Adobe Flash Player decompressing denial of service attempt (file-flash.rules) * 1:33636 <-> DISABLED <-> SERVER-OTHER SAP Sybase ESP xmlrpc unsafe pointer dereference attempt (server-other.rules) * 1:33637 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query object integer overflow attempt (server-mysql.rules) * 1:33640 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file download request (file-identify.rules) * 1:33641 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules) * 1:33642 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules) * 1:33643 <-> DISABLED <-> FILE-OTHER Apple Motion OZDocumentparseElement Integer Overflow attempt (file-other.rules) * 1:33644 <-> DISABLED <-> FILE-OTHER Apple Motion OZDocumentparseElement Integer Overflow attempt (file-other.rules) * 1:33645 <-> DISABLED <-> PUA-ADWARE SuperFish adware outbound connection attempt (pua-adware.rules) * 1:33654 <-> DISABLED <-> SERVER-OTHER OpenSSH maxstartup threshold connection exhaustion denial of service attempt (server-other.rules) * 1:33661 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (browser-chrome.rules) * 1:33662 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (browser-chrome.rules) * 1:33663 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound uri structure (exploit-kit.rules) * 1:33664 <-> DISABLED <-> BROWSER-OTHER Network Security Services NSS library RSA signature forgery attempt (browser-other.rules) * 1:33666 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file download request (file-identify.rules) * 1:33667 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules) * 1:33668 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules) * 1:33669 <-> DISABLED <-> FILE-OTHER Executable disguised as PIF file (file-other.rules) * 1:33679 <-> DISABLED <-> SERVER-OTHER Cisco CNS Network Registrar denial of service attempt (server-other.rules) * 1:33680 <-> DISABLED <-> SERVER-OTHER Cisco CNS Network Registrar denial of service attempt (server-other.rules) * 1:33682 <-> DISABLED <-> SERVER-OTHER PHP unserialize use after free attempt (server-other.rules) * 1:33683 <-> DISABLED <-> SERVER-OTHER PHP unserialize use after free attempt (server-other.rules) * 1:33685 <-> DISABLED <-> SERVER-OTHER PHPMoAdmin remote code execution attempt (server-other.rules) * 1:33713 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules) * 1:33714 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules) * 1:33717 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Task Scheduler access control bypass attempt (os-windows.rules) * 1:33728 <-> DISABLED <-> OS-WINDOWS ATLMFD.DLL improperly terminated encrypted charstrings in type 1 font attempt (os-windows.rules) * 1:33729 <-> DISABLED <-> OS-WINDOWS ATLMFD.DLL improperly terminated encrypted charstrings in type 1 font attempt (os-windows.rules) * 1:33732 <-> DISABLED <-> FILE-OTHER Microsoft OpenType font atlmfd.dll uninitialized memory read attempt (file-other.rules) * 1:33733 <-> DISABLED <-> FILE-OTHER Microsoft OpenType font atlmfd.dll uninitialized memory read attempt (file-other.rules) * 1:33734 <-> DISABLED <-> FILE-OFFICE Microsoft Office ADODB.RecordSet code execution attempt (file-office.rules) * 1:33735 <-> DISABLED <-> FILE-OFFICE Microsoft Office ADODB.RecordSet code execution attempt (file-office.rules) * 1:33758 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.CTB-Locker download attempt (malware-other.rules) * 1:33759 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.CTB-Locker download attempt (malware-other.rules) * 1:33760 <-> DISABLED <-> FILE-IMAGE Microsoft Internet Explorer PNG tRNS chuck size 1 information disclosure attempt (file-image.rules) * 1:33761 <-> DISABLED <-> FILE-IMAGE Microsoft Internet Explorer PNG tRNS chuck size 1 information disclosure attempt (file-image.rules) * 1:33765 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetClipboardAccessToken privilege escalation attempt (os-windows.rules) * 1:33766 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetClipboardAccessToken privilege escalation attempt (os-windows.rules) * 1:33767 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserFnINOUTNCCALCSIZE kernel memory leak attempt (os-windows.rules) * 1:33768 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserFnINOUTNCCALCSIZE kernel memory leak attempt (os-windows.rules) * 1:33769 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserfnINSTRINGNULL memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:33770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserfnINSTRINGNULL memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:33771 <-> DISABLED <-> FILE-OTHER Microsoft Windows jxr information disclosure attempt (file-other.rules) * 1:33772 <-> DISABLED <-> FILE-OTHER Microsoft Windows jxr information disclosure attempt (file-other.rules) * 1:33773 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CmpGetVirtualizationID race condition user impersonation attempt (os-windows.rules) * 1:33774 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CmpGetVirtualizationID race condition user impersonation attempt (os-windows.rules) * 1:33777 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33778 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33779 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33780 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33781 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33782 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33783 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33784 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33785 <-> DISABLED <-> SERVER-OTHER SSL request for export grade cipher suite attempt (server-other.rules) * 1:33786 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33787 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33788 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33789 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33790 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33791 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33792 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33793 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33794 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33795 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33796 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33797 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33798 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33799 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33800 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33801 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33802 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33803 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33804 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33805 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33806 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33807 <-> DISABLED <-> SERVER-MAIL Microsoft Exchange OWA X-OWA-CANARY command injection attempt (server-mail.rules) * 1:33808 <-> DISABLED <-> SERVER-OTHER Microsoft Sharepoint Server Newsfeed XSS attempt (server-other.rules) * 1:33809 <-> DISABLED <-> SERVER-OTHER Microsoft Sharepoint user display name XSS attempt (server-other.rules) * 1:33810 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server custom DLP policy name cross-site scripting attempt (server-other.rules) * 1:33811 <-> DISABLED <-> SERVER-MAIL Microsoft Exchange UM Management user stored XSS attempt (server-mail.rules) * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:33815 <-> DISABLED <-> PUA-ADWARE Adware Goobzo/CrossRider variant outbound connection (pua-adware.rules) * 1:33816 <-> DISABLED <-> PUA-ADWARE Adware Goobzo/CrossRider variant outbound connection (pua-adware.rules) * 1:33823 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Speccom variant outbound connection (malware-backdoor.rules) * 1:33825 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules) * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules) * 1:33830 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:33833 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules) * 1:33834 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules) * 1:33835 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules) * 1:33858 <-> DISABLED <-> SERVER-OTHER rsyslog remote PRI out of bounds attempt (server-other.rules) * 1:33874 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Latekonsul Runtime Detection (malware-other.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules) * 1:33908 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll out-of-bounds memory write access attempt (file-pdf.rules) * 1:33909 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll out-of-bounds memory write access attempt (file-pdf.rules) * 1:33910 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit rowspan denial of service attempt (browser-webkit.rules) * 1:33911 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit rowspan denial of service attempt (browser-webkit.rules) * 1:33939 <-> DISABLED <-> MALWARE-OTHER Executable control panel file attachment detected (malware-other.rules) * 1:33940 <-> DISABLED <-> MALWARE-OTHER Executable control panel file attachment detected (malware-other.rules) * 1:33941 <-> DISABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:33942 <-> DISABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:33943 <-> ENABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:33944 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33945 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33946 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33947 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33948 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33949 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33950 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33951 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33952 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33953 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33954 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33955 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33956 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33957 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33958 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33959 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33960 <-> DISABLED <-> SERVER-OTHER PHP unserialize code execution attempt (server-other.rules) * 1:33961 <-> DISABLED <-> SERVER-OTHER PHP unserialize code execution attempt (server-other.rules) * 1:33962 <-> DISABLED <-> BROWSER-CHROME Google Chrome Pepper Flash same-origin-policy bypass attempt (browser-chrome.rules) * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33971 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross domain policy bypass attempt (file-flash.rules) * 1:33972 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross domain policy bypass attempt (file-flash.rules) * 1:33973 <-> DISABLED <-> FILE-FLASH Adobe Flash Player compressed file cross domain policy bypass attempt (file-flash.rules) * 1:33974 <-> DISABLED <-> FILE-FLASH Adobe Flash Player compressed file cross domain policy bypass attempt (file-flash.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34027 <-> DISABLED <-> SERVER-OTHER PHP 4 unserialize ZVAL Reference Counter Overflow attempt (server-other.rules) * 1:34053 <-> DISABLED <-> SERVER-OTHER PHP unserialize and __wakeup use after free attempt (server-other.rules) * 1:34054 <-> DISABLED <-> SERVER-OTHER PHP unserialize and __wakeup use after free attempt (server-other.rules) * 1:34057 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:34058 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:34078 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules) * 1:34079 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules) * 1:34080 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules) * 1:34081 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules) * 1:34082 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules) * 1:34083 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules) * 1:34088 <-> DISABLED <-> SERVER-IIS Web.config information disclosure attempt (server-iis.rules) * 1:34091 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender misconfiguration MpCmdRun.exe system execution attempt (os-windows.rules) * 1:34092 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender misconfiguration MpCmdRun.exe system execution attempt (os-windows.rules) * 1:34095 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtCreateTransactionManager type confusion attempt (os-windows.rules) * 1:34096 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtCreateTransactionManager type confusion attempt (os-windows.rules) * 1:34097 <-> DISABLED <-> FILE-OTHER Multiple products external entity injection attempt (file-other.rules) * 1:34098 <-> DISABLED <-> FILE-OTHER Multiple products external entity injection attempt (file-other.rules) * 1:34099 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint projectdetails.aspx ret parameter XSS attempt (server-other.rules) * 1:34112 <-> DISABLED <-> SERVER-OTHER NTP mode 6 REQ_NONCE denial of service attempt (server-other.rules) * 1:34114 <-> DISABLED <-> SERVER-OTHER NTP mode 6 UNSETTRAP denial of service attempt (server-other.rules) * 1:34118 <-> DISABLED <-> INDICATOR-OBFUSCATION known malicious javascript packer detected (indicator-obfuscation.rules) * 1:34119 <-> DISABLED <-> PUA-ADWARE InstallMetrix precheck stage outbound connection (pua-adware.rules) * 1:34120 <-> DISABLED <-> PUA-ADWARE InstallMetrix fetch offers stage outbound connection (pua-adware.rules) * 1:34121 <-> DISABLED <-> PUA-ADWARE InstallMetrix reporting binary installation stage status (pua-adware.rules) * 1:34122 <-> DISABLED <-> PUA-ADWARE InstallMetrix reporting fetch offers stage status (pua-adware.rules) * 1:34125 <-> DISABLED <-> PUA-ADWARE User-Agent Vitruvian (pua-adware.rules) * 1:34126 <-> DISABLED <-> PUA-ADWARE Vitruvian outbound connection (pua-adware.rules) * 1:34127 <-> DISABLED <-> PUA-ADWARE Vitruvian outbound connection (pua-adware.rules) * 1:34131 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules) * 1:34137 <-> DISABLED <-> PUA-ADWARE SearchProtect user-agent detection (pua-adware.rules) * 1:34141 <-> DISABLED <-> SERVER-OTHER Oracle CorelDRAW file parser heap buffer overflow attempt (server-other.rules) * 1:34142 <-> DISABLED <-> SERVER-OTHER Oracle CorelDRAW file parser heap buffer overflow attempt (server-other.rules) * 1:34144 <-> DISABLED <-> PUA-ADWARE SuperOptimizer installation status (pua-adware.rules) * 1:34145 <-> DISABLED <-> PUA-ADWARE SuperOptimizer encrypted data transmission (pua-adware.rules) * 1:34146 <-> DISABLED <-> PUA-ADWARE SuperOptimizer geolocation request (pua-adware.rules) * 1:34147 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34148 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34149 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34150 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34160 <-> DISABLED <-> SERVER-OTHER Oracle Outside In Paradox database denial of service attempt (server-other.rules) * 1:34170 <-> DISABLED <-> BROWSER-OTHER Opera SVG use after free memory corruption attempt (browser-other.rules) * 1:34171 <-> DISABLED <-> BROWSER-OTHER Opera SVG use after free memory corruption attempt (browser-other.rules) * 1:34176 <-> DISABLED <-> FILE-FLASH Adobe Flash Player domain security bypass attempt (file-flash.rules) * 1:34177 <-> DISABLED <-> FILE-FLASH Adobe Flash Player domain security bypass attempt (file-flash.rules) * 1:34224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (indicator-shellcode.rules) * 1:34226 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple AV products evasion attempt (indicator-obfuscation.rules) * 1:34227 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple AV products evasion attempt (indicator-obfuscation.rules) * 1:34232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules) * 1:34233 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules) * 1:34234 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules) * 1:34235 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules) * 1:34236 <-> DISABLED <-> PUA-ADWARE Eorezo outbound connection (pua-adware.rules) * 1:34237 <-> DISABLED <-> PUA-ADWARE Eorezo get advertisement (pua-adware.rules) * 1:34238 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file upload attempt (server-other.rules) * 1:34239 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file upload attempt (server-other.rules) * 1:34253 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules) * 1:34254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules) * 1:34288 <-> DISABLED <-> SERVER-OTHER Windows iSCSI target login request Denial of Service attempt (server-other.rules) * 1:34295 <-> DISABLED <-> SQL Lblog possible sql injection attempt - GET parameter (sql.rules) * 1:34301 <-> DISABLED <-> SERVER-OTHER GNU Mailman listname directory traversal attempt (server-other.rules) * 1:34336 <-> ENABLED <-> MALWARE-OTHER Html.Phishing.Crea outbound connection attempt (malware-other.rules) * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (policy-other.rules) * 1:34343 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (file-multimedia.rules) * 1:34344 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (file-multimedia.rules) * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (policy-other.rules) * 1:34348 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit payload download (exploit-kit.rules) * 1:34373 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34374 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34375 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34376 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34377 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetComboBoxInfo information disclosure attempt (os-windows.rules) * 1:34378 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetComboBoxInfo information disclosure attempt (os-windows.rules) * 1:34395 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:34396 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:34397 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download request (file-identify.rules) * 1:34398 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download attempt (file-identify.rules) * 1:34413 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetScrollBarInfo information disclosure attempt (os-windows.rules) * 1:34414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetScrollBarInfo information disclosure attempt (os-windows.rules) * 1:34426 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:34427 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:34434 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET XML recursive call denial of service attempt (os-windows.rules) * 1:34435 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET XML recursive call denial of service attempt (os-windows.rules) * 1:34438 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .msc file stack overflow attempt (os-windows.rules) * 1:34439 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .msc file stack overflow attempt (os-windows.rules) * 1:34442 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTUserGetTitleBarInfo information disclosure attempt (os-windows.rules) * 1:34443 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTUserGetTitleBarInfo information disclosure attempt (os-windows.rules) * 1:34463 <-> DISABLED <-> APP-DETECT TeamViewer remote administration tool outbound connection attempt (app-detect.rules) * 1:34464 <-> DISABLED <-> SERVER-OTHER AsusWRT infosvr remote command execution attempt (server-other.rules) * 1:34465 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT28 Lisuife (indicator-compromise.rules) * 1:34479 <-> DISABLED <-> FILE-EXECUTABLE Adobe Flash Player Internet Explorer broker process directory traversal attempt (file-executable.rules) * 1:34480 <-> DISABLED <-> FILE-EXECUTABLE Adobe Flash Player Internet Explorer broker process directory traversal attempt (file-executable.rules) * 1:34481 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34482 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34483 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34484 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34485 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34486 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34487 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34488 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:34493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:34494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:34495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:34496 <-> DISABLED <-> APP-DETECT Your-Freedom DNS tunneling query attempt (app-detect.rules) * 1:34497 <-> DISABLED <-> APP-DETECT Your-Freedom DNS tunneling query response attempt (app-detect.rules) * 1:34498 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules) * 1:34499 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules) * 1:34500 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Wekby Torn variant outbound connection (malware-backdoor.rules) * 1:34528 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader AVDoc use-after-free attempt (file-pdf.rules) * 1:34529 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader AVDoc use-after-free attempt (file-pdf.rules) * 1:34530 <-> DISABLED <-> FILE-OTHER Microsoft CAB incorrect version multiple antivirus evasion attempt (file-other.rules) * 1:34531 <-> DISABLED <-> FILE-OTHER Microsoft CAB incorrect version multiple antivirus evasion attempt (file-other.rules) * 1:34532 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader customDictionaryExport information disclosure attempt (file-pdf.rules) * 1:34533 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader customDictionaryExport information disclosure attempt (file-pdf.rules) * 1:34534 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PRC invalid index attempt (file-pdf.rules) * 1:34535 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PRC invalid index attempt (file-pdf.rules) * 1:34536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:34537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:34566 <-> DISABLED <-> FILE-OTHER Microsoft Windows Font Library file buffer overflow attempt (file-other.rules) * 1:34573 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34574 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34575 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34576 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34577 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34578 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34579 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34580 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:34585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34587 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34588 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34595 <-> DISABLED <-> SERVER-OTHER OpenSSL handshake with potentially unseeded PRNG information disclosure attempt (server-other.rules) * 1:34629 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules) * 1:34630 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules) * 1:34631 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file download request (file-identify.rules) * 1:34649 <-> DISABLED <-> SERVER-OTHER OpenSSL zero-length ClientKeyExchange message denial of service attempt (server-other.rules) * 1:34709 <-> DISABLED <-> SERVER-OTHER MIT Kerberos MIT Kerberos 5 krb5_read_message denial of service attempt (server-other.rules) * 1:34710 <-> DISABLED <-> SERVER-OTHER PHP unserialize datetimezone object code execution attempt (server-other.rules) * 1:34714 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules) * 1:34715 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules) * 1:34761 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference privilege escalation attempt (os-windows.rules) * 1:34762 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference privilege escalation attempt (os-windows.rules) * 1:34769 <-> DISABLED <-> SERVER-IIS Microsoft Active Directory Federation Services wct parameter cross site scripting attempt (server-iis.rules) * 1:34770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows bitmap menu item use after free attempt (os-windows.rules) * 1:34771 <-> DISABLED <-> OS-WINDOWS Microsoft Windows bitmap menu item use after free attempt (os-windows.rules) * 1:34774 <-> DISABLED <-> OS-WINDOWS Microsoft Windows multiple linked fonts memory corruption attempt (os-windows.rules) * 1:34775 <-> DISABLED <-> OS-WINDOWS Microsoft Windows multiple linked fonts memory corruption attempt (os-windows.rules) * 1:34776 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserMessageCall information disclosure attempt (os-windows.rules) * 1:34777 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserMessageCall information disclosure attempt (os-windows.rules) * 1:34780 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context visible region memory corruption attempt (file-other.rules) * 1:34781 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context visible region memory corruption attempt (file-other.rules) * 1:34782 <-> DISABLED <-> OS-WINDOWS Microsoft Windows BrushAttributes use-after-free attempt (os-windows.rules) * 1:34783 <-> DISABLED <-> OS-WINDOWS Microsoft Windows BrushAttributes use-after-free attempt (os-windows.rules) * 1:34784 <-> DISABLED <-> OS-WINDOWS Microsoft Windows window placement invalid memory write attempt (os-windows.rules) * 1:34785 <-> DISABLED <-> OS-WINDOWS Microsoft Windows window placement invalid memory write attempt (os-windows.rules) * 1:34786 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context memory corruption attempt (file-other.rules) * 1:34787 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context memory corruption attempt (file-other.rules) * 1:34788 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 CreateWindowEx privilege escalation attempt (os-windows.rules) * 1:34789 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 CreateWindowEx privilege escalation attempt (os-windows.rules) * 1:34792 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules) * 1:34793 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules) * 1:34800 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:34801 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:34802 <-> DISABLED <-> OS-LINUX Linux kernel SCTP Unknown Chunk Types denial of service attempt (os-linux.rules) * 1:34811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player assumed trust URI reference to child file attempt (file-flash.rules) * 1:34812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34814 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34836 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34837 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34838 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34839 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34858 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34859 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34860 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34861 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34864 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (indicator-compromise.rules) * 1:34889 <-> DISABLED <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt (server-other.rules) * 1:34927 <-> DISABLED <-> PUA-ADWARE PullUpdate installer outbound connection (pua-adware.rules) * 1:34930 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy outbound traffic attempt (malware-other.rules) * 1:34933 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HSC DVD driver upgrade code execution attempt (os-windows.rules) * 1:34945 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.Dridex dropper message (malware-tools.rules) * 1:34946 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox automatic user click event attempt (browser-firefox.rules) * 1:34947 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox automatic user click event attempt (browser-firefox.rules) * 1:34951 <-> DISABLED <-> SERVER-OTHER PHP DateTimeZone object timezone unserialize type confusion attempt (server-other.rules) * 1:34952 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34953 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34954 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34955 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34956 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34964 <-> DISABLED <-> PUA-ADWARE Win.Adware.Sendori user-agent detection (pua-adware.rules) * 1:34969 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:34970 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:34973 <-> DISABLED <-> SERVER-OTHER Apache mod_include buffer overflow attempt (server-other.rules) * 1:34974 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio UML string object heap buffer overflow attempt (file-office.rules) * 1:34975 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio UML string object heap buffer overflow attempt (file-office.rules) * 1:34984 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (file-other.rules) * 1:34985 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (file-other.rules) * 1:34986 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (file-other.rules) * 1:34987 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (file-other.rules) * 1:35003 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Malumpos malware download attempt (malware-other.rules) * 1:35004 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Malumpos malware download attempt (malware-other.rules) * 1:35018 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules) * 1:35019 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules) * 1:35020 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules) * 1:35021 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules) * 1:35022 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime corrupt stbl atom out of bounds read attempt (file-multimedia.rules) * 1:35023 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime corrupt stbl atom out of bounds read attempt (file-multimedia.rules) * 1:35038 <-> DISABLED <-> SERVER-OTHER Trustwave ModSecurity chunked transfer encoding policy bypass attempt (server-other.rules) * 1:35042 <-> DISABLED <-> POLICY-OTHER Apple Cups cupsd.conf change attempt (policy-other.rules) * 1:35044 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari URI spoofing attempt (browser-webkit.rules) * 1:35045 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari URI spoofing attempt (browser-webkit.rules) * 1:35070 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (browser-firefox.rules) * 1:35071 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use after free attempt (browser-firefox.rules) * 1:35072 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (browser-firefox.rules) * 1:35073 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (browser-firefox.rules) * 1:35074 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use after free attempt (browser-firefox.rules) * 1:35075 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (browser-firefox.rules) * 1:35084 <-> DISABLED <-> EXPLOIT-KIT Null Hole exploit kit binary download request (exploit-kit.rules) * 1:35085 <-> DISABLED <-> EXPLOIT-KIT Null Hole exploit kit malicious swf request (exploit-kit.rules) * 1:35092 <-> DISABLED <-> SERVER-OTHER PHP core compressed file temp_len buffer overflow attempt (server-other.rules) * 1:35093 <-> DISABLED <-> SERVER-OTHER PHP core compressed file temp_len buffer overflow attempt (server-other.rules) * 1:35094 <-> DISABLED <-> FILE-OTHER Microsoft proxy autoconfig script system library import attempt (file-other.rules) * 1:35097 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35098 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35105 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (os-windows.rules) * 1:35106 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (os-windows.rules) * 1:35107 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (os-windows.rules) * 1:35108 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (os-windows.rules) * 1:35109 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit obfuscated Flash actionscript classname detected (exploit-kit.rules) * 1:35110 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit obfuscated Flash actionscript classname detected (exploit-kit.rules) * 1:35111 <-> DISABLED <-> SERVER-OTHER OpenSSL anomalous x509 certificate with default org name and certificate chain detected (server-other.rules) * 1:35112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference attempt (os-windows.rules) * 1:35113 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference attempt (os-windows.rules) * 1:35118 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos privilege escalation attempt (os-windows.rules) * 1:35129 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid table information disclosure attempt (file-office.rules) * 1:35130 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid table information disclosure attempt (file-office.rules) * 1:35131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserDisableProcessWindowFiltering information disclosure attempt (os-windows.rules) * 1:35132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserDisableProcessWindowFiltering information disclosure attempt (os-windows.rules) * 1:35135 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DeferWindowPos access after release code injection attempt (os-windows.rules) * 1:35136 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DeferWindowPos access after release code injection attempt (os-windows.rules) * 1:35143 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Viewer msostyle.dll dll-load exploit attempt (file-office.rules) * 1:35144 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Viewer request for msostyle.dll over SMB attempt (file-office.rules) * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:35149 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop reference use after free attempt (os-windows.rules) * 1:35150 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop reference use after free attempt (os-windows.rules) * 1:35160 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules) * 1:35161 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules) * 1:35162 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules) * 1:35163 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules) * 1:35166 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object remote code execution attempt (file-office.rules) * 1:35167 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object remote code execution attempt (file-office.rules) * 1:35168 <-> DISABLED <-> FILE-OFFICE Microsoft Office rapi.dll dll-load exploit attempt (file-office.rules) * 1:35169 <-> DISABLED <-> FILE-OFFICE Microsoft Office request for rapi.dll over SMB attempt (file-office.rules) * 1:35174 <-> DISABLED <-> OS-WINDOWS DCOM DCE/RPC NTLM reflection elevation of privilege attempt (os-windows.rules) * 1:35175 <-> DISABLED <-> OS-WINDOWS DCOM DCE/RPC NTLM reflection elevation of privilege attempt (os-windows.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules) * 1:10064 <-> DISABLED <-> SERVER-OTHER Peercast URL Parameter overflow attempt (server-other.rules) * 1:10078 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10079 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10080 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10081 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10082 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10083 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10088 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by smtp (malware-other.rules) * 1:10089 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by ftp (malware-other.rules) * 1:10090 <-> DISABLED <-> PUA-ADWARE Trickler zango easymessenger outbound connection (pua-adware.rules) * 1:10091 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool spylply.a runtime detection (malware-tools.rules) * 1:10092 <-> DISABLED <-> MALWARE-OTHER Trackware russian searchbar runtime detection (malware-other.rules) * 1:10093 <-> DISABLED <-> PUA-TOOLBARS Hijacker kuaiso toolbar runtime detection (pua-toolbars.rules) * 1:10094 <-> DISABLED <-> PUA-ADWARE Adware borlan runtime detection (pua-adware.rules) * 1:10095 <-> DISABLED <-> MALWARE-OTHER Trackware bydou runtime detection (malware-other.rules) * 1:10096 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - keylog (malware-other.rules) * 1:10097 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules) * 1:10098 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - get system info (malware-other.rules) * 1:10099 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules) * 1:10100 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - open website (malware-other.rules) * 1:10101 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - delete file (malware-backdoor.rules) * 1:10102 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - chat with victim (malware-backdoor.rules) * 1:10103 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules) * 1:10104 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules) * 1:10105 <-> DISABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection - retrieve pc info (malware-backdoor.rules) * 1:10107 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pslist (malware-backdoor.rules) * 1:10108 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pskill (malware-backdoor.rules) * 1:10109 <-> DISABLED <-> MALWARE-BACKDOOR k-msnrat 1.0.0 runtime detection - init connection (malware-backdoor.rules) * 1:10110 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection (malware-backdoor.rules) * 1:10111 <-> DISABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection - init connection (malware-backdoor.rules) * 1:10112 <-> DISABLED <-> MALWARE-BACKDOOR rix3 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:10115 <-> DISABLED <-> FILE-IMAGE Microsoft Windows WMF denial of service attempt (file-image.rules) * 1:10123 <-> DISABLED <-> PROTOCOL-VOIP PA168 chipset based IP phone default password attempt (protocol-voip.rules) * 1:10124 <-> DISABLED <-> PROTOCOL-VOIP PA168 chipset based IP phone authentication bypass (protocol-voip.rules) * 1:10125 <-> DISABLED <-> SERVER-OTHER bomberclone buffer overflow attempt (server-other.rules) * 1:10131 <-> DISABLED <-> BROWSER-FIREFOX Mozilla compareTo arbitrary code execution attempt (browser-firefox.rules) * 1:10134 <-> DISABLED <-> SERVER-OTHER CA Brightstor discovery service buffer overflow attempt (server-other.rules) * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules) * 1:10164 <-> DISABLED <-> PUA-ADWARE Adware adclicker-ej runtime detection (pua-adware.rules) * 1:10165 <-> DISABLED <-> MALWARE-OTHER Keylogger mybr Keylogger runtime detection (malware-other.rules) * 1:10166 <-> DISABLED <-> MALWARE-OTHER Trackware baigoo runtime detection (malware-other.rules) * 1:10167 <-> DISABLED <-> MALWARE-OTHER Keylogger radar spy 1.0 runtime detection - send html log (malware-other.rules) * 1:10168 <-> DISABLED <-> MALWARE-BACKDOOR one runtime detection (malware-backdoor.rules) * 1:10169 <-> DISABLED <-> MALWARE-BACKDOOR matrix 1.03 by mtronic runtime detection - init connection (malware-backdoor.rules) * 1:10180 <-> DISABLED <-> PUA-TOOLBARS Adware eqiso runtime detection (pua-toolbars.rules) * 1:10181 <-> DISABLED <-> MALWARE-OTHER Keylogger systemsleuth runtime detection (malware-other.rules) * 1:10182 <-> DISABLED <-> PUA-ADWARE Adware newweb runtime detection (pua-adware.rules) * 1:10183 <-> DISABLED <-> MALWARE-OTHER Keylogger activity Keylogger runtime detection (malware-other.rules) * 1:10184 <-> DISABLED <-> MALWARE-BACKDOOR wow 23 runtime detection (malware-backdoor.rules) * 1:10185 <-> DISABLED <-> MALWARE-BACKDOOR x-door runtime detection (malware-backdoor.rules) * 1:10186 <-> DISABLED <-> SERVER-MAIL ClamAV mime parsing directory traversal (server-mail.rules) * 1:10196 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor feed.php code execution (malware-backdoor.rules) * 1:10197 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor theme.php code execution (malware-backdoor.rules) * 1:10285 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP svcctl ChangeServiceConfig2A attempt (netbios.rules) * 1:10408 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD tcp request (protocol-rpc.rules) * 1:10409 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD udp request (protocol-rpc.rules) * 1:10410 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD tcp request (protocol-rpc.rules) * 1:10411 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD udp request (protocol-rpc.rules) * 1:10418 <-> DISABLED <-> OS-SOLARIS Oracle Solaris lpd unlink file attempt (os-solaris.rules) * 1:10435 <-> DISABLED <-> MALWARE-OTHER Trackware admedia runtime detection (malware-other.rules) * 1:10436 <-> DISABLED <-> MALWARE-OTHER Keylogger keyspy runtime detection (malware-other.rules) * 1:10437 <-> DISABLED <-> PUA-ADWARE Hijacker bazookabar outbound connection (pua-adware.rules) * 1:10439 <-> DISABLED <-> PUA-ADWARE Adware mokead runtime detection (pua-adware.rules) * 1:10440 <-> DISABLED <-> MALWARE-OTHER Keylogger pc black box runtime detection (malware-other.rules) * 1:10441 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool statwin runtime detection (malware-tools.rules) * 1:10442 <-> DISABLED <-> MALWARE-BACKDOOR nirvana 2.0 runtime detection - explore c drive (malware-backdoor.rules) * 1:10443 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - sniff info (malware-backdoor.rules) * 1:10444 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - open ftp serice (malware-backdoor.rules) * 1:10445 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get password (malware-backdoor.rules) * 1:10446 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get server info (malware-backdoor.rules) * 1:10448 <-> DISABLED <-> MALWARE-BACKDOOR acessor 2.0 runtime detection - init connection (malware-backdoor.rules) * 1:10449 <-> DISABLED <-> MALWARE-BACKDOOR acid shivers runtime detection - init telnet connection (malware-backdoor.rules) * 1:10450 <-> ENABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules) * 1:10451 <-> DISABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules) * 1:10453 <-> DISABLED <-> MALWARE-BACKDOOR zalivator 1.4.2 pro runtime detection - smtp notification (malware-backdoor.rules) * 1:10454 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:10455 <-> ENABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules) * 1:10456 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules) * 1:10457 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - start keylogger (malware-backdoor.rules) * 1:10458 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 or illusion runtime detection - open file manager (malware-backdoor.rules) * 1:10459 <-> DISABLED <-> MALWARE-BACKDOOR wineggdrop shell pro runtime detection - init connection (malware-backdoor.rules) * 1:10460 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules) * 1:10461 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules) * 1:10462 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules) * 1:10463 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules) * 1:10464 <-> DISABLED <-> PROTOCOL-TELNET kerberos login environment variable authentication bypass attempt (protocol-telnet.rules) * 1:11001 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.delete_refresh_operations buffer overflow attempt (server-oracle.rules) * 1:11002 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.generate_refresh_operations buffer overflow attempt (server-oracle.rules) * 1:11003 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.generate_refresh_operations buffer overflow attempt (server-oracle.rules) * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules) * 1:11073 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss _RemoteGetClassObject attempt (os-windows.rules) * 1:11074 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss _RemoteGetClassObject attempt (os-windows.rules) * 1:11175 <-> DISABLED <-> SERVER-ORACLE dbms_cdc_ipublish.chgtab_cache buffer overflow attempt (server-oracle.rules) * 1:11191 <-> DISABLED <-> SERVER-IIS Microsoft Content Management Server memory corruption (server-iis.rules) * 1:11203 <-> DISABLED <-> SERVER-ORACLE sys.dbms_apply_user_agent.set_registration_handler access attempt (server-oracle.rules) * 1:11205 <-> DISABLED <-> SERVER-ORACLE sys.dbms_upgrade_internal access attempt (server-oracle.rules) * 1:11263 <-> DISABLED <-> SERVER-APACHE Apache mod_ssl non-SSL connection to SSL port denial of service attempt (server-apache.rules) * 1:11264 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server 2000 Server hello buffer overflow attempt (server-mssql.rules) * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules) * 1:11266 <-> DISABLED <-> SERVER-OTHER Kerio Personal Firewall authentication buffer overflow attempt (server-other.rules) * 1:11272 <-> DISABLED <-> SERVER-APACHE Apache newline exploit attempt (server-apache.rules) * 1:11273 <-> DISABLED <-> SERVER-APACHE Apache header parsing space saturation denial of service attempt (server-apache.rules) * 1:11305 <-> DISABLED <-> PUA-ADWARE Snoopware childwebguardian outbound connection - send log through smtp (pua-adware.rules) * 1:11306 <-> DISABLED <-> PUA-ADWARE Snoopware childwebguardian outbound connection - udp broadcast (pua-adware.rules) * 1:11307 <-> DISABLED <-> MALWARE-OTHER Keylogger computer monitor Keylogger runtime detection (malware-other.rules) * 1:11309 <-> DISABLED <-> MALWARE-OTHER Keylogger sskc v2.0 runtime detection (malware-other.rules) * 1:11310 <-> DISABLED <-> PUA-ADWARE Trickler iowa webdownloader - icq notification (pua-adware.rules) * 1:11311 <-> DISABLED <-> MALWARE-OTHER Keylogger pcsentinelsoftware Keylogger runtime detection - upload infor (malware-other.rules) * 1:11312 <-> DISABLED <-> MALWARE-OTHER Trackware uplink runtime detection (malware-other.rules) * 1:11314 <-> DISABLED <-> MALWARE-BACKDOOR shadownet remote spy 2.0 runtime detection (malware-backdoor.rules) * 1:11316 <-> DISABLED <-> MALWARE-BACKDOOR lurker 1.1 runtime detection - init connection (malware-backdoor.rules) * 1:11317 <-> DISABLED <-> MALWARE-BACKDOOR abremote pro 3.1 runtime detection - init connection (malware-backdoor.rules) * 1:11318 <-> DISABLED <-> MALWARE-BACKDOOR boer runtime detection - init connection (malware-backdoor.rules) * 1:11319 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - init connection request (malware-backdoor.rules) * 1:11320 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - reverse mode init connection request (malware-backdoor.rules) * 1:11321 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - udp broadcast (malware-backdoor.rules) * 1:11322 <-> ENABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules) * 1:11323 <-> DISABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules) * 1:11681 <-> DISABLED <-> SERVER-OTHER Openview Omni II command bypass attempt (server-other.rules) * 1:11682 <-> DISABLED <-> SERVER-OTHER niprint_lpd module attack attempt (server-other.rules) * 1:11684 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS overflow attempt (os-windows.rules) * 1:11816 <-> DISABLED <-> NETBIOS Session Service NetDDE attack (netbios.rules) * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:11843 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP spoolss AddPrinter overflow attempt (os-windows.rules) * 1:11945 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11946 <-> DISABLED <-> NETBIOS Datagram Service NetDDE attack (netbios.rules) * 1:11948 <-> DISABLED <-> PUA-TOOLBARS Hijacker snap toolbar runtime detection - cookie (pua-toolbars.rules) * 1:11949 <-> DISABLED <-> MALWARE-BACKDOOR lame rat v1.0 runtime detection (malware-backdoor.rules) * 1:11951 <-> DISABLED <-> MALWARE-BACKDOOR winshadow runtime detection - init connection request (malware-backdoor.rules) * 1:11952 <-> DISABLED <-> MALWARE-BACKDOOR winshadow runtime detection - udp response (malware-backdoor.rules) * 1:11953 <-> ENABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules) * 1:11954 <-> DISABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules) * 1:11955 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11956 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:11959 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11960 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:11961 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11962 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:11968 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules) * 1:11969 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules) * 1:11972 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules) * 1:11973 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules) * 1:11975 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules) * 1:11976 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules) * 1:11977 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules) * 1:11979 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules) * 1:11980 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules) * 1:11981 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules) * 1:11982 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules) * 1:11983 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules) * 1:11984 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules) * 1:11985 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules) * 1:11986 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules) * 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:11988 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:11989 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:11990 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules) * 1:11991 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules) * 1:11992 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules) * 1:11993 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules) * 1:11994 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules) * 1:11995 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules) * 1:11996 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules) * 1:11997 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules) * 1:11998 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules) * 1:11999 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules) * 1:12000 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules) * 1:12001 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules) * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:12005 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules) * 1:12006 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules) * 1:12007 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules) * 1:12009 <-> DISABLED <-> SQL Firebird SQL Fbserver buffer overflow attempt (sql.rules) * 1:12031 <-> DISABLED <-> CONTENT-REPLACE MSN deny in-bound file transfer attempts (content-replace.rules) * 1:12032 <-> DISABLED <-> CONTENT-REPLACE MSN deny out-bound file transfer attempts (content-replace.rules) * 1:12033 <-> DISABLED <-> CONTENT-REPLACE Jabber deny in-bound file transfer attempts (content-replace.rules) * 1:12034 <-> DISABLED <-> CONTENT-REPLACE Jabber deny out-bound file transfer attempts (content-replace.rules) * 1:12035 <-> DISABLED <-> CONTENT-REPLACE IRC deny in-bound file transfer attempts (content-replace.rules) * 1:12036 <-> DISABLED <-> CONTENT-REPLACE IRC deny out-bound file transfer attempts (content-replace.rules) * 1:12037 <-> DISABLED <-> CONTENT-REPLACE AIM deny in-bound file transfer attempts (content-replace.rules) * 1:12038 <-> DISABLED <-> CONTENT-REPLACE AIM deny out-bound file transfer attempts (content-replace.rules) * 1:12039 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny in-bound file transfer attempts (content-replace.rules) * 1:12040 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny out-bound file transfer attempts (content-replace.rules) * 1:12041 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny in-bound file transfer attempts (content-replace.rules) * 1:12042 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny out-bound file transfer attempts (content-replace.rules) * 1:12043 <-> DISABLED <-> SERVER-IIS Microsoft XML parser IIS WebDAV attack attempt (server-iis.rules) * 1:12044 <-> DISABLED <-> SERVER-ORACLE Oracle Web Cache denial of service attempt (server-oracle.rules) * 1:12045 <-> DISABLED <-> SERVER-ORACLE Oracle Web Cache denial of service attempt (server-oracle.rules) * 1:12047 <-> DISABLED <-> PUA-ADWARE Adware yayad runtime detection (pua-adware.rules) * 1:12048 <-> DISABLED <-> MALWARE-OTHER Keylogger computer Keylogger runtime detection (malware-other.rules) * 1:12049 <-> DISABLED <-> MALWARE-OTHER Keylogger apophis spy 1.0 runtime detection (malware-other.rules) * 1:12050 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-greets toolbar runtime detection (pua-toolbars.rules) * 1:12051 <-> DISABLED <-> MALWARE-BACKDOOR ultimate rat 2.1 runtime detection (malware-backdoor.rules) * 1:12052 <-> DISABLED <-> MALWARE-BACKDOOR the[x] 1.2 runtime detection - execute command (malware-backdoor.rules) * 1:12053 <-> DISABLED <-> MALWARE-BACKDOOR trail of destruction 2.0 runtime detection - get system info (malware-backdoor.rules) * 1:12054 <-> ENABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection - flowbit set (malware-backdoor.rules) * 1:12055 <-> DISABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection (malware-backdoor.rules) * 1:12058 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SPNEGO ASN.1 library heap corruption overflow attempt (os-windows.rules) * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:12073 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules) * 1:12074 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules) * 1:12080 <-> DISABLED <-> OS-SOLARIS Oracle Solaris printd arbitrary file deletion vulnerability (os-solaris.rules) * 1:12082 <-> DISABLED <-> SERVER-ORACLE Oracle 9i TNS denial of service attempt (server-oracle.rules) * 1:12112 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules) * 1:12113 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules) * 1:12120 <-> DISABLED <-> PUA-ADWARE Adware pprich runtime detection - version check (pua-adware.rules) * 1:12121 <-> DISABLED <-> PUA-ADWARE Adware pprich runtime detection - udp info sent out (pua-adware.rules) * 1:12122 <-> DISABLED <-> PUA-TOOLBARS Trackware spynova runtime detection (pua-toolbars.rules) * 1:12123 <-> DISABLED <-> PUA-ADWARE Hijacker lookquick outbound connection - hijack ie (pua-adware.rules) * 1:12124 <-> DISABLED <-> PUA-ADWARE Hijacker lookquick outbound connection - monitor and collect user info (pua-adware.rules) * 1:12125 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - hijack ie search assistant (pua-toolbars.rules) * 1:12126 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - collect user information (pua-toolbars.rules) * 1:12127 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - ads (pua-toolbars.rules) * 1:12128 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - init connection (malware-other.rules) * 1:12129 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules) * 1:12130 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules) * 1:12131 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules) * 1:12132 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules) * 1:12133 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules) * 1:12134 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules) * 1:12135 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules) * 1:12136 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules) * 1:12137 <-> DISABLED <-> MALWARE-OTHER Keylogger Keylogger king home 2.3 runtime detection (malware-other.rules) * 1:12138 <-> DISABLED <-> PUA-ADWARE Adware zamingo runtime detection (pua-adware.rules) * 1:12139 <-> DISABLED <-> MALWARE-OTHER Trackware stealth website logger 3.4 runtime detection (malware-other.rules) * 1:12140 <-> DISABLED <-> PUA-ADWARE Hijacker cnnic update outbound connection (pua-adware.rules) * 1:12141 <-> DISABLED <-> MALWARE-OTHER Keylogger logit v1.0 runtime detection (malware-other.rules) * 1:12142 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules) * 1:12143 <-> DISABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules) * 1:12144 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules) * 1:12145 <-> DISABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules) * 1:12146 <-> ENABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules) * 1:12147 <-> DISABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules) * 1:12148 <-> ENABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules) * 1:12149 <-> DISABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules) * 1:12150 <-> ENABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:12151 <-> DISABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection (malware-backdoor.rules) * 1:12152 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - init connection (malware-backdoor.rules) * 1:12153 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12154 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12155 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12156 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12157 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12158 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12159 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - keylogging (malware-backdoor.rules) * 1:12160 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12161 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12162 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12163 <-> ENABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules) * 1:12164 <-> DISABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules) * 1:12167 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules) * 1:12170 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules) * 1:12171 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules) * 1:12172 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules) * 1:12173 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules) * 1:12174 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:12175 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:12176 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:12177 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:12178 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:12179 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:12180 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules) * 1:12181 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules) * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:12209 <-> ENABLED <-> PUA-P2P P2PTv TVAnt udp traffic detected (pua-p2p.rules) * 1:12210 <-> ENABLED <-> PUA-P2P P2PTv TVAnts TCP tracker connect traffic detected (pua-p2p.rules) * 1:12211 <-> ENABLED <-> PUA-P2P P2PTv TVAnts TCP connection traffic detected (pua-p2p.rules) * 1:12220 <-> DISABLED <-> SERVER-OTHER IBM Informix Dynamic Server long username buffer overflow attempt (server-other.rules) * 1:12224 <-> DISABLED <-> PUA-ADWARE Adware enbrowser snackman runtime detection (pua-adware.rules) * 1:12225 <-> DISABLED <-> PUA-TOOLBARS Adware zango2007 toolbar runtime detection (pua-toolbars.rules) * 1:12226 <-> DISABLED <-> MALWARE-OTHER Keylogger overspy runtime detection (malware-other.rules) * 1:12227 <-> DISABLED <-> PUA-TOOLBARS Trackware snap ultrasearch/desktop toolbar runtime detection - search (pua-toolbars.rules) * 1:12228 <-> DISABLED <-> PUA-TOOLBARS Trackware snap ultrasearch/desktop toolbar runtime detection - cookie (pua-toolbars.rules) * 1:12229 <-> DISABLED <-> PUA-ADWARE Adware vroomsearch runtime detection (pua-adware.rules) * 1:12230 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool hippynotify 2.0 runtime detection (malware-tools.rules) * 1:12231 <-> DISABLED <-> PUA-ADWARE Adware vroomsearch runtime detection (pua-adware.rules) * 1:12232 <-> DISABLED <-> PUA-ADWARE Adware errorsafe runtime detection (pua-adware.rules) * 1:12233 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules) * 1:12234 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules) * 1:12235 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules) * 1:12236 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules) * 1:12237 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules) * 1:12238 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules) * 1:12239 <-> DISABLED <-> MALWARE-BACKDOOR webcenter v1.0 Backdoor - init connection (malware-backdoor.rules) * 1:12240 <-> ENABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules) * 1:12241 <-> DISABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules) * 1:12242 <-> ENABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules) * 1:12243 <-> DISABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules) * 1:12244 <-> DISABLED <-> MALWARE-BACKDOOR itadem trojan 3.0 runtime detection (malware-backdoor.rules) * 1:12245 <-> DISABLED <-> MALWARE-BACKDOOR furax 1.0 b3 runtime detection (malware-backdoor.rules) * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:12287 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - ebrss request (pua-toolbars.rules) * 1:12288 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - hijack ie searches (pua-toolbars.rules) * 1:12289 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - get updates (pua-toolbars.rules) * 1:12290 <-> DISABLED <-> PUA-ADWARE Hijacker newdotnet quick! search outbound connection (pua-adware.rules) * 1:12291 <-> DISABLED <-> PUA-TOOLBARS Trackware vmn toolbar runtime detection (pua-toolbars.rules) * 1:12292 <-> DISABLED <-> PUA-TOOLBARS Hijacker morpheus toolbar runtime detection - hijack/search (pua-toolbars.rules) * 1:12293 <-> DISABLED <-> PUA-TOOLBARS Hijacker morpheus toolbar runtime detection - get cfg info (pua-toolbars.rules) * 1:12294 <-> DISABLED <-> PUA-TOOLBARS Hijacker 3search runtime detection - counter (pua-toolbars.rules) * 1:12295 <-> DISABLED <-> PUA-ADWARE Hijacker 3search outbound connection - hijacking (pua-adware.rules) * 1:12296 <-> DISABLED <-> PUA-TOOLBARS Hijacker 3search runtime detection - update (pua-toolbars.rules) * 1:12297 <-> ENABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules) * 1:12298 <-> DISABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules) * 1:12299 <-> DISABLED <-> OS-OTHER Cisco NHRP incorrect packet size (os-other.rules) * 1:12300 <-> DISABLED <-> OS-OTHER Cisco NHRP incorrect packet size (os-other.rules) * 1:12303 <-> DISABLED <-> POLICY-SOCIAL Google Chat web client connection (policy-social.rules) * 1:12304 <-> DISABLED <-> POLICY-SOCIAL AOL Instant Messenger web client connection (policy-social.rules) * 1:12305 <-> DISABLED <-> POLICY-SOCIAL Yahoo Messenger web client connection (policy-social.rules) * 1:12306 <-> DISABLED <-> POLICY-SOCIAL Microsoft Messenger web client connection (policy-social.rules) * 1:12357 <-> DISABLED <-> SERVER-OTHER Apple mDNSresponder excessive HTTP headers (server-other.rules) * 1:12359 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk data length field overflow attempt (protocol-voip.rules) * 1:12361 <-> DISABLED <-> PUA-ADWARE Infostealer.Monstres outbound connection (pua-adware.rules) * 1:12363 <-> DISABLED <-> PUA-ADWARE Other-Technologies malware-stopper outbound connection (pua-adware.rules) * 1:12364 <-> DISABLED <-> PUA-TOOLBARS Hijacker proventactics 3.5 runtime detection - get cfg information (pua-toolbars.rules) * 1:12365 <-> DISABLED <-> PUA-ADWARE Hijacker proventactics 3.5 outbound connection - redirect searches (pua-adware.rules) * 1:12366 <-> DISABLED <-> PUA-TOOLBARS Hijacker proventactics 3.5 runtime detection - toolbar search function (pua-toolbars.rules) * 1:12367 <-> DISABLED <-> PUA-ADWARE Hijacker imesh mediabar outbound connection - hijack ie searches (pua-adware.rules) * 1:12368 <-> DISABLED <-> PUA-ADWARE Hijacker imesh mediabar outbound connection - hijack ie side search (pua-adware.rules) * 1:12369 <-> DISABLED <-> PUA-ADWARE Hijacker imesh mediabar outbound connection - collect user information (pua-adware.rules) * 1:12370 <-> DISABLED <-> PUA-TOOLBARS Hijacker imesh mediabar runtime detection - auto update (pua-toolbars.rules) * 1:12372 <-> DISABLED <-> MALWARE-OTHER Keylogger mg-shadow 2.0 runtime detection (malware-other.rules) * 1:12373 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules) * 1:12374 <-> DISABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules) * 1:12375 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules) * 1:12376 <-> DISABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules) * 1:12377 <-> ENABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules) * 1:12378 <-> DISABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules) * 1:12379 <-> DISABLED <-> MALWARE-OTHER Keylogger PaqKeylogger 5.1 runtime detection - ftp (malware-other.rules) * 1:12390 <-> DISABLED <-> POLICY-SOCIAL Yahoo Webmail client chat applet (policy-social.rules) * 1:12391 <-> DISABLED <-> POLICY-SOCIAL Google Webmail client chat applet (policy-social.rules) * 1:12421 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long transport header (server-other.rules) * 1:12422 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long describe request exploit attempt (server-other.rules) * 1:12425 <-> DISABLED <-> PUA-P2P Ruckus P2P client activity (pua-p2p.rules) * 1:12426 <-> DISABLED <-> PUA-P2P Ruckus P2P broadcast domain probe (pua-p2p.rules) * 1:12427 <-> DISABLED <-> PUA-P2P Ruckus P2P encrypted authentication connection (pua-p2p.rules) * 1:12436 <-> DISABLED <-> POLICY-MULTIMEDIA Youtube video player file request (policy-multimedia.rules) * 1:12437 <-> DISABLED <-> POLICY-MULTIMEDIA Google video player request (policy-multimedia.rules) * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:12455 <-> ENABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules) * 1:12457 <-> DISABLED <-> POLICY-SOCIAL Microsoft Live chat video feed initiation (policy-social.rules) * 1:12458 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt (protocol-rpc.rules) * 1:12464 <-> DISABLED <-> PROTOCOL-NNTP cancel overflow attempt (protocol-nntp.rules) * 1:12465 <-> DISABLED <-> SERVER-APACHE Apache APR memory corruption attempt (server-apache.rules) * 1:12480 <-> ENABLED <-> MALWARE-OTHER Keylogger inside website logger 2.4 runtime detection (malware-other.rules) * 1:12481 <-> DISABLED <-> PUA-TOOLBARS Hijacker 411web toolbar runtime detection (pua-toolbars.rules) * 1:12483 <-> DISABLED <-> PUA-ADWARE Other-Technologies virusprotectpro 3.7 outbound connection (pua-adware.rules) * 1:12484 <-> DISABLED <-> PUA-ADWARE Adware instant buzz runtime detection - ads for members (pua-adware.rules) * 1:12485 <-> DISABLED <-> PUA-ADWARE Adware instant buzz runtime detection - random text ads (pua-adware.rules) * 1:12486 <-> DISABLED <-> PUA-TOOLBARS Hijacker soso toolbar runtime detection - get weather information (pua-toolbars.rules) * 1:12487 <-> DISABLED <-> PUA-TOOLBARS Hijacker soso toolbar runtime detection - hijack ie auto searches / soso toolbar searches requests (pua-toolbars.rules) * 1:12593 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Apple Quicktime chrome exploit (browser-firefox.rules) * 1:12594 <-> DISABLED <-> SERVER-OTHER Oracle TNS Service_CurLoad command (server-other.rules) * 1:12597 <-> DISABLED <-> SERVER-OTHER utf8 filename transfer attempt (server-other.rules) * 1:12608 <-> DISABLED <-> PROTOCOL-RPC portmap walld udp request (protocol-rpc.rules) * 1:12609 <-> DISABLED <-> PROTOCOL-RPC portmap walld udp format string attack attempt (protocol-rpc.rules) * 1:12611 <-> DISABLED <-> POLICY-SOCIAL ebuddy.com login attempt (policy-social.rules) * 1:12619 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange ical/vcal malformed property (server-mail.rules) * 1:12620 <-> DISABLED <-> PUA-ADWARE Adware drive cleaner 1.0.111 runtime detection (pua-adware.rules) * 1:12621 <-> DISABLED <-> PUA-TOOLBARS Trackware extra toolbar 1.0 runtime detection (pua-toolbars.rules) * 1:12622 <-> DISABLED <-> PUA-TOOLBARS Trackware extra toolbar 1.0 runtime detection - file download (pua-toolbars.rules) * 1:12623 <-> DISABLED <-> PUA-ADWARE Hijacker onestepsearch 1.0.118 outbound connection (pua-adware.rules) * 1:12624 <-> DISABLED <-> PUA-ADWARE Hijacker onestepsearch 1.0.118 outbound connection - upgrade (pua-adware.rules) * 1:12625 <-> DISABLED <-> MALWARE-OTHER Keylogger windows family safety 2.0 runtime detection (malware-other.rules) * 1:12626 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmap sadmin port query request attempt (protocol-rpc.rules) * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules) * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules) * 1:12652 <-> DISABLED <-> PUA-ADWARE Hijacker new.net domain 7.2.2 outbound connection - hijack browser (pua-adware.rules) * 1:12653 <-> DISABLED <-> PUA-ADWARE Hijacker new.net domain 7.2.2 outbound connection - download code (pua-adware.rules) * 1:12654 <-> DISABLED <-> PUA-ADWARE Hijacker rabio 4.2 outbound connection - hijack browser (pua-adware.rules) * 1:12655 <-> DISABLED <-> PUA-ADWARE Hijacker rabio 4.2 outbound connection - download updates (pua-adware.rules) * 1:12656 <-> DISABLED <-> PUA-ADWARE Adware icoo loader 2.5 runtime detection 1 (pua-adware.rules) * 1:12657 <-> DISABLED <-> PUA-ADWARE Adware icoo loader 2.5 runtime detection 2 (pua-adware.rules) * 1:12658 <-> DISABLED <-> PUA-ADWARE Adware winantivirus pro 2007 runtime detection (pua-adware.rules) * 1:12659 <-> DISABLED <-> PUA-ADWARE Trickler zlob media codec outbound connection - automatic updates (pua-adware.rules) * 1:12660 <-> DISABLED <-> PUA-ADWARE Trickler zlob media codec outbound connection - download redirect domains (pua-adware.rules) * 1:12672 <-> DISABLED <-> PUA-TOOLBARS Trackware searchmiracle elitebar runtime detection - get ads (pua-toolbars.rules) * 1:12675 <-> DISABLED <-> MALWARE-BACKDOOR Versi TheTheef Detection (malware-backdoor.rules) * 1:12676 <-> DISABLED <-> PUA-ADWARE Conspy Update Checking Detected (pua-adware.rules) * 1:12677 <-> DISABLED <-> PUA-ADWARE Adware ISTBar runtime detection - softwares (pua-adware.rules) * 1:12678 <-> DISABLED <-> PUA-ADWARE SpyTech Realtime Spy Detection (pua-adware.rules) * 1:12679 <-> DISABLED <-> PUA-TOOLBARS Trackware myway speedbar / mywebsearch toolbar user-agent detection (pua-toolbars.rules) * 1:12680 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules) * 1:12681 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules) * 1:12682 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules) * 1:12683 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules) * 1:12684 <-> DISABLED <-> MALWARE-BACKDOOR Sygate Remote Administration Engine (malware-backdoor.rules) * 1:12686 <-> DISABLED <-> POLICY-SOCIAL AIM Express usage (policy-social.rules) * 1:12691 <-> DISABLED <-> PUA-P2P Outbound Joltid PeerEnabler traffic detected (pua-p2p.rules) * 1:12693 <-> DISABLED <-> PUA-ADWARE Hijacker personalweb outbound connection (pua-adware.rules) * 1:12694 <-> DISABLED <-> PUA-ADWARE Adware avsystemcare runtime detection (pua-adware.rules) * 1:12695 <-> DISABLED <-> PUA-ADWARE Adware coopen 3.6.1 runtime detection - initial connection (pua-adware.rules) * 1:12696 <-> DISABLED <-> PUA-ADWARE Adware coopen 3.6.1 runtime detection - automatic upgrade (pua-adware.rules) * 1:12697 <-> DISABLED <-> MALWARE-OTHER Trackware browser accelerator runtime detection - pass user information to server (malware-other.rules) * 1:12698 <-> DISABLED <-> MALWARE-OTHER Keylogger net vizo 5.2 runtime detection (malware-other.rules) * 1:12699 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules) * 1:12700 <-> DISABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules) * 1:12704 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer MIFFILE comment overflow (server-mail.rules) * 1:12705 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer statement overflow (server-mail.rules) * 1:12710 <-> DISABLED <-> SERVER-OTHER ASN.1 constructed bit string (server-other.rules) * 1:12711 <-> DISABLED <-> SERVER-APACHE Apache Tomcat WebDAV system tag remote file disclosure attempt (server-apache.rules) * 1:12712 <-> DISABLED <-> PROTOCOL-SNMP oversized sysName set request (protocol-snmp.rules) * 1:12718 <-> DISABLED <-> PUA-ADWARE Hijacker side find 1.0 outbound connection - initial connection (pua-adware.rules) * 1:12719 <-> DISABLED <-> PUA-ADWARE Hijacker side find 1.0 outbound connection - hijacks search engine (pua-adware.rules) * 1:12720 <-> DISABLED <-> PUA-ADWARE Adware pestbot runtime detection - update (pua-adware.rules) * 1:12721 <-> DISABLED <-> PUA-ADWARE Adware pestbot runtime detection - purchase (pua-adware.rules) * 1:12722 <-> DISABLED <-> PUA-ADWARE Hijacker sexyvideoscreensaver outbound connection (pua-adware.rules) * 1:12724 <-> ENABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules) * 1:12725 <-> DISABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules) * 1:12726 <-> ENABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules) * 1:12727 <-> DISABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules) * 1:12758 <-> ENABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules) * 1:12759 <-> DISABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules) * 1:12760 <-> ENABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules) * 1:12761 <-> DISABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules) * 1:12789 <-> DISABLED <-> PUA-ADWARE Adware sunshine spy 1.0 runtime detection - check update (pua-adware.rules) * 1:12790 <-> DISABLED <-> MALWARE-OTHER Trackware partypoker runtime detection (malware-other.rules) * 1:12791 <-> DISABLED <-> PUA-TOOLBARS Adware gophoria toolbar runtime detection (pua-toolbars.rules) * 1:12792 <-> ENABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules) * 1:12793 <-> DISABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules) * 1:12794 <-> DISABLED <-> PUA-ADWARE Hijacker gralicwrap outbound connection - search frauddb process (pua-adware.rules) * 1:12795 <-> DISABLED <-> PUA-ADWARE Hijacker gralicwrap outbound connection - display frauddb information (pua-adware.rules) * 1:12796 <-> DISABLED <-> PUA-TOOLBARS Trackware happytofind toolbar runtime detection (pua-toolbars.rules) * 1:12797 <-> DISABLED <-> PUA-ADWARE Adware x-con spyware destroyer eh 3.2.8 runtime detection (pua-adware.rules) * 1:12801 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules) * 1:12808 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss OpenPrinter overflow attempt (netbios.rules) * 1:12946 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS SMBv2 protocol negotiation attempt (os-windows.rules) * 1:12947 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB SMBv2 protocol negotiation attempt (os-windows.rules) * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules) * 1:13236 <-> ENABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules) * 1:13237 <-> DISABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules) * 1:13238 <-> DISABLED <-> PUA-ADWARE Adware adult p2p 1.5 runtime detection (pua-adware.rules) * 1:13239 <-> DISABLED <-> PUA-TOOLBARS Hijacker blue wave adult links toolbar runtime detection (pua-toolbars.rules) * 1:13240 <-> DISABLED <-> PUA-ADWARE Adware live protection 2.1 runtime detection - redirects to purchase page (pua-adware.rules) * 1:13241 <-> DISABLED <-> PUA-ADWARE Adware live protection 2.1 runtime detection - application updates (pua-adware.rules) * 1:13242 <-> DISABLED <-> PUA-ADWARE Adware netpumper 1.26 runtime detection (pua-adware.rules) * 1:13243 <-> ENABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules) * 1:13244 <-> DISABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules) * 1:13246 <-> DISABLED <-> MALWARE-BACKDOOR troya 1.4 inbound connection (malware-backdoor.rules) * 1:13247 <-> ENABLED <-> MALWARE-BACKDOOR yuri 1.2 runtime detection - init connection (malware-backdoor.rules) * 1:13277 <-> DISABLED <-> PUA-ADWARE Adware netword agent runtime detection (pua-adware.rules) * 1:13278 <-> ENABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules) * 1:13279 <-> DISABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules) * 1:13280 <-> ENABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules) * 1:13281 <-> DISABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules) * 1:13282 <-> DISABLED <-> PUA-TOOLBARS Adware jily ie toolbar runtime detection (pua-toolbars.rules) * 1:13283 <-> DISABLED <-> PUA-ADWARE Hijacker dreambar outbound connection (pua-adware.rules) * 1:13284 <-> DISABLED <-> PUA-ADWARE Adware netguarder web cleaner runtime detection (pua-adware.rules) * 1:13285 <-> DISABLED <-> PUA-ADWARE Hijacker phazebar outbound connection (pua-adware.rules) * 1:13286 <-> DISABLED <-> PUA-ADWARE Adware 3wplayer 1.7 runtime detection (pua-adware.rules) * 1:13339 <-> DISABLED <-> PUA-TOOLBARS Hijacker direct toolbar runtime detection (pua-toolbars.rules) * 1:13340 <-> DISABLED <-> PUA-ADWARE Hijacker search4top outbound connection - hijack ie searches and error pages (pua-adware.rules) * 1:13341 <-> DISABLED <-> PUA-ADWARE Hijacker search4top outbound connection - popup ads (pua-adware.rules) * 1:13342 <-> DISABLED <-> PUA-TOOLBARS Hijacker ditto toolbar runtime detection (pua-toolbars.rules) * 1:13343 <-> DISABLED <-> PUA-ADWARE Adware 2005-search loader runtime detection (pua-adware.rules) * 1:13344 <-> DISABLED <-> PUA-ADWARE Adware yourprivacyguard runtime detection - presale request (pua-adware.rules) * 1:13345 <-> DISABLED <-> PUA-ADWARE Adware yourprivacyguard runtime detection - update (pua-adware.rules) * 1:13346 <-> ENABLED <-> PUA-ADWARE Snoopware remote desktop inspector outbound connection - init connection (pua-adware.rules) * 1:13347 <-> DISABLED <-> PUA-ADWARE Snoopware remote desktop inspector runtime detection - init connection (pua-adware.rules) * 1:13357 <-> DISABLED <-> SERVER-MYSQL failed Oracle Mysql login attempt (server-mysql.rules) * 1:13358 <-> DISABLED <-> SERVER-MYSQL Oracle Mysql login attempt from unauthorized location (server-mysql.rules) * 1:13359 <-> DISABLED <-> APP-DETECT failed IMAP login attempt - invalid username/password (app-detect.rules) * 1:13360 <-> DISABLED <-> APP-DETECT failed FTP login attempt (app-detect.rules) * 1:13367 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss GetPrinterData attempt (netbios.rules) * 1:13415 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules) * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules) * 1:13471 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher invalid pathname overwrite attempt (file-office.rules) * 1:13477 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.collectEmailInfo exploit attempt - compressed (file-pdf.rules) * 1:13478 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.collectEmailInfo exploit attempt (file-pdf.rules) * 1:13479 <-> ENABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules) * 1:13480 <-> DISABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules) * 1:13481 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - hijacks search engine (pua-toolbars.rules) * 1:13482 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - discloses information (pua-toolbars.rules) * 1:13483 <-> ENABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules) * 1:13484 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules) * 1:13485 <-> DISABLED <-> PUA-TOOLBARS Hijacker sofa toolbar runtime detection - hijacks search engine (pua-toolbars.rules) * 1:13486 <-> DISABLED <-> PUA-TOOLBARS Hijacker sofa toolbar runtime detection - records search information (pua-toolbars.rules) * 1:13487 <-> DISABLED <-> PUA-ADWARE Adware elite protector runtime detection (pua-adware.rules) * 1:13488 <-> DISABLED <-> PUA-TOOLBARS Hijacker people pal toolbar runtime detection - automatic upgrade (pua-toolbars.rules) * 1:13489 <-> DISABLED <-> PUA-TOOLBARS Hijacker people pal toolbar runtime detection - traffic for searching (pua-toolbars.rules) * 1:13490 <-> DISABLED <-> PUA-ADWARE Adware spy shredder 2.1 runtime detection - presale request (pua-adware.rules) * 1:13491 <-> DISABLED <-> PUA-ADWARE Adware spy shredder 2.1 runtime detection - update (pua-adware.rules) * 1:13492 <-> DISABLED <-> PUA-TOOLBARS Hijacker deepdo toolbar runtime detection - redirects search engine (pua-toolbars.rules) * 1:13493 <-> DISABLED <-> PUA-TOOLBARS Hijacker deepdo toolbar runtime detection - automatic update (pua-toolbars.rules) * 1:13494 <-> DISABLED <-> MALWARE-OTHER Keylogger smart pc Keylogger runtime detection (malware-other.rules) * 1:13495 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - initial traffic 1 (pua-toolbars.rules) * 1:13496 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - initial traffic 2 (pua-toolbars.rules) * 1:13497 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - tracking traffic (pua-toolbars.rules) * 1:13498 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - search traffic 1 (pua-adware.rules) * 1:13499 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - search traffic 2 (pua-adware.rules) * 1:13500 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - log information (pua-adware.rules) * 1:13501 <-> DISABLED <-> PUA-ADWARE Adware contravirus runtime detection - presale request (pua-adware.rules) * 1:13502 <-> DISABLED <-> PUA-ADWARE Adware contravirus runtime detection - update (pua-adware.rules) * 1:13503 <-> DISABLED <-> PUA-TOOLBARS Hijacker dealio toolbar runtime detection user-agent detected (pua-toolbars.rules) * 1:13504 <-> DISABLED <-> PUA-ADWARE Adware iedefender runtime detection - presale request (pua-adware.rules) * 1:13505 <-> DISABLED <-> PUA-ADWARE Adware iedefender runtime detection - update (pua-adware.rules) * 1:13506 <-> ENABLED <-> MALWARE-BACKDOOR evilotus 1.3.2 runtime detection - init connection (malware-backdoor.rules) * 1:13515 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules) * 1:13556 <-> DISABLED <-> PUA-ADWARE Hijacker kword interkey outbound connection - search traffic 1 (pua-adware.rules) * 1:13557 <-> DISABLED <-> PUA-ADWARE Hijacker kword interkey outbound connection - search traffic 2 (pua-adware.rules) * 1:13558 <-> DISABLED <-> PUA-ADWARE Hijacker kword interkey outbound connection - log user info (pua-adware.rules) * 1:13559 <-> DISABLED <-> PUA-TOOLBARS Hijacker kompass toolbar runtime detection - initial connection (pua-toolbars.rules) * 1:13560 <-> DISABLED <-> PUA-TOOLBARS Hijacker kompass toolbar runtime detection - search traffic (pua-toolbars.rules) * 1:13561 <-> DISABLED <-> PUA-ADWARE Adware malware alarm runtime detection - presale request (pua-adware.rules) * 1:13562 <-> DISABLED <-> PUA-ADWARE Adware malware alarm runtime detection - update request (pua-adware.rules) * 1:13563 <-> DISABLED <-> PUA-ADWARE Adware system doctor runtime detection - presale request (pua-adware.rules) * 1:13564 <-> DISABLED <-> PUA-ADWARE Adware system doctor runtime detection - update status (pua-adware.rules) * 1:13565 <-> DISABLED <-> PUA-ADWARE Trickler iecodec outbound connection - initial traffic (pua-adware.rules) * 1:13566 <-> DISABLED <-> PUA-ADWARE Trickler iecodec outbound connection - message dialog (pua-adware.rules) * 1:13567 <-> DISABLED <-> MALWARE-OTHER Keylogger msn spy monitor runtime detection (malware-other.rules) * 1:13568 <-> DISABLED <-> MALWARE-OTHER Keylogger sys keylog 1.3 advanced runtime detection (malware-other.rules) * 1:13586 <-> DISABLED <-> APP-DETECT SSH server detected on non-standard port (app-detect.rules) * 1:13589 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via header request misplaced - after terminating newline (protocol-voip.rules) * 1:13590 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules) * 1:13594 <-> DISABLED <-> OS-WINDOWS Microsoft Windows print spooler little endian DoS attempt (os-windows.rules) * 1:13613 <-> DISABLED <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt (os-solaris.rules) * 1:13614 <-> DISABLED <-> SERVER-OTHER CVS Argument overflow attempt (server-other.rules) * 1:13615 <-> DISABLED <-> SERVER-OTHER CVS Argument overflow attempt (server-other.rules) * 1:13616 <-> DISABLED <-> SERVER-OTHER CVS Argument overflow (server-other.rules) * 1:13617 <-> DISABLED <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt (server-oracle.rules) * 1:13618 <-> DISABLED <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt (server-oracle.rules) * 1:13620 <-> DISABLED <-> SERVER-OTHER CA Brightstor discovery service alternate buffer overflow attempt (server-other.rules) * 1:13632 <-> DISABLED <-> SERVER-OTHER Zango adware installation request (server-other.rules) * 1:13635 <-> DISABLED <-> PUA-ADWARE Trickler downloader trojan.gen outbound connection - get malicious link (pua-adware.rules) * 1:13636 <-> DISABLED <-> PUA-ADWARE Trickler downloader trojan.gen outbound connection - download malicious link (pua-adware.rules) * 1:13637 <-> DISABLED <-> PUA-ADWARE Adware virus heat runtime detection - presale request (pua-adware.rules) * 1:13639 <-> DISABLED <-> PUA-TOOLBARS Hijacker locmag toolbar runtime detection - connection to toolbar (pua-toolbars.rules) * 1:13640 <-> DISABLED <-> PUA-TOOLBARS Hijacker locmag toolbar runtime detection - hijacks address bar (pua-toolbars.rules) * 1:13641 <-> DISABLED <-> PUA-TOOLBARS Hijacker eclickz toolbar runtime detection - search traffic (pua-toolbars.rules) * 1:13642 <-> DISABLED <-> MALWARE-OTHER Keylogger easy Keylogger runtime detection (malware-other.rules) * 1:13643 <-> DISABLED <-> PUA-TOOLBARS Hijacker zztoolbar runtime detection - toolbar traffic (pua-toolbars.rules) * 1:13644 <-> DISABLED <-> PUA-TOOLBARS Hijacker zztoolbar runtime detection - search traffic (pua-toolbars.rules) * 1:13645 <-> DISABLED <-> PUA-TOOLBARS Hijacker mxs toolbar runtime detection (pua-toolbars.rules) * 1:13646 <-> DISABLED <-> PUA-ADWARE Adware registry defender runtime detection - presale request (pua-adware.rules) * 1:13647 <-> DISABLED <-> PUA-ADWARE Adware registry defender runtime detection - error report request (pua-adware.rules) * 1:13648 <-> DISABLED <-> PUA-ADWARE Hijacker mysearch bar 2.0.2.28 runtime detection (pua-adware.rules) * 1:13649 <-> DISABLED <-> PUA-ADWARE Adware spyware stop runtime detection - presale request (pua-adware.rules) * 1:13650 <-> DISABLED <-> PUA-ADWARE Adware spyware stop runtime detection - auto updates (pua-adware.rules) * 1:13651 <-> DISABLED <-> MALWARE-OTHER Keylogger family cyber alert runtime detection - smtp traffic for recorded activities (malware-other.rules) * 1:13652 <-> DISABLED <-> PUA-ADWARE Keylogger all in one Keylogger runtime detection (pua-adware.rules) * 1:13653 <-> DISABLED <-> PUA-ADWARE Adware cashfiesta adbar runtime detection - updates traffic (pua-adware.rules) * 1:13694 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long get request exploit attempt (server-other.rules) * 1:13695 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long setup request exploit attempt (server-other.rules) * 1:13697 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation - alternate port (policy-other.rules) * 1:13698 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation - second alternate port (policy-other.rules) * 1:13719 <-> DISABLED <-> SERVER-ORACLE database username buffer overflow (server-oracle.rules) * 1:13762 <-> DISABLED <-> PUA-ADWARE Adware system defender runtime detection (pua-adware.rules) * 1:13764 <-> DISABLED <-> PUA-ADWARE Snoopware xpress remote outbound connection - init connection (pua-adware.rules) * 1:13765 <-> DISABLED <-> PUA-ADWARE Adware winxdefender runtime detection - presale request (pua-adware.rules) * 1:13766 <-> DISABLED <-> PUA-ADWARE Adware winxdefender runtime detection - auto update (pua-adware.rules) * 1:13767 <-> ENABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules) * 1:13768 <-> DISABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules) * 1:13769 <-> DISABLED <-> PUA-TOOLBARS Hijacker searchnine toolbar runtime detection - hijacks address bar (pua-toolbars.rules) * 1:13770 <-> DISABLED <-> PUA-TOOLBARS Hijacker searchnine toolbar runtime detection - redirects search function (pua-toolbars.rules) * 1:13771 <-> DISABLED <-> PUA-TOOLBARS Hijacker music of faith toolbar runtime detection - hijacks search engine traffic #1 (pua-toolbars.rules) * 1:13772 <-> DISABLED <-> PUA-TOOLBARS Hijacker music of faith toolbar runtime detection - hijacks search engine traffic #2 (pua-toolbars.rules) * 1:13774 <-> DISABLED <-> PUA-ADWARE Trickler trojan ecodec outbound connection - initial server connection #1 (pua-adware.rules) * 1:13775 <-> DISABLED <-> PUA-ADWARE Trickler trojan ecodec outbound connection - initial server connection #2 (pua-adware.rules) * 1:13776 <-> DISABLED <-> MALWARE-OTHER Trackware syscleaner runtime detection - presale traffic (malware-other.rules) * 1:13778 <-> DISABLED <-> MALWARE-OTHER Keylogger kgb employee monitor runtime detection (malware-other.rules) * 1:13779 <-> DISABLED <-> PUA-TOOLBARS Trackware proofile toolbar runtime detection (pua-toolbars.rules) * 1:13780 <-> DISABLED <-> PUA-TOOLBARS Hijacker find.fm toolbar runtime detection - automatic updates (pua-toolbars.rules) * 1:13781 <-> DISABLED <-> PUA-TOOLBARS Hijacker find.fm toolbar runtime detection - hijacks address bar (pua-toolbars.rules) * 1:13791 <-> DISABLED <-> INDICATOR-OBFUSCATION oversized cast statement - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:13797 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules) * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules) * 1:13808 <-> DISABLED <-> PUA-ADWARE Adware ie antivirus runtime detection - presale request (pua-adware.rules) * 1:13809 <-> DISABLED <-> PUA-ADWARE Adware ie antivirus runtime detection - update request (pua-adware.rules) * 1:13810 <-> DISABLED <-> PUA-ADWARE Trickler Adware.Win32.Ejik runtime detection - udp payload (pua-adware.rules) * 1:13811 <-> DISABLED <-> PUA-ADWARE Adware xp antivirus runtime detection (pua-adware.rules) * 1:13812 <-> DISABLED <-> MALWARE-OTHER Keylogger refog Keylogger runtime detection (malware-other.rules) * 1:13813 <-> DISABLED <-> PUA-ADWARE Trickler mm.exe outbound connection (pua-adware.rules) * 1:13840 <-> DISABLED <-> SERVER-OTHER Borland Interbase service attach operation buffer overflow (server-other.rules) * 1:13841 <-> DISABLED <-> SERVER-OTHER Borland Interbase create operation buffer overflow (server-other.rules) * 1:13842 <-> DISABLED <-> SERVER-OTHER Borland Interbase operation buffer overflow (server-other.rules) * 1:13844 <-> DISABLED <-> SERVER-MAIL BDAT size longer than contents exploit attempt (server-mail.rules) * 1:13845 <-> DISABLED <-> SERVER-MAIL BDAT size public exploit attempt (server-mail.rules) * 1:13847 <-> DISABLED <-> PUA-ADWARE Adware phoenician casino runtime detection (pua-adware.rules) * 1:13848 <-> DISABLED <-> PUA-ADWARE Trickler zwinky runtime detection (pua-adware.rules) * 1:13849 <-> DISABLED <-> PUA-ADWARE Hijacker rcse 4.4 outbound connection - hijack ie browser (pua-adware.rules) * 1:13850 <-> DISABLED <-> PUA-ADWARE Adware roogoo 2.0 runtime detection - popup ads (pua-adware.rules) * 1:13851 <-> DISABLED <-> PUA-ADWARE Adware roogoo 2.0 runtime detection - upgrade (pua-adware.rules) * 1:13852 <-> DISABLED <-> PUA-ADWARE Hijacker bitroll 5.0 outbound connection (pua-adware.rules) * 1:13853 <-> DISABLED <-> PUA-TOOLBARS Hijacker alot toolbar runtime detection - weather request (pua-toolbars.rules) * 1:13854 <-> DISABLED <-> PUA-TOOLBARS Hijacker alot toolbar runtime detection - auto update (pua-toolbars.rules) * 1:13861 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client avatar control (policy-social.rules) * 1:13862 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client item information download (policy-social.rules) * 1:13863 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client successful login (policy-social.rules) * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Dr. Watson error reporting attempt (policy-other.rules) * 1:13866 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker-fc.gen.a runtime detection - popup ads (malware-other.rules) * 1:13867 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker-fc.gen.a runtime detection (malware-other.rules) * 1:13868 <-> DISABLED <-> PUA-ADWARE Adware antispywaremaster runtime detection - start fake scanning (pua-adware.rules) * 1:13869 <-> DISABLED <-> PUA-ADWARE Adware antispywaremaster runtime detection - sale/register request (pua-adware.rules) * 1:13870 <-> DISABLED <-> PUA-ADWARE Adware coopen 5.0.0.87 runtime detection - init conn (pua-adware.rules) * 1:13871 <-> DISABLED <-> PUA-ADWARE Adware coopen 5.0.0.87 runtime detection - ads (pua-adware.rules) * 1:13872 <-> DISABLED <-> PUA-ADWARE Trickler fushion 1.2.4.17 outbound connection - notice (pua-adware.rules) * 1:13873 <-> DISABLED <-> PUA-ADWARE Trickler fushion 1.2.4.17 outbound connection - underground traffic (pua-adware.rules) * 1:13874 <-> DISABLED <-> PUA-ADWARE Adware malware destructor 4.5 runtime detection - order request (pua-adware.rules) * 1:13875 <-> DISABLED <-> PUA-ADWARE Adware malware destructor 4.5 runtime detection - auto update (pua-adware.rules) * 1:13898 <-> ENABLED <-> APP-DETECT Apple iTunes client request for server info (app-detect.rules) * 1:13899 <-> DISABLED <-> APP-DETECT Apple iTunes client login attempt (app-detect.rules) * 1:13900 <-> DISABLED <-> APP-DETECT Apple iTunes server multicast DNS response (app-detect.rules) * 1:13915 <-> ENABLED <-> FILE-IDENTIFY BAK file download request (file-identify.rules) * 1:13923 <-> DISABLED <-> SERVER-MAIL MailEnable SMTP HELO command denial of service attempt (server-mail.rules) * 1:13930 <-> DISABLED <-> PUA-ADWARE Trickler pc privacy cleaner outbound connection - order/register request (pua-adware.rules) * 1:13933 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - ads (malware-other.rules) * 1:13937 <-> DISABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant runtime detection - call home (pua-adware.rules) * 1:13938 <-> ENABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant outbound connection (pua-adware.rules) * 1:13939 <-> DISABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant runtime detection - auto update (pua-adware.rules) * 1:13940 <-> DISABLED <-> PUA-ADWARE Hijacker win32.bho.bgf outbound connection (pua-adware.rules) * 1:13943 <-> ENABLED <-> PUA-ADWARE Trickler dropper agent.rqg outbound connection (pua-adware.rules) * 1:13970 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules) * 1:13979 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Event System Subscription VBScript access (os-windows.rules) * 1:13983 <-> ENABLED <-> FILE-IDENTIFY EPS file download request (file-identify.rules) * 1:13987 <-> DISABLED <-> INDICATOR-OBFUSCATION oversized convert statement - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:13988 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to ascii function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:13989 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to char function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:13991 <-> DISABLED <-> SQL xp_regaddmultistring attempt (sql.rules) * 1:13992 <-> DISABLED <-> SQL xp_regdeletevalue attempt (sql.rules) * 1:13993 <-> DISABLED <-> SQL xp_regenumkeys attempt (sql.rules) * 1:13994 <-> DISABLED <-> SQL xp_regenumvalues attempt (sql.rules) * 1:13995 <-> DISABLED <-> SQL xp_regremovemultistring attempt (sql.rules) * 1:13996 <-> DISABLED <-> SQL xp_servicecontrol attempt (sql.rules) * 1:13997 <-> DISABLED <-> SQL xp_loginconfig attempt (sql.rules) * 1:13998 <-> DISABLED <-> SQL xp_terminate_process attempt (sql.rules) * 1:14008 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to concat function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules) * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules) * 1:14019 <-> DISABLED <-> FILE-MULTIMEDIA CyberLink PowerDVD playlist file handling stack overflow attempt (file-multimedia.rules) * 1:14020 <-> DISABLED <-> FILE-MULTIMEDIA CyberLink PowerDVD playlist file handling stack overflow attempt (file-multimedia.rules) * 1:14054 <-> DISABLED <-> PUA-ADWARE Adware AdwareALERT runtime detection - auto update (pua-adware.rules) * 1:14055 <-> DISABLED <-> PUA-TOOLBARS Hijacker rediff toolbar runtime detection - hijack ie auto search (pua-toolbars.rules) * 1:14056 <-> DISABLED <-> PUA-TOOLBARS Hijacker rediff toolbar runtime detection - get news info (pua-toolbars.rules) * 1:14058 <-> DISABLED <-> PUA-ADWARE Hijacker cpush 2 outbound connection - pass info to controlling server (pua-adware.rules) * 1:14061 <-> DISABLED <-> PUA-ADWARE Trickler antimalware guard runtime detection - order/register request (pua-adware.rules) * 1:14062 <-> DISABLED <-> PUA-ADWARE Trickler antimalware guard runtime detection - auto update (pua-adware.rules) * 1:14063 <-> DISABLED <-> PUA-ADWARE Hijacker cashon outbound connection - hijack ie searches (pua-adware.rules) * 1:14064 <-> DISABLED <-> PUA-ADWARE Hijacker cashon outbound connection - auto update (pua-adware.rules) * 1:14065 <-> DISABLED <-> MALWARE-OTHER Keylogger emptybase j runtime detection (malware-other.rules) * 1:14066 <-> DISABLED <-> PUA-ADWARE Adware winsecuredisc runtime detection (pua-adware.rules) * 1:14067 <-> DISABLED <-> PUA-ADWARE Adware swizzor runtime detection (pua-adware.rules) * 1:14068 <-> DISABLED <-> PUA-ADWARE Adware rond runtime detection (pua-adware.rules) * 1:14069 <-> DISABLED <-> PUA-ADWARE Adware brave sentry runtime detection - order request (pua-adware.rules) * 1:14070 <-> DISABLED <-> PUA-ADWARE Adware brave sentry runtime detection - self update (pua-adware.rules) * 1:14071 <-> DISABLED <-> PUA-ADWARE Hijacker Adware bho.gen runtime detection - pop-up window traffic #1 (pua-adware.rules) * 1:14072 <-> DISABLED <-> PUA-ADWARE Hijacker Adware bho.gen runtime detection - pop-up window traffic #2 (pua-adware.rules) * 1:14073 <-> DISABLED <-> PUA-ADWARE Hijacker Adware bho.gen runtime detection - prompt download page (pua-adware.rules) * 1:14074 <-> DISABLED <-> MALWARE-OTHER Keylogger spybosspro 4.2 runtime detection (malware-other.rules) * 1:14075 <-> DISABLED <-> MALWARE-OTHER Keylogger ultimate Keylogger pro runtime detection (malware-other.rules) * 1:14076 <-> DISABLED <-> PUA-ADWARE Hijacker Adware win32 mostofate runtime detection - hijack search (pua-adware.rules) * 1:14077 <-> DISABLED <-> PUA-ADWARE Hijacker Adware win32 mostofate runtime detection - redirect search results (pua-adware.rules) * 1:14078 <-> DISABLED <-> PUA-ADWARE Adware winspywareprotect runtime detection - download malicous code (pua-adware.rules) * 1:14079 <-> DISABLED <-> PUA-ADWARE Adware winspywareprotect runtime detection - connection to malicious sites (pua-adware.rules) * 1:14080 <-> DISABLED <-> PUA-ADWARE Adware winspywareprotect runtime detection - connection to malicious server (pua-adware.rules) * 1:14264 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (file-identify.rules) * 1:14265 <-> DISABLED <-> PROTOCOL-SCADA Multiple Schneider Electric SCADA products buffer overflow attempt (protocol-scada.rules) * 1:14600 <-> DISABLED <-> SERVER-OTHER SAP Message Server Heap buffer overflow attempt (server-other.rules) * 1:14602 <-> DISABLED <-> SERVER-OTHER Borland Interbase open_marker_file overflow attempt (server-other.rules) * 1:14608 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt (protocol-voip.rules) * 1:14609 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt (protocol-voip.rules) * 1:14615 <-> DISABLED <-> SERVER-OTHER Oracle Java web console format string attempt (server-other.rules) * 1:14741 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Foundation Service NULL service authentication attempt (server-other.rules) * 1:14777 <-> DISABLED <-> PROTOCOL-DNS single byte encoded name response (protocol-dns.rules) * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules) * 1:15071 <-> DISABLED <-> PROTOCOL-SCADA Modbus exception returned (protocol-scada.rules) * 1:15074 <-> DISABLED <-> PROTOCOL-SCADA Modbus user-defined function code - 65 to 72 (protocol-scada.rules) * 1:15075 <-> DISABLED <-> PROTOCOL-SCADA Modbus user-defined function code - 100 to 110 (protocol-scada.rules) * 1:15076 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple coils - too many outputs (protocol-scada.rules) * 1:15077 <-> DISABLED <-> PROTOCOL-SCADA Modbus read multiple coils - too many inputs (protocol-scada.rules) * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules) * 1:15083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file double free attempt (file-office.rules) * 1:15115 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt (os-windows.rules) * 1:15127 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (os-windows.rules) * 1:15128 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (os-windows.rules) * 1:15129 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (os-windows.rules) * 1:15130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (os-windows.rules) * 1:15131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function andx attempt (os-windows.rules) * 1:15132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function attempt (os-windows.rules) * 1:15133 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode andx attempt (os-windows.rules) * 1:15134 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode attempt (os-windows.rules) * 1:15135 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (os-windows.rules) * 1:15136 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (os-windows.rules) * 1:15137 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (os-windows.rules) * 1:15138 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (os-windows.rules) * 1:15139 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function andx attempt (os-windows.rules) * 1:15140 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function attempt (os-windows.rules) * 1:15141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode andx attempt (os-windows.rules) * 1:15142 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode attempt (os-windows.rules) * 1:15144 <-> DISABLED <-> SERVER-MSSQL sp_replwritetovarbin vulnerable function attempt (server-mssql.rules) * 1:15150 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server login Authentication bypass attempt (pua-other.rules) * 1:15151 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server logout Authentication bypass attempt (pua-other.rules) * 1:15152 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server setup-index Authentication bypass attempt (pua-other.rules) * 1:15154 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server gif Authentication bypass attempt (pua-other.rules) * 1:15155 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server png Authentication bypass attempt (pua-other.rules) * 1:15156 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server serverdown Authentication bypass attempt (pua-other.rules) * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules) * 1:15167 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cn dns query (indicator-compromise.rules) * 1:15168 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .ru dns query (indicator-compromise.rules) * 1:15169 <-> DISABLED <-> POLICY-SOCIAL XBOX Live Kerberos authentication request (policy-social.rules) * 1:15170 <-> DISABLED <-> POLICY-SOCIAL XBOX Netflix client activity (policy-social.rules) * 1:15171 <-> DISABLED <-> POLICY-SOCIAL XBOX Marketplace http request (policy-social.rules) * 1:15172 <-> DISABLED <-> POLICY-SOCIAL XBOX avatar retrieval request (policy-social.rules) * 1:15183 <-> DISABLED <-> POLICY-SOCIAL Yahoo messenger http link transmission attempt (policy-social.rules) * 1:15184 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN messenger http link transmission attempt (policy-social.rules) * 1:15185 <-> DISABLED <-> APP-DETECT Nintendo Wii SSL Server Hello (app-detect.rules) * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules) * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15259 <-> DISABLED <-> PROTOCOL-DNS DNS root query traffic amplification attempt (protocol-dns.rules) * 1:15260 <-> DISABLED <-> PROTOCOL-DNS DNS root query response traffic amplification attempt (protocol-dns.rules) * 1:15292 <-> DISABLED <-> POLICY-SOCIAL QQ protocol detected - version 2006 (policy-social.rules) * 1:15293 <-> DISABLED <-> POLICY-SOCIAL QQ protocol detected - version 2008 (policy-social.rules) * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules) * 1:15319 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules) * 1:15320 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules) * 1:15321 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules) * 1:15322 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules) * 1:15323 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules) * 1:15324 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules) * 1:15325 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules) * 1:15326 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules) * 1:15361 <-> ENABLED <-> FILE-PDF pdf file sent via email (file-pdf.rules) * 1:15363 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential obfuscated javascript eval unescape attack attempt (indicator-obfuscation.rules) * 1:15385 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules) * 1:15389 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area write attempt (protocol-scada.rules) * 1:15390 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area fill attempt (protocol-scada.rules) * 1:15391 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area transfer attempt (protocol-scada.rules) * 1:15392 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS parameter area write attempt (protocol-scada.rules) * 1:15393 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS parameter area clear attempt (protocol-scada.rules) * 1:15394 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect attempt (protocol-scada.rules) * 1:15395 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect clear attempt (protocol-scada.rules) * 1:15396 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area write attempt (protocol-scada.rules) * 1:15397 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area clear attempt (protocol-scada.rules) * 1:15398 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS RUN attempt (protocol-scada.rules) * 1:15399 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS STOP attempt (protocol-scada.rules) * 1:15400 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS clock write attempt (protocol-scada.rules) * 1:15401 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS access right acquire attempt (protocol-scada.rules) * 1:15402 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS access right forced acquire attempt (protocol-scada.rules) * 1:15403 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS single file write attempt (protocol-scada.rules) * 1:15404 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS file delete attempt (protocol-scada.rules) * 1:15405 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS forced set/reset attempt (protocol-scada.rules) * 1:15406 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS forced set/reset cancel attempt (protocol-scada.rules) * 1:15407 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS file memory write attempt (protocol-scada.rules) * 1:15408 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS data link table write attempt (protocol-scada.rules) * 1:15409 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS RESET attempt (protocol-scada.rules) * 1:15410 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS name delete attempt (protocol-scada.rules) * 1:15411 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory card format attempt (protocol-scada.rules) * 1:15412 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area write overflow attempt (protocol-scada.rules) * 1:15413 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area fill overflow attempt (protocol-scada.rules) * 1:15414 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect clear brute force attempt (protocol-scada.rules) * 1:15415 <-> DISABLED <-> CONTENT-REPLACE AIM or ICQ deny unencrypted login connection (content-replace.rules) * 1:15416 <-> DISABLED <-> CONTENT-REPLACE ICQ deny http proxy login (content-replace.rules) * 1:15417 <-> DISABLED <-> CONTENT-REPLACE AIM deny server certificate for encrypted login (content-replace.rules) * 1:15418 <-> DISABLED <-> POLICY-SOCIAL AIM server certificate for encrypted login (policy-social.rules) * 1:15420 <-> DISABLED <-> CONTENT-REPLACE MSN deny login (content-replace.rules) * 1:15426 <-> ENABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules) * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules) * 1:15429 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny outbound login attempt (content-replace.rules) * 1:15435 <-> DISABLED <-> SERVER-OTHER IBM Director CIM server consumer name handling denial of service attempt (server-other.rules) * 1:15438 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny udp login (content-replace.rules) * 1:15439 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:15440 <-> DISABLED <-> CONTENT-REPLACE QQ 2008 deny udp login (content-replace.rules) * 1:15441 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:15442 <-> DISABLED <-> SERVER-MYSQL XML Functions ExtractValue Scalar XPath denial of service attempt (server-mysql.rules) * 1:15444 <-> ENABLED <-> FILE-IDENTIFY Core Audio Format file download request (file-identify.rules) * 1:15448 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrShareEnum null policy handle attempt (netbios.rules) * 1:15456 <-> DISABLED <-> SERVER-OTHER WinHTTP SSL/TLS impersonation attempt (server-other.rules) * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15470 <-> DISABLED <-> FILE-EXECUTABLE IIS ASP/ASP.NET potentially malicious file upload attempt (file-executable.rules) * 1:15475 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ISA Server cross-site scripting attempt (os-windows.rules) * 1:15476 <-> DISABLED <-> PUA-ADWARE Waledac spam bot HTTP POST request (pua-adware.rules) * 1:15480 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie record invalid version number exploit attempt (file-multimedia.rules) * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:15487 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime SMIL qtnext redirect file execution attempt (file-multimedia.rules) * 1:15501 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint ParaBuildAtom memory corruption attempt (file-office.rules) * 1:15502 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint DiagramBuildContainer memory corruption attempt (file-office.rules) * 1:15512 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:15513 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules) * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules) * 1:15522 <-> DISABLED <-> SERVER-OTHER Active Directory invalid OID denial of service attempt (server-other.rules) * 1:15528 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DCERPC NCACN-IP-TCP spoolss RpcSetPrinterDataEx attempt (os-windows.rules) * 1:15560 <-> DISABLED <-> POLICY-SOCIAL Yahoo Messenger web client activity (policy-social.rules) * 1:15561 <-> DISABLED <-> POLICY-SOCIAL AOL Aimexpress web client login (policy-social.rules) * 1:15562 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt (file-pdf.rules) * 1:15566 <-> DISABLED <-> PUA-ADWARE Gumblar HTTP GET request attempt (pua-adware.rules) * 1:15567 <-> DISABLED <-> PUA-ADWARE Martuz HTTP GET request attempt (pua-adware.rules) * 1:15568 <-> DISABLED <-> POLICY-SOCIAL AIM encrypted login attempt (policy-social.rules) * 1:15569 <-> DISABLED <-> POLICY-SOCIAL Yahoo encrypted login attempt (policy-social.rules) * 1:15570 <-> DISABLED <-> CONTENT-REPLACE Google Talk deny login (content-replace.rules) * 1:15572 <-> DISABLED <-> SERVER-OTHER Curse of Silence Nokia SMS DoS attempt (server-other.rules) * 1:15574 <-> DISABLED <-> SERVER-MAIL MAIL FROM command overflow attempt (server-mail.rules) * 1:15576 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web client login (policy-social.rules) * 1:15577 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web client activity (policy-social.rules) * 1:15578 <-> DISABLED <-> MALWARE-TOOLS Slowloris http DoS tool (malware-tools.rules) * 1:15579 <-> DISABLED <-> SERVER-OTHER Squid NTLM fakeauth_auth Helper denial of service attempt (server-other.rules) * 1:15581 <-> DISABLED <-> SERVER-SAMBA Samba wildcard filename matching denial of service attempt (server-samba.rules) * 1:15582 <-> ENABLED <-> FILE-IDENTIFY ARJ format file download request (file-identify.rules) * 1:15583 <-> DISABLED <-> FILE-OTHER F-Secure AntiVirus library heap overflow attempt (file-other.rules) * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:15680 <-> DISABLED <-> OS-WINDOWS Microsoft DirectShow QuickTime file atom size parsing heap corruption attempt (os-windows.rules) * 1:15683 <-> DISABLED <-> SERVER-OTHER ISA Server OTP-based Forms-authorization fallback policy bypass attempt (server-other.rules) * 1:15699 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3.5 unicode stack overflow attempt (browser-firefox.rules) * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules) * 1:15713 <-> DISABLED <-> PROTOCOL-SCADA DNP3 device trouble (protocol-scada.rules) * 1:15714 <-> DISABLED <-> PROTOCOL-SCADA DNP3 corrupt configuration (protocol-scada.rules) * 1:15715 <-> DISABLED <-> PROTOCOL-SCADA DNP3 event buffer overflow error (protocol-scada.rules) * 1:15716 <-> DISABLED <-> PROTOCOL-SCADA DNP3 parameter error (protocol-scada.rules) * 1:15717 <-> DISABLED <-> PROTOCOL-SCADA DNP3 unknown object error (protocol-scada.rules) * 1:15718 <-> DISABLED <-> PROTOCOL-SCADA DNP3 unsupported function code error (protocol-scada.rules) * 1:15719 <-> DISABLED <-> PROTOCOL-SCADA DNP3 link service not supported (protocol-scada.rules) * 1:15728 <-> DISABLED <-> FILE-PDF Possible Adobe Acrobat Reader ActionScript byte_array heap spray attempt (file-pdf.rules) * 1:15729 <-> DISABLED <-> FILE-FLASH Possible Adobe Flash Player ActionScript byte_array heap spray attempt (file-flash.rules) * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules) * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules) * 1:15873 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox location spoofing attempt via invalid window.open characters (browser-firefox.rules) * 1:15882 <-> DISABLED <-> SERVER-OTHER McAfee E-Business Server remote preauth code execution attempt (server-other.rules) * 1:15883 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x01 command buffer overflow attempt (server-other.rules) * 1:15884 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x02 command buffer overflow attempt (server-other.rules) * 1:15885 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x03 command buffer overflow attempt (server-other.rules) * 1:15886 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x04 command buffer overflow attempt (server-other.rules) * 1:15887 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x05 command buffer overflow attempt (server-other.rules) * 1:15888 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x31 command buffer overflow attempt (server-other.rules) * 1:15889 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x32 command buffer overflow attempt (server-other.rules) * 1:15890 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x33 command buffer overflow attempt (server-other.rules) * 1:15891 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x34 command buffer overflow attempt (server-other.rules) * 1:15892 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x53 command denial of service attempt (server-other.rules) * 1:15893 <-> DISABLED <-> FILE-OTHER fCreateShellLink function use - potential attack (file-other.rules) * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules) * 1:15903 <-> DISABLED <-> INDICATOR-SHELLCODE x86 PoC CVE-2003-0605 (indicator-shellcode.rules) * 1:15913 <-> DISABLED <-> OS-WINDOWS Microsoft Windows javascript arguments keyword override rce attempt (os-windows.rules) * 1:15921 <-> ENABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules) * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:15932 <-> DISABLED <-> PROTOCOL-FTP LIST globbing denial of service attack (protocol-ftp.rules) * 1:15934 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 172.16/12 address detected (protocol-dns.rules) * 1:15935 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 192.168/16 address detected (protocol-dns.rules) * 1:15936 <-> DISABLED <-> SERVER-MAIL Sendmail identd command parsing vulnerability (server-mail.rules) * 1:15937 <-> DISABLED <-> SERVER-OTHER protos h323 buffer overflow (server-other.rules) * 1:15939 <-> DISABLED <-> SERVER-OTHER MSN Messenger IRC bot calling home attempt (server-other.rules) * 1:15945 <-> ENABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules) * 1:15963 <-> DISABLED <-> OS-LINUX Red Hat Enterprise Linux DNS resolver buffer overflow attempt (os-linux.rules) * 1:15964 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange OWA XSS and spoofing attempt (server-mail.rules) * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules) * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules) * 1:15967 <-> DISABLED <-> SERVER-OTHER ICQ SRV_MULTI/SRV_META_USER overflow attempt (server-other.rules) * 1:15969 <-> DISABLED <-> SERVER-OTHER Symantec Multiple Products ISAKMPd denial of service attempt (server-other.rules) * 1:15970 <-> DISABLED <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt (server-other.rules) * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules) * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules) * 1:15979 <-> DISABLED <-> SERVER-OTHER Check Point VPN-1 ASN.1 Decoding heap overflow attempt (server-other.rules) * 1:15980 <-> DISABLED <-> SERVER-APACHE Apache mod_ssl hook functions format string attempt (server-apache.rules) * 1:15981 <-> DISABLED <-> FILE-OTHER zlib Denial of Service (file-other.rules) * 1:15983 <-> DISABLED <-> SERVER-SAMBA Samba arbitrary file access exploit attempt (server-samba.rules) * 1:15984 <-> DISABLED <-> SERVER-SAMBA Samba Printer Change Notification Request DoS attempt (server-samba.rules) * 1:15985 <-> DISABLED <-> OS-WINDOWS Microsoft ASP.NET canonicalization exploit attempt (os-windows.rules) * 1:15986 <-> DISABLED <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt (server-samba.rules) * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules) * 1:15988 <-> DISABLED <-> OS-WINDOWS Microsoft ISA Server DNS spoofing attempt (os-windows.rules) * 1:15989 <-> DISABLED <-> SERVER-OTHER Squid ASN.1 header parsing denial of service attempt (server-other.rules) * 1:15996 <-> DISABLED <-> OS-WINDOWS Microsoft Negotiate SSP buffer overflow attempt (os-windows.rules) * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules) * 1:16025 <-> DISABLED <-> SERVER-MAIL MailEnable SMTP service SPF lookup buffer overflow attempt (server-mail.rules) * 1:16038 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Thunderbird WYSIWYG engine filtering IFRAME JavaScript execution attempt (browser-firefox.rules) * 1:16040 <-> DISABLED <-> SERVER-OTHER SpamAssassin spamd vpopmail and paranoid options code execution attempt (server-other.rules) * 1:16044 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox CSS Letter-Spacing overflow attempt (browser-firefox.rules) * 1:16051 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 conversion library code execution attempt (file-office.rules) * 1:16053 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules) * 1:16057 <-> DISABLED <-> SERVER-MAIL Sendmail smtp timeout buffer overflow attempt (server-mail.rules) * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules) * 1:16062 <-> DISABLED <-> FILE-OTHER ACD Systems ACDSee Products XPM values section buffer overflow attempt (file-other.rules) * 1:16076 <-> DISABLED <-> SERVER-OTHER Tripwire format string vulnerability nfs exploit attempt (server-other.rules) * 1:16077 <-> DISABLED <-> SERVER-OTHER Tripwire format string vulnerability ftp exploit attempt (server-other.rules) * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules) * 1:16092 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.delf.jwh runtime detection (malware-backdoor.rules) * 1:16114 <-> DISABLED <-> PUA-TOOLBARS Hijacker cramtoolbar runtime detection - hijack (pua-toolbars.rules) * 1:16115 <-> DISABLED <-> PUA-TOOLBARS Hijacker cramtoolbar runtime detection - search (pua-toolbars.rules) * 1:16116 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - pass user info to remote server (malware-other.rules) * 1:16117 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - ads (malware-other.rules) * 1:16118 <-> DISABLED <-> PUA-ADWARE Adware winreanimator runtime detection - register request (pua-adware.rules) * 1:16119 <-> DISABLED <-> PUA-ADWARE Adware winreanimator runtime detection - daily update (pua-adware.rules) * 1:16120 <-> DISABLED <-> PUA-TOOLBARS Trackware 6sq toolbar runtime detection (pua-toolbars.rules) * 1:16121 <-> DISABLED <-> PUA-ADWARE Hijacker weatherstudio outbound connection (pua-adware.rules) * 1:16122 <-> DISABLED <-> PUA-ADWARE rogue antivirus xp 2008 runtime detection - buy (pua-adware.rules) * 1:16123 <-> DISABLED <-> PUA-ADWARE rogue antivirus xp 2008 runtime detection - update (pua-adware.rules) * 1:16125 <-> DISABLED <-> MALWARE-OTHER Keylogger spyyahoo v2.2 runtime detection (malware-other.rules) * 1:16126 <-> DISABLED <-> PUA-ADWARE Trickler virusremover 2008 outbound connection (pua-adware.rules) * 1:16127 <-> DISABLED <-> PUA-ADWARE Adware superiorads runtime detection (pua-adware.rules) * 1:16129 <-> DISABLED <-> MALWARE-OTHER Keylogger kamyab Keylogger v.3 runtime detection (malware-other.rules) * 1:16130 <-> DISABLED <-> MALWARE-OTHER Keylogger lord spy pro 1.4 runtime detection (malware-other.rules) * 1:16131 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker trojan zlob.dnz runtime detection - ads (malware-other.rules) * 1:16132 <-> DISABLED <-> MALWARE-OTHER Trackware owlforce runtime detection - remote server #1 (malware-other.rules) * 1:16133 <-> DISABLED <-> MALWARE-OTHER Trackware owlforce runtime detection - remote server #2 (malware-other.rules) * 1:16134 <-> DISABLED <-> PUA-ADWARE Adware spyware guard 2008 runtime detection - contacts remote server (pua-adware.rules) * 1:16135 <-> DISABLED <-> PUA-ADWARE Adware spyware guard 2008 runtime detection - purchase page (pua-adware.rules) * 1:16136 <-> DISABLED <-> PUA-ADWARE Hijacker xp antispyware 2009 runtime detection - pre-sale webpage (pua-adware.rules) * 1:16137 <-> DISABLED <-> MALWARE-OTHER Keylogger cheat monitor runtime detection (malware-other.rules) * 1:16138 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool 0desa msn pass stealer 8.5 runtime detection (malware-tools.rules) * 1:16141 <-> DISABLED <-> SERVER-OTHER Kaspersky Online Scanner trojaned Dll download attempt (server-other.rules) * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:16153 <-> DISABLED <-> FILE-IMAGE Microsoft Windows malformed WMF meta escape record memory corruption attempt (file-image.rules) * 1:16154 <-> DISABLED <-> FILE-EXECUTABLE GDI+ .NET image property parsing memory corruption (file-executable.rules) * 1:16156 <-> DISABLED <-> FILE-MULTIMEDIA Windows Media Player ASF marker object memory corruption attempt (file-multimedia.rules) * 1:16157 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed ASF voice codec memory corruption attempt (os-windows.rules) * 1:16158 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Runtime malformed ASF codec memory corruption attempt (os-windows.rules) * 1:16167 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSASS integer wrap denial of service attempt (os-windows.rules) * 1:16168 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 integer overflow denial of service attempt (os-windows.rules) * 1:16173 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D progressive mesh continuation pointer overwrite attempt (file-pdf.rules) * 1:16174 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D progressive mesh continuation off by one index attempt (file-pdf.rules) * 1:16175 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.removeStateModel denial of service attempt (file-pdf.rules) * 1:16176 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.addStateModel remote corruption attempt (file-pdf.rules) * 1:16177 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word GDI+ Office Art Property Table remote code execution attempt (file-office.rules) * 1:16178 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel GDI+ Office Art Property Table remote code execution attempt (file-office.rules) * 1:16179 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET MSIL CLR interface multiple instantiation attempt (file-executable.rules) * 1:16181 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI ASN.1 integer overflow attempt (os-windows.rules) * 1:16182 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET MSIL stack corruption attempt (file-executable.rules) * 1:16183 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows .NET MSIL CombineImpl suspicious usage attempt (file-executable.rules) * 1:16184 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:16185 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ compressed TIFF file parsing remote code execution attempt (os-windows.rules) * 1:16186 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ interlaced PNG file parsing heap overflow attempt (file-image.rules) * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules) * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:16220 <-> DISABLED <-> FILE-OTHER Adobe Shockwave director file malformed lcsr block memory corruption attempt (file-other.rules) * 1:16223 <-> DISABLED <-> FILE-OTHER Adobe Shockwave tSAC pointer overwrite attempt (file-other.rules) * 1:16224 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes invalid tref box exploit attempt (file-multimedia.rules) * 1:16225 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Flash arbitrary memory access attempt (file-other.rules) * 1:16226 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel integer field in row record improper validation remote code execution attempt (file-office.rules) * 1:16227 <-> DISABLED <-> SERVER-OTHER Web Service on Devices API WSDAPI URL processing buffer corruption attempt (server-other.rules) * 1:16228 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed StartObject record arbitrary code execution attempt (file-office.rules) * 1:16229 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel oversized ib memory corruption attempt (file-office.rules) * 1:16233 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel oversized ptgFuncVar cparams value buffer overflow attempt (file-office.rules) * 1:16234 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules) * 1:16235 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SXDB record exploit attempt (file-office.rules) * 1:16236 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SxView record exploit attempt (file-office.rules) * 1:16237 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory NTDSA stack space exhaustion attempt (server-other.rules) * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules) * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules) * 1:16240 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file Window/Pane record exploit attempt (file-office.rules) * 1:16241 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FeatHdr BIFF record remote code execution attempt (file-office.rules) * 1:16244 <-> DISABLED <-> PUA-ADWARE rogue software xp police antivirus runtime detection - purchase (pua-adware.rules) * 1:16245 <-> DISABLED <-> PUA-ADWARE rogue software xp police antivirus install-timedetection (pua-adware.rules) * 1:16246 <-> DISABLED <-> PUA-ADWARE rogue software spyware protect 2009 outbound connection - purchase request (pua-adware.rules) * 1:16247 <-> DISABLED <-> PUA-ADWARE rogue software spyware protect 2009 outbound connection - block (pua-adware.rules) * 1:16248 <-> DISABLED <-> PUA-ADWARE rogue software ms antispyware 2009 runtime detection - start (pua-adware.rules) * 1:16249 <-> DISABLED <-> PUA-ADWARE rogue software ms antispyware 2009 runtime detection - pay (pua-adware.rules) * 1:16250 <-> DISABLED <-> PUA-ADWARE rogue software win pc defender outbound connection (pua-adware.rules) * 1:16251 <-> DISABLED <-> PUA-ADWARE rogue software win pc defender outbound connection (pua-adware.rules) * 1:16252 <-> DISABLED <-> PUA-ADWARE rogue software pro antispyware 2009 runtime detection - purchase (pua-adware.rules) * 1:16253 <-> DISABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules) * 1:16254 <-> ENABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules) * 1:16255 <-> DISABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules) * 1:16256 <-> DISABLED <-> PUA-ADWARE rogue software coreguard antivirus 2009 runtime detection (pua-adware.rules) * 1:16257 <-> DISABLED <-> PUA-ADWARE rogue software perfect defender 2009 outbound connection - update (pua-adware.rules) * 1:16258 <-> DISABLED <-> PUA-ADWARE rogue software perfect defender 2009 outbound connection - purchase (pua-adware.rules) * 1:16259 <-> DISABLED <-> PUA-ADWARE rogue software antivirusdoktor2009 runtime detection (pua-adware.rules) * 1:16260 <-> DISABLED <-> PUA-ADWARE rogue software xp antivirus protection runtime detection - installation (pua-adware.rules) * 1:16261 <-> DISABLED <-> PUA-ADWARE rogue software xp antivirus protection runtime detection - runtime (pua-adware.rules) * 1:16262 <-> DISABLED <-> PUA-ADWARE rogue software xp-shield outbound connection (pua-adware.rules) * 1:16263 <-> DISABLED <-> PUA-ADWARE rogue software xp-shield outbound connection - installation (pua-adware.rules) * 1:16264 <-> DISABLED <-> PUA-ADWARE rogue software 007 anti-spyware runtime detection - update (pua-adware.rules) * 1:16265 <-> DISABLED <-> PUA-ADWARE rogue software 007 anti-spyware runtime detection - register (pua-adware.rules) * 1:16266 <-> DISABLED <-> PUA-ADWARE rogue software pc antispyware 2010 runtime detection - buy (pua-adware.rules) * 1:16267 <-> DISABLED <-> PUA-ADWARE rogue software pc antispyware 2010 runtime detection - files (pua-adware.rules) * 1:16276 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl outbound connection (pua-adware.rules) * 1:16277 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl outbound connection - downloads malicious files (pua-adware.rules) * 1:16278 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl installime detection - updates remote server (pua-adware.rules) * 1:16279 <-> DISABLED <-> PUA-ADWARE rogue-software windows antivirus 2008 runtime detection - pre-sale page (pua-adware.rules) * 1:16280 <-> DISABLED <-> PUA-ADWARE rogue-software windows antivirus 2008 runtime detection - registration and payment page (pua-adware.rules) * 1:16281 <-> DISABLED <-> PUA-P2P BitTorrent scrape request (pua-p2p.rules) * 1:16282 <-> DISABLED <-> PUA-P2P Bittorrent uTP peer request (pua-p2p.rules) * 1:16285 <-> DISABLED <-> PROTOCOL-RPC AIX ttdbserv function 15 buffer overflow attempt (protocol-rpc.rules) * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules) * 1:16287 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt (os-windows.rules) * 1:16290 <-> DISABLED <-> SERVER-ORACLE Oracle database server CREATE_TABLES SQL injection attempt (server-oracle.rules) * 1:16293 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Flash memory corruption attempt (file-other.rules) * 1:16294 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP stack zero window size exploit attempt (os-windows.rules) * 1:16309 <-> DISABLED <-> SERVER-ORACLE auth_sesskey buffer overflow attempt (server-oracle.rules) * 1:16312 <-> DISABLED <-> SERVER-IIS ADFS custom header arbitrary code execution attempt (server-iis.rules) * 1:16313 <-> DISABLED <-> FILE-EXECUTABLE download of executable content (file-executable.rules) * 1:16314 <-> DISABLED <-> FILE-OFFICE Microsoft Windows WordPad and Office text converter integer overflow attempt (file-office.rules) * 1:16315 <-> DISABLED <-> FILE-FLASH Adobe Flash PlugIn check if file exists attempt (file-flash.rules) * 1:16316 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed getPropertyLate actioncode attempt (file-flash.rules) * 1:16320 <-> DISABLED <-> FILE-IMAGE Adobe PNG empty sPLT exploit attempt (file-image.rules) * 1:16321 <-> DISABLED <-> FILE-IMAGE Adobe tiff oversized image length attempt (file-image.rules) * 1:16322 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader oversized object width attempt (file-pdf.rules) * 1:16323 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2k uninitialized QCC memory corruption attempt (file-pdf.rules) * 1:16324 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader doc.export arbitrary file write attempt (file-pdf.rules) * 1:16325 <-> DISABLED <-> FILE-PDF Adobe JPEG2k uninitialized QCC memory corruption attempt (file-pdf.rules) * 1:16327 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ TIFF RLE compressed data buffer overflow attempt (os-windows.rules) * 1:16328 <-> DISABLED <-> FILE-OFFICE Microsoft Office Project file parsing arbitrary memory access attempt (file-office.rules) * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt (server-other.rules) * 1:16335 <-> DISABLED <-> FILE-PDF XPDF ObjectStream integer overflow (file-pdf.rules) * 1:16336 <-> DISABLED <-> FILE-PDF Blackberry Server PDF JBIG2 numnewsyms remote code execution attempt (file-pdf.rules) * 1:16337 <-> DISABLED <-> FILE-FLASH Adobe Flash Player directory traversal attempt (file-flash.rules) * 1:16345 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file HostList processing stack buffer overflow attempt (file-other.rules) * 1:16346 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file InformixServerList processing stack buffer overflow attempt (file-other.rules) * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:16348 <-> DISABLED <-> SERVER-MYSQL database PROCEDURE ANALYSE denial of service attempt - 1 (server-mysql.rules) * 1:16349 <-> DISABLED <-> SERVER-MYSQL database Procedure Analyse denial of service attempt - 2 (server-mysql.rules) * 1:16350 <-> DISABLED <-> SERVER-OTHER ntp mode 7 denial of service attempt (server-other.rules) * 1:16354 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader start-of-file alternate header obfuscation (file-pdf.rules) * 1:16355 <-> DISABLED <-> FILE-PDF Xpdf Splash DrawImage integer overflow attempt (file-pdf.rules) * 1:16356 <-> DISABLED <-> SERVER-IIS multiple extension code execution attempt (server-iis.rules) * 1:16357 <-> DISABLED <-> PROTOCOL-FTP multiple extension code execution attempt (protocol-ftp.rules) * 1:16361 <-> DISABLED <-> FILE-OFFICE Microsoft Office BMP header biClrUsed integer overflow attempt (file-office.rules) * 1:16363 <-> DISABLED <-> FILE-EXECUTABLE potentially executable file upload via FTP (file-executable.rules) * 1:16365 <-> DISABLED <-> PUA-ADWARE OnlineGames download attempt (pua-adware.rules) * 1:16366 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded OpenType font engine LZX decompression buffer overflow attempt (os-windows.rules) * 1:16374 <-> DISABLED <-> SERVER-OTHER Oracle Internet Directory heap corruption attempt (server-other.rules) * 1:16381 <-> ENABLED <-> NETBIOS SMB session negotiation request (netbios.rules) * 1:16385 <-> DISABLED <-> SERVER-MYSQL yaSSL library cert parsing stack overflow attempt (server-mysql.rules) * 1:16390 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader alternate file magic obfuscation (file-pdf.rules) * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16410 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint file LinkedSlide10Atom record parsing heap corruption attempt (file-office.rules) * 1:16434 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.51-v0.61 packed file magic detected (file-identify.rules) * 1:16436 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v2.90 v2.93-v3.00 packed file magic detected (file-identify.rules) * 1:16437 <-> DISABLED <-> SERVER-OTHER CVS Entry line flag remote heap overflow attempt (server-other.rules) * 1:16443 <-> DISABLED <-> POLICY-SOCIAL deny Gmail chat DNS request (policy-social.rules) * 1:16454 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt - empty SMB 2 (os-windows.rules) * 1:16455 <-> DISABLED <-> MALWARE-OTHER Keylogger egyspy keylogger 1.13 runtime detection (malware-other.rules) * 1:16456 <-> DISABLED <-> PUA-ADWARE Rogue-Software ang antivirus 09 runtime detection (pua-adware.rules) * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules) * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:16476 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (file-identify.rules) * 1:16477 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (file-identify.rules) * 1:16478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (file-identify.rules) * 1:16479 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer exploit attempt - public shell code (server-apache.rules) * 1:16480 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer exploit attempt (server-apache.rules) * 1:16486 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - command execution attempt (malware-backdoor.rules) * 1:16487 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - yes command attempt (malware-backdoor.rules) * 1:16488 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - write file attempt (malware-backdoor.rules) * 1:16494 <-> DISABLED <-> PUA-ADWARE Cutwail spambot server communication attempt (pua-adware.rules) * 1:16498 <-> DISABLED <-> PUA-ADWARE PC Antispyware 2010 FakeAV download/update attempt (pua-adware.rules) * 1:16513 <-> DISABLED <-> SQL Jive Software Openfire Jabber Server SQL injection attempt (sql.rules) * 1:16525 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web login attempt (policy-social.rules) * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16535 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio improper attribute code execution attempt (file-office.rules) * 1:16536 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio off-by-one in array index code execution attempt (file-office.rules) * 1:16538 <-> ENABLED <-> NETBIOS NT QUERY SECURITY DESC flowbit (netbios.rules) * 1:16539 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 BytesNeeded ring0 buffer overflow attempt (os-windows.rules) * 1:16546 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader/Acrobat Pro CFF font parsing heap overflow attempt (file-pdf.rules) * 1:16550 <-> DISABLED <-> FILE-OTHER Oracle JRE Java Platform SE and Java Deployment Toolkit plugins code execution attempt - java-deployment-toolkit (file-other.rules) * 1:16552 <-> DISABLED <-> FILE-IDENTIFY Adobe .pfb file download request (file-identify.rules) * 1:16553 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ptg index parsing code execution attempt (file-office.rules) * 1:16556 <-> ENABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm get request attempt (file-other.rules) * 1:16557 <-> DISABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm inbound communication attempt (file-other.rules) * 1:16562 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 2 (file-image.rules) * 1:16563 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 3 (file-image.rules) * 1:16564 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 4 (file-image.rules) * 1:16577 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 compound request DoS attempt (os-windows.rules) * 1:16579 <-> DISABLED <-> PUA-OTHER mIRC IRC URL buffer overflow attempt (pua-other.rules) * 1:16582 <-> DISABLED <-> FILE-OTHER Un4seen Developments XMPlay crafted ASX file buffer overflow attempt (file-other.rules) * 1:16586 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules) * 1:16592 <-> DISABLED <-> BROWSER-OTHER Opera asynchronous document modifications attempted memory corruption (browser-other.rules) * 1:16594 <-> ENABLED <-> PROTOCOL-POP STAT command (protocol-pop.rules) * 1:16598 <-> DISABLED <-> SERVER-OTHER Green Dam URL handling overflow attempt (server-other.rules) * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules) * 1:16611 <-> DISABLED <-> SERVER-APACHE Apache 413 error HTTP request method cross-site scripting attack (server-apache.rules) * 1:16612 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox oversized SOCKS5 DNS reply memory corruption attempt (browser-firefox.rules) * 1:16613 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - cmd (indicator-compromise.rules) * 1:16614 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - search (indicator-compromise.rules) * 1:16615 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - upload (indicator-compromise.rules) * 1:16616 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - about (indicator-compromise.rules) * 1:16617 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - encoder (indicator-compromise.rules) * 1:16618 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - bind (indicator-compromise.rules) * 1:16619 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ps_aux (indicator-compromise.rules) * 1:16620 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ftpquickbrute (indicator-compromise.rules) * 1:16621 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - security (indicator-compromise.rules) * 1:16622 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - sql (indicator-compromise.rules) * 1:16623 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - eval (indicator-compromise.rules) * 1:16624 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - feedback (indicator-compromise.rules) * 1:16625 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - selfremove (indicator-compromise.rules) * 1:16626 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - fsbuff (indicator-compromise.rules) * 1:16627 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ls (indicator-compromise.rules) * 1:16628 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - phpinfo (indicator-compromise.rules) * 1:16630 <-> ENABLED <-> FILE-IDENTIFY DAT file download request (file-identify.rules) * 1:16655 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lbl record stack overflow attempt (file-office.rules) * 1:16680 <-> DISABLED <-> APP-DETECT Tandberg VCS SSH default key (app-detect.rules) * 1:16686 <-> DISABLED <-> SERVER-OTHER IBM WebSphere application server cross site scripting attempt (server-other.rules) * 1:16689 <-> DISABLED <-> SERVER-OTHER Palo Alto Networks Firewall editUser.esp XSS attempt (server-other.rules) * 1:16691 <-> ENABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules) * 1:16696 <-> DISABLED <-> FILE-OTHER Astonsoft Deepburner db file path buffer overflow attempt (file-other.rules) * 1:16697 <-> DISABLED <-> PROTOCOL-FTP httpdx USER null byte denial of service (protocol-ftp.rules) * 1:16698 <-> DISABLED <-> PROTOCOL-FTP httpdx PASS null byte denial of service (protocol-ftp.rules) * 1:16707 <-> DISABLED <-> SERVER-MYSQL mysql_log COM_CREATE_DB format string vulnerability exploit attempt (server-mysql.rules) * 1:16708 <-> DISABLED <-> SERVER-MYSQL mysql_log COM_DROP_DB format string vulnerability exploit attempt (server-mysql.rules) * 1:16718 <-> DISABLED <-> PUA-OTHER Skype URI handler input validation exploit attempt (pua-other.rules) * 1:16726 <-> DISABLED <-> FILE-OTHER gAlan malformed file stack overflow attempt (file-other.rules) * 1:16727 <-> DISABLED <-> FILE-OTHER IDEAL Administration IPJ file handling stack overflow attempt (file-other.rules) * 1:16730 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules) * 1:16731 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules) * 1:16732 <-> DISABLED <-> FILE-OTHER SafeNet SoftRemote multiple policy file local overflow attempt (file-other.rules) * 1:16733 <-> DISABLED <-> FILE-OTHER UltraISO CCD file handling overflow attempt (file-other.rules) * 1:16734 <-> DISABLED <-> FILE-OTHER multiple products malformed CUE file buffer overflow attempt (file-other.rules) * 1:16735 <-> DISABLED <-> FILE-OTHER URSoft W32Dasm Import/Export function buffer overflow attempt (file-other.rules) * 1:16736 <-> DISABLED <-> FILE-OTHER VariCAD multiple products DWB file handling overflow attempt (file-other.rules) * 1:16737 <-> DISABLED <-> FILE-MULTIMEDIA Xenorate Media Player XPL file handling overflow attempt - 1 (file-multimedia.rules) * 1:16738 <-> DISABLED <-> FILE-MULTIMEDIA Xenorate Media Player XPL file handling overflow attempt - 2 (file-multimedia.rules) * 1:16739 <-> DISABLED <-> FILE-MULTIMEDIA Multiple audio players playlist file handling heap overflow attempt (file-multimedia.rules) * 1:16742 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file download request (file-identify.rules) * 1:16743 <-> DISABLED <-> FILE-OTHER Cain & Abel Remote Desktop Protocol file handling buffer overflow attempt (file-other.rules) * 1:16744 <-> DISABLED <-> FILE-MULTIMEDIA Worldweaver DX Studio Player plug-in command injection attempt (file-multimedia.rules) * 1:16787 <-> DISABLED <-> FILE-OTHER Symantec multiple products AeXNSConsoleUtilities RunCMD buffer overflow attempt (file-other.rules) * 1:16795 <-> DISABLED <-> BROWSER-CHROME Google Chrome FTP handling out-of-bounds array index denial of service attempt (browser-chrome.rules) * 1:16799 <-> DISABLED <-> SERVER-MAIL Eureka Mail 2.2q server error response overflow attempt (server-mail.rules) * 1:16801 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll remote memory corruption denial of service attempt (file-pdf.rules) * 1:16934 <-> DISABLED <-> POLICY-SPAM pku-edp.cn known spam email attempt (policy-spam.rules) * 1:16935 <-> DISABLED <-> POLICY-SPAM sjtu-edp.cn known spam email attempt (policy-spam.rules) * 1:16936 <-> DISABLED <-> POLICY-SPAM xoposuhop.cn xoposuhop.cn known spam email attempt (policy-spam.rules) * 1:16937 <-> DISABLED <-> POLICY-SPAM bestdrug-store.com known spam email attempt (policy-spam.rules) * 1:16938 <-> DISABLED <-> POLICY-SPAM pharmrik66y.ru known spam email attempt (policy-spam.rules) * 1:16939 <-> DISABLED <-> POLICY-SPAM refillleonardo59y.ru known spam email attempt (policy-spam.rules) * 1:16940 <-> DISABLED <-> POLICY-SPAM medfreddie55a.ru known spam email attempt (policy-spam.rules) * 1:16941 <-> DISABLED <-> POLICY-SPAM drugshershel38w.ru known spam email attempt (policy-spam.rules) * 1:16942 <-> DISABLED <-> POLICY-SPAM drugshayyim77n.ru known spam email attempt (policy-spam.rules) * 1:16943 <-> DISABLED <-> POLICY-SPAM erectguthry99c.ru known spam email attempt (policy-spam.rules) * 1:16944 <-> DISABLED <-> POLICY-SPAM pilldory92n.ru known spam email attempt (policy-spam.rules) * 1:16945 <-> DISABLED <-> POLICY-SPAM tabwinn77t.ru known spam email attempt (policy-spam.rules) * 1:16946 <-> DISABLED <-> POLICY-SPAM pillrenault15j.ru known spam email attempt (policy-spam.rules) * 1:16947 <-> DISABLED <-> POLICY-SPAM pharmrolland95h.ru known spam email attempt (policy-spam.rules) * 1:16948 <-> DISABLED <-> POLICY-SPAM onlineheindrick60i.ru known spam email attempt (policy-spam.rules) * 1:16949 <-> DISABLED <-> POLICY-SPAM erectnormie71a.ru known spam email attempt (policy-spam.rules) * 1:16950 <-> DISABLED <-> POLICY-SPAM tabscotti71i.ru known spam email attempt (policy-spam.rules) * 1:16951 <-> DISABLED <-> POLICY-SPAM drugsjudd45f.ru known spam email attempt (policy-spam.rules) * 1:16952 <-> DISABLED <-> POLICY-SPAM pharmharman55y.ru known spam email attempt (policy-spam.rules) * 1:16953 <-> DISABLED <-> POLICY-SPAM medgaultiero11e.ru known spam email attempt (policy-spam.rules) * 1:16954 <-> DISABLED <-> POLICY-SPAM pillgaylor21n.ru known spam email attempt (policy-spam.rules) * 1:16955 <-> DISABLED <-> POLICY-SPAM drugspenn84f.ru known spam email attempt (policy-spam.rules) * 1:16956 <-> DISABLED <-> POLICY-SPAM medebeneser68c.ru known spam email attempt (policy-spam.rules) * 1:16957 <-> DISABLED <-> POLICY-SPAM tabmario94r.ru known spam email attempt (policy-spam.rules) * 1:16958 <-> DISABLED <-> POLICY-SPAM tablennard88q.ru known spam email attempt (policy-spam.rules) * 1:16959 <-> DISABLED <-> POLICY-SPAM medforster79j.ru known spam email attempt (policy-spam.rules) * 1:16960 <-> DISABLED <-> POLICY-SPAM erectvincent21v.ru known spam email attempt (policy-spam.rules) * 1:16961 <-> DISABLED <-> POLICY-SPAM drugsdemott21o.ru known spam email attempt (policy-spam.rules) * 1:16962 <-> DISABLED <-> POLICY-SPAM onlinelovell30p.ru known spam email attempt (policy-spam.rules) * 1:16963 <-> DISABLED <-> POLICY-SPAM erecttaylor49i.ru known spam email attempt (policy-spam.rules) * 1:16964 <-> DISABLED <-> POLICY-SPAM smellexact.ru known spam email attempt (policy-spam.rules) * 1:16965 <-> DISABLED <-> POLICY-SPAM givehome.ru known spam email attempt (policy-spam.rules) * 1:16966 <-> DISABLED <-> POLICY-SPAM thingpath.ru known spam email attempt (policy-spam.rules) * 1:16967 <-> DISABLED <-> POLICY-SPAM wereif.ru known spam email attempt (policy-spam.rules) * 1:16968 <-> DISABLED <-> POLICY-SPAM bassmax.ru known spam email attempt (policy-spam.rules) * 1:16969 <-> DISABLED <-> POLICY-SPAM steadfig.ru known spam email attempt (policy-spam.rules) * 1:16970 <-> DISABLED <-> POLICY-SPAM drugsmayne5a.ru known spam email attempt (policy-spam.rules) * 1:16971 <-> DISABLED <-> POLICY-SPAM mystick.ru known spam email attempt (policy-spam.rules) * 1:16972 <-> DISABLED <-> POLICY-SPAM drugsrey95a.ru known spam email attempt (policy-spam.rules) * 1:16973 <-> DISABLED <-> POLICY-SPAM milklowly.ru known spam email attempt (policy-spam.rules) * 1:16974 <-> DISABLED <-> POLICY-SPAM numberenough.ru known spam email attempt (policy-spam.rules) * 1:16975 <-> DISABLED <-> POLICY-SPAM oldsheer.ru known spam email attempt (policy-spam.rules) * 1:16976 <-> DISABLED <-> POLICY-SPAM logzest.ru known spam email attempt (policy-spam.rules) * 1:16977 <-> DISABLED <-> POLICY-SPAM energypotent.ru known spam email attempt (policy-spam.rules) * 1:16978 <-> DISABLED <-> POLICY-SPAM outhave.ru known spam email attempt (policy-spam.rules) * 1:16979 <-> DISABLED <-> POLICY-SPAM solvecalm.ru known spam email attempt (policy-spam.rules) * 1:16980 <-> DISABLED <-> POLICY-SPAM stillvisit.ru known spam email attempt (policy-spam.rules) * 1:16981 <-> DISABLED <-> POLICY-SPAM livelycall.ru known spam email attempt (policy-spam.rules) * 1:16982 <-> DISABLED <-> POLICY-SPAM 64.com1.ru known spam email attempt (policy-spam.rules) * 1:16983 <-> DISABLED <-> POLICY-SPAM heatsettle.ru known spam email attempt (policy-spam.rules) * 1:16984 <-> DISABLED <-> POLICY-SPAM freshmuch.ru known spam email attempt (policy-spam.rules) * 1:16985 <-> DISABLED <-> POLICY-SPAM extoleye.ru known spam email attempt (policy-spam.rules) * 1:16987 <-> DISABLED <-> POLICY-SPAM tabemmerich86b.ru known spam email attempt (policy-spam.rules) * 1:16988 <-> DISABLED <-> POLICY-SPAM moderneight.ru known spam email attempt (policy-spam.rules) * 1:16989 <-> DISABLED <-> POLICY-SPAM tabferd49a.ru known spam email attempt (policy-spam.rules) * 1:16990 <-> DISABLED <-> POLICY-SPAM nextmail.ru known spam email attempt (policy-spam.rules) * 1:16991 <-> DISABLED <-> POLICY-SPAM fruitone.ru known spam email attempt (policy-spam.rules) * 1:16992 <-> DISABLED <-> POLICY-SPAM liquideat.ru known spam email attempt (policy-spam.rules) * 1:16993 <-> DISABLED <-> POLICY-SPAM tabwinn2a.ru known spam email attempt (policy-spam.rules) * 1:16994 <-> DISABLED <-> POLICY-SPAM abletool.ru known spam email attempt (policy-spam.rules) * 1:16995 <-> DISABLED <-> POLICY-SPAM miltyrefil.ru known spam email attempt (policy-spam.rules) * 1:16996 <-> DISABLED <-> POLICY-SPAM quincytab.ru known spam email attempt (policy-spam.rules) * 1:16997 <-> DISABLED <-> POLICY-SPAM giacoporx.ru known spam email attempt (policy-spam.rules) * 1:16998 <-> DISABLED <-> POLICY-SPAM drugsnevile.ru known spam email attempt (policy-spam.rules) * 1:16999 <-> DISABLED <-> POLICY-SPAM jasemed.ru known spam email attempt (policy-spam.rules) * 1:17000 <-> DISABLED <-> POLICY-SPAM ximenezdrug.ru known spam email attempt (policy-spam.rules) * 1:17001 <-> DISABLED <-> POLICY-SPAM dillonline.ru known spam email attempt (policy-spam.rules) * 1:17002 <-> DISABLED <-> POLICY-SPAM swellliquid.ru known spam email attempt (policy-spam.rules) * 1:17003 <-> DISABLED <-> POLICY-SPAM younglaugh.ru known spam email attempt (policy-spam.rules) * 1:17004 <-> DISABLED <-> POLICY-SPAM 2047757.kaskad-travel.ru known spam email attempt (policy-spam.rules) * 1:17005 <-> DISABLED <-> POLICY-SPAM paintwater.ru known spam email attempt (policy-spam.rules) * 1:17006 <-> DISABLED <-> POLICY-SPAM lovingover.ru known spam email attempt (policy-spam.rules) * 1:17007 <-> DISABLED <-> POLICY-SPAM pharmerastus.ru known spam email attempt (policy-spam.rules) * 1:17008 <-> DISABLED <-> POLICY-SPAM hisoffer.ru known spam email attempt (policy-spam.rules) * 1:17009 <-> DISABLED <-> POLICY-SPAM butleft.ru known spam email attempt (policy-spam.rules) * 1:17010 <-> DISABLED <-> POLICY-SPAM starknow.ru known spam email attempt (policy-spam.rules) * 1:17011 <-> DISABLED <-> POLICY-SPAM beginwisdom.ru known spam email attempt (policy-spam.rules) * 1:17012 <-> DISABLED <-> POLICY-SPAM oneus.ru known spam email attempt (policy-spam.rules) * 1:17013 <-> DISABLED <-> POLICY-SPAM reapcomfy.ru known spam email attempt (policy-spam.rules) * 1:17014 <-> DISABLED <-> POLICY-SPAM rowsay.ru known spam email attempt (policy-spam.rules) * 1:17015 <-> DISABLED <-> POLICY-SPAM pamperletter.ru known spam email attempt (policy-spam.rules) * 1:17016 <-> DISABLED <-> POLICY-SPAM boxdouble.ru known spam email attempt (policy-spam.rules) * 1:17017 <-> DISABLED <-> POLICY-SPAM beatmoon.ru known spam email attempt (policy-spam.rules) * 1:17018 <-> DISABLED <-> POLICY-SPAM ensureequate.ru known spam email attempt (policy-spam.rules) * 1:17020 <-> DISABLED <-> POLICY-SPAM sheerwheel.ru known spam email attempt (policy-spam.rules) * 1:17021 <-> DISABLED <-> POLICY-SPAM nearpass.ru known spam email attempt (policy-spam.rules) * 1:17022 <-> DISABLED <-> POLICY-SPAM thatmile.ru known spam email attempt (policy-spam.rules) * 1:17023 <-> DISABLED <-> POLICY-SPAM hillfoot.ru known spam email attempt (policy-spam.rules) * 1:17024 <-> DISABLED <-> POLICY-SPAM writeobject.ru known spam email attempt (policy-spam.rules) * 1:17025 <-> DISABLED <-> POLICY-SPAM thoughthese.ru known spam email attempt (policy-spam.rules) * 1:17026 <-> DISABLED <-> POLICY-SPAM redlead.ru known spam email attempt (policy-spam.rules) * 1:17027 <-> DISABLED <-> POLICY-SPAM scoreenjoy.ru known spam email attempt (policy-spam.rules) * 1:17029 <-> DISABLED <-> POLICY-SPAM tenderpower.ru known spam email attempt (policy-spam.rules) * 1:17030 <-> DISABLED <-> POLICY-SPAM fewvalley.ru known spam email attempt (policy-spam.rules) * 1:17031 <-> DISABLED <-> POLICY-SPAM burnshy.ru known spam email attempt (policy-spam.rules) * 1:17032 <-> DISABLED <-> POLICY-SPAM centtry.ru known spam email attempt (policy-spam.rules) * 1:17033 <-> DISABLED <-> POLICY-SPAM signpearl.ru known spam email attempt (policy-spam.rules) * 1:17041 <-> DISABLED <-> SERVER-OTHER ISA Server OTP-based Forms-authorization fallback policy bypass attempt (server-other.rules) * 1:17044 <-> ENABLED <-> SQL WinCC DB default password security bypass attempt (sql.rules) * 1:17059 <-> DISABLED <-> PROTOCOL-FTP Vermillion 1.31 vftpd port command memory corruption (protocol-ftp.rules) * 1:17104 <-> DISABLED <-> FILE-OTHER FeedDemon OPML file handling buffer overflow attempt (file-other.rules) * 1:17105 <-> DISABLED <-> FILE-OTHER FeedDemon unicode OPML file handling buffer overflow attempt (file-other.rules) * 1:17109 <-> DISABLED <-> SERVER-ORACLE Oracle Java Web Console logging functionality format string exploit attempt (server-oracle.rules) * 1:17110 <-> DISABLED <-> APP-DETECT VxWorks remote debugging agent login attempt (app-detect.rules) * 1:17112 <-> DISABLED <-> OS-WINDOWS DCERPC rpcss2 _RemoteGetClassObject attempt (os-windows.rules) * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules) * 1:17118 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET CreateDelegate method arbitrary code execution attempt (file-executable.rules) * 1:17125 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 MaxDataCount overflow attempt (os-windows.rules) * 1:17126 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB large session length with small packet (os-windows.rules) * 1:17141 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid data precision arbitrary code execution exploit attempt (file-flash.rules) * 1:17142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF ActionScript exploit attempt (file-flash.rules) * 1:17151 <-> ENABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (netbios.rules) * 1:17180 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM record exploit attempt (file-other.rules) * 1:17181 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM record exploit attempt (file-other.rules) * 1:17182 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC record exploit attempt (file-other.rules) * 1:17183 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC record exploit attempt (file-other.rules) * 1:17184 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC record exploit attempt (file-other.rules) * 1:17185 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17186 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17187 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17188 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17189 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17190 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:17192 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:17193 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:17196 <-> DISABLED <-> FILE-OTHER Adobe Director file exploit attempt (file-other.rules) * 1:17197 <-> DISABLED <-> FILE-OTHER Adobe Director file exploit attempt (file-other.rules) * 1:17198 <-> DISABLED <-> FILE-OTHER Adobe Director file exploit attempt (file-other.rules) * 1:17199 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director file lRTX overflow attempt (file-other.rules) * 1:17200 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM overflow attempt (file-other.rules) * 1:17201 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director file LsCM overflow attempt (file-other.rules) * 1:17203 <-> DISABLED <-> FILE-OTHER Adobe Director file file rcsL overflow attempt (file-other.rules) * 1:17204 <-> DISABLED <-> FILE-OTHER Adobe Director file mmap overflow attempt (file-other.rules) * 1:17216 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari TABLE tag with large CELLSPACING attribute exploit attempt (browser-webkit.rules) * 1:17217 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari invalid FRAME tag remote code execution attempt (browser-webkit.rules) * 1:17218 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari LI tag with large VALUE attribute exploit attempt (browser-webkit.rules) * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:17240 <-> DISABLED <-> SERVER-MAIL Multiple IMAP server literal CREATE command buffer overflow attempt (server-mail.rules) * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules) * 1:17249 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSASS integer overflow attempt (os-windows.rules) * 1:17257 <-> DISABLED <-> FILE-FLASH Adobe Flash Player and Reader remote code execution attempt (file-flash.rules) * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules) * 1:17267 <-> DISABLED <-> FILE-OTHER Multiple vendor malformed ZIP archive Antivirus detection bypass attempt (file-other.rules) * 1:17277 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (file-other.rules) * 1:17278 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (file-other.rules) * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules) * 1:17319 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MCAtom remote code execution attempt (file-office.rules) * 1:17320 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MCAtom remote code execution attempt (file-office.rules) * 1:17327 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules) * 1:17332 <-> ENABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules) * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules) * 1:17364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules) * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules) * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules) * 1:17396 <-> ENABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules) * 1:17417 <-> DISABLED <-> SERVER-ORACLE Database Intermedia Denial of Service Attempt (server-oracle.rules) * 1:17418 <-> ENABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules) * 1:17426 <-> ENABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules) * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules) * 1:17445 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:17503 <-> DISABLED <-> SERVER-MAIL MailEnable IMAP Service Invalid Command Buffer Overlow LOGIN (server-mail.rules) * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules) * 1:17537 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel unspecified memory corruption attempt (file-office.rules) * 1:17539 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel unspecified memory corruption attempt (file-office.rules) * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules) * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules) * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules) * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules) * 1:17667 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Pragmatic General Multicast Protocol memory consumption denial of service attempt (os-windows.rules) * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules) * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules) * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules) * 1:17745 <-> ENABLED <-> NETBIOS SMB TRANS2 Find_First2 request attempt (netbios.rules) * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules) * 1:17754 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word bookmark bound check remote code execution attempt (file-office.rules) * 1:17755 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unchecked index value remote code execution attempt (file-office.rules) * 1:17763 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel GhostRw record exploit attempt (file-office.rules) * 1:17773 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player Firefox plugin memory corruption attempt (file-multimedia.rules) * 1:17776 <-> DISABLED <-> FILE-JAVA Oracle Java HsbParser.getSoundBank stack buffer overflow attempt (file-java.rules) * 1:17782 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple registers from external source (protocol-scada.rules) * 1:17783 <-> DISABLED <-> PROTOCOL-SCADA Modbus write single register from external source (protocol-scada.rules) * 1:17784 <-> DISABLED <-> PROTOCOL-SCADA Modbus write single coil from external source (protocol-scada.rules) * 1:17785 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple coils from external source (protocol-scada.rules) * 1:17786 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record from external source (protocol-scada.rules) * 1:17787 <-> DISABLED <-> PROTOCOL-SCADA Modbus read discrete inputs from external source (protocol-scada.rules) * 1:17788 <-> DISABLED <-> PROTOCOL-SCADA Modbus read coils from external source (protocol-scada.rules) * 1:17789 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input register from external source (protocol-scada.rules) * 1:17790 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding registers from external source (protocol-scada.rules) * 1:17791 <-> DISABLED <-> PROTOCOL-SCADA Modbus read/write multiple registers from external source (protocol-scada.rules) * 1:17792 <-> DISABLED <-> PROTOCOL-SCADA Modbus read fifo queue from external source (protocol-scada.rules) * 1:17793 <-> DISABLED <-> PROTOCOL-SCADA Modbus read file record from external source (protocol-scada.rules) * 1:17794 <-> DISABLED <-> PROTOCOL-SCADA Modbus read exception status from external source (protocol-scada.rules) * 1:17795 <-> DISABLED <-> PROTOCOL-SCADA Modbus initiate diagnostic from external source (protocol-scada.rules) * 1:17796 <-> DISABLED <-> PROTOCOL-SCADA Modbus get com event counter from external source (protocol-scada.rules) * 1:17797 <-> DISABLED <-> PROTOCOL-SCADA Modbus get com event log from external source (protocol-scada.rules) * 1:17798 <-> DISABLED <-> PROTOCOL-SCADA Modbus report slave id from external source (protocol-scada.rules) * 1:17799 <-> DISABLED <-> PROTOCOL-SCADA Modbus read device identification from external source (protocol-scada.rules) * 1:17800 <-> DISABLED <-> PROTOCOL-SCADA Modbus mask write register from external source (protocol-scada.rules) * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules) * 1:17810 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of server32.exe (indicator-compromise.rules) * 1:17812 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of iexplore.exe (indicator-compromise.rules) * 1:17813 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of iprinp.dll (indicator-compromise.rules) * 1:17814 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of winzf32.dll (indicator-compromise.rules) * 1:17817 <-> DISABLED <-> SERVER-OTHER Thinkpoint fake antivirus binary download (server-other.rules) * 1:17918 <-> DISABLED <-> POLICY-SPAM aaof.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17919 <-> DISABLED <-> POLICY-SPAM akiq.onlinetommie54y.ru known spam email attempt (policy-spam.rules) * 1:17920 <-> DISABLED <-> POLICY-SPAM aobuii.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17921 <-> DISABLED <-> POLICY-SPAM argue.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:17922 <-> DISABLED <-> POLICY-SPAM ava.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17923 <-> DISABLED <-> POLICY-SPAM axoseb.medicdrugsxck.ru known spam email attempt (policy-spam.rules) * 1:17924 <-> DISABLED <-> POLICY-SPAM azo.onlinetommie54y.ru known spam email attempt (policy-spam.rules) * 1:17925 <-> DISABLED <-> POLICY-SPAM back.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:17926 <-> DISABLED <-> POLICY-SPAM by.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:17927 <-> DISABLED <-> POLICY-SPAM cardinals.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:17928 <-> DISABLED <-> POLICY-SPAM chemist.onlineruggiero33q.ru known spam email attempt (policy-spam.rules) * 1:17929 <-> DISABLED <-> POLICY-SPAM chula.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:17930 <-> DISABLED <-> POLICY-SPAM classification.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17931 <-> DISABLED <-> POLICY-SPAM compensate.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:17932 <-> DISABLED <-> POLICY-SPAM cswjlxey.ru known spam email attempt (policy-spam.rules) * 1:17933 <-> DISABLED <-> POLICY-SPAM current.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17934 <-> DISABLED <-> POLICY-SPAM cyacaz.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17935 <-> DISABLED <-> POLICY-SPAM deepcenter.ru known spam email attempt (policy-spam.rules) * 1:17936 <-> DISABLED <-> POLICY-SPAM delegate.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17937 <-> DISABLED <-> POLICY-SPAM diet.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:17938 <-> DISABLED <-> POLICY-SPAM direct.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17939 <-> DISABLED <-> POLICY-SPAM divyo.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:17940 <-> DISABLED <-> POLICY-SPAM drugsgeorge65g.ru known spam email attempt (policy-spam.rules) * 1:17941 <-> DISABLED <-> POLICY-SPAM dux.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17942 <-> DISABLED <-> POLICY-SPAM dypoh.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:17943 <-> DISABLED <-> POLICY-SPAM eaihar.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17944 <-> DISABLED <-> POLICY-SPAM eeez.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:17945 <-> DISABLED <-> POLICY-SPAM egi.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17946 <-> DISABLED <-> POLICY-SPAM ehyw.cumedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:17947 <-> DISABLED <-> POLICY-SPAM eka.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:17948 <-> DISABLED <-> POLICY-SPAM election.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17949 <-> DISABLED <-> POLICY-SPAM elik.drugslevy46b.ru known spam email attempt (policy-spam.rules) * 1:17950 <-> DISABLED <-> POLICY-SPAM epeno.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17951 <-> DISABLED <-> POLICY-SPAM erectgodart30s.ru known spam email attempt (policy-spam.rules) * 1:17952 <-> DISABLED <-> POLICY-SPAM erol.camedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:17953 <-> DISABLED <-> POLICY-SPAM exa.drugslevy46b.ru known spam email attempt (policy-spam.rules) * 1:17954 <-> DISABLED <-> POLICY-SPAM eyu.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:17955 <-> DISABLED <-> POLICY-SPAM fashionchannel.ru known spam email attempt (policy-spam.rules) * 1:17956 <-> DISABLED <-> POLICY-SPAM fauxy.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:17957 <-> DISABLED <-> POLICY-SPAM food.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17958 <-> DISABLED <-> POLICY-SPAM generality.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:17959 <-> DISABLED <-> POLICY-SPAM goyry.ramedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:17960 <-> DISABLED <-> POLICY-SPAM gueepa.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17961 <-> DISABLED <-> POLICY-SPAM has.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17962 <-> DISABLED <-> POLICY-SPAM have.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:17963 <-> DISABLED <-> POLICY-SPAM headtest.ru known spam email attempt (policy-spam.rules) * 1:17964 <-> DISABLED <-> POLICY-SPAM huhuh.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17965 <-> DISABLED <-> POLICY-SPAM hyem.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17966 <-> DISABLED <-> POLICY-SPAM icysa.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17967 <-> DISABLED <-> POLICY-SPAM iiy.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17968 <-> DISABLED <-> POLICY-SPAM iki.onlinetommie54y.ru known spam email attempt (policy-spam.rules) * 1:17969 <-> DISABLED <-> POLICY-SPAM iner.medicdrugsxdl.ru known spam email attempt (policy-spam.rules) * 1:17970 <-> DISABLED <-> POLICY-SPAM in.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:17971 <-> DISABLED <-> POLICY-SPAM intelpost.ru known spam email attempt (policy-spam.rules) * 1:17972 <-> DISABLED <-> POLICY-SPAM inunuw.medicdrugsxpo.ru known spam email attempt (policy-spam.rules) * 1:17973 <-> DISABLED <-> POLICY-SPAM ipiig.drugslevy46b.ru known spam email attempt (policy-spam.rules) * 1:17974 <-> DISABLED <-> POLICY-SPAM iqor.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17975 <-> DISABLED <-> POLICY-SPAM is.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:17976 <-> DISABLED <-> POLICY-SPAM itaca.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17977 <-> DISABLED <-> POLICY-SPAM ive.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17978 <-> DISABLED <-> POLICY-SPAM iweqyz.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:17979 <-> DISABLED <-> POLICY-SPAM iycyde.medicdrugsxco.ru known spam email attempt (policy-spam.rules) * 1:17980 <-> DISABLED <-> POLICY-SPAM iyw.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17981 <-> DISABLED <-> POLICY-SPAM jaecoh.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17982 <-> DISABLED <-> POLICY-SPAM jael.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:17983 <-> DISABLED <-> POLICY-SPAM jex.remedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:17984 <-> DISABLED <-> POLICY-SPAM john.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:17985 <-> DISABLED <-> POLICY-SPAM joseph.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17986 <-> DISABLED <-> POLICY-SPAM jyn.medicdrugsxdl.ru known spam email attempt (policy-spam.rules) * 1:17987 <-> DISABLED <-> POLICY-SPAM jyzyv.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17988 <-> DISABLED <-> POLICY-SPAM koosaf.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17989 <-> DISABLED <-> POLICY-SPAM lybah.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17990 <-> DISABLED <-> POLICY-SPAM manila.onlinephilbert42f.ru known spam email attempt (policy-spam.rules) * 1:17991 <-> DISABLED <-> POLICY-SPAM masa.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:17992 <-> DISABLED <-> POLICY-SPAM medpenny17j.ru known spam email attempt (policy-spam.rules) * 1:17993 <-> DISABLED <-> POLICY-SPAM minionspre.ru known spam email attempt (policy-spam.rules) * 1:17994 <-> DISABLED <-> POLICY-SPAM nazuwu.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17995 <-> DISABLED <-> POLICY-SPAM negotiations.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:17996 <-> DISABLED <-> POLICY-SPAM niqiv.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:17997 <-> DISABLED <-> POLICY-SPAM odimys.medicdrugsxlb.ru known spam email attempt (policy-spam.rules) * 1:17998 <-> DISABLED <-> POLICY-SPAM odoog.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17999 <-> DISABLED <-> POLICY-SPAM oekaka.aimedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:18000 <-> DISABLED <-> POLICY-SPAM oeqio.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:18001 <-> DISABLED <-> POLICY-SPAM of.onlinephilbert42f.ru known spam email attempt (policy-spam.rules) * 1:18002 <-> DISABLED <-> POLICY-SPAM of.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:18003 <-> DISABLED <-> POLICY-SPAM of.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:18004 <-> DISABLED <-> POLICY-SPAM oipek.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18005 <-> DISABLED <-> POLICY-SPAM oji.medicdrugsxto.ru known spam email attempt (policy-spam.rules) * 1:18006 <-> DISABLED <-> POLICY-SPAM onotye.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:18007 <-> DISABLED <-> POLICY-SPAM opy.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:18008 <-> DISABLED <-> POLICY-SPAM orderbuzz.ru known spam email attempt (policy-spam.rules) * 1:18009 <-> DISABLED <-> POLICY-SPAM ouu.almedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:18010 <-> DISABLED <-> POLICY-SPAM oxuc.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18011 <-> DISABLED <-> POLICY-SPAM pillrolfe64l.ru known spam email attempt (policy-spam.rules) * 1:18012 <-> DISABLED <-> POLICY-SPAM recently.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:18013 <-> DISABLED <-> POLICY-SPAM records.onlinephilbert42f.ru known spam email attempt (policy-spam.rules) * 1:18014 <-> DISABLED <-> POLICY-SPAM reobaj.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18015 <-> DISABLED <-> POLICY-SPAM research.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:18016 <-> DISABLED <-> POLICY-SPAM returning.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:18017 <-> DISABLED <-> POLICY-SPAM right.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:18018 <-> DISABLED <-> POLICY-SPAM riwaro.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:18019 <-> DISABLED <-> POLICY-SPAM ruuav.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:18020 <-> DISABLED <-> POLICY-SPAM ryhux.medicdrugsxpa.ru known spam email attempt (policy-spam.rules) * 1:18021 <-> DISABLED <-> POLICY-SPAM software-buyshop-7.ru known spam email attempt (policy-spam.rules) * 1:18022 <-> DISABLED <-> POLICY-SPAM specialyou.ru known spam email attempt (policy-spam.rules) * 1:18023 <-> DISABLED <-> POLICY-SPAM starring.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:18024 <-> DISABLED <-> POLICY-SPAM store-softwarebuy-7.ru known spam email attempt (policy-spam.rules) * 1:18025 <-> DISABLED <-> POLICY-SPAM sya.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18026 <-> DISABLED <-> POLICY-SPAM tabdarin80s.ru known spam email attempt (policy-spam.rules) * 1:18027 <-> DISABLED <-> POLICY-SPAM tabgordan13n.ru known spam email attempt (policy-spam.rules) * 1:18028 <-> DISABLED <-> POLICY-SPAM tablangston19a.ru known spam email attempt (policy-spam.rules) * 1:18029 <-> DISABLED <-> POLICY-SPAM tabwebster77c.ru known spam email attempt (policy-spam.rules) * 1:18030 <-> DISABLED <-> POLICY-SPAM tanuen.dimedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:18031 <-> DISABLED <-> POLICY-SPAM the.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:18032 <-> DISABLED <-> POLICY-SPAM the.onlineruggiero33q.ru known spam email attempt (policy-spam.rules) * 1:18033 <-> DISABLED <-> POLICY-SPAM to.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:18034 <-> DISABLED <-> POLICY-SPAM trails.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:18035 <-> DISABLED <-> POLICY-SPAM trusting-me.ru known spam email attempt (policy-spam.rules) * 1:18036 <-> DISABLED <-> POLICY-SPAM twodays.ru known spam email attempt (policy-spam.rules) * 1:18037 <-> DISABLED <-> POLICY-SPAM tyqaja.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:18038 <-> DISABLED <-> POLICY-SPAM uboi.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18039 <-> DISABLED <-> POLICY-SPAM uf.drugslevy46b.ru known spam email attempt (policy-spam.rules) * 1:18040 <-> DISABLED <-> POLICY-SPAM uielij.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18041 <-> DISABLED <-> POLICY-SPAM unasu.medicdrugsxto.ru known spam email attempt (policy-spam.rules) * 1:18042 <-> DISABLED <-> POLICY-SPAM upazo.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:18043 <-> DISABLED <-> POLICY-SPAM utuqaj.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18044 <-> DISABLED <-> POLICY-SPAM uuji.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:18045 <-> DISABLED <-> POLICY-SPAM variation.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:18046 <-> DISABLED <-> POLICY-SPAM via.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:18047 <-> DISABLED <-> POLICY-SPAM voiceless.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:18048 <-> DISABLED <-> POLICY-SPAM was.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:18049 <-> DISABLED <-> POLICY-SPAM word.onlinephilbert42f.ru known spam email attempt (policy-spam.rules) * 1:18050 <-> DISABLED <-> POLICY-SPAM world.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:18051 <-> DISABLED <-> POLICY-SPAM www.buhni.ru known spam email attempt (policy-spam.rules) * 1:18052 <-> DISABLED <-> POLICY-SPAM www.visitcover.ru known spam email attempt (policy-spam.rules) * 1:18053 <-> DISABLED <-> POLICY-SPAM xob.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:18054 <-> DISABLED <-> POLICY-SPAM ygy.onlinetommie54y.ru known spam email attempt (policy-spam.rules) * 1:18055 <-> DISABLED <-> POLICY-SPAM yit.medicdrugsxor.ru known spam email attempt (policy-spam.rules) * 1:18056 <-> DISABLED <-> POLICY-SPAM ylum.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:18057 <-> DISABLED <-> POLICY-SPAM ymyuto.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:18058 <-> DISABLED <-> POLICY-SPAM yomy.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18059 <-> DISABLED <-> POLICY-SPAM yzugez.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18060 <-> DISABLED <-> POLICY-SPAM zeroprices.ru known spam email attempt (policy-spam.rules) * 1:18061 <-> DISABLED <-> POLICY-SPAM zueuz.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18070 <-> DISABLED <-> FILE-OFFICE Microsoft Office pptimpconv.dll dll-load exploit attempt (file-office.rules) * 1:18071 <-> DISABLED <-> FILE-OFFICE Microsoft Office pptimpconv.dll dll-load exploit attempt (file-office.rules) * 1:18072 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG external redirect attempt (os-windows.rules) * 1:18073 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG arbitrary embedded scripting attempt (os-windows.rules) * 1:18074 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Forefront UAG URL XSS attempt (os-windows.rules) * 1:18077 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules) * 1:18078 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules) * 1:18096 <-> DISABLED <-> SERVER-APACHE Apache Tomcat username enumeration attempt (server-apache.rules) * 1:18132 <-> DISABLED <-> INDICATOR-OBFUSCATION malware-associated JavaScript obfuscation function (indicator-obfuscation.rules) * 1:18170 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox and SeaMonkey onUnload event handler memory corruption attempt (browser-firefox.rules) * 1:18176 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (browser-firefox.rules) * 1:18177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (browser-firefox.rules) * 1:18178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (browser-firefox.rules) * 1:18179 <-> DISABLED <-> INDICATOR-SCAN Proxyfire.net anonymous proxy scan (indicator-scan.rules) * 1:18180 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript remote code execution attempt (file-flash.rules) * 1:18181 <-> DISABLED <-> PROTOCOL-FTP ProFTPd 1.3.3c backdoor activity (protocol-ftp.rules) * 1:18182 <-> DISABLED <-> PROTOCOL-FTP ProFTPd 1.3.3c backdoor help access attempt (protocol-ftp.rules) * 1:18186 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products -moz-grid and -moz-grid-group display styles code execution attempt (browser-firefox.rules) * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules) * 1:18188 <-> DISABLED <-> BROWSER-FIREFOX Multiple browser marquee tag denial of service attempt (browser-firefox.rules) * 1:18195 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt (os-windows.rules) * 1:18202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Address Book smmscrpt.dll malicious DLL load (os-windows.rules) * 1:18203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Address Book smmscrpt.dll malicious DLL load (os-windows.rules) * 1:18208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet peerdist.dll dll-load exploit attempt (os-windows.rules) * 1:18209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet peerdist.dll dll-load exploit attempt (os-windows.rules) * 1:18210 <-> DISABLED <-> OS-WINDOWS Microsoft Movie Maker hhctrl.ocx dll-load attempt (os-windows.rules) * 1:18211 <-> DISABLED <-> OS-WINDOWS Microsoft Movie Maker hhctrl.ocx dll-load attempt (os-windows.rules) * 1:18213 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher column and row remote code execution attempt (file-office.rules) * 1:18214 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 97 conversion remote code execution attempt (file-office.rules) * 1:18215 <-> DISABLED <-> OS-WINDOWS NETAPI RPC interface reboot attempt (os-windows.rules) * 1:18220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malformed character glyph remote code execution attempt (os-windows.rules) * 1:18222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (os-windows.rules) * 1:18224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (os-windows.rules) * 1:18227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18229 <-> DISABLED <-> FILE-IMAGE Microsoft FlashPix tile length overflow attempt (file-image.rules) * 1:18230 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules) * 1:18231 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher oversized oti length attempt (file-office.rules) * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:18236 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFFIM32.FLT filter memory corruption attempt (file-office.rules) * 1:18246 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Fax Services Cover Page Editor overflow attempt (os-windows.rules) * 1:18249 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Route Information stack buffer overflow attempt (protocol-icmp.rules) * 1:18261 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript engine String.toSource memory corruption attempt (browser-firefox.rules) * 1:18262 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript engine function arguments memory corruption attempt (browser-firefox.rules) * 1:18263 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript deleted frame or window reference attempt (browser-firefox.rules) * 1:18264 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript deleted frame or window reference attempt (browser-firefox.rules) * 1:18266 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:18267 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:18273 <-> ENABLED <-> FILE-IDENTIFY BAT file download request (file-identify.rules) * 1:18274 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules) * 1:18276 <-> DISABLED <-> FILE-OTHER Microsoft Data Access Components library attempt (file-other.rules) * 1:18286 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products element style change memory corruption code execution attempt (browser-firefox.rules) * 1:18298 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript large regex memory corruption attempt (browser-firefox.rules) * 1:18301 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox GeckoActiveXObject memory corruption attempt (browser-firefox.rules) * 1:18302 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox new function garbage collection remote code execution attempt (browser-firefox.rules) * 1:18312 <-> DISABLED <-> SERVER-OTHER Subversion 1.0.2 get-dated-rev buffer overflow attempt (server-other.rules) * 1:18315 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrValidateName2 overflow attempt (os-windows.rules) * 1:18320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt (os-windows.rules) * 1:18326 <-> DISABLED <-> PROTOCOL-FTP ProFTPD mod_site_misc module directory traversal attempt (protocol-ftp.rules) * 1:18327 <-> DISABLED <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt (protocol-scada.rules) * 1:18332 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JS Web Worker arbitrary code execution attempt (browser-firefox.rules) * 1:18396 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hypervisor OS-WINDOWS vfd download attempt (os-windows.rules) * 1:18397 <-> DISABLED <-> SERVER-OTHER HP DDMI Agent spoofing - command execution (server-other.rules) * 1:18400 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CRSS local process allowed to persist through logon or logoff attempt (os-windows.rules) * 1:18405 <-> ENABLED <-> OS-WINDOWS Microsoft Windows LSASS domain name buffer overflow attempt (os-windows.rules) * 1:18406 <-> DISABLED <-> FILE-OTHER Microsoft Windows Server 2003 update service principal name spn dos executable attempt (file-other.rules) * 1:18407 <-> DISABLED <-> FILE-OTHER Microsoft Windows Server 2003 update service principal name spn dos attempt (file-other.rules) * 1:18408 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WMI tracing api integer truncation attempt (os-windows.rules) * 1:18409 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys write message to dead thread code execution attempt (os-windows.rules) * 1:18410 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys write message to dead thread code execution attempt (os-windows.rules) * 1:18411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules) * 1:18412 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules) * 1:18413 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WMI tracing api integer truncation attempt (os-windows.rules) * 1:18414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos auth downgrade to DES MITM attempt (os-windows.rules) * 1:18415 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio deserialization double free attempt (file-office.rules) * 1:18418 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript apply function memory corruption attempt (file-flash.rules) * 1:18419 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader field flags exploit attempt (file-pdf.rules) * 1:18420 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript ASnative function remote code execution attempt (file-flash.rules) * 1:18421 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript beginGradientFill memory corruption attempt (file-flash.rules) * 1:18426 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin sqlite.dll dll-load exploit attempt (file-other.rules) * 1:18431 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin sqlite.dll dll-load exploit attempt (file-pdf.rules) * 1:18432 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader d3dref9.dll dll-load exploit attempt (file-pdf.rules) * 1:18433 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader d3dref9.dll dll-load exploit attempt (file-other.rules) * 1:18434 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin ace.dll dll-load exploit attempt (file-other.rules) * 1:18435 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin agm.dll dll-load exploit attempt (file-other.rules) * 1:18436 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin bibutils.dll dll-load exploit attempt (file-other.rules) * 1:18437 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin cooltype.dll dll-load exploit attempt (file-other.rules) * 1:18438 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin cryptocme2.dll dll-load exploit attempt (file-other.rules) * 1:18439 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin ace.dll dll-load exploit attempt (file-pdf.rules) * 1:18440 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin agm.dll dll-load exploit attempt (file-pdf.rules) * 1:18441 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin bibutils.dll dll-load exploit attempt (file-pdf.rules) * 1:18442 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin cooltype.dll dll-load exploit attempt (file-pdf.rules) * 1:18443 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin cryptocme2.dll dll-load exploit attempt (file-pdf.rules) * 1:18444 <-> DISABLED <-> FILE-FLASH Adobe Flash Player forged atom type attempt (file-flash.rules) * 1:18445 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player nvapi.dll dll-load exploit attempt (file-flash.rules) * 1:18446 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player nvapi.dll dll-load exploit attempt (file-flash.rules) * 1:18447 <-> DISABLED <-> FILE-FLASH Adobe OpenAction crafted URI action thru Firefox attempt (file-flash.rules) * 1:18449 <-> DISABLED <-> FILE-OTHER Adobe Acrobat font definition memory corruption attempt (file-other.rules) * 1:18452 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:18455 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed jpeg2000 superbox attempt (file-pdf.rules) * 1:18456 <-> DISABLED <-> FILE-PDF Adobe Acrobat XML entity escape attempt (file-pdf.rules) * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules) * 1:18473 <-> DISABLED <-> PROTOCOL-ICMP ICMPv6 Echo Reply (protocol-icmp.rules) * 1:18474 <-> DISABLED <-> PROTOCOL-ICMP ICMPv6 Echo Request (protocol-icmp.rules) * 1:18477 <-> DISABLED <-> SERVER-MAIL Lotus Notes MIF viewer statement data overflow 2 (server-mail.rules) * 1:18485 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript handler race condition memory corruption attempt (browser-firefox.rules) * 1:18486 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript handler race condition memory corruption attempt (browser-firefox.rules) * 1:18488 <-> DISABLED <-> FILE-OTHER Adobe Photoshop wintab32.dll dll-load exploit attempt (file-other.rules) * 1:18489 <-> DISABLED <-> FILE-OTHER Adobe Photoshop request for wintab32.dll over SMB attempt (file-other.rules) * 1:18493 <-> DISABLED <-> INDICATOR-OBFUSCATION generic PHP code obfuscation attempt (indicator-obfuscation.rules) * 1:18501 <-> DISABLED <-> OS-WINDOWS Microsoft Malware Protection Engine elevation of privilege attempt (os-windows.rules) * 1:18502 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Actionlf out of range negative offset attempt (file-flash.rules) * 1:18503 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript flash.geom.Point constructor memory corruption attempt (file-flash.rules) * 1:18504 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionConstantPool overflow attempt (file-flash.rules) * 1:18505 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionPush overflow attempt (file-flash.rules) * 1:18508 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit ParentStyleSheet exploit attempt (browser-webkit.rules) * 1:18509 <-> DISABLED <-> SERVER-OTHER PeerCast format string exploit attempt (server-other.rules) * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:18529 <-> DISABLED <-> FILE-OTHER Adobe Premiere Pro ibfs32.dll dll-load exploit attempt (file-other.rules) * 1:18530 <-> DISABLED <-> FILE-OTHER Adobe Premier Pro ibfs32.dll dll-load exploit attempt (file-other.rules) * 1:18550 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint with embedded Flash file attachment (file-office.rules) * 1:18565 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for mail.google.com detected (indicator-compromise.rules) * 1:18566 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for www.google.com detected (indicator-compromise.rules) * 1:18567 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (indicator-compromise.rules) * 1:18568 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (indicator-compromise.rules) * 1:18569 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (indicator-compromise.rules) * 1:18570 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.skype.com detected (indicator-compromise.rules) * 1:18571 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for addons.mozilla.org detected (indicator-compromise.rules) * 1:18572 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.live.com detected (indicator-compromise.rules) * 1:18573 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for global trustee detected (indicator-compromise.rules) * 1:18576 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate from usertrust.com detected (indicator-compromise.rules) * 1:18580 <-> DISABLED <-> PROTOCOL-FTP ACCT overflow attempt (protocol-ftp.rules) * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules) * 1:18598 <-> DISABLED <-> SERVER-OTHER GoodTech SSH Server SFTP Processing Buffer Overflow (server-other.rules) * 1:18604 <-> DISABLED <-> MALWARE-OTHER lizamoon script injection (malware-other.rules) * 1:18605 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService path overflow attempt (protocol-scada.rules) * 1:18606 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService file access attempt (protocol-scada.rules) * 1:18607 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService file information access attempt (protocol-scada.rules) * 1:18608 <-> DISABLED <-> APP-DETECT Dropbox desktop software in use (app-detect.rules) * 1:18609 <-> DISABLED <-> APP-DETECT Dropbox desktop software in use (app-detect.rules) * 1:18610 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink vrn.exe opcode 9 or 10 string parsing overflow attempt (protocol-scada.rules) * 1:18614 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink vrn.exe file access attempt (protocol-scada.rules) * 1:18617 <-> DISABLED <-> SERVER-OTHER Tecnomatix FactoryLink CSService null pointer attempt (server-other.rules) * 1:18619 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc40.dll dll-load exploit attempt (os-windows.rules) * 1:18620 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc42.dll dll-load exploit attempt (os-windows.rules) * 1:18621 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc80.dll dll-load exploit attempt (os-windows.rules) * 1:18622 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc90.dll dll-load exploit attempt (os-windows.rules) * 1:18623 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc100.dll dll-load exploit attempt (os-windows.rules) * 1:18624 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET framework optimizer escalation attempt (os-windows.rules) * 1:18625 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc40.dll dll-load exploit attempt (os-windows.rules) * 1:18626 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc42.dll dll-load exploit attempt (os-windows.rules) * 1:18627 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc80.dll dll-load exploit attempt (os-windows.rules) * 1:18628 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc90.dll dll-load exploit attempt (os-windows.rules) * 1:18629 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc100.dll dll-load exploit attempt (os-windows.rules) * 1:18631 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:18633 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules) * 1:18634 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Workspace file FontCount record memory corruption attempt (file-office.rules) * 1:18636 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint SlideAtom record exploit attempt (file-office.rules) * 1:18637 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint OfficeArt atom memory corruption attempt (file-office.rules) * 1:18641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record invalid cmo.ot exploit attempt (file-office.rules) * 1:18642 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules) * 1:18644 <-> DISABLED <-> FILE-OTHER Microsoft Windows OpenType Fonts CompactFontFormat FontMatrix tranform memory corruption attempt (file-other.rules) * 1:18645 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ arbitrary code execution attempt (file-image.rules) * 1:18652 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template operation overflow attempt (protocol-scada.rules) * 1:18658 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CONNECT_FCS_LOGIN overflow attempt (protocol-scada.rules) * 1:18660 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 write packet buffer overflow attempt (os-windows.rules) * 1:18661 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18662 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18663 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18664 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18666 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18667 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:18684 <-> DISABLED <-> FILE-PDF PDF file with embedded PDF object (file-pdf.rules) * 1:18685 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules) * 1:18691 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AFD.SYS null write attempt (os-windows.rules) * 1:18721 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1C84 integer overflow attempt (protocol-scada.rules) * 1:18722 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1C84 integer overflow attempt (protocol-scada.rules) * 1:18725 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 heap overflow attempt (protocol-scada.rules) * 1:18726 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B2 heap overflow attempt (protocol-scada.rules) * 1:18727 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 heap overflow attempt (protocol-scada.rules) * 1:18728 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DAE heap overflow attempt (protocol-scada.rules) * 1:18729 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBC heap overflow attempt (protocol-scada.rules) * 1:18730 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x089A integer overflow attempt (protocol-scada.rules) * 1:18731 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0453 integer overflow attempt (protocol-scada.rules) * 1:18732 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18733 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18734 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18735 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18736 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18737 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18738 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B2 integer overflow attempt (protocol-scada.rules) * 1:18744 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN vlc player subtitle buffer overflow attempt (file-multimedia.rules) * 1:18746 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CTAGLIST_FCS_XTAG overflow attempt (protocol-scada.rules) * 1:18747 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_BINFILE_FCS_xFILE overflow attempt (protocol-scada.rules) * 1:18748 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_MISC_FCS_MSGx overflow attempt (protocol-scada.rules) * 1:18749 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CTAGLIST_FCS_XTAG overflow attempt (protocol-scada.rules) * 1:18750 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_SCRIPT_FCS_STARTPROG overflow attempt (protocol-scada.rules) * 1:18752 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_INFOTAG_SET_CONTROL overflow attempt (protocol-scada.rules) * 1:18758 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Visual Basic script file download request (file-identify.rules) * 1:18763 <-> DISABLED <-> SERVER-OTHER ActFax Server LPD/LPR Remote Buffer Overflow (server-other.rules) * 1:18765 <-> DISABLED <-> SERVER-MAIL Majordomo2 smtp directory traversal attempt (server-mail.rules) * 1:18778 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 integer overflow attempt (protocol-scada.rules) * 1:18779 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 integer overflow attempt (protocol-scada.rules) * 1:18780 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x07D0 integer overflow attempt (protocol-scada.rules) * 1:18781 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x07D0 integer overflow attempt (protocol-scada.rules) * 1:18783 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DAE integer overflow attempt (protocol-scada.rules) * 1:18784 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DB0 integer overflow attempt (protocol-scada.rules) * 1:18785 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0FA4 integer overflow attempt (protocol-scada.rules) * 1:18786 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0FA7 integer overflow attempt (protocol-scada.rules) * 1:18787 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBC integer overflow attempt (protocol-scada.rules) * 1:18788 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBD integer overflow attempt (protocol-scada.rules) * 1:18789 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x26AC integer overflow attempt (protocol-scada.rules) * 1:18805 <-> DISABLED <-> FILE-FLASH Adobe Flash Player undefined tag exploit attempt (file-flash.rules) * 1:18811 <-> DISABLED <-> FILE-IDENTIFY .ade attachment file type blocked by Outlook detected (file-identify.rules) * 1:18812 <-> DISABLED <-> FILE-IDENTIFY .adp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18813 <-> DISABLED <-> FILE-IDENTIFY .app attachment file type blocked by Outlook detected (file-identify.rules) * 1:18814 <-> DISABLED <-> FILE-IDENTIFY .asp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18815 <-> DISABLED <-> FILE-IDENTIFY .bas attachment file type blocked by Outlook detected (file-identify.rules) * 1:18816 <-> DISABLED <-> FILE-IDENTIFY .bat attachment file type blocked by Outlook detected (file-identify.rules) * 1:18817 <-> DISABLED <-> FILE-IDENTIFY .cer attachment file type blocked by Outlook detected (file-identify.rules) * 1:18818 <-> DISABLED <-> FILE-IDENTIFY .chm attachment file type blocked by Outlook detected (file-identify.rules) * 1:18819 <-> DISABLED <-> FILE-IDENTIFY .cmd attachment file type blocked by Outlook detected (file-identify.rules) * 1:18820 <-> DISABLED <-> FILE-IDENTIFY .cnt attachment file type blocked by Outlook detected (file-identify.rules) * 1:18821 <-> DISABLED <-> FILE-IDENTIFY .com attachment file type blocked by Outlook detected (file-identify.rules) * 1:18822 <-> DISABLED <-> FILE-IDENTIFY .cpl attachment file type blocked by Outlook detected (file-identify.rules) * 1:18823 <-> DISABLED <-> FILE-IDENTIFY .crt attachment file type blocked by Outlook detected (file-identify.rules) * 1:18824 <-> DISABLED <-> FILE-IDENTIFY .csh attachment file type blocked by Outlook detected (file-identify.rules) * 1:18825 <-> DISABLED <-> FILE-IDENTIFY .der attachment file type blocked by Outlook detected (file-identify.rules) * 1:18826 <-> DISABLED <-> FILE-IDENTIFY .exe attachment file type blocked by Outlook detected (file-identify.rules) * 1:18827 <-> DISABLED <-> FILE-IDENTIFY .fxp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18828 <-> DISABLED <-> FILE-IDENTIFY .gadget attachment file type blocked by Outlook detected (file-identify.rules) * 1:18829 <-> DISABLED <-> FILE-IDENTIFY .hlp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18830 <-> DISABLED <-> FILE-IDENTIFY .hpj attachment file type blocked by Outlook detected (file-identify.rules) * 1:18831 <-> DISABLED <-> FILE-IDENTIFY .hta attachment file type blocked by Outlook detected (file-identify.rules) * 1:18832 <-> DISABLED <-> FILE-IDENTIFY .inf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18833 <-> DISABLED <-> FILE-IDENTIFY .ins attachment file type blocked by Outlook detected (file-identify.rules) * 1:18834 <-> DISABLED <-> FILE-IDENTIFY .isp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18835 <-> DISABLED <-> FILE-IDENTIFY .its attachment file type blocked by Outlook detected (file-identify.rules) * 1:18836 <-> DISABLED <-> FILE-IDENTIFY .js attachment file type blocked by Outlook detected (file-identify.rules) * 1:18837 <-> DISABLED <-> FILE-IDENTIFY .jse attachment file type blocked by Outlook detected (file-identify.rules) * 1:18838 <-> DISABLED <-> FILE-IDENTIFY .ksh attachment file type blocked by Outlook detected (file-identify.rules) * 1:18839 <-> DISABLED <-> FILE-IDENTIFY .lnk attachment file type blocked by Outlook detected (file-identify.rules) * 1:18840 <-> DISABLED <-> FILE-IDENTIFY .mad attachment file type blocked by Outlook detected (file-identify.rules) * 1:18841 <-> DISABLED <-> FILE-IDENTIFY .maf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18842 <-> DISABLED <-> FILE-IDENTIFY .mag attachment file type blocked by Outlook detected (file-identify.rules) * 1:18843 <-> DISABLED <-> FILE-IDENTIFY .mam attachment file type blocked by Outlook detected (file-identify.rules) * 1:18844 <-> DISABLED <-> FILE-IDENTIFY .maq attachment file type blocked by Outlook detected (file-identify.rules) * 1:18845 <-> DISABLED <-> FILE-IDENTIFY .mar attachment file type blocked by Outlook detected (file-identify.rules) * 1:18846 <-> DISABLED <-> FILE-IDENTIFY .mas attachment file type blocked by Outlook detected (file-identify.rules) * 1:18847 <-> DISABLED <-> FILE-IDENTIFY .mat attachment file type blocked by Outlook detected (file-identify.rules) * 1:18848 <-> DISABLED <-> FILE-IDENTIFY .mau attachment file type blocked by Outlook detected (file-identify.rules) * 1:18849 <-> DISABLED <-> FILE-IDENTIFY .mav attachment file type blocked by Outlook detected (file-identify.rules) * 1:18850 <-> DISABLED <-> FILE-IDENTIFY .maw attachment file type blocked by Outlook detected (file-identify.rules) * 1:18851 <-> DISABLED <-> FILE-IDENTIFY .mda attachment file type blocked by Outlook detected (file-identify.rules) * 1:18852 <-> DISABLED <-> FILE-IDENTIFY .mdb attachment file type blocked by Outlook detected (file-identify.rules) * 1:18853 <-> DISABLED <-> FILE-IDENTIFY .mde attachment file type blocked by Outlook detected (file-identify.rules) * 1:18854 <-> DISABLED <-> FILE-IDENTIFY .mdt attachment file type blocked by Outlook detected (file-identify.rules) * 1:18855 <-> DISABLED <-> FILE-IDENTIFY .mdw attachment file type blocked by Outlook detected (file-identify.rules) * 1:18856 <-> DISABLED <-> FILE-IDENTIFY .mdz attachment file type blocked by Outlook detected (file-identify.rules) * 1:18857 <-> DISABLED <-> FILE-IDENTIFY .msc attachment file type blocked by Outlook detected (file-identify.rules) * 1:18858 <-> DISABLED <-> FILE-IDENTIFY .msh attachment file type blocked by Outlook detected (file-identify.rules) * 1:18859 <-> DISABLED <-> FILE-IDENTIFY .msh1 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18860 <-> DISABLED <-> FILE-IDENTIFY .msh2 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18861 <-> DISABLED <-> FILE-IDENTIFY .mshxml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18862 <-> DISABLED <-> FILE-IDENTIFY .msh1xml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18863 <-> DISABLED <-> FILE-IDENTIFY .msh2xml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18864 <-> DISABLED <-> FILE-IDENTIFY .msi attachment file type blocked by Outlook detected (file-identify.rules) * 1:18865 <-> DISABLED <-> FILE-IDENTIFY .msp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18866 <-> DISABLED <-> FILE-IDENTIFY .mst attachment file type blocked by Outlook detected (file-identify.rules) * 1:18867 <-> DISABLED <-> FILE-IDENTIFY .ops attachment file type blocked by Outlook detected (file-identify.rules) * 1:18868 <-> DISABLED <-> FILE-IDENTIFY .osd attachment file type blocked by Outlook detected (file-identify.rules) * 1:18869 <-> DISABLED <-> FILE-IDENTIFY .pcd attachment file type blocked by Outlook detected (file-identify.rules) * 1:18870 <-> DISABLED <-> FILE-IDENTIFY .pif attachment file type blocked by Outlook detected (file-identify.rules) * 1:18871 <-> DISABLED <-> FILE-IDENTIFY .plg attachment file type blocked by Outlook detected (file-identify.rules) * 1:18872 <-> DISABLED <-> FILE-IDENTIFY .prf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18873 <-> DISABLED <-> FILE-IDENTIFY .prg attachment file type blocked by Outlook detected (file-identify.rules) * 1:18874 <-> DISABLED <-> FILE-IDENTIFY .pst attachment file type blocked by Outlook detected (file-identify.rules) * 1:18875 <-> DISABLED <-> FILE-IDENTIFY .reg attachment file type blocked by Outlook detected (file-identify.rules) * 1:18876 <-> DISABLED <-> FILE-IDENTIFY .scf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18877 <-> DISABLED <-> FILE-IDENTIFY .scr attachment file type blocked by Outlook detected (file-identify.rules) * 1:18878 <-> DISABLED <-> FILE-IDENTIFY .sct attachment file type blocked by Outlook detected (file-identify.rules) * 1:18879 <-> DISABLED <-> FILE-IDENTIFY .shb attachment file type blocked by Outlook detected (file-identify.rules) * 1:18880 <-> DISABLED <-> FILE-IDENTIFY .shs attachment file type blocked by Outlook detected (file-identify.rules) * 1:18881 <-> DISABLED <-> FILE-IDENTIFY .ps1 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18882 <-> DISABLED <-> FILE-IDENTIFY .ps1xml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18883 <-> DISABLED <-> FILE-IDENTIFY .ps2 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18884 <-> DISABLED <-> FILE-IDENTIFY .ps2xml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18885 <-> DISABLED <-> FILE-IDENTIFY .psc1 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18886 <-> DISABLED <-> FILE-IDENTIFY .psc2 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18887 <-> DISABLED <-> FILE-IDENTIFY .tmp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18888 <-> DISABLED <-> FILE-IDENTIFY .url attachment file type blocked by Outlook detected (file-identify.rules) * 1:18889 <-> DISABLED <-> FILE-IDENTIFY .vb attachment file type blocked by Outlook detected (file-identify.rules) * 1:18890 <-> DISABLED <-> FILE-IDENTIFY .vbe attachment file type blocked by Outlook detected (file-identify.rules) * 1:18891 <-> DISABLED <-> FILE-IDENTIFY .vbp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18892 <-> DISABLED <-> FILE-IDENTIFY .vbs attachment file type blocked by Outlook detected (file-identify.rules) * 1:18893 <-> DISABLED <-> FILE-IDENTIFY .vsmacros attachment file type blocked by Outlook detected (file-identify.rules) * 1:18894 <-> DISABLED <-> FILE-IDENTIFY .vsw attachment file type blocked by Outlook detected (file-identify.rules) * 1:18895 <-> DISABLED <-> FILE-IDENTIFY .ws attachment file type blocked by Outlook detected (file-identify.rules) * 1:18896 <-> DISABLED <-> FILE-IDENTIFY .wsc attachment file type blocked by Outlook detected (file-identify.rules) * 1:18897 <-> DISABLED <-> FILE-IDENTIFY .wsf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18898 <-> DISABLED <-> FILE-IDENTIFY .wsh attachment file type blocked by Outlook detected (file-identify.rules) * 1:18899 <-> DISABLED <-> FILE-IDENTIFY .xnk attachment file type blocked by Outlook detected (file-identify.rules) * 1:18931 <-> DISABLED <-> SERVER-APACHE Apache Struts OGNL parameter interception bypass command execution attempt (server-apache.rules) * 1:18933 <-> DISABLED <-> SERVER-OTHER SolarWinds TFTP Server Read request denial of service attempt (server-other.rules) * 1:18950 <-> DISABLED <-> OS-WINDOWS Microsoft WINS service oversize payload exploit attempt (os-windows.rules) * 1:18963 <-> DISABLED <-> FILE-FLASH Adobe ActionScript 3 addEventListener exploit attempt (file-flash.rules) * 1:18964 <-> DISABLED <-> FILE-FLASH Adobe Flash file DefineFont4 remote code execution attempt (file-flash.rules) * 1:18965 <-> DISABLED <-> FILE-FLASH Adobe Flash file ActionScript 2 ActionJump remote code execution attempt (file-flash.rules) * 1:18966 <-> DISABLED <-> FILE-FLASH Adobe Flash file DefineFont4 remote code execution attempt (file-flash.rules) * 1:18967 <-> DISABLED <-> FILE-FLASH Adobe ActionScript argumentCount download attempt (file-flash.rules) * 1:18968 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript3 stack integer overflow attempt (file-flash.rules) * 1:18969 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript ActionIf integer overflow attempt (file-flash.rules) * 1:18970 <-> DISABLED <-> FILE-FLASH Adobe Flash Player null pointer dereference attempt (file-flash.rules) * 1:18971 <-> DISABLED <-> FILE-FLASH Adobe Flash beginGradientfill improper color validation attempt (file-flash.rules) * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules) * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules) * 1:19015 <-> DISABLED <-> POLICY-SPAM visiopharm-3d.eu known spam email attempt (policy-spam.rules) * 1:19020 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cc dns query (indicator-compromise.rules) * 1:19026 <-> DISABLED <-> PUA-ADWARE Smart Protector outbound connection (pua-adware.rules) * 1:19043 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.BestBoan outbound connection (pua-adware.rules) * 1:19044 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.ThinkPoint outbound connection (pua-adware.rules) * 1:19046 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.Winwebsec outbound connection (pua-adware.rules) * 1:19059 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.SystemDefragmenter outbound connection (pua-adware.rules) * 1:19061 <-> DISABLED <-> PUA-ADWARE Adware.Win32.Cashtitan contact to server attempt (pua-adware.rules) * 1:19067 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19068 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19069 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19070 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19075 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript uuencoded eval statement (indicator-obfuscation.rules) * 1:19106 <-> DISABLED <-> MALWARE-OTHER Keylogger Ardamax keylogger runtime detection - http (malware-other.rules) * 1:19122 <-> DISABLED <-> POLICY-SPAM appledownload.com known spam email attempt (policy-spam.rules) * 1:19125 <-> DISABLED <-> PROTOCOL-DNS ISC BIND DNSSEC authority response record overflow attempt (protocol-dns.rules) * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:19135 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Buterat Checkin (malware-backdoor.rules) * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:19178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site request forgery attempt (file-flash.rules) * 1:19179 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site request forgery attempt (file-flash.rules) * 1:19185 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET ArraySegment escape exploit attempt (os-windows.rules) * 1:19188 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (os-windows.rules) * 1:19189 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans2 Distributed File System response PathConsumed integer overflow attempt (os-windows.rules) * 1:19190 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System GET_DFS_REFERRAL request (netbios.rules) * 1:19191 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 zero length write attempt (os-windows.rules) * 1:19199 <-> DISABLED <-> OS-WINDOWS Smb2Create_Finalize malformed EndOfFile field exploit attempt (os-windows.rules) * 1:19200 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff exploit attempt (file-office.rules) * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules) * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules) * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules) * 1:19229 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules) * 1:19230 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules) * 1:19231 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Series record exploit attempt (file-office.rules) * 1:19232 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel XF record exploit attempt (file-office.rules) * 1:19233 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Visual Studio DISCO file download request (file-identify.rules) * 1:19234 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio information disclosure attempt (os-windows.rules) * 1:19247 <-> DISABLED <-> FILE-IMAGE Adobe jpeg 2000 image exploit attempt (file-image.rules) * 1:19248 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D texture continuation integer overflow attempt (file-pdf.rules) * 1:19249 <-> DISABLED <-> FILE-FLASH Adobe Universal3D meshes.removeItem exploit attempt (file-flash.rules) * 1:19250 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D file include overflow attempt (file-pdf.rules) * 1:19251 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CIDFont dictionary glyph width corruption attempt (file-pdf.rules) * 1:19252 <-> ENABLED <-> FILE-IDENTIFY language.engtesselate.ln file download request (file-identify.rules) * 1:19253 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious language.engtesselate.ln file download attempt (file-pdf.rules) * 1:19254 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript in PDF go-to actions exploit attempt (file-pdf.rules) * 1:19255 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC ProfileDescriptionTag overflow attempt (file-pdf.rules) * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:19261 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF8 invalid Selection.cref exploit attempt (file-office.rules) * 1:19289 <-> ENABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules) * 1:19297 <-> ENABLED <-> SERVER-OTHER sidename.js script injection (server-other.rules) * 1:19298 <-> ENABLED <-> SERVER-OTHER cssminibar.js script injection (server-other.rules) * 1:19299 <-> ENABLED <-> SERVER-OTHER banner.txt access - possible compromised multi-mesh injection server (server-other.rules) * 1:19300 <-> DISABLED <-> FILE-OTHER probable multi-mesh injection attack (file-other.rules) * 1:19301 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules) * 1:19302 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules) * 1:19309 <-> DISABLED <-> PUA-ADWARE hijacker starware videos outbound connection (pua-adware.rules) * 1:19311 <-> DISABLED <-> PUA-ADWARE Keylogger aspy v2.12 runtime detection (pua-adware.rules) * 1:19318 <-> DISABLED <-> MALWARE-OTHER Dos.Tool.LOIC UDP default U dun goofed attack (malware-other.rules) * 1:19319 <-> DISABLED <-> MALWARE-OTHER Dos.Tool.LOIC TCP default U dun goofed attack (malware-other.rules) * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:19324 <-> ENABLED <-> MALWARE-OTHER Keylogger WL-Keylogger inbound connection (malware-other.rules) * 1:19325 <-> DISABLED <-> MALWARE-OTHER Keylogger WL-Keylogger outbound connection (malware-other.rules) * 1:19326 <-> ENABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules) * 1:19327 <-> DISABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules) * 1:19333 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules) * 1:19334 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules) * 1:19335 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules) * 1:19336 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules) * 1:19337 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules) * 1:19338 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules) * 1:19354 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Agent.bhxn variant outbound connection (malware-backdoor.rules) * 1:19362 <-> DISABLED <-> MALWARE-OTHER generic IRC botnet connection (malware-other.rules) * 1:19364 <-> DISABLED <-> PROTOCOL-VOIP Time Stop header invalid value (protocol-voip.rules) * 1:19365 <-> DISABLED <-> PROTOCOL-VOIP Time Stop Header invalid value (protocol-voip.rules) * 1:19373 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules) * 1:19374 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules) * 1:19375 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules) * 1:19376 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules) * 1:19377 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules) * 1:19378 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules) * 1:19379 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules) * 1:19380 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules) * 1:19381 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules) * 1:19382 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules) * 1:19383 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules) * 1:19384 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules) * 1:19385 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules) * 1:19386 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules) * 1:19387 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules) * 1:19388 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules) * 1:19391 <-> DISABLED <-> PUA-ADWARE Lost Door v3.0 (pua-adware.rules) * 1:19392 <-> ENABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules) * 1:19393 <-> DISABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules) * 1:19409 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules) * 1:19410 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules) * 1:19416 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPad download attempt (os-mobile.rules) * 1:19417 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPad download attempt (os-mobile.rules) * 1:19418 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPhone download attempt (os-mobile.rules) * 1:19419 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPod download attempt (os-mobile.rules) * 1:19422 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:19423 <-> ENABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules) * 1:19424 <-> ENABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules) * 1:19425 <-> ENABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules) * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules) * 1:19453 <-> DISABLED <-> PUA-ADWARE Sus.BancDI-B trojan outbound connection (pua-adware.rules) * 1:19460 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRSS multiple consoles on a single process attempt (os-windows.rules) * 1:19461 <-> DISABLED <-> OS-WINDOWS Microsoft CSRSS NULL Fontface pointer attempt (os-windows.rules) * 1:19462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRSS negative array index code execution attempt (os-windows.rules) * 1:19463 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRSS double free attempt (os-windows.rules) * 1:19464 <-> DISABLED <-> OS-WINDOWS Microsoft CSRSS integer overflow attempt (os-windows.rules) * 1:19465 <-> DISABLED <-> OS-WINDOWS Visio mfc71 dll-load attempt (os-windows.rules) * 1:19466 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio mfc71 dll-load exploit attempt (file-office.rules) * 1:19467 <-> DISABLED <-> OS-WINDOWS Microsoft CSRSS NULL Fontface pointer attempt (os-windows.rules) * 1:19468 <-> DISABLED <-> OS-WINDOWS Microsoft stale data code execution attempt (os-windows.rules) * 1:19469 <-> DISABLED <-> OS-WINDOWS Microsoft invalid message kernel-mode memory disclosure attempt (os-windows.rules) * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (policy-other.rules) * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (policy-other.rules) * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (policy-other.rules) * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (policy-other.rules) * 1:19486 <-> DISABLED <-> PUA-ADWARE W32.Fiala.A outbound connection (pua-adware.rules) * 1:19551 <-> DISABLED <-> MALWARE-OTHER self-signed SSL certificate with default Internet Widgits Pty Ltd organization name (malware-other.rules) * 1:19566 <-> DISABLED <-> PUA-ADWARE W32.Ackantta.C.mm mass-mailer outbound connection (pua-adware.rules) * 1:19567 <-> DISABLED <-> PUA-ADWARE W32.Ackantta.C.mm mass-mailer outbound connection (pua-adware.rules) * 1:19571 <-> DISABLED <-> PUA-ADWARE Antivirus Agent Pro outbound connection (pua-adware.rules) * 1:19576 <-> DISABLED <-> PUA-ADWARE Antivirus Pro 2010 outbound connection (pua-adware.rules) * 1:19578 <-> DISABLED <-> PUA-ADWARE Personal Guard 2009 outbound connection (pua-adware.rules) * 1:19594 <-> DISABLED <-> PUA-ADWARE Win32.Fruspam outbound connection (pua-adware.rules) * 1:19595 <-> DISABLED <-> MALWARE-OTHER known malicious email string - You have received a Hallmark E-Card (malware-other.rules) * 1:19598 <-> DISABLED <-> PUA-ADWARE Infostealer.Gampass outbound connection (pua-adware.rules) * 1:19601 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspotrc file load exploit attempt (server-other.rules) * 1:19602 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (server-other.rules) * 1:19603 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment .hotspotrc file load exploit attempt (file-java.rules) * 1:19604 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (file-java.rules) * 1:19605 <-> DISABLED <-> SERVER-ORACLE Glass Fish Server malformed username cross site scripting attempt (server-oracle.rules) * 1:19606 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word STSH record parsing memory corruption (file-office.rules) * 1:19607 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word STSH record parsing memory corruption (file-office.rules) * 1:19609 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management upload directory traversal attempt (server-other.rules) * 1:19617 <-> DISABLED <-> FILE-OTHER Adobe Audition assist.dll dll-load exploit attempt (file-other.rules) * 1:19619 <-> DISABLED <-> FILE-OTHER Adobe Audition assist.dll dll-load exploit attempt (file-other.rules) * 1:19621 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (file-multimedia.rules) * 1:19646 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:19647 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:19648 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:19661 <-> DISABLED <-> SERVER-OTHER Alucar php shell download attempt (server-other.rules) * 1:19665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop web access cross site scripting attempt - GET request (os-windows.rules) * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules) * 1:19673 <-> DISABLED <-> OS-WINDOWS Microsoft Data Access Components bidlab.dll dll-load exploit attempt (os-windows.rules) * 1:19674 <-> DISABLED <-> OS-WINDOWS Microsoft Data Access Components bidlab.dll dll-load exploit attempt (os-windows.rules) * 1:19676 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid UMLDTOptions object exploit attempt (file-office.rules) * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules) * 1:19678 <-> DISABLED <-> SERVER-OTHER multiple products blacknurse ICMP denial of service attempt (server-other.rules) * 1:19679 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows NDISTAPI Driver code execution attempt (file-executable.rules) * 1:19680 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows CSRSS SrvDeviceEvent exploit attempt (file-executable.rules) * 1:19681 <-> DISABLED <-> OS-WINDOWS Microsoft Report Viewer reflect XSS attempt (os-windows.rules) * 1:19683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 buffer overflow attempt (file-flash.rules) * 1:19684 <-> DISABLED <-> FILE-OTHER Adobe CFF font storage memory corruption attempt (file-other.rules) * 1:19685 <-> DISABLED <-> FILE-FLASH Adobe Flash regular expression grouping depth buffer overflow attempt (file-flash.rules) * 1:19686 <-> DISABLED <-> FILE-FLASH Adobe Flash uninitialized bitmap structure memory corruption attempt (file-flash.rules) * 1:19688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript BitmapData buffer overflow attempt (file-flash.rules) * 1:19689 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript dynamic calculation double-free attempt (file-flash.rules) * 1:19690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript duplicateDoorInputArguments stack overwrite (file-flash.rules) * 1:19691 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript File reference buffer overflow attempt (file-flash.rules) * 1:19692 <-> DISABLED <-> FILE-FLASH Adobe Flash cross-site request forgery attempt (file-flash.rules) * 1:19709 <-> DISABLED <-> SERVER-APACHE Apache APR apr_fn match infinite loop denial of service attempt (server-apache.rules) * 1:19717 <-> DISABLED <-> PUA-ADWARE Virus.Win32.Virut.ce outbound connection (pua-adware.rules) * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (policy-other.rules) * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (policy-other.rules) * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (policy-other.rules) * 1:19741 <-> DISABLED <-> MALWARE-OTHER PWS.Win32.Scofted keylogger runtime detection (malware-other.rules) * 1:19747 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.GGDoor.22 variant outbound connection (malware-backdoor.rules) * 1:19775 <-> DISABLED <-> PUA-ADWARE PWS.Win32.Ldpinch.gen outbound connection (pua-adware.rules) * 1:19777 <-> DISABLED <-> PUA-ADWARE Fast Antivirus 2009 outbound connection (pua-adware.rules) * 1:19779 <-> DISABLED <-> INDICATOR-SCAN sqlmap SQL injection scan attempt (indicator-scan.rules) * 1:19780 <-> DISABLED <-> POLICY-OTHER logmein.com connection attempt (policy-other.rules) * 1:19806 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit SVG memory corruption attempt (browser-webkit.rules) * 1:19807 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit SVG memory corruption attempt (browser-webkit.rules) * 1:19816 <-> ENABLED <-> NETBIOS Juniper NeoterisSetupService named pipe access attempt (netbios.rules) * 1:19817 <-> DISABLED <-> NETBIOS Juniper Odyssey Access Client DSSETUPSERVICE_CMD_UNINSTALL overflow attempt (netbios.rules) * 1:19823 <-> DISABLED <-> PUA-ADWARE Downloader.Banload.AKBB outbound connection (pua-adware.rules) * 1:19827 <-> DISABLED <-> PUA-ADWARE PWS-QQGame outbound connection (pua-adware.rules) * 1:19835 <-> DISABLED <-> PUA-ADWARE Delphi-Piette Windows (pua-adware.rules) * 1:19837 <-> DISABLED <-> PUA-ADWARE Spyware Guard 2008 outbound connection (pua-adware.rules) * 1:19838 <-> DISABLED <-> PUA-ADWARE Spyware Guard 2008 outbound connection (pua-adware.rules) * 1:19839 <-> DISABLED <-> PUA-ADWARE Antivirus XP 2008 runtime detection (pua-adware.rules) * 1:19840 <-> DISABLED <-> PUA-ADWARE XP Antispyware 2009 outbound connection (pua-adware.rules) * 1:19841 <-> DISABLED <-> PUA-ADWARE 0desa MSN password stealer (pua-adware.rules) * 1:19842 <-> DISABLED <-> PUA-ADWARE Windows Antivirus 2008 (pua-adware.rules) * 1:19843 <-> DISABLED <-> PUA-ADWARE Windows Antivirus 2008 (pua-adware.rules) * 1:19848 <-> DISABLED <-> PUA-ADWARE Adware.Virtumonde runtime detection (pua-adware.rules) * 1:19849 <-> DISABLED <-> PUA-ADWARE Adware.Virtumonde runtime detection (pua-adware.rules) * 1:19853 <-> DISABLED <-> PUA-ADWARE Wowpa KI outbound connection (pua-adware.rules) * 1:19859 <-> DISABLED <-> PUA-ADWARE XP Deluxe Protector outbound connection (pua-adware.rules) * 1:19860 <-> DISABLED <-> PUA-ADWARE Trust Warrior outbound connection (pua-adware.rules) * 1:19868 <-> DISABLED <-> INDICATOR-OBFUSCATION hidden 1x1 div tag - potential malware obfuscation (indicator-obfuscation.rules) * 1:19869 <-> DISABLED <-> MALWARE-TOOLS Anonymous PHP RefRef DoS tool (malware-tools.rules) * 1:19870 <-> DISABLED <-> MALWARE-TOOLS Anonymous Perl RefRef DoS tool (malware-tools.rules) * 1:19883 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player libdirectx_plugin.dll AMV parsing buffer overflow attempt (file-multimedia.rules) * 1:19896 <-> DISABLED <-> PUA-ADWARE Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 Install Detection (pua-adware.rules) * 1:19897 <-> DISABLED <-> PUA-TOOLBARS Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 Runtime Detection (pua-toolbars.rules) * 1:19899 <-> ENABLED <-> MALWARE-OTHER Tong Keylogger outbound connectiooutbound connection (malware-other.rules) * 1:19900 <-> DISABLED <-> MALWARE-OTHER Tong Keylogger outbound connection (malware-other.rules) * 1:19901 <-> DISABLED <-> MALWARE-OTHER Tong Keylogger outbound connection (malware-other.rules) * 1:19902 <-> DISABLED <-> PUA-ADWARE Targetedbanner.biz Adrotator outbound connection (pua-adware.rules) * 1:19903 <-> DISABLED <-> PUA-ADWARE Win32.Agent.vvm outbound connection (pua-adware.rules) * 1:19904 <-> DISABLED <-> PUA-ADWARE WinReanimator outbound connection (pua-adware.rules) * 1:19906 <-> DISABLED <-> PUA-TOOLBARS 6SQ Toolbar runtime detection (pua-toolbars.rules) * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:19927 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19928 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19929 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19930 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19933 <-> DISABLED <-> INDICATOR-SCAN DirBuster brute forcing tool detected (indicator-scan.rules) * 1:19939 <-> DISABLED <-> PUA-ADWARE WeatherStudio outbound connection (pua-adware.rules) * 1:19984 <-> DISABLED <-> PUA-ADWARE Antivirus 2010 outbound connection (pua-adware.rules) * 1:19985 <-> DISABLED <-> PUA-ADWARE AntivirusPC2009 runtime traffic detected (pua-adware.rules) * 1:19986 <-> DISABLED <-> PUA-ADWARE AntivirusPC2009 install-time traffic detected (pua-adware.rules) * 1:19987 <-> DISABLED <-> PUA-ADWARE PCLiveGuard outbound connection (pua-adware.rules) * 1:19989 <-> DISABLED <-> PUA-ADWARE Total Protect 2009 outbound connection (pua-adware.rules) * 1:19990 <-> DISABLED <-> PUA-ADWARE Total Protect 2009 outbound connection (pua-adware.rules) * 1:19994 <-> DISABLED <-> PUA-ADWARE Antivirus 360 outbound connection (pua-adware.rules) * 1:19998 <-> ENABLED <-> PUA-ADWARE IP address disclosure to advertisement sites attempt (pua-adware.rules) * 1:19999 <-> DISABLED <-> PUA-ADWARE ThreatNuker outbound connection (pua-adware.rules) * 1:20000 <-> DISABLED <-> POLICY-OTHER Achievement Unlocked (Billion Dollar Company -- policy-other.rules) * 1:20007 <-> DISABLED <-> PUA-ADWARE Cinmus.asaq outbound connection (pua-adware.rules) * 1:20025 <-> DISABLED <-> PUA-ADWARE VirusBye outbound connection (pua-adware.rules) * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules) * 1:20041 <-> DISABLED <-> PUA-ADWARE Adware.BB outbound connection (pua-adware.rules) * 1:20045 <-> DISABLED <-> SQL PHPSESSID SQL injection attempt (sql.rules) * 1:20046 <-> DISABLED <-> SQL PHPSESSID SQL injection attempt (sql.rules) * 1:20047 <-> DISABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules) * 1:20048 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager CasLogDirectInsertHandler.cs cross site request forgery attempt (server-other.rules) * 1:20049 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules) * 1:20050 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory consumption vulnerability (file-flash.rules) * 1:20051 <-> DISABLED <-> SERVER-OTHER SAP MaxDB malformed handshake request buffer overflow attempt (server-other.rules) * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules) * 1:20053 <-> DISABLED <-> SERVER-MYSQL Database SELECT subquery denial of service attempt (server-mysql.rules) * 1:20054 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager denial of service attempt (server-other.rules) * 1:20055 <-> DISABLED <-> FILE-JAVA Oracle Java runtime JPEGImageReader overflow attempt (file-java.rules) * 1:20058 <-> DISABLED <-> SERVER-OTHER VMWare authorization service user credential parsing DoS attempt (server-other.rules) * 1:20059 <-> DISABLED <-> FILE-IMAGE Apple Quicktime PictureViewer GIF rendering vulnerability (file-image.rules) * 1:20060 <-> DISABLED <-> SERVER-OTHER CVS annotate command buffer overflow attempt (server-other.rules) * 1:20063 <-> DISABLED <-> PUA-ADWARE SecurityTool outbound connection (pua-adware.rules) * 1:20084 <-> DISABLED <-> SERVER-OTHER ALTAP Salamander PE Viewer PDB Filename Buffer Overflow (server-other.rules) * 1:20089 <-> DISABLED <-> INDICATOR-COMPROMISE IRC nick change on non-standard port (indicator-compromise.rules) * 1:20090 <-> DISABLED <-> INDICATOR-COMPROMISE IRC DCC file transfer request on non-standard port (indicator-compromise.rules) * 1:20091 <-> DISABLED <-> INDICATOR-COMPROMISE IRC DCC chat request on non-standard port (indicator-compromise.rules) * 1:20092 <-> DISABLED <-> INDICATOR-COMPROMISE IRC channel join on non-standard port (indicator-compromise.rules) * 1:20093 <-> DISABLED <-> INDICATOR-COMPROMISE IRC channel notice on non-standard port (indicator-compromise.rules) * 1:20094 <-> DISABLED <-> INDICATOR-COMPROMISE IRC message on non-standard port (indicator-compromise.rules) * 1:20095 <-> DISABLED <-> INDICATOR-COMPROMISE IRC dns request on non-standard port (indicator-compromise.rules) * 1:20100 <-> DISABLED <-> PUA-ADWARE Adware Arcade Web - installation/update (pua-adware.rules) * 1:20101 <-> DISABLED <-> PUA-ADWARE Adware Arcade Web - User-Agent (pua-adware.rules) * 1:20102 <-> DISABLED <-> PUA-ADWARE Adware Arcade Web - X-Arcadeweb header (pua-adware.rules) * 1:20103 <-> DISABLED <-> PUA-ADWARE Adware playsushi - User-Agent (pua-adware.rules) * 1:20118 <-> DISABLED <-> OS-WINDOWS Microsoft Windows shell extensions deskpan.dll dll-load exploit attempt (os-windows.rules) * 1:20119 <-> DISABLED <-> OS-WINDOWS Microsoft Windows shell extensions deskpan.dll dll-load exploit attempt (os-windows.rules) * 1:20120 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS internal communications on network exploit attempt (os-windows.rules) * 1:20123 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ShrFmla record use after free attempt (file-office.rules) * 1:20125 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:20126 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:20129 <-> DISABLED <-> FILE-OFFICE Microsoft Office BpscBulletProof uninitialized pointer dereference attempt (file-office.rules) * 1:20132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vista SMB2 zero length write attempt (os-windows.rules) * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (policy-other.rules) * 1:20138 <-> DISABLED <-> SERVER-OTHER Nortel Networks Multiple UNIStim VoIP Products Remote Eavesdrop Attempt (server-other.rules) * 1:20142 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader app.openDoc path vulnerability (file-pdf.rules) * 1:20143 <-> DISABLED <-> PUA-ADWARE Adware mightymagoo/playpickle/livingplay - User-Agent (pua-adware.rules) * 1:20144 <-> DISABLED <-> FILE-PDF Adobe Acrobat embedded TIFF DotRange structure memory corruption attempt (file-pdf.rules) * 1:20145 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PICT parsing corruption attempt (file-pdf.rules) * 1:20146 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded PICT image (file-pdf.rules) * 1:20147 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PICT parsing corruption attempt (file-pdf.rules) * 1:20148 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PICT parsing corruption attempt (file-pdf.rules) * 1:20149 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded IFF file RGBA chunk memory corruption attempt (file-pdf.rules) * 1:20150 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PCX parsing corruption attempt (file-pdf.rules) * 1:20151 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded PCX image (file-pdf.rules) * 1:20152 <-> DISABLED <-> FILE-PDF Adobe Acrobat GDI object leak memory corruption attempt (file-pdf.rules) * 1:20153 <-> DISABLED <-> FILE-PDF Adobe Acrobat embedded JPEG file APP0 chunk memory corruption attempt (file-pdf.rules) * 1:20156 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getCosObj file overwrite attempt (file-pdf.rules) * 1:20157 <-> DISABLED <-> SERVER-ORACLE Oracle GlassFish Server war file upload attempt (server-oracle.rules) * 1:20162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader sandbox disable attempt (file-pdf.rules) * 1:20169 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP parsing corruption attempt (file-pdf.rules) * 1:20170 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP parsing corruption attempt (file-pdf.rules) * 1:20171 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP parsing corruption attempt (file-pdf.rules) * 1:20172 <-> DISABLED <-> FILE-IDENTIFY Metastock mwl file magic detected (file-identify.rules) * 1:20173 <-> DISABLED <-> PROTOCOL-SCADA Cogent DataHub server-side information disclosure (protocol-scada.rules) * 1:20174 <-> DISABLED <-> PROTOCOL-SCADA Cogent DataHub server-side information disclosure (protocol-scada.rules) * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules) * 1:20178 <-> DISABLED <-> PROTOCOL-SCADA RSLogix rna protocol denial of service attempt (protocol-scada.rules) * 1:20181 <-> DISABLED <-> FILE-FLASH Adobe Flash Speex-encoded audio buffer underflow attempt (file-flash.rules) * 1:20182 <-> DISABLED <-> FILE-FLASH Adobe Flash Player viewSource blacklist exclusion attempt (file-flash.rules) * 1:20183 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setInterval use attempt (file-flash.rules) * 1:20184 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit php meterpreter stub .php file upload (indicator-shellcode.rules) * 1:20185 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_fs_method request/response attempt (indicator-shellcode.rules) * 1:20186 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_sys_process_method request/response attempt (indicator-shellcode.rules) * 1:20187 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_sys_eventlog_method request/response attempt (indicator-shellcode.rules) * 1:20189 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_ui_method request/response attempt (indicator-shellcode.rules) * 1:20190 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_registry_method request/response attempt (indicator-shellcode.rules) * 1:20192 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter incognito_method request/response attempt (indicator-shellcode.rules) * 1:20193 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter webcam_method request/response attempt (indicator-shellcode.rules) * 1:20194 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter sniffer_method request/response attempt (indicator-shellcode.rules) * 1:20195 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter priv_method request/response attempt (indicator-shellcode.rules) * 1:20196 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter lanattacks_method request/response attempt (indicator-shellcode.rules) * 1:20197 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter espia_method request/response attempt (indicator-shellcode.rules) * 1:20198 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter networkpug_method request/response attempt (indicator-shellcode.rules) * 1:20199 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_railgun_method request/response attempt (indicator-shellcode.rules) * 1:20206 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcre ActionScript under allocation (file-flash.rules) * 1:20207 <-> DISABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules) * 1:20208 <-> DISABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules) * 1:20209 <-> DISABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules) * 1:20211 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursive stack overflow attempt (file-flash.rules) * 1:20212 <-> DISABLED <-> SERVER-OTHER SSL CBC encryption mode weakness brute force attempt (server-other.rules) * 1:20220 <-> DISABLED <-> PUA-ADWARE Adware.Wizpop outbound connection (pua-adware.rules) * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules) * 1:20224 <-> DISABLED <-> FILE-MULTIMEDIA MPlayer SMI file buffer overflow attempt (file-multimedia.rules) * 1:20225 <-> ENABLED <-> FILE-OTHER SMI file download request (file-other.rules) * 1:20226 <-> DISABLED <-> FILE-OTHER MPlayer SMI file buffer overflow attempt (file-other.rules) * 1:20227 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC webm memory corruption attempt (file-multimedia.rules) * 1:20237 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Jukebox playlist file handling heap overflow attempt (file-multimedia.rules) * 1:20238 <-> DISABLED <-> SERVER-OTHER Oracle Java calendar deserialize vulnerability (server-other.rules) * 1:20239 <-> DISABLED <-> FILE-JAVA Oracle Java GIF LZW minimum code size overflow attempt (file-java.rules) * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules) * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (policy-other.rules) * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (policy-other.rules) * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (policy-other.rules) * 1:20248 <-> DISABLED <-> PROTOCOL-RPC IBM AIX and Oracle Solaris nfsd v4 nfs_portmon security bypass attempt (protocol-rpc.rules) * 1:20249 <-> DISABLED <-> SERVER-OTHER Oracle Java Web Start BasicService arbitrary command execution attempt (server-other.rules) * 1:20251 <-> DISABLED <-> SERVER-OTHER PointBase 4.6 database DoS (server-other.rules) * 1:20253 <-> DISABLED <-> OS-WINDOWS Microsoft products oleacc.dll dll-load exploit attempt (os-windows.rules) * 1:20254 <-> DISABLED <-> OS-WINDOWS Microsoft products oleacc.dll dll-load exploit attempt (os-windows.rules) * 1:20256 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG http response splitting attempt (os-windows.rules) * 1:20257 <-> DISABLED <-> OS-WINDOWS Microsoft ForeFront UAG ExcelTable.asp XSS attempt (os-windows.rules) * 1:20260 <-> ENABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules) * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules) * 1:20270 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows afd.sys kernel-mode memory corruption attempt (file-executable.rules) * 1:20271 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Host Integration Server SNA length dos attempt (os-windows.rules) * 1:20272 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Forefront UAG NLSessionS cookie overflow attempt (os-windows.rules) * 1:20274 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP NetShareEnumAll request (netbios.rules) * 1:20282 <-> ENABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules) * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules) * 1:20296 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules) * 1:20297 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules) * 1:20298 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules) * 1:20299 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules) * 1:20300 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules) * 1:20301 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules) * 1:20302 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules) * 1:20303 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules) * 1:20304 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules) * 1:20305 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules) * 1:20306 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules) * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules) * 1:20308 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules) * 1:20309 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules) * 1:20310 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules) * 1:20311 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules) * 1:20312 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules) * 1:20313 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules) * 1:20314 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:20315 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules) * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules) * 1:20317 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules) * 1:20318 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:20319 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules) * 1:20320 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules) * 1:20321 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules) * 1:20323 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:20324 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules) * 1:20325 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules) * 1:20326 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules) * 1:20327 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules) * 1:20328 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules) * 1:20329 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules) * 1:20330 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules) * 1:20331 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules) * 1:20332 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules) * 1:20333 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules) * 1:20334 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules) * 1:20335 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules) * 1:20336 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules) * 1:20337 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules) * 1:20338 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules) * 1:20339 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules) * 1:20340 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules) * 1:20341 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules) * 1:20342 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules) * 1:20343 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules) * 1:20344 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules) * 1:20345 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules) * 1:20346 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules) * 1:20347 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules) * 1:20348 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules) * 1:20349 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules) * 1:20350 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules) * 1:20351 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules) * 1:20352 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules) * 1:20353 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules) * 1:20354 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20355 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules) * 1:20356 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules) * 1:20357 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules) * 1:20358 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20359 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20360 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules) * 1:20361 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules) * 1:20362 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules) * 1:20363 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules) * 1:20364 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules) * 1:20365 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules) * 1:20366 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules) * 1:20367 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules) * 1:20370 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules) * 1:20371 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules) * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules) * 1:20373 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules) * 1:20374 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules) * 1:20375 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules) * 1:20376 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules) * 1:20377 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules) * 1:20378 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules) * 1:20379 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules) * 1:20380 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules) * 1:20382 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules) * 1:20383 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules) * 1:20384 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules) * 1:20385 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules) * 1:20386 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules) * 1:20387 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt (protocol-voip.rules) * 1:20388 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt (protocol-voip.rules) * 1:20389 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules) * 1:20393 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:20394 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:20396 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood attempt (protocol-voip.rules) * 1:20397 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood (protocol-voip.rules) * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:20399 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:20401 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:20403 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:20404 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules) * 1:20405 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules) * 1:20406 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules) * 1:20407 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:20408 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:20409 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:20410 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules) * 1:20411 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules) * 1:20412 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules) * 1:20413 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules) * 1:20414 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules) * 1:20415 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules) * 1:20416 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:20417 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:20418 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:20419 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules) * 1:20420 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules) * 1:20421 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:20422 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via field request misplaced - after terminating newline (protocol-voip.rules) * 1:20423 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules) * 1:20424 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules) * 1:20426 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules) * 1:20427 <-> DISABLED <-> PROTOCOL-VOIP OpenSBC VIA header denial of service attempt (protocol-voip.rules) * 1:20430 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start BasicServiceImpl security policy bypass attempt (file-java.rules) * 1:20431 <-> DISABLED <-> FILE-OTHER Wireshark DECT packet dissector overflow attempt (file-other.rules) * 1:20433 <-> DISABLED <-> PUA-ADWARE XP Guardian 2010 anutayadokalug host outbound connection (pua-adware.rules) * 1:20434 <-> DISABLED <-> PUA-ADWARE XP Guardian 2010 proantivirus21 host runtime traffic detection (pua-adware.rules) * 1:20436 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (malware-tools.rules) * 1:20437 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (malware-tools.rules) * 1:20438 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (malware-tools.rules) * 1:20439 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (malware-tools.rules) * 1:20440 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules) * 1:20441 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules) * 1:20442 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules) * 1:20443 <-> DISABLED <-> APP-DETECT Apple OSX Remote Mouse usage (app-detect.rules) * 1:20445 <-> DISABLED <-> FILE-PDF Foxit Reader title overflow attempt (file-pdf.rules) * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:20453 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules) * 1:20454 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules) * 1:20455 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules) * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:20458 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules) * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:20460 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20461 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules) * 1:20462 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules) * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:20474 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules) * 1:20475 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules) * 1:20476 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:20477 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:20478 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:20479 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules) * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:20484 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules) * 1:20485 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules) * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:20487 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules) * 1:20488 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules) * 1:20489 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:20490 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules) * 1:20491 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules) * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:20495 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20511 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules) * 1:20512 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules) * 1:20513 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules) * 1:20514 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:20515 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules) * 1:20516 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules) * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules) * 1:20519 <-> ENABLED <-> FILE-IDENTIFY vmd file download request (file-identify.rules) * 1:20520 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules) * 1:20521 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:20522 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:20529 <-> DISABLED <-> FILE-JAVA Oracle Java trusted method chaining attempt (file-java.rules) * 1:20534 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:20535 <-> DISABLED <-> BROWSER-OTHER Opera Config File script access attempt (browser-other.rules) * 1:20540 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document with embedded TrueType font (file-office.rules) * 1:20543 <-> DISABLED <-> OS-WINDOWS Microsoft Windows IppRateLimitIcmp integer overflow exploit attempt (os-windows.rules) * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules) * 1:20545 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF embedded font null pointer attempt (file-flash.rules) * 1:20547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overlapping record overflow attempt (file-flash.rules) * 1:20548 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursive doaction stack exhaustion (file-flash.rules) * 1:20549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion attempt (file-flash.rules) * 1:20550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Mover3D clipping exploit (file-flash.rules) * 1:20551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Stage 3D texture format overflow attempt (file-flash.rules) * 1:20553 <-> DISABLED <-> FILE-MULTIMEDIA Un4seen Developments XMPlay crafted ASX file buffer overflow attempt (file-multimedia.rules) * 1:20556 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PlaceObjectX null pointer dereference attempt (file-flash.rules) * 1:20557 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionDefineFunction2 length overflow attempt (file-flash.rules) * 1:20558 <-> ENABLED <-> EXPLOIT-KIT URI request for known malicious URI /stat2.php (exploit-kit.rules) * 1:20559 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp MIDI file buffer overflow attempt (file-multimedia.rules) * 1:20560 <-> DISABLED <-> FILE-FLASH Adobe Flash Player salign null javascript access attempt (file-flash.rules) * 1:20563 <-> ENABLED <-> FILE-IDENTIFY amf file download request (file-identify.rules) * 1:20564 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules) * 1:20565 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp AMF file buffer overflow attempt (file-other.rules) * 1:20566 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp AMF file buffer overflow attempt (file-other.rules) * 1:20567 <-> DISABLED <-> FILE-FLASH Adobe Flash SWF AVM2 namespace lookup deref exploit (file-flash.rules) * 1:20568 <-> DISABLED <-> FILE-FLASH Adobe Flash SWF ActionScript 3 ByteArray class vulnerability (file-flash.rules) * 1:20572 <-> DISABLED <-> FILE-OTHER Microsoft Windows Font Library file buffer overflow attempt (file-other.rules) * 1:20578 <-> DISABLED <-> SERVER-MAIL Qualcomm Eudora url buffer overflow attempt (server-mail.rules) * 1:20581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:20582 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:20583 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple location headers malicious redirect attempt (browser-firefox.rules) * 1:20584 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple content-type headers malicious redirect attempt (browser-firefox.rules) * 1:20585 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple content-length headers malicious redirect attempt (browser-firefox.rules) * 1:20586 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple content-disposition headers malicious redirect attempt (browser-firefox.rules) * 1:20588 <-> ENABLED <-> FILE-IDENTIFY CDR file download request (file-identify.rules) * 1:20589 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules) * 1:20594 <-> DISABLED <-> SERVER-ORACLE Outside In CorelDRAW file parser integer overflow attempt (server-oracle.rules) * 1:20601 <-> DISABLED <-> PROTOCOL-SERVICES rlogin nobody (protocol-services.rules) * 1:20602 <-> DISABLED <-> PROTOCOL-SERVICES rlogin guest (protocol-services.rules) * 1:20603 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RSH daemon buffer overflow attempt (os-windows.rules) * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:20609 <-> DISABLED <-> SERVER-OTHER Sunway ForceControl SNMP NetDBServer stack buffer overflow attempt (server-other.rules) * 1:20610 <-> DISABLED <-> FILE-FLASH Adobe Shockwave Flash Flex authoring tool XSS exploit attempt (file-flash.rules) * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules) * 1:20612 <-> DISABLED <-> SERVER-APACHE Apache Tomcat Java AJP connector invalid header timeout DOS attempt (server-apache.rules) * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules) * 1:20616 <-> DISABLED <-> SERVER-OTHER Peercast Basic HTTP authentication buffer overflow attempt (server-other.rules) * 1:20618 <-> DISABLED <-> SERVER-OTHER Sage SalesLogix database credential disclosure attempt (server-other.rules) * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules) * 1:20638 <-> DISABLED <-> PROTOCOL-SCADA Progea Movicon/PowerHMI EIDP over HTTP memory corruption attempt (protocol-scada.rules) * 1:20653 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player ASX file ref href buffer overflow attempt (file-multimedia.rules) * 1:20655 <-> DISABLED <-> PUA-OTHER Yahoo Messenger iframe injection status change attempt (pua-other.rules) * 1:20658 <-> DISABLED <-> POLICY-OTHER HP Printer firmware update attempt (policy-other.rules) * 1:20660 <-> DISABLED <-> SERVER-OTHER sl.php script injection (server-other.rules) * 1:20662 <-> DISABLED <-> SERVER-OTHER Dameware Mini Remote Control username buffer overflow (server-other.rules) * 1:20664 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (server-iis.rules) * 1:20665 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (server-iis.rules) * 1:20666 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Thunderbird / SeaMonkey Content-Type header buffer overflow attempt (browser-firefox.rules) * 1:20667 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Thunderbird / SeaMonkey Content-Type header buffer overflow attempt (browser-firefox.rules) * 1:20668 <-> DISABLED <-> EXPLOIT-KIT URI request for known malicious URI - /content/v1.jar (exploit-kit.rules) * 1:20669 <-> DISABLED <-> EXPLOIT-KIT URI request for known malicious URI - w.php?f= (exploit-kit.rules) * 1:20670 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk data length field overflow attempt (protocol-voip.rules) * 1:20673 <-> DISABLED <-> FILE-MULTIMEDIA invalid VLC media player SMB URI download attempt (file-multimedia.rules) * 1:20675 <-> DISABLED <-> SERVER-IIS Microsoft Active Directory Federation Services code execution attempt (server-iis.rules) * 1:20690 <-> DISABLED <-> SERVER-OTHER Quest NetVault SmartDisk libnvbasics.dll denial of service attempt (server-other.rules) * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules) * 1:20698 <-> DISABLED <-> FILE-OTHER Telnet protocol specifier command injection attempt (file-other.rules) * 1:20717 <-> DISABLED <-> FILE-OFFICE Microsoft Windows OLE versioned stream missing data stream (file-office.rules) * 1:20718 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules) * 1:20719 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Opltc memory corruption attempt (file-office.rules) * 1:20721 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher PLC object memory corruption attempt (file-office.rules) * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules) * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (os-solaris.rules) * 1:20727 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox user interface event dispatcher dos attempt (browser-firefox.rules) * 1:20729 <-> DISABLED <-> BROWSER-FIREFOX Mozilla XBL object init code execution attempt (browser-firefox.rules) * 1:20730 <-> DISABLED <-> BROWSER-FIREFOX Mozilla XBL.method memory corruption attempt (browser-firefox.rules) * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules) * 1:20735 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (file-other.rules) * 1:20736 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari x-man-page URI terminal escape attempt (browser-webkit.rules) * 1:20738 <-> DISABLED <-> SERVER-OTHER Check Point vpn-1 ISAKMP buffer overflow attempt (server-other.rules) * 1:20739 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Object.watch parent access attempt (browser-firefox.rules) * 1:20741 <-> DISABLED <-> SERVER-OTHER SpamAssassin GTube string denial of service attempt (server-other.rules) * 1:20742 <-> DISABLED <-> BROWSER-FIREFOX Mozilla PLUGINSPAGE javascript execution attempt (browser-firefox.rules) * 1:20743 <-> DISABLED <-> BROWSER-OTHER Multiple web browser window injection attempt (browser-other.rules) * 1:20745 <-> DISABLED <-> SERVER-OTHER Ethereal Netflow dissector buffer overflow attempt (server-other.rules) * 1:20746 <-> DISABLED <-> SERVER-OTHER Ethereal IGAP Dissector Buffer Overflow attempt (server-other.rules) * 1:20747 <-> DISABLED <-> SERVER-OTHER Ethereal IGAP Dissector Buffer Overflow attempt (server-other.rules) * 1:20748 <-> DISABLED <-> SERVER-OTHER Yahoo Messenger possible file transfer spoofing (server-other.rules) * 1:20750 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules) * 1:20751 <-> ENABLED <-> FILE-IDENTIFY webm file download request (file-identify.rules) * 1:20752 <-> DISABLED <-> PUA-ADWARE Win32.GameVance outbound connection (pua-adware.rules) * 1:20753 <-> DISABLED <-> PUA-ADWARE Win32.GamePlayLabs outbound connection (pua-adware.rules) * 1:20758 <-> DISABLED <-> POLICY-OTHER Progrea Movicon TCPUploadServer.exe unauthenticated access attempt (policy-other.rules) * 1:20761 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:20768 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20769 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20770 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20771 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20772 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20773 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20774 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20775 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20776 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20802 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PRC file MarkupLinkedItem arbitrary code execution attempt (file-pdf.rules) * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules) * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules) * 1:20814 <-> DISABLED <-> BROWSER-FIREFOX Mozilla favicon href javascript execution attempt (browser-firefox.rules) * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules) * 1:20821 <-> DISABLED <-> SERVER-APACHE Apache APR header memory corruption attempt (server-apache.rules) * 1:20831 <-> ENABLED <-> FILE-JAVA Oracle Java Applet Rhino script engine remote code execution attempt (file-java.rules) * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules) * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules) * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules) * 1:20848 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules) * 1:20849 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules) * 1:20852 <-> ENABLED <-> FILE-IDENTIFY DAZ Studio script download request (file-identify.rules) * 1:20853 <-> DISABLED <-> FILE-OTHER DAZ Studio dangerous scripting method attempt (file-other.rules) * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20856 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20857 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20858 <-> DISABLED <-> FILE-JAVA Oracle Java getSoundBank overflow Attempt malicious jar file (file-java.rules) * 1:20859 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya embedded language script download request (file-identify.rules) * 1:20860 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules) * 1:20861 <-> DISABLED <-> FILE-OTHER Autodesk Maya dangerous scripting method attempt (file-other.rules) * 1:20869 <-> ENABLED <-> FILE-IDENTIFY Autodesk 3D Studio Maxscript download request (file-identify.rules) * 1:20870 <-> DISABLED <-> FILE-OTHER Autodesk 3D Studio Maxscript dangerous scripting method attempt (file-other.rules) * 1:20873 <-> DISABLED <-> POLICY-OTHER TRACE attempt (policy-other.rules) * 1:20874 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (server-other.rules) * 1:20876 <-> DISABLED <-> SERVER-OTHER IBM solidDB solid.exe authentication bypass attempt (server-other.rules) * 1:20880 <-> DISABLED <-> FILE-OFFICE Microsoft DirectShow Line 21 decoder exploit attempt (file-office.rules) * 1:20885 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (file-office.rules) * 1:20886 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (file-office.rules) * 1:20887 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (file-office.rules) * 1:20888 <-> ENABLED <-> FILE-IDENTIFY Video Spirit visprj download attempt (file-identify.rules) * 1:20889 <-> DISABLED <-> FILE-OTHER Video Spirit visprj buffer overflow (file-other.rules) * 1:20893 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules) * 1:20894 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules) * 1:20895 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules) * 1:20896 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules) * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20902 <-> DISABLED <-> FILE-OTHER Microsoft Windows OpenType font parsing stack overflow attempt (file-other.rules) * 1:20904 <-> DISABLED <-> FILE-OTHER Microsoft Windows OpenType font parsing stack overflow attempt (file-other.rules) * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20911 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules) * 1:20912 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules) * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20915 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules) * 1:20916 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules) * 1:20917 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules) * 1:20918 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules) * 1:20919 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader BMP color unused corruption (file-pdf.rules) * 1:20920 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DCT dequantizer memory corruption attempt (file-pdf.rules) * 1:20921 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP colors used integer overflow attempt (file-pdf.rules) * 1:20922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP bit count integer overflow attempt (file-pdf.rules) * 1:20923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP bit count integer overflow attempt (file-pdf.rules) * 1:20924 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20928 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20960 <-> ENABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules) * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules) * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules) * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules) * 1:20964 <-> ENABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules) * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20968 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules) * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules) * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules) * 1:20972 <-> ENABLED <-> FILE-IDENTIFY M4V file magic request (file-identify.rules) * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules) * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules) * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules) * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules) * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules) * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20989 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic single_static_bit encoder (indicator-shellcode.rules) * 1:20990 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic avoid_utf8_tolower encoder (indicator-shellcode.rules) * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:20992 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:20997 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit Display box rendering corruption attempt (browser-webkit.rules) * 1:20998 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript submitform memory corruption attempt (file-pdf.rules) * 1:21000 <-> DISABLED <-> PROTOCOL-SCADA Microsys PROMOTIC ActiveX clsid access (protocol-scada.rules) * 1:21001 <-> DISABLED <-> PROTOCOL-SCADA Microsys PROMOTIC ActiveX function call access (protocol-scada.rules) * 1:21007 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:21008 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file download request (file-identify.rules) * 1:21009 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules) * 1:21010 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules) * 1:21011 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:21012 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules) * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21015 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:21016 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules) * 1:21017 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules) * 1:21018 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules) * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21040 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules) * 1:21052 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file download request (file-identify.rules) * 1:21053 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules) * 1:21054 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules) * 1:21056 <-> DISABLED <-> FILE-JAVA Oracle Java attempt to write in system32 (file-java.rules) * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules) * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21075 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor (server-apache.rules) * 1:21078 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow GraphEdt closed captioning memory corruption (file-multimedia.rules) * 1:21079 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC HMI Administrator cookie detected (protocol-scada.rules) * 1:21082 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel window2 record use after free attempt (file-office.rules) * 1:21083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel window2 record use after free attempt (file-office.rules) * 1:21088 <-> DISABLED <-> OS-WINDOWS Microsoft Windows remote desktop denial of service attempt (os-windows.rules) * 1:21089 <-> DISABLED <-> OS-WINDOWS Microsoft Windows remote desktop oversized cookie attempt (os-windows.rules) * 1:21090 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp player mp4 memory corruption attempt (file-multimedia.rules) * 1:21091 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp player mp4 memory corruption attempt (file-multimedia.rules) * 1:21092 <-> ENABLED <-> MALWARE-TOOLS JavaScript LOIC attack (malware-tools.rules) * 1:21093 <-> DISABLED <-> FILE-MULTIMEDIA A-PDF Wav to mp3 converter buffer overfow (file-multimedia.rules) * 1:21095 <-> DISABLED <-> FILE-PDF Foxit Reader malicious pdf file write access (file-pdf.rules) * 1:21102 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:21103 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:21104 <-> ENABLED <-> MALWARE-TOOLS slowhttptest DoS tool (malware-tools.rules) * 1:21105 <-> DISABLED <-> SERVER-OTHER Avaya WinPDM Unite host router buffer overflow attempt (server-other.rules) * 1:21107 <-> DISABLED <-> FILE-MULTIMEDIA MJM Quickplayer s3m buffer overflow (file-multimedia.rules) * 1:21108 <-> DISABLED <-> EXPLOIT-KIT unknown exploit kit obfuscated landing page (exploit-kit.rules) * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules) * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:21117 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell (indicator-compromise.rules) * 1:21118 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell security information display (indicator-compromise.rules) * 1:21119 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell interactive file system information display (indicator-compromise.rules) * 1:21120 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell interactive console display (indicator-compromise.rules) * 1:21121 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell interactive SQL display (indicator-compromise.rules) * 1:21129 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell (indicator-compromise.rules) * 1:21130 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell enumeration page (indicator-compromise.rules) * 1:21131 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell domain lookup page (indicator-compromise.rules) * 1:21132 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell sql interaction page (indicator-compromise.rules) * 1:21133 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell encoder page (indicator-compromise.rules) * 1:21134 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell security information page (indicator-compromise.rules) * 1:21135 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell password cracking page (indicator-compromise.rules) * 1:21136 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell security bypass page (indicator-compromise.rules) * 1:21137 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell tools page (indicator-compromise.rules) * 1:21138 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell database parsing page (indicator-compromise.rules) * 1:21139 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell spread shell page (indicator-compromise.rules) * 1:21140 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell kill shell page (indicator-compromise.rules) * 1:21146 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules) * 1:21147 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules) * 1:21148 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules) * 1:21149 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules) * 1:21150 <-> DISABLED <-> PROTOCOL-VOIP Grandstream networks denial of service (protocol-voip.rules) * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products floating point buffer overflow attempt (browser-firefox.rules) * 1:21155 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products floating point buffer overflow attempt (browser-firefox.rules) * 1:21160 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (server-iis.rules) * 1:21162 <-> DISABLED <-> FILE-PDF Adobe Acrobat file extension overflow attempt (file-pdf.rules) * 1:21164 <-> DISABLED <-> SERVER-SAMBA Samba username map script command injection attempt (server-samba.rules) * 1:21165 <-> DISABLED <-> FILE-OTHER multiple products GeckoActiveX COM object recon attempt (file-other.rules) * 1:21166 <-> DISABLED <-> BROWSER-CHROME Google Chrome https spoofing attempt (browser-chrome.rules) * 1:21168 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:21169 <-> DISABLED <-> PUA-ADWARE Apperhand SDK advertising data request - Counterclank (pua-adware.rules) * 1:21171 <-> DISABLED <-> APP-DETECT Thunder p2p application activity detection (app-detect.rules) * 1:21172 <-> DISABLED <-> APP-DETECT Thunder p2p application activity detection (app-detect.rules) * 1:21173 <-> DISABLED <-> FILE-EXECUTABLE APP-CONTROL Thunder p2p application download detection (file-executable.rules) * 1:21174 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules) * 1:21176 <-> DISABLED <-> PUA-ADWARE Win32.WindowsOptimizationAndSecurity outbound connection (pua-adware.rules) * 1:21184 <-> DISABLED <-> PUA-ADWARE Internet Security 2010 outbound connection (pua-adware.rules) * 1:21189 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari innerHTML use after free exploit attempt (browser-webkit.rules) * 1:21232 <-> DISABLED <-> SERVER-OTHER Remote Desktop Protocol brute force attempt (server-other.rules) * 1:21244 <-> DISABLED <-> FILE-IDENTIFY New Executable binary file magic detected (file-identify.rules) * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules) * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules) * 1:21254 <-> DISABLED <-> FILE-PDF Foxit Reader createDataObject file write attempt (file-pdf.rules) * 1:21255 <-> ENABLED <-> MALWARE-OTHER known malicious FTP login banner - 0wns j0 (malware-other.rules) * 1:21256 <-> ENABLED <-> MALWARE-OTHER known malicious FTP quit banner - Goodbye happy r00ting (malware-other.rules) * 1:21261 <-> DISABLED <-> SERVER-OTHER Xitami if-modified-since header buffer overflow attempt (server-other.rules) * 1:21262 <-> DISABLED <-> OS-WINDOWS DCERPC ISystemActivate flood attempt (os-windows.rules) * 1:21263 <-> DISABLED <-> SERVER-OTHER Embarcadero Interbase connect request buffer overflow attempt (server-other.rules) * 1:21265 <-> DISABLED <-> INDICATOR-SHELLCODE Piecemeal exploit and shellcode construction (indicator-shellcode.rules) * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (policy-other.rules) * 1:21281 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (os-windows.rules) * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules) * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules) * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules) * 1:21291 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid row option attempt (file-office.rules) * 1:21293 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio corrupted compressed data memory corruption attempt (file-office.rules) * 1:21295 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules) * 1:21296 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules) * 1:21315 <-> DISABLED <-> SERVER-OTHER Quest NetVault SmartDisk libnvbasics.dll DOS attempt (server-other.rules) * 1:21317 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:21319 <-> DISABLED <-> FILE-OTHER Multiple products request for version.dll over SMB attempt (file-other.rules) * 1:21320 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player request for atl.dll over SMB attempt (file-flash.rules) * 1:21321 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player request for uxtheme.dll over SMB attempt (file-flash.rules) * 1:21322 <-> DISABLED <-> FILE-OTHER Multiple products version.dll dll-load exploit attempt (file-other.rules) * 1:21323 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player atl.dll dll-load exploit attempt (file-flash.rules) * 1:21324 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player uxtheme.dll dll-load exploit attempt (file-flash.rules) * 1:21325 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross site request forgery attempt (file-flash.rules) * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (file-flash.rules) * 1:21328 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format server integer overflow attempt (server-other.rules) * 1:21329 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format client integer overflow attempt (server-other.rules) * 1:21330 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format server integer overflow attempt (server-other.rules) * 1:21331 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format client integer overflow attempt (server-other.rules) * 1:21332 <-> ENABLED <-> APP-DETECT Synergy network kvm usage detected (app-detect.rules) * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (file-flash.rules) * 1:21337 <-> DISABLED <-> SERVER-APACHE Apache XML HMAC truncation authentication bypass attempt (server-apache.rules) * 1:21349 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:21350 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:21356 <-> DISABLED <-> SERVER-APACHE Apache URI directory traversal attempt (server-apache.rules) * 1:21357 <-> DISABLED <-> OS-WINDOWS Microsoft Windows OLEAUT32.DLL malicious WMF file remote code execution attempt (os-windows.rules) * 1:21370 <-> DISABLED <-> SERVER-SAMBA Samba name mangling buffer overflow attempt (server-samba.rules) * 1:21387 <-> DISABLED <-> FILE-JAVA Oracle Java runtime RMIConnectionImpl deserialization execution attempt (file-java.rules) * 1:21393 <-> DISABLED <-> FILE-MULTIMEDIA Magix Musik Maker 16 buffer overflow attempt (file-multimedia.rules) * 1:21394 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox null byte file remote code execution attempt (browser-firefox.rules) * 1:21395 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:21396 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:21397 <-> DISABLED <-> FILE-MULTIMEDIA MicroP mppl stack buffer overflow (file-multimedia.rules) * 1:21398 <-> ENABLED <-> FILE-IDENTIFY MPPL file download request (file-identify.rules) * 1:21399 <-> DISABLED <-> BROWSER-OTHER Opera Web Browser History Search Input validation vulnerability (browser-other.rules) * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules) * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules) * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21413 <-> DISABLED <-> FILE-OTHER PeaZip command injection attempt (file-other.rules) * 1:21417 <-> DISABLED <-> FILE-PDF hostile PDF associated with Laik exploit kit (file-pdf.rules) * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules) * 1:21431 <-> DISABLED <-> FILE-PDF Possible malicious pdf - new pdf exploit (file-pdf.rules) * 1:21432 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules) * 1:21433 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules) * 1:21437 <-> DISABLED <-> FILE-OTHER WordPerfect WP3TablesGroup heap overflow attempt (file-other.rules) * 1:21439 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ arbitrary code execution attempt (file-image.rules) * 1:21445 <-> DISABLED <-> SERVER-OTHER vsFTPd denial of service attempt (server-other.rules) * 1:21446 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileSystemObject clsid access (browser-chrome.rules) * 1:21459 <-> ENABLED <-> MALWARE-TOOLS Havij advanced SQL injection tool user-agent string (malware-tools.rules) * 1:21480 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21483 <-> DISABLED <-> PROTOCOL-SCADA Moxa Device Manager buffer overflow attempt (protocol-scada.rules) * 1:21485 <-> DISABLED <-> SERVER-OTHER EMC RepliStor denial of service attempt (server-other.rules) * 1:21488 <-> DISABLED <-> APP-DETECT User-Agent known user agent - GetRight (app-detect.rules) * 1:21489 <-> DISABLED <-> FILE-OTHER Microsoft Windows chm file malware related exploit (file-other.rules) * 1:21490 <-> DISABLED <-> PROTOCOL-SCADA General Electric d20me configuration retrieval attempt (protocol-scada.rules) * 1:21491 <-> DISABLED <-> PROTOCOL-SCADA Sielco Sistemi Winlog Pro stack buffer overflow attempt (protocol-scada.rules) * 1:21494 <-> DISABLED <-> PROTOCOL-SCADA General Electric D20ME backdoor attempt (protocol-scada.rules) * 1:21498 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21501 <-> DISABLED <-> FILE-JAVA Oracle JavaScript file upload keystroke hijack attempt (file-java.rules) * 1:21503 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB memory corruption (file-office.rules) * 1:21509 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit rhino jar request (exploit-kit.rules) * 1:21510 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit logo transfer (exploit-kit.rules) * 1:21512 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zegost.B runtime detection (malware-backdoor.rules) * 1:21513 <-> ENABLED <-> MALWARE-TOOLS HOIC http denial of service attack (malware-tools.rules) * 1:21515 <-> DISABLED <-> SERVER-APACHE Apache Tomcat Web Application Manager access (server-apache.rules) * 1:21519 <-> DISABLED <-> INDICATOR-OBFUSCATION Dadongs obfuscated javascript (indicator-obfuscation.rules) * 1:21524 <-> DISABLED <-> FILE-OFFICE Microsoft Windows object packager dialogue code execution attempt (file-office.rules) * 1:21530 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action script 3 bitmap malicious rectangle attempt (file-flash.rules) * 1:21531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action script 3 bitmap malicious rectangle attempt (file-flash.rules) * 1:21532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action script 3 bitmap malicious rectangle attempt (file-flash.rules) * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21550 <-> ENABLED <-> MALWARE-BACKDOOR ToolsPack PHP Backdoor access (malware-backdoor.rules) * 1:21555 <-> DISABLED <-> MALWARE-OTHER Horde javascript.php href backdoor (malware-other.rules) * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (policy-other.rules) * 1:21557 <-> DISABLED <-> FILE-OTHER Apple OSX ZIP archive shell script execution attempt (file-other.rules) * 1:21573 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file download request (file-identify.rules) * 1:21574 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules) * 1:21575 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules) * 1:21576 <-> DISABLED <-> FILE-OTHER Microsoft Windows Visual Studio .addin file access (file-other.rules) * 1:21577 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - charcode (indicator-obfuscation.rules) * 1:21578 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - eval (indicator-obfuscation.rules) * 1:21579 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - fromCharCode (indicator-obfuscation.rules) * 1:21580 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - fromCharCode (indicator-obfuscation.rules) * 1:21582 <-> DISABLED <-> FILE-PDF PDF obfuscation attempt (file-pdf.rules) * 1:21583 <-> DISABLED <-> FILE-PDF Possible malicious pdf detection - qwe123 (file-pdf.rules) * 1:21584 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file download request (file-identify.rules) * 1:21585 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules) * 1:21586 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules) * 1:21587 <-> DISABLED <-> FILE-OTHER VisiWave VWR file parsing code execution attempt (file-other.rules) * 1:21595 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D initialization request detection (os-mobile.rules) * 1:21596 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D initialization response detection (os-mobile.rules) * 1:21597 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D sms logging request detection (os-mobile.rules) * 1:21598 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D sms logging response detection (os-mobile.rules) * 1:21599 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21600 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21601 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21602 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21603 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21604 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21605 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21606 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21607 <-> DISABLED <-> FILE-OTHER IBM Installation Manager iim uri code execution attempt (file-other.rules) * 1:21608 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 call number denial of service (protocol-voip.rules) * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21629 <-> DISABLED <-> FILE-OTHER ELF file parsing in different antivirus evasion attempt (file-other.rules) * 1:21630 <-> DISABLED <-> FILE-OTHER ELF file parsing in different antivirus evasion attempt (file-other.rules) * 1:21637 <-> DISABLED <-> POLICY-SPAM local user attempted to fill out paypal phishing form (policy-spam.rules) * 1:21641 <-> DISABLED <-> MALWARE-OTHER Possible banking trojan with known banking strings (malware-other.rules) * 1:21642 <-> DISABLED <-> MALWARE-OTHER Possible malicious jar file download page (malware-other.rules) * 1:21644 <-> DISABLED <-> PUA-ADWARE Adware.MediaGetInstaller inbound connection - destination ip infected (pua-adware.rules) * 1:21645 <-> DISABLED <-> PUA-ADWARE Adware.MediaGetInstaller outbound connection - source ip infected (pua-adware.rules) * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules) * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:21662 <-> DISABLED <-> SERVER-OTHER Blue Coat Systems WinProxy telnet denial of service attempt (server-other.rules) * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (exploit-kit.rules) * 1:21669 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk missing SIP version denial of service attempt (protocol-voip.rules) * 1:21672 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP capabilities response message capabilities count overflow attempt (protocol-voip.rules) * 1:21673 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP overly large mem copy attempt (protocol-voip.rules) * 1:21674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules) * 1:21675 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules) * 1:21676 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules) * 1:21677 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules) * 1:21678 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21679 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call attempt (exploit-kit.rules) * 1:21680 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21681 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21682 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21683 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21684 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21685 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21686 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:21708 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21711 <-> ENABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules) * 1:21712 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21715 <-> ENABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules) * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21718 <-> ENABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules) * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21721 <-> ENABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules) * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21724 <-> ENABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules) * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21727 <-> ENABLED <-> FILE-IDENTIFY ANI file magic detection (file-identify.rules) * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21748 <-> ENABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules) * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21751 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:21759 <-> DISABLED <-> FILE-OTHER Ultra Shareware Office HttpUpload buffer overflow attempt (file-other.rules) * 1:21763 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve Backup denial of service attempt (server-other.rules) * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules) * 1:21765 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF subroutine pointer attempt (file-pdf.rules) * 1:21767 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 Channel Driver DoS attempt (protocol-voip.rules) * 1:21768 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 Channel Driver DoS attempt (protocol-voip.rules) * 1:21777 <-> DISABLED <-> SQL waitfor delay function in POST - possible SQL injection attempt (sql.rules) * 1:21779 <-> DISABLED <-> SQL parameter ending in encoded comment characters - possible sql injection attempt - POST (sql.rules) * 1:21780 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded waitfor delay function in POST - possible sql injection attempt (indicator-obfuscation.rules) * 1:21781 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded union select function in POST - possible sql injection attempt (indicator-obfuscation.rules) * 1:21782 <-> DISABLED <-> INDICATOR-OBFUSCATION script tag in POST parameters - likely cross-site scripting (indicator-obfuscation.rules) * 1:21783 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded script tag in POST parameters - likely cross-site scripting (indicator-obfuscation.rules) * 1:21784 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded script tag in POST parameters - likely cross-site scripting (indicator-obfuscation.rules) * 1:21785 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript escape function in POST parameters - likely javascript injection (indicator-obfuscation.rules) * 1:21786 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded javascript escape function in POST parameters - likely javascript injection (indicator-obfuscation.rules) * 1:21787 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded javascript escape function in POST parameters - likely javascript injection (indicator-obfuscation.rules) * 1:21788 <-> DISABLED <-> SQL or kic = kic - known SQL injection routine (sql.rules) * 1:21789 <-> DISABLED <-> SQL or kic = kic - known SQL injection routine (sql.rules) * 1:21802 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file download request (file-identify.rules) * 1:21803 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules) * 1:21804 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules) * 1:21805 <-> DISABLED <-> FILE-MULTIMEDIA HT-MP3Player file parsing boundary buffer overflow attempt (file-multimedia.rules) * 1:21807 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules) * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21810 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:21811 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules) * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21814 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21817 <-> DISABLED <-> PROTOCOL-DNS excessive queries of type ANY - potential DoS (protocol-dns.rules) * 1:21845 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - redirect received (malware-other.rules) * 1:21848 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - page redirecting to a SutraTDS (malware-other.rules) * 1:21849 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - HTTP header redirecting to a SutraTDS (malware-other.rules) * 1:21850 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - request hi.cgi (malware-other.rules) * 1:21851 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - redirect received (malware-other.rules) * 1:21853 <-> DISABLED <-> APP-DETECT ptunnel icmp proxy (app-detect.rules) * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21858 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader msiexec.exe file load exploit attempt (file-pdf.rules) * 1:21859 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader msiexec.exe file load exploit attempt (file-pdf.rules) * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21863 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21864 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21881 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21907 <-> DISABLED <-> FILE-OFFICE Microsoft Office rtf document generic exploit indicator (file-office.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21920 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In CorelDRAW file parser buffer overflow attempt (server-oracle.rules) * 1:21921 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In CorelDRAW file parser buffer overflow attempt (server-oracle.rules) * 1:21923 <-> DISABLED <-> SERVER-APACHE Apache Tomcat PUT request remote file deployment attempt (server-apache.rules) * 1:21924 <-> DISABLED <-> PUA-ADWARE Adware.Downware variant outbound connection attempt (pua-adware.rules) * 1:21929 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules) * 1:21930 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules) * 1:21934 <-> DISABLED <-> PUA-ADWARE 888Poker install outbound connection attempt (pua-adware.rules) * 1:21938 <-> DISABLED <-> PROTOCOL-TELNET RuggedCom default backdoor login attempt (protocol-telnet.rules) * 1:21939 <-> ENABLED <-> PROTOCOL-TELNET RuggedCom telnet initial banner (protocol-telnet.rules) * 1:21941 <-> DISABLED <-> INDICATOR-COMPROMISE Wordpress Request for php file in fgallery directory (indicator-compromise.rules) * 1:21949 <-> ENABLED <-> MALWARE-OTHER nikjju script injection (malware-other.rules) * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules) * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules) * 1:21967 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip.A runtime detection (malware-backdoor.rules) * 1:21968 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Rebhip.A variant outbound connection type A (malware-backdoor.rules) * 1:21969 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Rebhip.A variant outbound connection type B (malware-backdoor.rules) * 1:21970 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zlob.P variant outbound connection (malware-backdoor.rules) * 1:21971 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zlob.P variant inbound connection (malware-backdoor.rules) * 1:21972 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.ZZSlash variant outbound connection (malware-backdoor.rules) * 1:21973 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.ZZSlash runtime detection (malware-backdoor.rules) * 1:21977 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Pinit variant outbound connection (malware-backdoor.rules) * 1:21978 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nervos variant outbound connection (malware-backdoor.rules) * 1:21979 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nervos variant inbound connection (malware-backdoor.rules) * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (file-identify.rules) * 1:22002 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Basic v6.0 - additional file magic detected (file-identify.rules) * 1:22013 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file download request (file-identify.rules) * 1:22014 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules) * 1:22015 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules) * 1:22016 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules) * 1:22017 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file download request (file-identify.rules) * 1:22018 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules) * 1:22019 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules) * 1:22020 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules) * 1:22021 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file download request (file-identify.rules) * 1:22022 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules) * 1:22023 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules) * 1:22024 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules) * 1:22025 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file download request (file-identify.rules) * 1:22026 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules) * 1:22027 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules) * 1:22028 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules) * 1:22029 <-> DISABLED <-> FILE-OTHER Visual Studio DBP file handling buffer overflow attempt (file-other.rules) * 1:22030 <-> DISABLED <-> FILE-OTHER Visual Studio PKP file handling buffer overflow attempt (file-other.rules) * 1:22031 <-> DISABLED <-> FILE-OTHER Visual Studio SLN file handling buffer overflow attempt (file-other.rules) * 1:22032 <-> DISABLED <-> FILE-OTHER Visual Studio VAP file handling buffer overflow attempt (file-other.rules) * 1:22043 <-> ENABLED <-> FILE-IDENTIFY XM file download request (file-identify.rules) * 1:22044 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules) * 1:22045 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules) * 1:22046 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules) * 1:22061 <-> ENABLED <-> MALWARE-OTHER Alureon - Malicious IFRAME load attempt (malware-other.rules) * 1:22071 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - eval (indicator-obfuscation.rules) * 1:22072 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - fromCharCode (indicator-obfuscation.rules) * 1:22073 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - unescape (indicator-obfuscation.rules) * 1:22074 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - charCode (indicator-obfuscation.rules) * 1:22079 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework EvidenceBase class remote code execution attempt (os-windows.rules) * 1:22085 <-> DISABLED <-> FILE-OFFICE Microsoft Office GDI+ incorrect index validation of malformed EMF image attempt (file-office.rules) * 1:22086 <-> DISABLED <-> FILE-OFFICE Microsoft Office GDI+ incorrect index validation of malformed EMF image attempt (file-office.rules) * 1:22087 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font maxComponentPoints overflow attempt (file-other.rules) * 1:22090 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework malicious XBAP attempt (os-windows.rules) * 1:22095 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Agent variant outbound connection (malware-backdoor.rules) * 1:22098 <-> DISABLED <-> INDICATOR-COMPROMISE hex-encoded create_function detected (indicator-compromise.rules) * 1:22110 <-> DISABLED <-> SERVER-MAIL Metamail format string exploit attempt (server-mail.rules) * 1:22111 <-> DISABLED <-> SERVER-MAIL Metamail format string exploit attempt (server-mail.rules) * 1:22112 <-> DISABLED <-> SERVER-MAIL Metamail format string exploit attempt (server-mail.rules) * 1:22113 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (server-mail.rules) * 1:22114 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (server-mail.rules) * 1:22115 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (server-mail.rules) * 1:22917 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - cmd (indicator-compromise.rules) * 1:22918 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - search (indicator-compromise.rules) * 1:22919 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - upload (indicator-compromise.rules) * 1:22920 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - about (indicator-compromise.rules) * 1:22921 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - encoder (indicator-compromise.rules) * 1:22922 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - bind (indicator-compromise.rules) * 1:22923 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ps_aux (indicator-compromise.rules) * 1:22924 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ftpquickbrute (indicator-compromise.rules) * 1:22925 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - security (indicator-compromise.rules) * 1:22926 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - sql (indicator-compromise.rules) * 1:22927 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - eval (indicator-compromise.rules) * 1:22928 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - feedback (indicator-compromise.rules) * 1:22929 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - selfremove (indicator-compromise.rules) * 1:22930 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - fsbuff (indicator-compromise.rules) * 1:22931 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ls (indicator-compromise.rules) * 1:22932 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - phpinfo (indicator-compromise.rules) * 1:22933 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - tools (indicator-compromise.rules) * 1:22940 <-> DISABLED <-> INDICATOR-COMPROMISE Win32.Virut web propagation detection (indicator-compromise.rules) * 1:22941 <-> DISABLED <-> FILE-PDF Possible malicious PDF detection - qweqwe= (file-pdf.rules) * 1:22943 <-> ENABLED <-> FILE-IDENTIFY NAB file download request (file-identify.rules) * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22946 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:22948 <-> DISABLED <-> PROTOCOL-VOIP Avaya WinPDM header buffer overflow attempt (protocol-voip.rules) * 1:22953 <-> DISABLED <-> MALWARE-TOOLS Hulk denial of service attempt (malware-tools.rules) * 1:22955 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules) * 1:22956 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules) * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22967 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules) * 1:22968 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules) * 1:22969 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules) * 1:22970 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules) * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (file-identify.rules) * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (file-identify.rules) * 1:22973 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules) * 1:22974 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules) * 1:22975 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules) * 1:22976 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules) * 1:22977 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules) * 1:22978 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules) * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22981 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules) * 1:22982 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules) * 1:22983 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules) * 1:22984 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules) * 1:22985 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:22986 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:22987 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules) * 1:22988 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules) * 1:22989 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules) * 1:22990 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules) * 1:22991 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules) * 1:22992 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules) * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22997 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22998 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22999 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23002 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules) * 1:23003 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules) * 1:23004 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:23005 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:23006 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:23007 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:23011 <-> ENABLED <-> FILE-IDENTIFY Collada file download request (file-identify.rules) * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23016 <-> DISABLED <-> INDICATOR-COMPROMISE base64-encoded c99shell download (indicator-compromise.rules) * 1:23017 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell comment (indicator-compromise.rules) * 1:23043 <-> DISABLED <-> FILE-PDF Unknown malicious PDF - CreationDate (file-pdf.rules) * 1:23044 <-> DISABLED <-> FILE-PDF Unknown malicious PDF - CreationDate (file-pdf.rules) * 1:23045 <-> DISABLED <-> FILE-PDF Unknown malicious PDF - Title (file-pdf.rules) * 1:23054 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nSSVGValue memory corruption attempt (browser-firefox.rules) * 1:23055 <-> DISABLED <-> PROTOCOL-FTP Multiple Products FTP MKD buffer overflow attempt (protocol-ftp.rules) * 1:23058 <-> ENABLED <-> MALWARE-OTHER NeoSploit Malvertising - URI Requested (malware-other.rules) * 1:23085 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - join (indicator-obfuscation.rules) * 1:23086 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - push (indicator-obfuscation.rules) * 1:23087 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - xval (indicator-obfuscation.rules) * 1:23088 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - qweqwe (indicator-obfuscation.rules) * 1:23089 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript strings - obfuscation pattern (indicator-obfuscation.rules) * 1:23090 <-> DISABLED <-> SERVER-OTHER known malicious SSL certificate derived from Microsoft CA detected (server-other.rules) * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (policy-other.rules) * 1:23106 <-> ENABLED <-> EXPLOIT-KIT SET java applet load attempt (exploit-kit.rules) * 1:23107 <-> DISABLED <-> INDICATOR-COMPROMISE BeEF javascript hook.js download attempt (indicator-compromise.rules) * 1:23110 <-> DISABLED <-> FILE-IMAGE Microsoft Windows graphics rendering engine buffer overflow attempt (file-image.rules) * 1:23113 <-> DISABLED <-> INDICATOR-OBFUSCATION eval gzinflate base64_decode call - likely malicious (indicator-obfuscation.rules) * 1:23114 <-> DISABLED <-> INDICATOR-OBFUSCATION GIF header with PHP tags - likely malicious (indicator-obfuscation.rules) * 1:23115 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB client authentication bypass attempt (server-mysql.rules) * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (file-flash.rules) * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (file-flash.rules) * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (file-flash.rules) * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (file-flash.rules) * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (file-flash.rules) * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (file-flash.rules) * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (file-flash.rules) * 1:23140 <-> DISABLED <-> FILE-PDF Unknown Malicious PDF - CreationDate (file-pdf.rules) * 1:23141 <-> ENABLED <-> EXPLOIT-KIT Fake transaction redirect page to exploit kit (exploit-kit.rules) * 1:23147 <-> ENABLED <-> EXPLOIT-KIT Suspicious taskkill script - StrReverse (exploit-kit.rules) * 1:23148 <-> ENABLED <-> EXPLOIT-KIT Suspicious StrReverse - Shell (exploit-kit.rules) * 1:23149 <-> ENABLED <-> EXPLOIT-KIT Suspicious StrReverse - Scripting.FileSystemObject (exploit-kit.rules) * 1:23160 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - fromCharCode (indicator-obfuscation.rules) * 1:23161 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - eval (indicator-obfuscation.rules) * 1:23166 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XDP encoded download attempt (file-pdf.rules) * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules) * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23171 <-> DISABLED <-> INDICATOR-COMPROMISE Wordpress Request for html file in fgallery directory (indicator-compromise.rules) * 1:23173 <-> DISABLED <-> OS-MOBILE Android Zitmo trojan command and control channel traffic (os-mobile.rules) * 1:23178 <-> DISABLED <-> PROTOCOL-ICMP IPv6 router advertisement flood attempt (protocol-icmp.rules) * 1:23179 <-> DISABLED <-> INDICATOR-COMPROMISE script before DOCTYPE possible malicious redirect attempt (indicator-compromise.rules) * 1:23188 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23189 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23203 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23204 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23208 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (protocol-voip.rules) * 1:23217 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic avoid_utf8_tolower javascript encoder (indicator-shellcode.rules) * 1:23226 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript error suppression routine (indicator-obfuscation.rules) * 1:23230 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST client identifier overflow attempt (os-windows.rules) * 1:23231 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST hostname overflow attempt (os-windows.rules) * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules) * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules) * 1:23239 <-> DISABLED <-> SERVER-OTHER Wireshark console.lua file load exploit attempt (server-other.rules) * 1:23246 <-> DISABLED <-> PUA-ADWARE Wajam Monitizer url outbound connection - post install (pua-adware.rules) * 1:23247 <-> DISABLED <-> PUA-ADWARE Wajam Monitizer outbound connection - post install (pua-adware.rules) * 1:23309 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:23310 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:23311 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:23312 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:23313 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:23315 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word request for imeshare.dll over SMB attempt (file-office.rules) * 1:23316 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word imeshare.dll dll-load exploit attempt (file-office.rules) * 1:23318 <-> DISABLED <-> FILE-OTHER ELF multiple antivirus evasion attempts (file-other.rules) * 1:23319 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules) * 1:23320 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules) * 1:23321 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules) * 1:23322 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules) * 1:23323 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23324 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23325 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23326 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23327 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23328 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23329 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23330 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:23338 <-> DISABLED <-> MALWARE-BACKDOOR Spindest.A runtime detection - initial connection (malware-backdoor.rules) * 1:23347 <-> ENABLED <-> FILE-IDENTIFY Lotus file download request (file-identify.rules) * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23350 <-> DISABLED <-> MALWARE-OTHER potential clickjacking via css pointer-events attempt (malware-other.rules) * 1:23351 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23356 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office text converters integer underflow attempt (file-office.rules) * 1:23357 <-> DISABLED <-> FILE-OTHER ELF multiple antivirus evasion attempts (file-other.rules) * 1:23358 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23359 <-> DISABLED <-> SERVER-OTHER Multiple Vendors SOAP large array parameter DoS attempt (server-other.rules) * 1:23360 <-> DISABLED <-> SERVER-IIS tilde character file name discovery attempt (server-iis.rules) * 1:23361 <-> DISABLED <-> SERVER-IIS tilde character file name discovery attempt (server-iis.rules) * 1:23362 <-> DISABLED <-> SERVER-IIS tilde character file name discovery attempt (server-iis.rules) * 1:23369 <-> DISABLED <-> PUA-ADWARE Adware.Phono post infection download attempt (pua-adware.rules) * 1:23381 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Thoper.C runtime detection (malware-backdoor.rules) * 1:23393 <-> ENABLED <-> SQL IBM SolidDB initial banner (sql.rules) * 1:23397 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services stack buffer overflow attempt (server-other.rules) * 1:23404 <-> DISABLED <-> SERVER-MAIL Mortal Universe POP Peeper date header overflow attempt (server-mail.rules) * 1:23408 <-> DISABLED <-> OS-WINDOWS Microsoft Windows large image resize denial of service attempt (os-windows.rules) * 1:23435 <-> DISABLED <-> SERVER-MAIL Alt-N MDaemon file attachment directory traversal attempt (server-mail.rules) * 1:23436 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX IDirectPlay4 denial of service attempt (os-windows.rules) * 1:23437 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX IDirectPlay4 denial of service attempt (os-windows.rules) * 1:23438 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell initialization attempt (indicator-compromise.rules) * 1:23439 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell upload attempt (indicator-compromise.rules) * 1:23440 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell upload attempt (indicator-compromise.rules) * 1:23441 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell upload attempt (indicator-compromise.rules) * 1:23442 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command injection attempt (indicator-compromise.rules) * 1:23443 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell failed remote command injection attempt (indicator-compromise.rules) * 1:23445 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox use-after free remote code execution attempt (browser-firefox.rules) * 1:23471 <-> DISABLED <-> BROWSER-CHROME Google Chrome net-internals uri fragment identifier XSS attempt (browser-chrome.rules) * 1:23472 <-> DISABLED <-> PUA-ADWARE FakeAV landing page request (pua-adware.rules) * 1:23474 <-> ENABLED <-> FILE-IDENTIFY PLP file download request (file-identify.rules) * 1:23475 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules) * 1:23476 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules) * 1:23477 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules) * 1:23478 <-> DISABLED <-> FILE-OTHER ACDSee FotoSlate PLP file buffer overflow attempt (file-other.rules) * 1:23479 <-> DISABLED <-> FILE-OTHER ACDSee FotoSlate PLP file buffer overflow attempt (file-other.rules) * 1:23481 <-> DISABLED <-> INDICATOR-OBFUSCATION hex escaped characters in setTimeout call (indicator-obfuscation.rules) * 1:23482 <-> DISABLED <-> INDICATOR-OBFUSCATION hex escaped characters in addEventListener call (indicator-obfuscation.rules) * 1:23483 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Georbot file download (malware-backdoor.rules) * 1:23484 <-> DISABLED <-> INDICATOR-COMPROMISE Wordpress Invit0r plugin non-image file upload attempt (indicator-compromise.rules) * 1:23486 <-> ENABLED <-> FILE-IDENTIFY JOB file download request (file-identify.rules) * 1:23487 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:23488 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (file-other.rules) * 1:23490 <-> DISABLED <-> FILE-MULTIMEDIA Oracle Java MixerSequencer RMF MIDI structure handling exploit attempt (file-multimedia.rules) * 1:23496 <-> ENABLED <-> FILE-IDENTIFY CUR file download request (file-identify.rules) * 1:23497 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23498 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23513 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:23514 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:23515 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:23516 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:23525 <-> DISABLED <-> FILE-OFFICE Microsoft Office BMP header biClrUsed integer overflow attempt (file-office.rules) * 1:23531 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:23532 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:23533 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:23540 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word GDI+ Office Art Property Table remote code execution attempt (file-office.rules) * 1:23541 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel GDI+ Office Art Property Table remote code execution attempt (file-office.rules) * 1:23542 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel integer field in row record improper validation remote code execution attempt (file-office.rules) * 1:23543 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SxView record exploit attempt (file-office.rules) * 1:23557 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office text converters integer underflow attempt (file-office.rules) * 1:23564 <-> DISABLED <-> FILE-OTHER Adobe Illustrator DSC comment overflow attempt (file-other.rules) * 1:23578 <-> DISABLED <-> FILE-OTHER Microsoft Windows malformed ASF voice codec memory corruption attempt (file-other.rules) * 1:23589 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:23590 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:23596 <-> DISABLED <-> INDICATOR-COMPROMISE iframe before DOCTYPE possible malicious redirect attempt (indicator-compromise.rules) * 1:23601 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan default agent string (indicator-scan.rules) * 1:23602 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan Firefox agent string (indicator-scan.rules) * 1:23603 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan MSIE agent string (indicator-scan.rules) * 1:23604 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan iPhone agent string (indicator-scan.rules) * 1:23616 <-> ENABLED <-> APP-DETECT Amazon Kindle 3.0 User-Agent string requested (app-detect.rules) * 1:23617 <-> DISABLED <-> APP-DETECT Amazon Kindle chrome-scriptable-plugin attempt (app-detect.rules) * 1:23618 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection attempt (malware-other.rules) * 1:23620 <-> ENABLED <-> MALWARE-OTHER Malvertising network attempted redirect (malware-other.rules) * 1:23621 <-> DISABLED <-> INDICATOR-OBFUSCATION known packer routine with secondary obfuscation (indicator-obfuscation.rules) * 1:23624 <-> DISABLED <-> SERVER-OTHER Ubisoft Uplay browser plugin backdoor attempt (server-other.rules) * 1:23625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox resource URL handling directory traversal attempt (browser-firefox.rules) * 1:23636 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript built-in function parseInt appears obfuscated - likely packer or encoder (indicator-obfuscation.rules) * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:23642 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules) * 1:23643 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules) * 1:23644 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules) * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:23646 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules) * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:23648 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23649 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules) * 1:23650 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules) * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:23660 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules) * 1:23661 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules) * 1:23662 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:23663 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:23664 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:23665 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules) * 1:23666 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:23668 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules) * 1:23669 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules) * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:23671 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules) * 1:23672 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules) * 1:23673 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:23674 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules) * 1:23675 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules) * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:23679 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23688 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules) * 1:23689 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules) * 1:23690 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules) * 1:23691 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:23692 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules) * 1:23693 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules) * 1:23694 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules) * 1:23695 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:23696 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:23698 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:23702 <-> DISABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules) * 1:23703 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:23704 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.51-v0.61 packed file magic detected (file-identify.rules) * 1:23705 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.62-v1.22 packed file magic detected (file-identify.rules) * 1:23706 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v2.90 v2.93-v3.00 packed file magic detected (file-identify.rules) * 1:23707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:23709 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules) * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:23713 <-> DISABLED <-> FILE-IDENTIFY Metastock mwl file magic detected (file-identify.rules) * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:23722 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Address Book file magic detected (file-identify.rules) * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:23726 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules) * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:23728 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:23730 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules) * 1:23731 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules) * 1:23732 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules) * 1:23733 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules) * 1:23734 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules) * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:23736 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:23737 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:23749 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:23750 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:23751 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:23752 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:23756 <-> DISABLED <-> FILE-IDENTIFY New Executable binary file magic detected (file-identify.rules) * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23760 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:23762 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:23763 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:23764 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:23765 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:23768 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Basic v6.0 - additional file magic detected (file-identify.rules) * 1:23769 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules) * 1:23770 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules) * 1:23771 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules) * 1:23772 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules) * 1:23773 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules) * 1:23774 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:23776 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules) * 1:23779 <-> DISABLED <-> SERVER-APACHE Apache WebDAV mod_dav nested entity reference DoS attempt (server-apache.rules) * 1:23798 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection page (malware-other.rules) * 1:23807 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23810 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23813 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23816 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23819 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23822 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23823 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23829 <-> DISABLED <-> INDICATOR-COMPROMISE Loaderz Web Shell (indicator-compromise.rules) * 1:23830 <-> DISABLED <-> INDICATOR-COMPROMISE Alsa3ek Web Shell (indicator-compromise.rules) * 1:23831 <-> DISABLED <-> INDICATOR-OBFUSCATION non-alphanumeric javascript detected (indicator-obfuscation.rules) * 1:23832 <-> DISABLED <-> INDICATOR-OBFUSCATION non-alphanumeric javascript detected (indicator-obfuscation.rules) * 1:23833 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection campaign - blackmuscat (malware-other.rules) * 1:23846 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Terminal server RDP freed memory write attempt (os-windows.rules) * 1:23851 <-> DISABLED <-> FILE-PDF Blackhole exploit kit related malicious file detection (file-pdf.rules) * 1:23852 <-> DISABLED <-> FILE-PDF Blackhole exploit kit related malicious file detection (file-pdf.rules) * 1:23863 <-> DISABLED <-> PUA-ADWARE LiveSecurityPlatinum.A outbound connection - initial connection (pua-adware.rules) * 1:23864 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid font WeightVector attempt (file-pdf.rules) * 1:23865 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid font WeightVector attempt (file-pdf.rules) * 1:23866 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23867 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23868 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23869 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23870 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23871 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23874 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader postscript font execution malformed subroutine entries attempt (file-pdf.rules) * 1:23875 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader postscript font execution malformed subroutine entries attempt (file-pdf.rules) * 1:23881 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23882 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23883 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 encoding invalid symbol in dictionary segment (file-pdf.rules) * 1:23884 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 encoding invalid symbol in dictionary segment (file-pdf.rules) * 1:23891 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23892 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23898 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.collectEmailInfo exploit attempt (file-pdf.rules) * 1:23899 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (file-pdf.rules) * 1:23900 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (file-pdf.rules) * 1:23901 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (file-pdf.rules) * 1:23902 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (file-pdf.rules) * 1:23905 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23906 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23907 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23908 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23909 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23910 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23911 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23912 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23913 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23914 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23915 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23916 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23917 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23918 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23919 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23920 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23921 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23922 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23923 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23924 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23925 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23926 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23927 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23928 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23929 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23930 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23931 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23932 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23933 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules) * 1:23947 <-> DISABLED <-> SQL IBM System Storage DS storage manager profiler sql injection attempt (sql.rules) * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules) * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules) * 1:23952 <-> DISABLED <-> MALWARE-TOOLS Tors Hammer slow post flood attempt (malware-tools.rules) * 1:23954 <-> DISABLED <-> OS-MOBILE Android SMSZombie APK file download attempt (os-mobile.rules) * 1:23964 <-> DISABLED <-> PROTOCOL-SCADA BroadWin WebAccess Client format string exploit attempt (protocol-scada.rules) * 1:23965 <-> DISABLED <-> PROTOCOL-SCADA BroadWin WebAccess Client arbitrary memory corruption attempt (protocol-scada.rules) * 1:23966 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk invite malformed SDP denial of service attempt (protocol-voip.rules) * 1:23969 <-> ENABLED <-> OS-MOBILE Android SMSZombie APK file download (os-mobile.rules) * 1:23979 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23980 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23981 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23982 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23983 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23990 <-> DISABLED <-> POLICY-SOCIAL Apple Messages client side certificate request attempt (policy-social.rules) * 1:23991 <-> DISABLED <-> POLICY-SOCIAL Apple Messages service server request attempt (policy-social.rules) * 1:23998 <-> DISABLED <-> SERVER-OTHER DHCP discover broadcast flood attempt (server-other.rules) * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24008 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool (policy-other.rules) * 1:24017 <-> ENABLED <-> MALWARE-OTHER Possible malicious redirect - rebots.php (malware-other.rules) * 1:24020 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24021 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24022 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24023 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24024 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24025 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24027 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24028 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24036 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24037 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24038 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24045 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file download request (file-identify.rules) * 1:24046 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules) * 1:24047 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules) * 1:24048 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file download request (file-identify.rules) * 1:24049 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules) * 1:24050 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules) * 1:24051 <-> DISABLED <-> FILE-OTHER Winamp skin file arbitrary code execution attempt (file-other.rules) * 1:24052 <-> DISABLED <-> FILE-OTHER Winamp skin file arbitrary code execution attempt (file-other.rules) * 1:24055 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24056 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24057 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24058 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24064 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24065 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24066 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24067 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 buffer over-read attempt (file-other.rules) * 1:24068 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 bufer over-read attempt (file-other.rules) * 1:24069 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 buffer over-read attempt (file-other.rules) * 1:24070 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 buffer over-read attempt (file-other.rules) * 1:24074 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24084 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24085 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24086 <-> DISABLED <-> PUA-ADWARE Adware.AdultAds outbound connection (pua-adware.rules) * 1:24089 <-> ENABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (os-windows.rules) * 1:24094 <-> DISABLED <-> APP-DETECT Teamviewer control server ping (app-detect.rules) * 1:24095 <-> DISABLED <-> APP-DETECT Teamviewer installer download attempt (app-detect.rules) * 1:24096 <-> DISABLED <-> APP-DETECT Teamviewer remote connection attempt (app-detect.rules) * 1:24097 <-> DISABLED <-> APP-DETECT Teamviewer remote connection attempt (app-detect.rules) * 1:24098 <-> DISABLED <-> APP-DETECT Teamviewer remote connection attempt (app-detect.rules) * 1:24099 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection attempt (malware-other.rules) * 1:24100 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:24101 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:24103 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPG file (malware-other.rules) * 1:24104 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPEG file (malware-other.rules) * 1:24105 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a GIF file (malware-other.rules) * 1:24106 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a PNG file (malware-other.rules) * 1:24107 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a BMP file (malware-other.rules) * 1:24108 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a RAR file (malware-other.rules) * 1:24109 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a ZIP file (malware-other.rules) * 1:24110 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to an MP3 file (malware-other.rules) * 1:24114 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic avoid_underscore_tolower encoder (indicator-shellcode.rules) * 1:24115 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24116 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24117 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24118 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24119 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24120 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24121 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24122 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24123 <-> DISABLED <-> MALWARE-BACKDOOR Virus.Win32.Xpaj.A variant outbound connection (malware-backdoor.rules) * 1:24125 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24126 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24127 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - QUERY_PATH_INFO csrss.exe (indicator-compromise.rules) * 1:24128 <-> DISABLED <-> OS-WINDOWS Microsoft SCCM ReportChart xss attempt (os-windows.rules) * 1:24129 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel catLabel pointer manipulation attempt (file-office.rules) * 1:24130 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel catLabel pointer manipulation attempt (file-office.rules) * 1:24131 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24132 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24133 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24134 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24135 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24136 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24137 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24143 <-> ENABLED <-> MALWARE-OTHER Dorifel/Quervar/XDocCrypt query for machine name KASPERSKY (malware-other.rules) * 1:24144 <-> ENABLED <-> MALWARE-OTHER Dorifel/Quervar/XDocCrypt download (malware-other.rules) * 1:24145 <-> ENABLED <-> MALWARE-OTHER Dorifel/Quervar/XDocCrypt sent over email (malware-other.rules) * 1:24148 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious charstring stream attempt (file-pdf.rules) * 1:24149 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious charstring stream attempt (file-pdf.rules) * 1:24152 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF bytecode memory corruption attempt (file-pdf.rules) * 1:24153 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF bytecode memory corruption attempt (file-pdf.rules) * 1:24154 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader free text annotation invalid IT value denial of service attempt (file-pdf.rules) * 1:24155 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader free text annotation invalid IT value denial of service attempt (file-pdf.rules) * 1:24159 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24160 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24161 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24162 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24163 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24164 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24165 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24166 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24167 <-> DISABLED <-> INDICATOR-OBFUSCATION document write of unescaped value with remote script (indicator-obfuscation.rules) * 1:24168 <-> DISABLED <-> INDICATOR-OBFUSCATION hidden iframe - potential include of malicious content (indicator-obfuscation.rules) * 1:24173 <-> DISABLED <-> MALWARE-BACKDOOR Trojan-Downloader.Win32.Doneltart.A runtime detection (malware-backdoor.rules) * 1:24176 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24177 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24178 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24179 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24180 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24181 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24190 <-> ENABLED <-> FILE-IDENTIFY X PixMap file magic detected (file-identify.rules) * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules) * 1:24209 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow (file-other.rules) * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24218 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:24219 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:24221 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24222 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24223 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24225 <-> ENABLED <-> MALWARE-OTHER malicious redirection attempt (malware-other.rules) * 1:24229 <-> DISABLED <-> FILE-OTHER RealNetworks Netzip Classic zip archive long filename buffer overflow attempt (file-other.rules) * 1:24230 <-> DISABLED <-> FILE-OTHER RealNetworks Netzip Classic zip archive long filename buffer overflow attempt (file-other.rules) * 1:24231 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit redirection attempt (exploit-kit.rules) * 1:24232 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit outbound connection (exploit-kit.rules) * 1:24233 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit outbound connection (exploit-kit.rules) * 1:24234 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit outbound connection (exploit-kit.rules) * 1:24250 <-> DISABLED <-> SERVER-OTHER telephone URI to USSD code for factory reset (server-other.rules) * 1:24251 <-> DISABLED <-> OS-MOBILE Android/Fakelash.A!tr.spy trojan command and control channel traffic (os-mobile.rules) * 1:24253 <-> DISABLED <-> INDICATOR-COMPROMISE IP only webpage redirect attempt (indicator-compromise.rules) * 1:24254 <-> DISABLED <-> INDICATOR-COMPROMISE IP only webpage redirect attempt (indicator-compromise.rules) * 1:24256 <-> ENABLED <-> MALWARE-BACKDOOR phpMyAdmin server_sync.php backdoor access attempt (malware-backdoor.rules) * 1:24257 <-> ENABLED <-> MALWARE-OTHER mygeeksmail.dll download (malware-other.rules) * 1:24258 <-> ENABLED <-> MALWARE-OTHER mygeeksmail.dll download (malware-other.rules) * 1:24259 <-> ENABLED <-> MALWARE-OTHER PwDump7.exe download (malware-other.rules) * 1:24260 <-> ENABLED <-> MALWARE-OTHER PwDump7.exe download (malware-other.rules) * 1:24261 <-> ENABLED <-> MALWARE-OTHER Lanman2.dll download (malware-other.rules) * 1:24262 <-> ENABLED <-> MALWARE-OTHER Lanman2.dll download (malware-other.rules) * 1:24264 <-> DISABLED <-> FILE-PDF Overly large CreationDate within a pdf - likely malicious (file-pdf.rules) * 1:24265 <-> ENABLED <-> MALWARE-OTHER Malicious UA detected on non-standard port (malware-other.rules) * 1:24266 <-> DISABLED <-> FILE-PDF xpdf ObjectStream integer overflow (file-pdf.rules) * 1:24270 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk RTP comfort noise denial of service attempt (protocol-voip.rules) * 1:24283 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC webm memory corruption attempt (file-multimedia.rules) * 1:24290 <-> DISABLED <-> SERVER-OTHER Fortinet FortiOS appliedTags field cross site scripting attempt (server-other.rules) * 1:24294 <-> DISABLED <-> PROTOCOL-ICMP IPv6 neighbor advertisement flood attempt (protocol-icmp.rules) * 1:24295 <-> DISABLED <-> PROTOCOL-ICMP suspicious IPv6 router advertisement attempt (protocol-icmp.rules) * 1:24296 <-> DISABLED <-> PROTOCOL-ICMP IPv6 router advertisement invalid prefix option attempt (protocol-icmp.rules) * 1:24297 <-> DISABLED <-> PROTOCOL-ICMP IPv6 oversized ICMP ping attempt (protocol-icmp.rules) * 1:24298 <-> DISABLED <-> PROTOCOL-ICMP IPv6 0xdeadbeef ICMP ping attempt (protocol-icmp.rules) * 1:24299 <-> DISABLED <-> PROTOCOL-ICMP IPv6 invalid router advertisement attempt (protocol-icmp.rules) * 1:24301 <-> DISABLED <-> PROTOCOL-ICMP IPv6 MLD multicast listener query attempt (protocol-icmp.rules) * 1:24302 <-> DISABLED <-> PROTOCOL-ICMP IPv6 multicast neighbor delete attempt (protocol-icmp.rules) * 1:24304 <-> DISABLED <-> PROTOCOL-DNS dead alive6 DNS attempt (protocol-dns.rules) * 1:24305 <-> DISABLED <-> PROTOCOL-ICMP invalid ICMPv6 header attempt (protocol-icmp.rules) * 1:24306 <-> DISABLED <-> SERVER-APACHE HP Operations Dashboard Apache Tomcat default admin account access attempt (server-apache.rules) * 1:24311 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Downloader download (malware-other.rules) * 1:24312 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Downloader inbound email (malware-other.rules) * 1:24344 <-> ENABLED <-> EXPLOIT-KIT Unknown exploit kit redirection page (exploit-kit.rules) * 1:24348 <-> DISABLED <-> SERVER-APACHE Apache mod_rpaf X-Forwarded-For header denial of service attempt (server-apache.rules) * 1:24355 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server Reporting Services cross site scripting attempt (server-mssql.rules) * 1:24356 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server Reporting Services cross site scripting attempt (server-mssql.rules) * 1:24359 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules) * 1:24360 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Kerberos NULL session denial of service attempt (os-windows.rules) * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24370 <-> DISABLED <-> OS-LINUX Linux kernel IA32 out-of-bounds system call attempt (os-linux.rules) * 1:24371 <-> DISABLED <-> OS-LINUX Linux kernel IA32 out-of-bounds system call attempt (os-linux.rules) * 1:24372 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules) * 1:24376 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.Delf.KDV runtime detection (malware-backdoor.rules) * 1:24377 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.FakeAV.FakeAlert runtime detection (malware-backdoor.rules) * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules) * 1:24379 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules) * 1:24386 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products xdomain object information disclosure attempt (browser-firefox.rules) * 1:24387 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products xdomain object information disclosure attempt (browser-firefox.rules) * 1:24388 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro file upload (indicator-compromise.rules) * 1:24389 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro status check (indicator-compromise.rules) * 1:24390 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro start perl (indicator-compromise.rules) * 1:24391 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro start php (indicator-compromise.rules) * 1:24392 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro write file (indicator-compromise.rules) * 1:24393 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro stop attack (indicator-compromise.rules) * 1:24394 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro start attack (indicator-compromise.rules) * 1:24395 <-> DISABLED <-> MALWARE-OTHER itsoknoproblembro TCP flood (malware-other.rules) * 1:24396 <-> DISABLED <-> MALWARE-OTHER itsoknoproblembro UDP flood (malware-other.rules) * 1:24397 <-> DISABLED <-> APP-DETECT Steam game URI handler (app-detect.rules) * 1:24400 <-> DISABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Protos.A runtime detection (malware-backdoor.rules) * 1:24401 <-> DISABLED <-> OS-WINDOWS PCT Client_Hello overflow attempt (os-windows.rules) * 1:24402 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO install time detection (malware-backdoor.rules) * 1:24403 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (malware-backdoor.rules) * 1:24404 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (malware-backdoor.rules) * 1:24408 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Miniflame download attempt (malware-other.rules) * 1:24409 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Miniflame download attempt (malware-other.rules) * 1:24410 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gauss download attempt (malware-other.rules) * 1:24411 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gauss download attempt (malware-other.rules) * 1:24412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules) * 1:24413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules) * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24421 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL injection attempt (protocol-scada.rules) * 1:24422 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL injection attempt (protocol-scada.rules) * 1:24423 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL hard coded user login attempt (protocol-scada.rules) * 1:24424 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL hard coded user login attempt (protocol-scada.rules) * 1:24425 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi command injection attempt (protocol-scada.rules) * 1:24426 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot class download (malware-other.rules) * 1:24427 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot jar download (malware-other.rules) * 1:24432 <-> DISABLED <-> BROWSER-OTHER HTML5 canvas element heap spray attempt (browser-other.rules) * 1:24433 <-> DISABLED <-> BROWSER-OTHER HTML5 canvas element heap spray attempt (browser-other.rules) * 1:24434 <-> DISABLED <-> INDICATOR-COMPROMISE fx29shell.php connection attempt (indicator-compromise.rules) * 1:24453 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules) * 1:24454 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules) * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24459 <-> ENABLED <-> FILE-IDENTIFY PSD file download request (file-identify.rules) * 1:24460 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules) * 1:24461 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules) * 1:24462 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules) * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:24466 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules) * 1:24467 <-> ENABLED <-> FILE-IDENTIFY XCF file download request (file-identify.rules) * 1:24468 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules) * 1:24469 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules) * 1:24470 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules) * 1:24471 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules) * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24474 <-> DISABLED <-> BROWSER-OTHER Puffin Browser usage detected (browser-other.rules) * 1:24476 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:24477 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:24478 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:24479 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:24481 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24488 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI common name spoofing attempt (os-windows.rules) * 1:24489 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI common name spoofing attempt (os-windows.rules) * 1:24490 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI common name spoofing attempt (os-windows.rules) * 1:24498 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules) * 1:24499 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules) * 1:24506 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader null pointer dereference attempt (file-pdf.rules) * 1:24510 <-> DISABLED <-> FILE-JAVA Oracle Java XGetSamplePtrFromSnd memory corruption attempt (file-java.rules) * 1:24511 <-> DISABLED <-> FILE-JAVA Oracle Java XGetSamplePtrFromSnd memory corruption attempt (file-java.rules) * 1:24512 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules) * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules) * 1:24515 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Lucuis malware file download (malware-other.rules) * 1:24516 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Lucuis malware file download (malware-other.rules) * 1:24522 <-> DISABLED <-> SERVER-OTHER VxWorks RPC request to MGCP service attempt (server-other.rules) * 1:24524 <-> DISABLED <-> SERVER-MAIL Novell GroupWise internet agent iCalendar parsing denial of service attempt (server-mail.rules) * 1:24530 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.Ransomlock runtime detection (malware-backdoor.rules) * 1:24536 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules) * 1:24537 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules) * 1:24538 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules) * 1:24540 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Spy.Heur variant outbound connection attempt (malware-backdoor.rules) * 1:24545 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client response (malware-backdoor.rules) * 1:24551 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:24552 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:24553 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24580 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:24581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:24582 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:24583 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:24584 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:24585 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:24589 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24590 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24591 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24592 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24594 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.MiniFlame C&C command response attempt (malware-other.rules) * 1:24598 <-> DISABLED <-> POLICY-SPAM 1.usa.gov URL in email, possible spam redirect (policy-spam.rules) * 1:24600 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24601 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24602 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24603 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24604 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24605 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24606 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24607 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24609 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24610 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24611 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24612 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24613 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24614 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24615 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24616 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24617 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24618 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24619 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24620 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24621 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24622 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24625 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules) * 1:24626 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules) * 1:24627 <-> DISABLED <-> SERVER-OTHER Quest NetVault SmartDisk libnvbasics.dll denial of service attempt (server-other.rules) * 1:24648 <-> DISABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules) * 1:24649 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:24650 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:24651 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file download request (file-identify.rules) * 1:24652 <-> DISABLED <-> FILE-OTHER Microsoft proxy autoconfig script system library import attempt (file-other.rules) * 1:24655 <-> DISABLED <-> OS-WINDOWS Microsoft .NET fully qualified System.Data.dll assembly name exploit attempt (os-windows.rules) * 1:24656 <-> DISABLED <-> OS-WINDOWS Microsoft .NET fully qualified System.Data.dll assembly name exploit attempt (os-windows.rules) * 1:24658 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record code execution attempt (file-office.rules) * 1:24659 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record code execution attempt (file-office.rules) * 1:24664 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET blacklisted method reflection sandbox bypass attempt (file-executable.rules) * 1:24665 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET blacklisted method reflection sandbox bypass attempt (file-executable.rules) * 1:24673 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SST record invalid length memory corruption attempt (file-office.rules) * 1:24674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SST record invalid length memory corruption attempt (file-office.rules) * 1:24708 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file download request (file-identify.rules) * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24721 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader empty object page tree node reference attempt (file-pdf.rules) * 1:24722 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader empty object page tree node reference attempt (file-pdf.rules) * 1:24727 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules) * 1:24763 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules) * 1:24764 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules) * 1:24770 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24785 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit possible redirection attempt (exploit-kit.rules) * 1:24786 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java Exploit request structure (exploit-kit.rules) * 1:24787 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java Exploit download (exploit-kit.rules) * 1:24788 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit PDF Exploit request structure (exploit-kit.rules) * 1:24789 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit PDF Exploit download attempt (exploit-kit.rules) * 1:24790 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Portable Executable request (exploit-kit.rules) * 1:24791 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Portable Executable download (exploit-kit.rules) * 1:24799 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.Imuler suspicious download (malware-other.rules) * 1:24800 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.Imuler suspicious download (malware-other.rules) * 1:24805 <-> DISABLED <-> SERVER-OTHER lighthttpd connection header denial of service attempt (server-other.rules) * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24814 <-> DISABLED <-> PROTOCOL-SNMP Samsung printer default community string (protocol-snmp.rules) * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24818 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24819 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (file-identify.rules) * 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24824 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file download request (file-identify.rules) * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24866 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (server-iis.rules) * 1:24867 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (server-iis.rules) * 1:24868 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint bad text header txttype attempt (file-office.rules) * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24883 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules) * 1:24884 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules) * 1:24888 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules) * 1:24889 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:24891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action InitArray stack overflow attempt (file-flash.rules) * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24894 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24897 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL grant file long database name stack overflow attempt (server-mysql.rules) * 1:24899 <-> ENABLED <-> MALWARE-OTHER Compromised Website response - leads to Exploit Kit (malware-other.rules) * 1:24900 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules) * 1:24901 <-> ENABLED <-> FILE-IDENTIFY JNLP file download request (file-identify.rules) * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24908 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL user enumeration attempt (server-mysql.rules) * 1:24909 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL select UpdateXML nested xml elements denial of service attempt (server-mysql.rules) * 1:24910 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL MDL free corrupted pointer heap overflow attempt (server-mysql.rules) * 1:24912 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In Excel file parsing integer overflow attempt (server-oracle.rules) * 1:24955 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:24972 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 find file and directory info request (netbios.rules) * 1:24977 <-> ENABLED <-> EXPLOIT-KIT ProPack exploit kit outbound connection attempt (exploit-kit.rules) * 1:24978 <-> ENABLED <-> EXPLOIT-KIT ProPack exploit kit outbound payload request (exploit-kit.rules) * 1:24979 <-> ENABLED <-> EXPLOIT-KIT ProPack exploit kit outbound connection (exploit-kit.rules) * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24988 <-> DISABLED <-> MALWARE-OTHER itsoknoproblembro v2 UDP flood attempt (malware-other.rules) * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:25001 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Narilam variant outbound connection (malware-other.rules) * 1:25002 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Narilam variant inbound attachemtn (malware-other.rules) * 1:25012 <-> DISABLED <-> FILE-OTHER Sophos CAB CFDATA cbData overflow attempt (file-other.rules) * 1:25013 <-> DISABLED <-> FILE-OTHER Sophos CAB CFDATA cbData overflow attempt (file-other.rules) * 1:25014 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file magic detected (file-identify.rules) * 1:25015 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - NOP command attempt (malware-backdoor.rules) * 1:25018 <-> ENABLED <-> MALWARE-OTHER connection to malware sinkhole (malware-other.rules) * 1:25020 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules) * 1:25031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent variant outbound connection (malware-other.rules) * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (file-identify.rules) * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25039 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules) * 1:25040 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules) * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (exploit-kit.rules) * 1:25046 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java V6 exploit download (exploit-kit.rules) * 1:25047 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java V7 exploit download (exploit-kit.rules) * 1:25048 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit PDF Library exploit download (exploit-kit.rules) * 1:25057 <-> DISABLED <-> PROTOCOL-SCADA Tridium Niagara directory traversal config.bog access attempt (protocol-scada.rules) * 1:25058 <-> DISABLED <-> SERVER-OTHER IBM Director CIM server alert indication request dll injection attempt (server-other.rules) * 1:25059 <-> DISABLED <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt (server-other.rules) * 1:25060 <-> DISABLED <-> INDICATOR-OBFUSCATION ActiveX multiple adjacent object tags (indicator-obfuscation.rules) * 1:25080 <-> DISABLED <-> APP-DETECT Apple Messages push.apple.com DNS TXT request attempt (app-detect.rules) * 1:25081 <-> DISABLED <-> APP-DETECT Apple Messages courier.push.apple.com DNS TXT request attempt (app-detect.rules) * 1:25082 <-> DISABLED <-> APP-DETECT Apple Messages client side certificate request attempt (app-detect.rules) * 1:25083 <-> DISABLED <-> APP-DETECT Apple Messages service server request attempt (app-detect.rules) * 1:25084 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25085 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25086 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25087 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25088 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25089 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25090 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25091 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25092 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool variant outbound connection (malware-other.rules) * 1:25094 <-> ENABLED <-> MALWARE-OTHER PERL.Exploit.C99 suspicious file download (malware-other.rules) * 1:25095 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules) * 1:25096 <-> ENABLED <-> MALWARE-OTHER PHP.Exploit.C99 suspicious file download (malware-other.rules) * 1:25097 <-> ENABLED <-> MALWARE-OTHER PHP.Exploit.C99 suspicious file download (malware-other.rules) * 1:25101 <-> DISABLED <-> SERVER-OTHER Cisco IOS syslog message flood denial of service attempt (server-other.rules) * 1:25102 <-> DISABLED <-> SERVER-OTHER Zabbix Agent net.tcp.listen command injection attempt (server-other.rules) * 1:25103 <-> DISABLED <-> SERVER-OTHER Zabbix Server arbitrary command execution attempt (server-other.rules) * 1:25106 <-> DISABLED <-> MALWARE-BACKDOOR UnrealIRCd backdoor command execution attempt (malware-backdoor.rules) * 1:25227 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox iframe and xul element reload crash attempt (browser-firefox.rules) * 1:25228 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox iframe and xul element reload crash attempt (browser-firefox.rules) * 1:25247 <-> DISABLED <-> FILE-OTHER Lattice PAC Designer symbol value buffer overflow attempt (file-other.rules) * 1:25248 <-> DISABLED <-> FILE-OTHER Lattice PAC Designer symbol value buffer overflow attempt (file-other.rules) * 1:25266 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion Admin API arbitrary command execution attempt (server-other.rules) * 1:25267 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion Admin API arbitrary command execution attempt (server-other.rules) * 1:25270 <-> ENABLED <-> FILE-OTHER overly large XML file MSXML heap overflow attempt (file-other.rules) * 1:25274 <-> DISABLED <-> SERVER-IIS Microsoft Windows Server 2012 IIS OData protocol nested replace filter dos attempt (server-iis.rules) * 1:25275 <-> ENABLED <-> FILE-OTHER MSXML dynamic pointer casting arbitrary code execution attempt (file-other.rules) * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules) * 1:25277 <-> ENABLED <-> MALWARE-OTHER Request for a non-legit postal receipt (malware-other.rules) * 1:25278 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - listen (malware-backdoor.rules) * 1:25279 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - slave (malware-backdoor.rules) * 1:25280 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - tran (malware-backdoor.rules) * 1:25281 <-> DISABLED <-> MALWARE-BACKDOOR Htran banner (malware-backdoor.rules) * 1:25282 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - listen (malware-backdoor.rules) * 1:25283 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - slave (malware-backdoor.rules) * 1:25284 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - tran (malware-backdoor.rules) * 1:25285 <-> DISABLED <-> SERVER-OTHER Ruby on Rails authlogic session cookie SQL injection attempt (server-other.rules) * 1:25289 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules) * 1:25290 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules) * 1:25291 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules) * 1:25292 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules) * 1:25294 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules) * 1:25295 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules) * 1:25296 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules) * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (file-identify.rules) * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (file-identify.rules) * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25358 <-> ENABLED <-> APP-DETECT Acunetix web vulnerability scan attempt (app-detect.rules) * 1:25359 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner probe attempt (app-detect.rules) * 1:25360 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner authentication attempt (app-detect.rules) * 1:25361 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner RFI attempt (app-detect.rules) * 1:25362 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner base64 XSS attempt (app-detect.rules) * 1:25363 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner URI injection attempt (app-detect.rules) * 1:25364 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner prompt XSS attempt (app-detect.rules) * 1:25365 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner XSS attempt (app-detect.rules) * 1:25369 <-> DISABLED <-> OS-WINDOWS NVIDIA graphics driver nvsr named pipe buffer overflow attempt (os-windows.rules) * 1:25370 <-> DISABLED <-> SERVER-OTHER CakePHP unserialize method vulnerability exploitation attempt (server-other.rules) * 1:25373 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file download request (file-identify.rules) * 1:25374 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules) * 1:25375 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules) * 1:25376 <-> DISABLED <-> FILE-IMAGE Apple QuickTime Targa image file buffer overflow attempt (file-image.rules) * 1:25378 <-> DISABLED <-> FILE-IMAGE Apple QuickTime Targa image file buffer overflow attempt (file-image.rules) * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Forefront Threat Management Gateway remote code execution attempt (server-other.rules) * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:25449 <-> ENABLED <-> FILE-PDF Javascript openDoc UNC network request attempt (file-pdf.rules) * 1:25450 <-> ENABLED <-> FILE-PDF Javascript openDoc UNC network request attempt (file-pdf.rules) * 1:25451 <-> ENABLED <-> INDICATOR-OBFUSCATION GIF header followed by PDF header (indicator-obfuscation.rules) * 1:25452 <-> ENABLED <-> INDICATOR-OBFUSCATION PNG header followed by PDF header (indicator-obfuscation.rules) * 1:25453 <-> ENABLED <-> INDICATOR-OBFUSCATION JPEG header followed by PDF header (indicator-obfuscation.rules) * 1:25454 <-> ENABLED <-> INDICATOR-OBFUSCATION DOC header followed by PDF header (indicator-obfuscation.rules) * 1:25455 <-> ENABLED <-> INDICATOR-OBFUSCATION GIF header followed by PDF header (indicator-obfuscation.rules) * 1:25456 <-> ENABLED <-> INDICATOR-OBFUSCATION PNG header followed by PDF header (indicator-obfuscation.rules) * 1:25457 <-> ENABLED <-> INDICATOR-OBFUSCATION JPEG header followed by PDF header (indicator-obfuscation.rules) * 1:25458 <-> ENABLED <-> INDICATOR-OBFUSCATION DOC header followed by PDF header (indicator-obfuscation.rules) * 1:25461 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules) * 1:25462 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules) * 1:25463 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules) * 1:25464 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules) * 1:25466 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules) * 1:25467 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules) * 1:25468 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules) * 1:25469 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules) * 1:25474 <-> DISABLED <-> SERVER-OTHER Citrix Access Gateway legacy authentication attempt (server-other.rules) * 1:25478 <-> DISABLED <-> POLICY-SOCIAL IRC G-line active (policy-social.rules) * 1:25479 <-> DISABLED <-> POLICY-SOCIAL IRC K-line active (policy-social.rules) * 1:25512 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSsend variant outbound connection (os-mobile.rules) * 1:25518 <-> DISABLED <-> OS-MOBILE Apple iPod User-Agent detected (os-mobile.rules) * 1:25519 <-> DISABLED <-> OS-MOBILE Apple iPad User-Agent detected (os-mobile.rules) * 1:25520 <-> DISABLED <-> OS-MOBILE Apple iPhone User-Agent detected (os-mobile.rules) * 1:25521 <-> DISABLED <-> OS-MOBILE Android User-Agent detected (os-mobile.rules) * 1:25522 <-> DISABLED <-> OS-MOBILE Nokia User-Agent detected (os-mobile.rules) * 1:25523 <-> DISABLED <-> OS-MOBILE Samsung User-Agent detected (os-mobile.rules) * 1:25524 <-> DISABLED <-> OS-MOBILE Kindle User-Agent detected (os-mobile.rules) * 1:25525 <-> DISABLED <-> OS-OTHER Nintendo User-Agent detected (os-other.rules) * 1:25536 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF parsing bad cmap format attempt (file-pdf.rules) * 1:25537 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF parsing bad cmap format attempt (file-pdf.rules) * 1:25552 <-> DISABLED <-> SERVER-OTHER Rails JSON to YAML parsing deserialization attempt (server-other.rules) * 1:25556 <-> DISABLED <-> SERVER-OTHER RaySharp CCTV derivative user credential retrieval attempt (server-other.rules) * 1:25557 <-> DISABLED <-> SERVER-OTHER RaySharp CCTV derivative command injection attempt (server-other.rules) * 1:25558 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit redirection (exploit-kit.rules) * 1:25559 <-> ENABLED <-> EXPLOIT-KIT JDB exploit kit landing page retrieval (exploit-kit.rules) * 1:25560 <-> ENABLED <-> EXPLOIT-KIT JDB exploit kit landing page (exploit-kit.rules) * 1:25561 <-> ENABLED <-> EXPLOIT-KIT JDB exploit kit landing page (exploit-kit.rules) * 1:25563 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader heap-based buffer overflow attempt (file-pdf.rules) * 1:25564 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader heap-based buffer overflow attempt (file-pdf.rules) * 1:25567 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop web access cross site scripting attempt - POST request (os-windows.rules) * 1:25578 <-> ENABLED <-> MALWARE-OTHER Fake postal receipt HTTP Response phishing attack (malware-other.rules) * 1:25579 <-> ENABLED <-> MALWARE-OTHER Fake bookinginfo HTTP Response phishing attack (malware-other.rules) * 1:25580 <-> ENABLED <-> MALWARE-OTHER Fake bookingdetails HTTP Response phishing attack (malware-other.rules) * 1:25589 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25601 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25602 <-> ENABLED <-> SERVER-OTHER Sybase Open Server TDS login request (server-other.rules) * 1:25604 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file download request (file-identify.rules) * 1:25605 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules) * 1:25606 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules) * 1:25607 <-> DISABLED <-> FILE-OTHER cSounds.com Csound hetro audio file buffer overflow attempt (file-other.rules) * 1:25608 <-> DISABLED <-> FILE-OTHER cSounds.com Csound hetro audio file buffer overflow attempt (file-other.rules) * 1:25612 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25615 <-> DISABLED <-> OS-MOBILE Apple iOS 6.x jailbreak download attempt (os-mobile.rules) * 1:25616 <-> DISABLED <-> OS-MOBILE Apple iOS 6.x jailbreak download attempt (os-mobile.rules) * 1:25617 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25618 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25619 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25620 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25621 <-> DISABLED <-> BROWSER-OTHER Opera use after free attempt (browser-other.rules) * 1:25622 <-> DISABLED <-> BROWSER-OTHER Opera use after free attempt (browser-other.rules) * 1:25630 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules) * 1:25631 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules) * 1:25633 <-> DISABLED <-> FILE-OTHER ELF file parsing in different antivirus evasion attempt (file-other.rules) * 1:25635 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25637 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25638 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25641 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25642 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25643 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25653 <-> DISABLED <-> BROWSER-OTHER Opera browser window null pointer dereference attempt (browser-other.rules) * 1:25654 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25655 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25656 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25657 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations directory traversal attempt (server-other.rules) * 1:25658 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations directory traversal attempt (server-other.rules) * 1:25664 <-> DISABLED <-> SERVER-OTHER MiniUPnPd SSDP request buffer overflow attempt (server-other.rules) * 1:25683 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:25767 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt (file-pdf.rules) * 1:25768 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unchecked index value remote code execution attempt (file-office.rules) * 1:25780 <-> ENABLED <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt (server-other.rules) * 1:25782 <-> DISABLED <-> MALWARE-OTHER WIN.Trojan.Nap Malicious executable file download from webroot (malware-other.rules) * 1:25783 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to char function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:25795 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow MPEG heap overflow attempt (file-multimedia.rules) * 1:25796 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow MPEG heap overflow attempt (file-multimedia.rules) * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules) * 1:25814 <-> DISABLED <-> FILE-FLASH Adobe Flash Player nested SWF cross domain clickjacking attempt (file-flash.rules) * 1:25815 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules) * 1:25816 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules) * 1:25821 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit possible plugin detection attempt (exploit-kit.rules) * 1:25822 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit malicious PDF retrieval (exploit-kit.rules) * 1:25823 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java V5 exploit download (exploit-kit.rules) * 1:25824 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit malicious payload retrieval (exploit-kit.rules) * 1:25825 <-> DISABLED <-> SERVER-OTHER TLSv1.0 plaintext recovery attempt (server-other.rules) * 1:25826 <-> DISABLED <-> SERVER-OTHER TLSv1.1 plaintext recovery attempt (server-other.rules) * 1:25827 <-> DISABLED <-> SERVER-OTHER TLSv1.2 plaintext recovery attempt (server-other.rules) * 1:25828 <-> DISABLED <-> SERVER-OTHER SSLv3 plaintext recovery attempt (server-other.rules) * 1:25836 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Virtuallythere (indicator-compromise.rules) * 1:25837 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 IBM (indicator-compromise.rules) * 1:25838 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Webmail (indicator-compromise.rules) * 1:25839 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Alpha (indicator-compromise.rules) * 1:25840 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Email (indicator-compromise.rules) * 1:25841 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Lame (indicator-compromise.rules) * 1:25842 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 NS (indicator-compromise.rules) * 1:25843 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Server (indicator-compromise.rules) * 1:25844 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Sur (indicator-compromise.rules) * 1:25845 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 AOL (indicator-compromise.rules) * 1:25846 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Yahoo (indicator-compromise.rules) * 1:25847 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Moon-Night (indicator-compromise.rules) * 1:25848 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 No-Name (indicator-compromise.rules) * 1:25864 <-> DISABLED <-> OS-MOBILE Android AngryBirdsRioUnlocker initial device info send (os-mobile.rules) * 1:25868 <-> DISABLED <-> OS-MOBILE Android.Trojan.Rus.SMS outbound communication attempt (os-mobile.rules) * 1:25869 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25870 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25871 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25872 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25873 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25874 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25875 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25876 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25877 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25878 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25879 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25880 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25881 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25882 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25883 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25884 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25885 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25886 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25887 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25888 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25889 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25890 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25891 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25892 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25893 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25894 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25895 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25896 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25897 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25898 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25899 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25900 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25901 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25902 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25903 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25904 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25905 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25906 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25908 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25909 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25910 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25911 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25912 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25913 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25914 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25915 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25916 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25917 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25918 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25919 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25920 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25921 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25922 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25923 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25924 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25925 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25926 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25927 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25928 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25929 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25930 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25931 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25932 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25933 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25934 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25935 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25936 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25937 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25938 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25939 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25940 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25941 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25942 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25943 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25944 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25945 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25947 <-> DISABLED <-> APP-DETECT Ammyy remote access tool (app-detect.rules) * 1:25948 <-> ENABLED <-> EXPLOIT-KIT redirection to driveby download (exploit-kit.rules) * 1:25975 <-> ENABLED <-> POLICY-OTHER Adobe ColdFusion admin interface access attempt (policy-other.rules) * 1:25976 <-> ENABLED <-> POLICY-OTHER Adobe ColdFusion admin API access attempt (policy-other.rules) * 1:25977 <-> ENABLED <-> POLICY-OTHER Adobe ColdFusion component browser access attempt (policy-other.rules) * 1:25981 <-> DISABLED <-> APP-DETECT Chocoplayer successful installation (app-detect.rules) * 1:25983 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS tunneling attempt (indicator-obfuscation.rules) * 1:25997 <-> DISABLED <-> OS-MOBILE Android jSMSHider initial encrypted device info send (os-mobile.rules) * 1:25998 <-> DISABLED <-> OS-MOBILE Android ADRD encrypted information leak (os-mobile.rules) * 1:25999 <-> DISABLED <-> OS-MOBILE Android ADRD encrypted information leak (os-mobile.rules) * 1:26000 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26001 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26002 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26003 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26004 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26005 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26006 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26007 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26008 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF-based shellcode download attempt (file-flash.rules) * 1:26009 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF-based shellcode download attempt (file-flash.rules) * 1:26015 <-> DISABLED <-> OS-MOBILE Android Lovetrap initial connection (os-mobile.rules) * 1:26016 <-> DISABLED <-> OS-MOBILE Android GGTracker server communication (os-mobile.rules) * 1:26017 <-> DISABLED <-> OS-MOBILE Android GGTracker leak of device phone number (os-mobile.rules) * 1:26018 <-> DISABLED <-> OS-MOBILE Android GGTracker installation call out (os-mobile.rules) * 1:26020 <-> ENABLED <-> EXPLOIT-KIT Sibhost exploit kit (exploit-kit.rules) * 1:26026 <-> DISABLED <-> OS-MOBILE Android Gmaster device information send (os-mobile.rules) * 1:26027 <-> DISABLED <-> FILE-OTHER Adobe Director file file rcsL overflow attempt (file-other.rules) * 1:26028 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk memory corruption attempt (file-other.rules) * 1:26029 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:26034 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - stats access (exploit-kit.rules) * 1:26035 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - java on (exploit-kit.rules) * 1:26036 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Java Exploit (exploit-kit.rules) * 1:26040 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Portable Executable download attempt (exploit-kit.rules) * 1:26041 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Portable Executable download attempt (exploit-kit.rules) * 1:26042 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - stats loaded (exploit-kit.rules) * 1:26043 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Portable Executable download attempt (exploit-kit.rules) * 1:26044 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - redirection attempt (exploit-kit.rules) * 1:26045 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - setup (exploit-kit.rules) * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (file-identify.rules) * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:26059 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:26060 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:26061 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:26062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:26070 <-> ENABLED <-> FILE-EXECUTABLE Ichitaro JSMISC32.dll dll-load exploit attempt (file-executable.rules) * 1:26071 <-> ENABLED <-> FILE-EXECUTABLE Ichitaro JSMISC32.dll dll-load exploit attempt (file-executable.rules) * 1:26073 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Message Server buffer overflow attempt (server-other.rules) * 1:26074 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Message Server buffer overflow attempt (server-other.rules) * 1:26079 <-> DISABLED <-> FILE-PDF PDF file with embedded PDF object (file-pdf.rules) * 1:26082 <-> DISABLED <-> FILE-PDF Nuance PDF reader launch overflow attempt (file-pdf.rules) * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:26087 <-> DISABLED <-> OS-MOBILE Android GoneIn60Seconds data upload (os-mobile.rules) * 1:26093 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules) * 1:26102 <-> DISABLED <-> OS-MOBILE Android GoldDream device registration (os-mobile.rules) * 1:26104 <-> DISABLED <-> OS-MOBILE Android KMin imei imsi leakage (os-mobile.rules) * 1:26107 <-> DISABLED <-> SERVER-OTHER HP Linux Imaging and Printing Project hpssd daemon command injection attempt (server-other.rules) * 1:26108 <-> DISABLED <-> SERVER-OTHER HP Linux Imaging and Printing Project hpssd daemon command injection attempt (server-other.rules) * 1:26114 <-> DISABLED <-> OS-MOBILE Android Zitmo trojan intercepted sms upload (os-mobile.rules) * 1:26122 <-> DISABLED <-> FILE-OTHER Lattice Semiconductor ispXCF version attribute overflow attempt (file-other.rules) * 1:26123 <-> DISABLED <-> FILE-OTHER Lattice Semiconductor ispXCF version attribute overflow attempt (file-other.rules) * 1:26126 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file download request (file-identify.rules) * 1:26127 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules) * 1:26128 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules) * 1:26163 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSheet code execution attempt (file-office.rules) * 1:26164 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSheet code execution attempt (file-office.rules) * 1:26170 <-> DISABLED <-> FILE-OFFICE Microsoft Office OneNote 2010 buffer overread info disclosure attempt (file-office.rules) * 1:26171 <-> DISABLED <-> FILE-OFFICE Microsoft Office OneNote 2010 buffer overread info disclosure attempt (file-office.rules) * 1:26172 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sortOn heap overflow attempt (file-flash.rules) * 1:26173 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sortOn heap overflow attempt (file-flash.rules) * 1:26176 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB memory corruption attempt (file-office.rules) * 1:26177 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB memory corruption attempt (file-office.rules) * 1:26180 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt (server-other.rules) * 1:26188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3.5 unicode stack overflow attempt (browser-firefox.rules) * 1:26189 <-> DISABLED <-> OS-MOBILE Android YZHC device registration (os-mobile.rules) * 1:26190 <-> DISABLED <-> OS-MOBILE Android YZHC device registration (os-mobile.rules) * 1:26192 <-> DISABLED <-> OS-MOBILE Android CruseWind imei leakage (os-mobile.rules) * 1:26195 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:26196 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib LookupOp integer overflow attempt (file-java.rules) * 1:26197 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt (file-java.rules) * 1:26198 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:26199 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib LookupOp integer overflow attempt (file-java.rules) * 1:26200 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt (file-java.rules) * 1:26205 <-> DISABLED <-> OS-MOBILE Android Fakenetflix email password upload (os-mobile.rules) * 1:26206 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file download request (file-identify.rules) * 1:26207 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules) * 1:26208 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules) * 1:26209 <-> DISABLED <-> FILE-OTHER CyberLink Power2Go name parameter overflow attempt (file-other.rules) * 1:26210 <-> DISABLED <-> FILE-OTHER CyberLink Power2Go name parameter overflow attempt (file-other.rules) * 1:26226 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit redirection attempt (exploit-kit.rules) * 1:26242 <-> DISABLED <-> FILE-MULTIMEDIA CCMPlayer m3u buffer overflow attempt (file-multimedia.rules) * 1:26243 <-> DISABLED <-> FILE-MULTIMEDIA CCMPlayer m3u buffer overflow attempt (file-multimedia.rules) * 1:26246 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.PremiumSMS APK file download attempt (os-mobile.rules) * 1:26247 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.PremiumSMS APK file download attempt (os-mobile.rules) * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:26257 <-> DISABLED <-> OS-MOBILE Android ANDR-WIN.MSIL variant PC-USB Malicious executable file download (os-mobile.rules) * 1:26258 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari SVG Markers Memory Use-After-Free attempt (browser-webkit.rules) * 1:26259 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari SVG Markers Memory Use-After-Free attempt (browser-webkit.rules) * 1:26261 <-> ENABLED <-> MALWARE-OTHER Fake postal receipt HTTP Response phishing attack (malware-other.rules) * 1:26262 <-> DISABLED <-> SERVER-OTHER MongoDB nativeHelper.apply method command injection attempt (server-other.rules) * 1:26272 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Chuli APK file download attempt (os-mobile.rules) * 1:26273 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Chuli APK file download attempt (os-mobile.rules) * 1:26286 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search.dnssearch.org (app-detect.rules) * 1:26287 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search.namequery.com (app-detect.rules) * 1:26290 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.RootSmart outbound communication attempt (os-mobile.rules) * 1:26291 <-> DISABLED <-> OS-MOBILE Android Ksapp device registration (os-mobile.rules) * 1:26292 <-> ENABLED <-> EXPLOIT-KIT Oracle Java Jar file downloaded when zip is defined (exploit-kit.rules) * 1:26293 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit request (exploit-kit.rules) * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules) * 1:26299 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules) * 1:26300 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules) * 1:26301 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules) * 1:26302 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules) * 1:26303 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules) * 1:26304 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules) * 1:26305 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules) * 1:26306 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules) * 1:26307 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules) * 1:26308 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules) * 1:26309 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules) * 1:26310 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules) * 1:26311 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules) * 1:26312 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules) * 1:26313 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules) * 1:26314 <-> DISABLED <-> SERVER-OTHER Coppermine Photo Gallery picEditor.php command execution attempt (server-other.rules) * 1:26315 <-> DISABLED <-> SERVER-OTHER Coppermine Photo Gallery picEditor.php command execution attempt (server-other.rules) * 1:26316 <-> DISABLED <-> SERVER-OTHER Coppermine Photo Gallery picEditor.php command execution attempt (server-other.rules) * 1:26317 <-> DISABLED <-> FILE-MULTIMEDIA Cool Player Plus M3U buffer overflow attempt (file-multimedia.rules) * 1:26318 <-> DISABLED <-> FILE-MULTIMEDIA Cool Player Plus M3U buffer overflow attempt (file-multimedia.rules) * 1:26321 <-> DISABLED <-> NETBIOS SMB named pipe bruteforce attempt (netbios.rules) * 1:26323 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit redirection page (exploit-kit.rules) * 1:26324 <-> DISABLED <-> PROTOCOL-DNS ISC BIND NAPTR record regular expression handling denial of service attempt (protocol-dns.rules) * 1:26326 <-> ENABLED <-> MALWARE-BACKDOOR DarkSeoul related wiper (malware-backdoor.rules) * 1:26328 <-> ENABLED <-> MALWARE-BACKDOOR Windows vernot download (malware-backdoor.rules) * 1:26332 <-> ENABLED <-> MALWARE-BACKDOOR Jokra dropper download (malware-backdoor.rules) * 1:26333 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra diag request buffer overflow attempt (server-other.rules) * 1:26334 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra diag request buffer overflow attempt (server-other.rules) * 1:26336 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra snmp request buffer overflow attempt (server-other.rules) * 1:26340 <-> DISABLED <-> FILE-OTHER Corel WordPerfect document parsing buffer overflow attempt (file-other.rules) * 1:26353 <-> DISABLED <-> INDICATOR-COMPROMISE IP address check to dyndns.org detected (indicator-compromise.rules) * 1:26366 <-> DISABLED <-> EXPLOIT-KIT Egypack exploit kit landing page (exploit-kit.rules) * 1:26367 <-> DISABLED <-> EXPLOIT-KIT Egypack exploit kit outbound connection (exploit-kit.rules) * 1:26368 <-> DISABLED <-> EXPLOIT-KIT Egypack exploit kit landing page (exploit-kit.rules) * 1:26369 <-> ENABLED <-> MALWARE-OTHER Double HTTP Server declared (malware-other.rules) * 1:26379 <-> DISABLED <-> SERVER-OTHER Squid proxy Accept-Language denial of service attempt (server-other.rules) * 1:26380 <-> DISABLED <-> MALWARE-OTHER UTF-8 BOM in zip file attachment detected (malware-other.rules) * 1:26381 <-> DISABLED <-> MALWARE-OTHER UTF-8 BOM in zip file attachment detected (malware-other.rules) * 1:26382 <-> DISABLED <-> MALWARE-OTHER UTF-8 BOM in zip file attachment detected (malware-other.rules) * 1:26385 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows executable file save onto SMB share attempt (file-executable.rules) * 1:26386 <-> DISABLED <-> SERVER-OTHER Polycom HDX authorization bypass attempt (server-other.rules) * 1:26387 <-> DISABLED <-> OS-MOBILE Android Stels initial server contact (os-mobile.rules) * 1:26388 <-> DISABLED <-> OS-MOBILE Android Stels server response (os-mobile.rules) * 1:26391 <-> DISABLED <-> PROTOCOL-POP libcurl MD5 digest buffer overflow attempt (protocol-pop.rules) * 1:26394 <-> DISABLED <-> SERVER-OTHER Bopup Communications server buffer overflow attempt (server-other.rules) * 1:26395 <-> DISABLED <-> APP-DETECT Ufasoft bitcoin miner possible data upload (app-detect.rules) * 1:26397 <-> DISABLED <-> INDICATOR-COMPROMISE IP address check to myip.dnsomatic.com detected (indicator-compromise.rules) * 1:26410 <-> DISABLED <-> INDICATOR-COMPROMISE IP address check to j.maxmind.com detected (indicator-compromise.rules) * 1:26411 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot folder snkb0ptz creation attempt SMB (malware-other.rules) * 1:26412 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot executable snkb0ptz.exe creation attempt SMB (malware-other.rules) * 1:26413 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot Desktop.ini snkb0ptz.exe creation attempt SMB (malware-other.rules) * 1:26425 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP SDP header parsing stack buffer overflow attempt (protocol-voip.rules) * 1:26426 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP SDP header parsing stack buffer overflow attempt (protocol-voip.rules) * 1:26427 <-> DISABLED <-> PROTOCOL-DNS ISC libdns client NAPTR record regular expression handling denial of service attempt (protocol-dns.rules) * 1:26429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules) * 1:26430 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules) * 1:26432 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:26433 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:26437 <-> DISABLED <-> PUA-OTHER Bitcoin inbound response attempt (pua-other.rules) * 1:26438 <-> DISABLED <-> PUA-OTHER Bitcoin outbound request attempt (pua-other.rules) * 1:26439 <-> DISABLED <-> FILE-JAVA Oracle Java known malicious jar file download - specific structure (file-java.rules) * 1:26440 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript/html generated by myobfuscate.com detected (indicator-obfuscation.rules) * 1:26442 <-> DISABLED <-> OS-MOBILE Android MDK encrypted information leak (os-mobile.rules) * 1:26443 <-> DISABLED <-> OS-MOBILE Android MDK encrypted information leak (os-mobile.rules) * 1:26451 <-> DISABLED <-> INDICATOR-OBFUSCATION g01pack Javascript substr function wrapper attempt (indicator-obfuscation.rules) * 1:26454 <-> DISABLED <-> SERVER-OTHER UltraVNC Listening mode stack buffer overflow attempt (server-other.rules) * 1:26455 <-> DISABLED <-> SERVER-OTHER UltraVNC Listening mode stack buffer overflow attempt (server-other.rules) * 1:26456 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (file-identify.rules) * 1:26457 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (file-identify.rules) * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (file-identify.rules) * 1:26459 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules) * 1:26460 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules) * 1:26461 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules) * 1:26462 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules) * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:26468 <-> DISABLED <-> SERVER-ORACLE Oracle WebCenter FatWire Satellite Server header injection on blobheadername2 attempt (server-oracle.rules) * 1:26469 <-> DISABLED <-> SERVER-ORACLE Oracle WebCenter FatWire Satellite Server header injection on blobheadername2 attempt (server-oracle.rules) * 1:26470 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Zeus Spam 2013 dated zip/exe HTTP Response - potential malware download (malware-other.rules) * 1:26471 <-> DISABLED <-> PROTOCOL-FTP VanDyke AbsoluteFTP LIST command stack buffer overflow attempt (protocol-ftp.rules) * 1:26489 <-> ENABLED <-> BROWSER-OTHER Novell Messenger Client nim URI handler buffer overflow attempt (browser-other.rules) * 1:26490 <-> ENABLED <-> BROWSER-OTHER Novell Messenger Client nim URI handler buffer overflow attempt (browser-other.rules) * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (file-identify.rules) * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:26514 <-> ENABLED <-> FILE-IDENTIFY maplet file download attempt (file-identify.rules) * 1:26515 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules) * 1:26516 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules) * 1:26517 <-> ENABLED <-> FILE-IDENTIFY maplet bin file download attempt (file-identify.rules) * 1:26520 <-> DISABLED <-> FILE-OTHER Maple Maplet File Creation and Command Execution attempt (file-other.rules) * 1:26521 <-> DISABLED <-> FILE-OTHER Maple Maplet File Creation and Command Execution attempt (file-other.rules) * 1:26527 <-> ENABLED <-> EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt (exploit-kit.rules) * 1:26528 <-> DISABLED <-> INDICATOR-COMPROMISE Unix.Backdoor.Cdorked redirect attempt (indicator-compromise.rules) * 1:26529 <-> DISABLED <-> MALWARE-BACKDOOR Unix.Backdoor.Cdorked backdoor command attempt (malware-backdoor.rules) * 1:26530 <-> DISABLED <-> INDICATOR-COMPROMISE Unix.Backdoor.Cdorked redirected URI attempt (indicator-compromise.rules) * 1:26531 <-> ENABLED <-> MALWARE-OTHER Unix.Backdoor.Cdorked download attempt (malware-other.rules) * 1:26532 <-> ENABLED <-> MALWARE-OTHER Unix.Backdoor.Cdorked download attempt (malware-other.rules) * 1:26542 <-> DISABLED <-> SERVER-OTHER Autonomy Ultraseek cs.html url parameter with url - possible malicious redirection attempt (server-other.rules) * 1:26553 <-> DISABLED <-> PUA-ADWARE Win.Adware.BProtector browser hijacker dll list download attempt (pua-adware.rules) * 1:26559 <-> DISABLED <-> OS-OTHER DLink IP camera remote command execution vulnerability - access to vulnerable rtpd.cgi (os-other.rules) * 1:26562 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit Spoofed Host Header .com- requests (exploit-kit.rules) * 1:26565 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded nop sled detected (indicator-obfuscation.rules) * 1:26567 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded nop sled detected (indicator-obfuscation.rules) * 1:26585 <-> DISABLED <-> INDICATOR-COMPROMISE config.inc.php in iframe (indicator-compromise.rules) * 1:26586 <-> DISABLED <-> SERVER-OTHER PostgreSQL database name command line injection attempt (server-other.rules) * 1:26591 <-> ENABLED <-> EXPLOIT-KIT unknown exploit kit script injection attempt (exploit-kit.rules) * 1:26594 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Management Interface HTTP digest authentication stack buffer overflow attempt (protocol-voip.rules) * 1:26597 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules) * 1:26598 <-> DISABLED <-> FILE-OTHER .tar multiple antivirus evasion attempt (file-other.rules) * 1:26610 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Dulevco.A runtime detection (malware-backdoor.rules) * 1:26611 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Dulevco.A runtime detection (malware-backdoor.rules) * 1:26615 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript substr rename attempt (indicator-obfuscation.rules) * 1:26616 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript indexOf rename attempt (indicator-obfuscation.rules) * 1:26619 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple comment tags used in embedded RTF object - potentially malicious (indicator-obfuscation.rules) * 1:26620 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple comment tags used in embedded RTF object - potentially malicious (indicator-obfuscation.rules) * 1:26621 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion adminapi information disclosure attempt (server-other.rules) * 1:26626 <-> DISABLED <-> FILE-OFFICE XML parameter entity reference local file disclosure attempt (file-office.rules) * 1:26627 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio SVG external entity local file disclosure attempt (file-office.rules) * 1:26628 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio SVG external entity local file disclosure attempt (file-office.rules) * 1:26644 <-> ENABLED <-> SERVER-OTHER SSL TLS DEFLATE compression detected (server-other.rules) * 1:26645 <-> DISABLED <-> SERVER-OTHER SSL TLS deflate compression weakness brute force attempt (server-other.rules) * 1:26650 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript regex embedded sandbox escape attempt (file-pdf.rules) * 1:26655 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.PCRat data upload (malware-backdoor.rules) * 1:26658 <-> DISABLED <-> BROWSER-WEBKIT Possible Google Chrome Plugin install from non-trusted source (browser-webkit.rules) * 1:26659 <-> DISABLED <-> BROWSER-FIREFOX Possible Mozilla Firefox Plugin install from non-Mozilla source (browser-firefox.rules) * 1:26660 <-> ENABLED <-> MALWARE-OTHER Fake delivery information phishing attack (malware-other.rules) * 1:26662 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:26670 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.KitM file download (malware-other.rules) * 1:26671 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.KitM file download (malware-other.rules) * 1:26687 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:26688 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:26689 <-> DISABLED <-> OS-MOBILE Android Denofow phone information exfiltration (os-mobile.rules) * 1:26693 <-> DISABLED <-> OS-MOBILE Android Antammi device information exfiltration (os-mobile.rules) * 1:26694 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader dll injection sandbox escape (file-pdf.rules) * 1:26698 <-> ENABLED <-> MALWARE-OTHER Compromised Website response - leads to Exploit Kit (malware-other.rules) * 1:26699 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:26700 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:26701 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:26705 <-> DISABLED <-> OS-MOBILE Android Ewalls device information exfiltration (os-mobile.rules) * 1:26716 <-> ENABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:26717 <-> ENABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:26755 <-> DISABLED <-> FILE-PDF Adobe Acrobat file extension overflow attempt (file-pdf.rules) * 1:26759 <-> DISABLED <-> SERVER-OTHER MIT Kerberos libkdb_ldap principal name handling denial of service attempt (server-other.rules) * 1:26760 <-> DISABLED <-> OS-MOBILE Android Fakeinst device information leakage (os-mobile.rules) * 1:26768 <-> DISABLED <-> OS-MOBILE Android Fakedoc device information leakage (os-mobile.rules) * 1:26769 <-> DISABLED <-> SERVER-OTHER MIT Kerberos kpasswd process_chpw_request denial of service attempt (server-other.rules) * 1:26772 <-> ENABLED <-> SERVER-OTHER Apache Struts2 skillName remote code execution attempt (server-other.rules) * 1:26773 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.Midwgif.A runtime detection (malware-backdoor.rules) * 1:26778 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Kazy download attempt (malware-other.rules) * 1:26783 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Opfake APK file download (os-mobile.rules) * 1:26788 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:26789 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:26795 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.ZertSecurity apk download (os-mobile.rules) * 1:26796 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.ZertSecurity encrypted information leak (malware-other.rules) * 1:26802 <-> DISABLED <-> MALWARE-OTHER WIN.Worm.Beagle.AZ SMTP propagation detection (malware-other.rules) * 1:26803 <-> ENABLED <-> MALWARE-OTHER DNS data exfiltration attempt (malware-other.rules) * 1:26814 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit Initial Gate from Linked-In Mailing Campaign (exploit-kit.rules) * 1:26817 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript regex embedded sandbox escape attempt (file-pdf.rules) * 1:26823 <-> DISABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Neshgai.A runtime detection (malware-backdoor.rules) * 1:26826 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Opfake credential theft attempt (os-mobile.rules) * 1:26827 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Opfake device information disclosure attempt (os-mobile.rules) * 1:26833 <-> DISABLED <-> FILE-OFFICE Microsoft Office MSComctlLib.Toolbar ActiveX control exploit attempt (file-office.rules) * 1:26838 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit Initial Gate from NatPay Mailing Campaign (exploit-kit.rules) * 1:26842 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Boda Malware Checkin (malware-backdoor.rules) * 1:26881 <-> DISABLED <-> MALWARE-OTHER HTML.Dropper.Agent uri scheme detected (malware-other.rules) * 1:26891 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit executable download (exploit-kit.rules) * 1:26892 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit jar file download (exploit-kit.rules) * 1:26893 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit landing page (exploit-kit.rules) * 1:26894 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit Java V6 exploit download (exploit-kit.rules) * 1:26895 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit Java V7 exploit download (exploit-kit.rules) * 1:26896 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit Plugin detection response (exploit-kit.rules) * 1:26897 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit malware download (exploit-kit.rules) * 1:26902 <-> ENABLED <-> FILE-IDENTIFY Android APK download request (file-identify.rules) * 1:26903 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules) * 1:26904 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:49943 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (snort3-server-oracle.rules) * 1:49941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant outbound connection attempt (snort3-malware-cnc.rules) * 1:49940 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (snort3-browser-ie.rules) * 1:49942 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (snort3-server-oracle.rules)
* 1:49051 <-> DISABLED <-> SERVER-OTHER Ewon router default credential login attempt (snort3-server-other.rules) * 1:37303 <-> DISABLED <-> APP-DETECT Hola VPN X-Hola-Version header attempt (snort3-app-detect.rules) * 1:38656 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (snort3-malware-other.rules) * 1:43797 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (snort3-file-other.rules) * 1:42349 <-> DISABLED <-> PROTOCOL-SCADA InduSoft Web Studio CEServer buffer overflow attempt (snort3-protocol-scada.rules) * 1:47044 <-> DISABLED <-> INDICATOR-COMPROMISE Atvise SCADA privilege escalation attempt (snort3-indicator-compromise.rules) * 1:38339 <-> DISABLED <-> FILE-JAVA Oracle Java Class Loader namespace sandbox bypass attempt (snort3-file-java.rules) * 1:41042 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Dump Boot Code attempt (snort3-protocol-scada.rules) * 1:38323 <-> DISABLED <-> FILE-OTHER 7zip HFS+ handling heap buffer overflow attempt (snort3-file-other.rules) * 1:43442 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Sorebrect download attempt (snort3-malware-other.rules) * 1:38652 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (snort3-malware-other.rules) * 1:35828 <-> DISABLED <-> FILE-OTHER OpenOffice Starview metafile arbitrary read write attempt (snort3-file-other.rules) * 1:38664 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (snort3-malware-other.rules) * 1:38320 <-> DISABLED <-> NETBIOS SMB srvsvc named pipe creation attempt (snort3-netbios.rules) * 1:43818 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (snort3-os-windows.rules) * 1:46335 <-> DISABLED <-> SERVER-OTHER QNAP QTS hard coded credential access attempt (snort3-server-other.rules) * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (snort3-file-office.rules) * 1:40324 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion default credential login attempt (snort3-server-other.rules) * 1:41465 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (snort3-file-executable.rules) * 1:46730 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS out of bounds read attempt (snort3-file-other.rules) * 1:38443 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (snort3-malware-other.rules) * 1:35568 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid mvhd atom size out of bounds read attempt (snort3-file-multimedia.rules) * 1:47279 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules) * 1:36415 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel ALPC synchronous requests memory corruption attempt (snort3-os-windows.rules) * 1:41067 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Rest process command (snort3-protocol-scada.rules) * 1:47585 <-> DISABLED <-> SERVER-OTHER ntpq decode array buffer overflow attempt (snort3-server-other.rules) * 1:35461 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallWrapper error handling code execution attempt (snort3-browser-firefox.rules) * 1:35250 <-> ENABLED <-> FILE-IDENTIFY GNI file magic detected (snort3-file-identify.rules) * 1:45581 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (snort3-protocol-voip.rules) * 1:39918 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt (snort3-file-executable.rules) * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (snort3-file-identify.rules) * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (snort3-file-identify.rules) * 1:48554 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (snort3-file-identify.rules) * 1:35527 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (snort3-policy-other.rules) * 1:44979 <-> DISABLED <-> FILE-PDF Foxit Reader util printf information disclosure attempt (snort3-file-pdf.rules) * 1:45612 <-> DISABLED <-> PROTOCOL-TFTP WRITE long filename attempt (snort3-protocol-tftp.rules) * 1:38822 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (snort3-policy-other.rules) * 1:46381 <-> DISABLED <-> INDICATOR-COMPROMISE Potential data exfiltration through Google form submission (snort3-indicator-compromise.rules) * 1:48968 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (snort3-file-pdf.rules) * 1:49000 <-> DISABLED <-> PROTOCOL-SCADA PCOM Stop Device ASCII request (snort3-protocol-scada.rules) * 1:35555 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (snort3-server-mail.rules) * 1:45152 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft MsMpEng shrink compressed zip code execution attempt (snort3-indicator-compromise.rules) * 1:38374 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (snort3-malware-other.rules) * 1:37332 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (snort3-file-image.rules) * 1:44757 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (snort3-file-other.rules) * 1:38892 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (snort3-malware-other.rules) * 1:44156 <-> DISABLED <-> SERVER-APACHE Apache Qpid AMQP denial of service attempt (snort3-server-apache.rules) * 1:36280 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (snort3-file-flash.rules) * 1:40355 <-> DISABLED <-> PROTOCOL-FTP z/OS FTP Job Entry Subsystem JCL execution attempt (snort3-protocol-ftp.rules) * 1:40319 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (snort3-server-apache.rules) * 1:35553 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (snort3-server-mail.rules) * 1:44019 <-> DISABLED <-> FILE-IMAGE malformed png missing IHDR (snort3-file-image.rules) * 1:40354 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Runtime malformed ASF codec memory corruption attempt (snort3-os-windows.rules) * 1:45578 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (snort3-protocol-voip.rules) * 1:47885 <-> DISABLED <-> FILE-OTHER Microsoft Windows JET Database Engine out-of-bounds write attempt (snort3-file-other.rules) * 1:43633 <-> DISABLED <-> FILE-EXECUTABLE SandboxEscaper WER download attempt (snort3-file-executable.rules) * 1:48916 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:40173 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player out of bounds memory access attempt (snort3-file-flash.rules) * 1:40871 <-> DISABLED <-> MALWARE-OTHER Virut CnC command reply (snort3-malware-other.rules) * 1:47280 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules) * 1:36360 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (snort3-os-mobile.rules) * 1:43397 <-> DISABLED <-> SERVER-OTHER Proface GP-Pro EX EX-ED BeginPreRead stack buffer overflow attempt (snort3-server-other.rules) * 1:44838 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF memory corruption attempt (snort3-file-office.rules) * 1:39594 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (snort3-file-image.rules) * 1:36887 <-> DISABLED <-> POLICY-OTHER self-signed SSL certificate eDellRoot use attempt (snort3-policy-other.rules) * 1:38715 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:44151 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (snort3-protocol-scada.rules) * 1:45307 <-> DISABLED <-> SERVER-APACHE Apache SSI error page cross-site scripting attempt (snort3-server-apache.rules) * 1:35242 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (snort3-file-pdf.rules) * 1:38688 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (snort3-browser-firefox.rules) * 1:43947 <-> DISABLED <-> FILE-OTHER Guitar Pro malformed GPX buffer overflow attempt (snort3-file-other.rules) * 1:39452 <-> DISABLED <-> PROTOCOL-TFTP Comtrol RocketLinx factory reset request (snort3-protocol-tftp.rules) * 1:40195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (snort3-malware-other.rules) * 1:41058 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Interrogation command (snort3-protocol-scada.rules) * 1:43752 <-> DISABLED <-> SERVER-OTHER Sun Solaris dhcpd malformed bootp denial of service attempt (snort3-server-other.rules) * 1:40090 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineNone property use (snort3-indicator-compromise.rules) * 1:38859 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt (snort3-file-other.rules) * 1:39779 <-> DISABLED <-> FILE-OTHER Ubisoft Heroes of Might and Magic III .h3m map file buffer overflow attempt (snort3-file-other.rules) * 1:35405 <-> DISABLED <-> SERVER-OTHER HP Release Control authenticated privilege escalation attempt (snort3-server-other.rules) * 1:38653 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (snort3-malware-other.rules) * 1:37621 <-> DISABLED <-> PUA-ADWARE Genieo Adware framework User-Agent (snort3-pua-adware.rules) * 1:45042 <-> DISABLED <-> BROWSER-OTHER Adobe Acrobat Pro WebCapture information disclosure attempt (snort3-browser-other.rules) * 1:41563 <-> DISABLED <-> FILE-OFFICE Microsoft Office request for imjp12k.dll over SMB attempt (snort3-file-office.rules) * 1:46725 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (snort3-file-image.rules) * 1:37298 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (snort3-app-detect.rules) * 1:41651 <-> DISABLED <-> SERVER-OTHER Schneider Electric ETY Telnet DOS attempt (snort3-server-other.rules) * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (snort3-policy-other.rules) * 1:38547 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT table markup command out of bounds read attempt (snort3-server-other.rules) * 1:39709 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (snort3-browser-other.rules) * 1:44010 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox empty lookupGetter dangling pointer attempt (snort3-browser-firefox.rules) * 1:38391 <-> DISABLED <-> SERVER-OTHER HP JetDirect PJL path traversal attempt (snort3-server-other.rules) * 1:37841 <-> DISABLED <-> SERVER-OTHER ntpd reference clock impersonation attempt (snort3-server-other.rules) * 1:37867 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf arbitrary pointer access attempt (snort3-file-pdf.rules) * 1:35488 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Notepad remote printer file access attempt (snort3-os-windows.rules) * 1:39919 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt (snort3-file-executable.rules) * 1:46797 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (snort3-file-other.rules) * 1:36500 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (snort3-file-other.rules) * 1:35796 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (snort3-file-identify.rules) * 1:43927 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA javascript use after free exploitation attempt (snort3-file-pdf.rules) * 1:43815 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (snort3-os-windows.rules) * 1:46614 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (snort3-os-linux.rules) * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (snort3-server-other.rules) * 1:39761 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt (snort3-file-office.rules) * 1:38703 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (snort3-server-other.rules) * 1:39786 <-> DISABLED <-> PUA-ADWARE Win.Dowadmin.Adware outbound connection detected (snort3-pua-adware.rules) * 1:36719 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel memory information disclosure attempt (snort3-os-windows.rules) * 1:46289 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell transfer attempt (snort3-malware-backdoor.rules) * 1:36455 <-> DISABLED <-> SERVER-OTHER Schneider Electric InduSoft Web Studio Remote Agent remote code execution attempt (snort3-server-other.rules) * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (snort3-browser-firefox.rules) * 1:44441 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (snort3-file-identify.rules) * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules) * 1:44649 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB2 transfer attempt (snort3-malware-other.rules) * 1:35384 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nicabown variant outbound connection (snort3-malware-backdoor.rules) * 1:43065 <-> DISABLED <-> INDICATOR-COMPROMISE Trend Micro Control Manager WFINFOR cookie authentication bypass attempt (snort3-indicator-compromise.rules) * 1:44931 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file embedded JPEG invalid SOS data memory corruption attempt (snort3-file-other.rules) * 1:36804 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet peerdistsvc.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:47838 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (snort3-file-image.rules) * 1:36247 <-> DISABLED <-> SERVER-OTHER IRC w3wt0rk pitbull perl bot remote command execution attempt (snort3-server-other.rules) * 1:42265 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (snort3-file-other.rules) * 1:41484 <-> DISABLED <-> FILE-OTHER LexMark Perceptive Document Filters BZIP2 convert out of bounds write attempt (snort3-file-other.rules) * 1:48169 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (snort3-server-other.rules) * 1:44971 <-> DISABLED <-> SERVER-OTHER QNAP transcode server command injection attempt (snort3-server-other.rules) * 1:47890 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (snort3-file-office.rules) * 1:43953 <-> DISABLED <-> FILE-OTHER VLC Media Player malformed AMR buffer overflow attempt (snort3-file-other.rules) * 1:41756 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (snort3-indicator-compromise.rules) * 1:46115 <-> DISABLED <-> SERVER-APACHE FrontPage privilege escalation attempt (snort3-server-apache.rules) * 1:44201 <-> DISABLED <-> SERVER-OTHER Verso NetPerformer frame relay access device telnet buffer overflow attempt (snort3-server-other.rules) * 1:48348 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:38685 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:43686 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.NemucodAES variant outbound connection (snort3-malware-other.rules) * 1:43137 <-> DISABLED <-> FILE-OTHER INSAT MasterSCADA malicious project command execution attempt (snort3-file-other.rules) * 1:38263 <-> DISABLED <-> SERVER-OTHER CUPS Filters command injection attempt (snort3-server-other.rules) * 1:44124 <-> DISABLED <-> FILE-OTHER EMF EMR_EXTTEXTOUTW record memory corruption attempt (snort3-file-other.rules) * 1:37339 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (snort3-file-image.rules) * 1:36787 <-> DISABLED <-> FILE-OTHER Apple SceneKit qlmanage setelementname buffer overflow attempt (snort3-file-other.rules) * 1:48998 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Bits ASCII request (snort3-protocol-scada.rules) * 1:36535 <-> DISABLED <-> EXPLOIT-KIT Neutrino exploit kit landing page detected (snort3-exploit-kit.rules) * 1:44078 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod file download (snort3-malware-other.rules) * 1:42459 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Reader PDF embedded null JPEG image (snort3-indicator-compromise.rules) * 1:39976 <-> DISABLED <-> SERVER-OTHER BGP bad marker strings (snort3-server-other.rules) * 1:41659 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.MagicHound dropper document file detected (snort3-malware-other.rules) * 1:37495 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter compressed stream length code execution attempt (snort3-file-pdf.rules) * 1:46417 <-> DISABLED <-> SERVER-OTHER X.509 IPAddressFamily extension buffer overread attempt (snort3-server-other.rules) * 1:39501 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (snort3-policy-other.rules) * 1:44932 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file embedded JPEG invalid SOS data memory corruption attempt (snort3-file-other.rules) * 1:42396 <-> DISABLED <-> EXPLOIT-KIT Blacole inbound malformed pdf download attempt (snort3-exploit-kit.rules) * 1:48317 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:41467 <-> DISABLED <-> SERVER-OTHER InsideSecure MatrixSSL x509 IssuerDomainPolicy remote code execution attempt (snort3-server-other.rules) * 1:43333 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (snort3-file-other.rules) * 1:41641 <-> DISABLED <-> FILE-EXECUTABLE QuickHeal Internet Security malformed Mach-O file buffer overflow attempt (snort3-file-executable.rules) * 1:47130 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (snort3-file-image.rules) * 1:38289 <-> DISABLED <-> FILE-PDF Oracle IOT IX SDK libvs_pdf null pointer dereference attempt (snort3-file-pdf.rules) * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (snort3-server-other.rules) * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (snort3-file-identify.rules) * 1:39443 <-> DISABLED <-> PUA-ADWARE Win.Adware.InstallFaster variant outbound connection attempt (snort3-pua-adware.rules) * 1:40391 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file download request (snort3-file-identify.rules) * 1:45206 <-> DISABLED <-> BROWSER-FIREFOX Multiple browser pressure function denial of service attempt (snort3-browser-firefox.rules) * 1:35283 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (snort3-file-flash.rules) * 1:43074 <-> DISABLED <-> INDICATOR-COMPROMISE SysAid mssql potentially malicious new user creation attempt (snort3-indicator-compromise.rules) * 1:47989 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (snort3-file-other.rules) * 1:38661 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (snort3-malware-other.rules) * 1:36651 <-> DISABLED <-> PROTOCOL-ICMP Squid Pinger IPv6 denial of service attempt (snort3-protocol-icmp.rules) * 1:40056 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (snort3-malware-other.rules) * 1:43652 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox large window null pointer dereference attempt (snort3-browser-firefox.rules) * 1:45934 <-> DISABLED <-> FILE-EXECUTABLE Binutils objdump integer overflow attempt (snort3-file-executable.rules) * 1:35978 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateObjectTask privilege escalation attempt (snort3-os-windows.rules) * 1:42230 <-> DISABLED <-> INDICATOR-COMPROMISE RTF url moniker COM file download attempt (snort3-indicator-compromise.rules) * 1:46121 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (snort3-protocol-other.rules) * 1:36499 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (snort3-file-other.rules) * 1:42227 <-> DISABLED <-> SERVER-OTHER NTP Config Unpeer denial of service attempt (snort3-server-other.rules) * 1:40194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (snort3-malware-other.rules) * 1:36501 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (snort3-file-other.rules) * 1:48335 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:44783 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (snort3-file-identify.rules) * 1:46447 <-> DISABLED <-> POLICY-OTHER TP-Link device reboot attempt (snort3-policy-other.rules) * 1:43794 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (snort3-file-other.rules) * 1:47188 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (snort3-file-pdf.rules) * 1:47385 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (snort3-file-other.rules) * 1:40873 <-> DISABLED <-> FILE-PDF Iceni Argus loadTrailer heap corruption attempt (snort3-file-pdf.rules) * 1:37017 <-> DISABLED <-> SERVER-OTHER Redis SSH authorized keys file overwrite attempt (snort3-server-other.rules) * 1:43773 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (snort3-server-other.rules) * 1:42319 <-> DISABLED <-> FILE-PDF Poppler PDF library embedded jp2 COD levels integer overflow attempt (snort3-file-pdf.rules) * 1:43139 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large data allocation denial of service attempt (snort3-protocol-scada.rules) * 1:39675 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (snort3-file-image.rules) * 1:43514 <-> DISABLED <-> SERVER-OTHER Cisco IOS authentication proxy authentication request attempt (snort3-server-other.rules) * 1:43661 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Servlet information disclosure attempt (snort3-server-oracle.rules) * 1:43278 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (snort3-os-windows.rules) * 1:45228 <-> DISABLED <-> SERVER-OTHER Medal Of Honor Allied Assault getinfo buffer overflow attempt (snort3-server-other.rules) * 1:44158 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media Player malformed au denial of service attempt (snort3-file-other.rules) * 1:43954 <-> DISABLED <-> BROWSER-FIREFOX Mozilla PLUGINSPAGE javascript execution attempt (snort3-browser-firefox.rules) * 1:46318 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (snort3-server-other.rules) * 1:47365 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (snort3-file-pdf.rules) * 1:35904 <-> DISABLED <-> SERVER-OTHER SCADA InduSoft Web Studio buffer overflow attempt (snort3-server-other.rules) * 1:36972 <-> DISABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (snort3-file-other.rules) * 1:38135 <-> DISABLED <-> BROWSER-OTHER Apple iOS CoreGraphics library PDF embedded image handling information leak attempt (snort3-browser-other.rules) * 1:45580 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (snort3-protocol-voip.rules) * 1:47366 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (snort3-file-pdf.rules) * 1:37453 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox location.hostname DOM modification bypass attempt (snort3-browser-firefox.rules) * 1:41664 <-> DISABLED <-> PUA-ADWARE Win.Adware.Xiazai variant outbound connection (snort3-pua-adware.rules) * 1:41445 <-> DISABLED <-> SERVER-OTHER QNAP remote buffer overflow attempt (snort3-server-other.rules) * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (snort3-server-other.rules) * 1:48984 <-> DISABLED <-> PROTOCOL-SCADA PCOM Identification ASCII request (snort3-protocol-scada.rules) * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (snort3-file-flash.rules) * 1:37421 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT download (snort3-malware-backdoor.rules) * 1:47907 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (snort3-file-image.rules) * 1:44721 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate Manager process arbitrary file execution attempt (snort3-server-other.rules) * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (snort3-file-image.rules) * 1:48995 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Bits ASCII request (snort3-protocol-scada.rules) * 1:40065 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (snort3-os-windows.rules) * 1:37222 <-> ENABLED <-> MALWARE-OTHER Win.Worm.Pixipos Outbound Connection Attempt (snort3-malware-other.rules) * 1:37366 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST hostname overflow attempt (snort3-os-windows.rules) * 1:47353 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (snort3-file-image.rules) * 1:42350 <-> DISABLED <-> PROTOCOL-SCADA InduSoft Web Studio CEServer buffer overflow attempt (snort3-protocol-scada.rules) * 1:45543 <-> DISABLED <-> FILE-OTHER WinAce RAR file directory traversal attempt (snort3-file-other.rules) * 1:41300 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (snort3-file-image.rules) * 1:45417 <-> DISABLED <-> POLICY-OTHER Stratum mining protocol outbound connection attempt (snort3-policy-other.rules) * 1:37546 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (snort3-server-other.rules) * 1:43676 <-> DISABLED <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt (snort3-file-pdf.rules) * 1:41464 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (snort3-file-executable.rules) * 1:43952 <-> DISABLED <-> FILE-OTHER VLC Media Player malformed AMR buffer overflow attempt (snort3-file-other.rules) * 1:41072 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Test command with time tag (snort3-protocol-scada.rules) * 1:44105 <-> DISABLED <-> SERVER-OTHER WebPageTests upload feature remote file upload attempt (snort3-server-other.rules) * 1:43370 <-> DISABLED <-> NETBIOS DCERPC possible wmi remote process launch (snort3-netbios.rules) * 1:39985 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (snort3-indicator-compromise.rules) * 1:38441 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (snort3-malware-other.rules) * 1:35406 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_status heap buffer overflow attempt (snort3-server-apache.rules) * 1:47094 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (snort3-pua-adware.rules) * 1:45983 <-> DISABLED <-> POLICY-OTHER Sandvine PacketLogic http redirection attempt (snort3-policy-other.rules) * 1:46123 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (snort3-protocol-other.rules) * 1:35629 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime tkhd atom matrix integer overflow attempt (snort3-file-multimedia.rules) * 1:43596 <-> DISABLED <-> SERVER-OTHER Oracle Demantra information disclosure attempt (snort3-server-other.rules) * 1:43540 <-> DISABLED <-> FILE-OTHER Aktiv Player wma file buffer overflow attempt (snort3-file-other.rules) * 1:39111 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office HCell HncChart out of bounds write attempt (snort3-file-office.rules) * 1:48224 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox sandbox escape attempt (snort3-browser-firefox.rules) * 1:44104 <-> DISABLED <-> FILE-PDF Multiple products PDF JavaScript saveAs arbitrary file write attempt (snort3-file-pdf.rules) * 1:36281 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (snort3-exploit-kit.rules) * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (snort3-policy-other.rules) * 1:41205 <-> DISABLED <-> FILE-PDF Adobe Reader XSL type confusion attempt (snort3-file-pdf.rules) * 1:35757 <-> DISABLED <-> FILE-PDF Adobe Reader exclGroup element null pointer dereference attempt (snort3-file-pdf.rules) * 1:42822 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (snort3-malware-other.rules) * 1:36194 <-> DISABLED <-> POLICY-OTHER BitTorrent distributed reflected denial-of-service attempt (snort3-policy-other.rules) * 1:42270 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (snort3-file-other.rules) * 1:44715 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate Collector process remote start attempt (snort3-server-other.rules) * 1:48350 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:39593 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (snort3-file-image.rules) * 1:47331 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (snort3-file-image.rules) * 1:48344 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:43219 <-> DISABLED <-> PUA-ADWARE Win.Adware.Hotbar variant outbound connection (snort3-pua-adware.rules) * 1:43543 <-> DISABLED <-> FILE-OTHER multiple vulnerabilities malformed .m3u file buffer overflow attempt (snort3-file-other.rules) * 1:35981 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (snort3-file-identify.rules) * 1:45356 <-> DISABLED <-> FILE-FLASH Adobe Flash Player null pointer dereference attempt (snort3-file-flash.rules) * 1:40091 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineOverline property use (snort3-indicator-compromise.rules) * 1:43516 <-> DISABLED <-> BROWSER-OTHER Apple Safari nested xml tag denial of service attempt (snort3-browser-other.rules) * 1:41208 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed PlaceObject3 memory corruption attempt (snort3-file-flash.rules) * 1:38445 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (snort3-malware-other.rules) * 1:40760 <-> DISABLED <-> SERVER-OTHER OpenLDAP deref control denial of service attempt (snort3-server-other.rules) * 1:47330 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (snort3-file-image.rules) * 1:36240 <-> ENABLED <-> FILE-JAVA Oracle Java System.arraycopy race condition attempt (snort3-file-java.rules) * 1:38447 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (snort3-malware-other.rules) * 1:45403 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word memory corruption exploit attempt (snort3-file-office.rules) * 1:39707 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (snort3-browser-other.rules) * 1:44303 <-> DISABLED <-> FILE-OFFICE Microsoft PowerPoint CString atom overflow attempt (snort3-file-office.rules) * 1:39906 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 download attempt (snort3-malware-other.rules) * 1:45257 <-> DISABLED <-> BROWSER-OTHER IBM Notes denial of service attempt (snort3-browser-other.rules) * 1:47334 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out of bounds write attempt (snort3-file-pdf.rules) * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (snort3-policy-other.rules) * 1:38684 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:46412 <-> DISABLED <-> PUA-OTHER Javascript obfuscated by obfuscator.io download attempt (snort3-pua-other.rules) * 1:39584 <-> DISABLED <-> SERVER-OTHER EasyCafe Server remote file access attempt (snort3-server-other.rules) * 1:41076 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 double command issued (snort3-protocol-scada.rules) * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (snort3-file-identify.rules) * 1:36814 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO acceptor acc_ctx_cont denial of service attempt (snort3-server-other.rules) * 1:37055 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (snort3-file-other.rules) * 1:37155 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid RSASSA-PSS certificate denial of service attempt (snort3-server-other.rules) * 1:42289 <-> DISABLED <-> INDICATOR-SCAN PHP info leak attempt (snort3-indicator-scan.rules) * 1:39804 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (snort3-malware-other.rules) * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules) * 1:41924 <-> DISABLED <-> FILE-OTHER Notepad++ request for scilexer.dll over SMB attempt (snort3-file-other.rules) * 1:36606 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (snort3-file-flash.rules) * 1:35739 <-> DISABLED <-> FILE-PDF Adobe Reader GoToE javascript execution attempt (snort3-file-pdf.rules) * 1:38338 <-> DISABLED <-> FILE-JAVA Oracle Java Class Loader namespace sandbox bypass attempt (snort3-file-java.rules) * 1:39986 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt (snort3-indicator-compromise.rules) * 1:37404 <-> DISABLED <-> SERVER-OTHER Easy Chat server authentication request username parameter overflow attempt (snort3-server-other.rules) * 1:40192 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (snort3-malware-other.rules) * 1:43604 <-> DISABLED <-> FILE-OTHER Schneider Electric ClearSCADA malicious OPF file (snort3-file-other.rules) * 1:43275 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (snort3-os-windows.rules) * 1:42927 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office with embedded EPS download attempt (snort3-indicator-compromise.rules) * 1:49012 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Data Table binary request (snort3-protocol-scada.rules) * 1:47315 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (snort3-file-image.rules) * 1:43817 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (snort3-os-windows.rules) * 1:40908 <-> ENABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (snort3-server-other.rules) * 1:43260 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (snort3-file-other.rules) * 1:37643 <-> DISABLED <-> SQL Oracle e-Business Suite ORACLESSWA SQL injection attempt (snort3-sql.rules) * 1:43774 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (snort3-server-other.rules) * 1:45433 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ErrorPDU (snort3-protocol-scada.rules) * 1:36529 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (snort3-file-flash.rules) * 1:40063 <-> DISABLED <-> OS-LINUX Linux Kernel Challenge ACK provocation attempt (snort3-os-linux.rules) * 1:45544 <-> DISABLED <-> FILE-OTHER WinAce RAR file directory traversal attempt (snort3-file-other.rules) * 1:43525 <-> DISABLED <-> SERVER-OTHER Cisco ASA malformed SCCP packet denial of service attempt (snort3-server-other.rules) * 1:41807 <-> DISABLED <-> POLICY-OTHER SSLv3 Client Hello attempt (snort3-policy-other.rules) * 1:40125 <-> DISABLED <-> FILE-OTHER Ichitaro Office Excel TxO record heap overflow attempt (snort3-file-other.rules) * 1:45720 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader OCG heap overflow attempt (snort3-file-pdf.rules) * 1:47343 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (snort3-file-image.rules) * 1:35550 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (snort3-exploit-kit.rules) * 1:39502 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (snort3-policy-other.rules) * 1:36476 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (snort3-file-flash.rules) * 1:46674 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules) * 1:47626 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (snort3-file-other.rules) * 1:36016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows use after free kernel privilege escalation attempt (snort3-os-windows.rules) * 1:38583 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_parse_cmd_suggestcontacts out of bounds read attempt (snort3-server-other.rules) * 1:39741 <-> DISABLED <-> PUA-ADWARE Win.Adware.StartPage variant outbound connection (snort3-pua-adware.rules) * 1:43611 <-> DISABLED <-> SERVER-OTHER Piwigo LocalFiles editor cross-site request forgery attempt (snort3-server-other.rules) * 1:38865 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (snort3-file-identify.rules) * 1:38594 <-> DISABLED <-> APP-DETECT Bloomberg web crawler outbound connection (snort3-app-detect.rules) * 1:39189 <-> ENABLED <-> PUA-TOOLBARS Win.Toolbar.Crossrider variant outbound connection (snort3-pua-toolbars.rules) * 1:46419 <-> DISABLED <-> OS-WINDOWS Microsoft Windows XXE information disclosure attempt (snort3-os-windows.rules) * 1:39664 <-> DISABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt (snort3-file-other.rules) * 1:43116 <-> DISABLED <-> SERVER-OTHER Moore Industries NCS denial of service attempt (snort3-server-other.rules) * 1:42353 <-> DISABLED <-> FILE-PDF Poppler readProgressiveSOF out of bounds write attempt (snort3-file-pdf.rules) * 1:38692 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:39464 <-> DISABLED <-> FILE-EXECUTABLE McAfee LiveSafe malformed executable denial of service attempt (snort3-file-executable.rules) * 1:46765 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (snort3-browser-firefox.rules) * 1:43386 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (snort3-os-windows.rules) * 1:44706 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (snort3-policy-other.rules) * 1:35781 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (snort3-file-pdf.rules) * 1:39108 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (snort3-file-pdf.rules) * 1:40326 <-> DISABLED <-> SERVER-OTHER JBoss directory traversal attempt (snort3-server-other.rules) * 1:43262 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (snort3-file-other.rules) * 1:39463 <-> DISABLED <-> FILE-EXECUTABLE McAfee LiveSafe malformed executable denial of service attempt (snort3-file-executable.rules) * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (snort3-policy-other.rules) * 1:46394 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file attachment detected (snort3-file-identify.rules) * 1:35688 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml file request (snort3-protocol-other.rules) * 1:49007 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Integers ASCII request (snort3-protocol-scada.rules) * 1:41028 <-> DISABLED <-> OS-LINUX Linux net af_packet.c tpacket version race condition use after free attempt (snort3-os-linux.rules) * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (snort3-policy-other.rules) * 1:35561 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (snort3-file-multimedia.rules) * 1:44015 <-> DISABLED <-> PROTOCOL-OTHER STCP heartbeat chunk denial of service attempt (snort3-protocol-other.rules) * 1:47821 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid Diffie-Hellman parameter NULL pointer dereference attempt (snort3-server-other.rules) * 1:44914 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PrintParams out of bounds array index attempt (snort3-file-pdf.rules) * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (snort3-server-other.rules) * 1:40921 <-> DISABLED <-> FILE-PDF Iceni Argus loadLZWBuffer out of bounds write attempt (snort3-file-pdf.rules) * 1:42458 <-> DISABLED <-> PROTOCOL-DNS ISC BIND unexpected DNAME CNAME ordering denial of service attempt (snort3-protocol-dns.rules) * 1:37583 <-> DISABLED <-> INDICATOR-SHELLCODE Javascript 0xCCCC unicode unescape (snort3-indicator-shellcode.rules) * 1:38296 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (snort3-file-other.rules) * 1:35460 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallWrapper error handling code execution attempt (snort3-browser-firefox.rules) * 1:39046 <-> DISABLED <-> FILE-OTHER libarchive RAR RestartModel out of bounds write attempt (snort3-file-other.rules) * 1:39660 <-> DISABLED <-> FILE-OTHER Oracle OIT gem metafile n_integers heap buffer overflow attempt (snort3-file-other.rules) * 1:35689 <-> DISABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml buffer overflow attempt (snort3-protocol-other.rules) * 1:43576 <-> DISABLED <-> INDICATOR-COMPROMISE possible Samsung DVR authentication bypass attempt (snort3-indicator-compromise.rules) * 1:35631 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (snort3-server-other.rules) * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (snort3-file-identify.rules) * 1:45880 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF listoverride memory corruption attempt (snort3-file-office.rules) * 1:41946 <-> DISABLED <-> FILE-IMAGE Microsoft GDI+ malformed EMF description out of bounds read attempt (snort3-file-image.rules) * 1:46317 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (snort3-server-other.rules) * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (snort3-file-identify.rules) * 1:38529 <-> DISABLED <-> MALWARE-OTHER XBot CC Social Engineering (snort3-malware-other.rules) * 1:35889 <-> DISABLED <-> PROTOCOL-SCADA Kaskad SCADA arbitrary command execution attempt (snort3-protocol-scada.rules) * 1:49004 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Bits ASCII request (snort3-protocol-scada.rules) * 1:42877 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (snort3-file-pdf.rules) * 1:45101 <-> DISABLED <-> PROTOCOL-SCADA vxworks rpc credential flavor integer overflow device crash attempt (snort3-protocol-scada.rules) * 1:44919 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusRectF out of bounds read attempt (snort3-file-other.rules) * 1:44434 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server possible OPTIONS method memory leak attempt (snort3-server-apache.rules) * 1:49009 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set UnitID ASCII reply (snort3-protocol-scada.rules) * 1:39745 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.FakeRean outbound connection detection (snort3-malware-other.rules) * 1:39756 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Retefe variant malicious certificate installation page (snort3-malware-other.rules) * 1:43126 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Username read or write attempt (snort3-indicator-compromise.rules) * 1:42377 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader dll injection sandbox escape (snort3-file-pdf.rules) * 1:43073 <-> DISABLED <-> SQL SysAid potential default credential login attempt (snort3-sql.rules) * 1:35543 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (snort3-file-flash.rules) * 1:44181 <-> DISABLED <-> FILE-OTHER Bluezone Desktop buffer overflow attempt (snort3-file-other.rules) * 1:35286 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (snort3-file-flash.rules) * 1:36543 <-> ENABLED <-> EXPLOIT-KIT Hunter exploit kit landing page detected (snort3-exploit-kit.rules) * 1:40534 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (snort3-file-image.rules) * 1:40184 <-> DISABLED <-> EXPLOIT-KIT Phoenix Exploit Kit inbound geoip.php bdr exploit attempt (snort3-exploit-kit.rules) * 1:43303 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (snort3-file-flash.rules) * 1:41047 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STARTDT ACT (snort3-protocol-scada.rules) * 1:36422 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (snort3-policy-other.rules) * 1:48295 <-> DISABLED <-> FILE-OTHER out-of-bounds write attempt with malicious MAR file detected (snort3-file-other.rules) * 1:49022 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Bits ASCII reply (snort3-protocol-scada.rules) * 1:35774 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (snort3-file-multimedia.rules) * 1:38713 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:38694 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:48225 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox sandbox escape attempt (snort3-browser-firefox.rules) * 1:36565 <-> DISABLED <-> FILE-MULTIMEDIA libav LZO integer overflow attempt (snort3-file-multimedia.rules) * 1:44695 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (snort3-file-office.rules) * 1:44474 <-> DISABLED <-> MALWARE-OTHER GHBkdr TLS Change Cipher spoof runtime detection (snort3-malware-other.rules) * 1:38705 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:41071 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Step point information (snort3-protocol-scada.rules) * 1:35638 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (snort3-file-flash.rules) * 1:38989 <-> DISABLED <-> MALWARE-TOOLS TorStresser http DoS tool (snort3-malware-tools.rules) * 1:47070 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (snort3-policy-other.rules) * 1:42873 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (snort3-file-pdf.rules) * 1:44370 <-> DISABLED <-> FILE-PDF Nitro Pro malformed object index buffer overflow attempt (snort3-file-pdf.rules) * 1:40175 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (snort3-file-flash.rules) * 1:42934 <-> DISABLED <-> PROTOCOL-SCADA GE Proficy Historian buffer overflow attempt (snort3-protocol-scada.rules) * 1:45173 <-> DISABLED <-> BROWSER-FIREFOX Mozilla download directory file deletion attempt (snort3-browser-firefox.rules) * 1:42259 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (snort3-file-identify.rules) * 1:42109 <-> DISABLED <-> PROTOCOL-SCADA invalid modbus protocol identifier (snort3-protocol-scada.rules) * 1:44942 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader FDF file security bypass attempt (snort3-file-other.rules) * 1:46716 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader use after free attempt (snort3-file-pdf.rules) * 1:40193 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (snort3-malware-other.rules) * 1:37635 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SPNEGO ASN.1 library heap corruption overflow attempt (snort3-os-windows.rules) * 1:43218 <-> DISABLED <-> PUA-ADWARE Win.Adware.Hotbar variant outbound connection (snort3-pua-adware.rules) * 1:36547 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (snort3-server-other.rules) * 1:47359 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (snort3-file-image.rules) * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules) * 1:43621 <-> DISABLED <-> SERVER-OTHER Real Networks Helix Server RTSP denial of service attempt (snort3-server-other.rules) * 1:36457 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (snort3-exploit-kit.rules) * 1:39923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (snort3-file-pdf.rules) * 1:46907 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows processor modification return to user-mode attempt (snort3-indicator-compromise.rules) * 1:37501 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt (snort3-file-pdf.rules) * 1:44065 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (snort3-file-other.rules) * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (snort3-file-identify.rules) * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (snort3-file-flash.rules) * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (snort3-protocol-scada.rules) * 1:48322 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48931 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:42936 <-> DISABLED <-> FILE-OTHER Everest Software PeakHMI malicious .bsu file buffer overflow attempt (snort3-file-other.rules) * 1:45246 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox DOM event handler privilege escalation attempt (snort3-browser-firefox.rules) * 1:38571 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (snort3-file-other.rules) * 1:37288 <-> DISABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (snort3-server-other.rules) * 1:38343 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf Root xref stack exhaustion attempt (snort3-file-pdf.rules) * 1:49019 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Longs ASCII reply (snort3-protocol-scada.rules) * 1:46711 <-> DISABLED <-> FILE-OTHER Adobe Professional BMP embedded image heap overflow attempt (snort3-file-other.rules) * 1:45631 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS privilege escalation attempt (snort3-file-other.rules) * 1:44643 <-> DISABLED <-> SERVER-OTHER Mikrotik RouterOS denial of service attempt (snort3-server-other.rules) * 1:38666 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP header invalid entry evasion attempt (snort3-indicator-obfuscation.rules) * 1:39597 <-> DISABLED <-> FILE-MULTIMEDIA Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt (snort3-file-multimedia.rules) * 1:35285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (snort3-file-flash.rules) * 1:46072 <-> DISABLED <-> FILE-OTHER Python lib wave.py wav zero channel denial of service attempt (snort3-file-other.rules) * 1:37058 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (snort3-file-other.rules) * 1:43389 <-> DISABLED <-> INDICATOR-COMPROMISE Symantec Endpoint Protection potential binary planting RCE attempt (snort3-indicator-compromise.rules) * 1:48919 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:36805 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet request for peerdistsvc.dll over SMB attempt (snort3-os-windows.rules) * 1:43600 <-> DISABLED <-> FILE-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (snort3-file-other.rules) * 1:36310 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (snort3-file-image.rules) * 1:48324 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:42057 <-> DISABLED <-> PROTOCOL-SCADA Moxa unlock function code attempt (snort3-protocol-scada.rules) * 1:48352 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:45638 <-> DISABLED <-> SERVER-MAIL SqWebMail print_header_ua cross site scripting attempt (snort3-server-mail.rules) * 1:35412 <-> DISABLED <-> BROWSER-CHROME Google Chrome xssauditor policy bypass command injection attempt (snort3-browser-chrome.rules) * 1:42164 <-> DISABLED <-> FILE-OTHER Microsoft Office OneNote 2007 dll-load exploit attempt (snort3-file-other.rules) * 1:48323 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:41795 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (snort3-policy-other.rules) * 1:38714 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:41525 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (snort3-indicator-compromise.rules) * 1:38862 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file download request (snort3-file-identify.rules) * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (snort3-policy-other.rules) * 1:35921 <-> DISABLED <-> SERVER-OTHER General Electric Proficy malicious log forwarding request attempt (snort3-server-other.rules) * 1:40533 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (snort3-file-image.rules) * 1:43943 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.DonaldDick variant outbound connection detection (snort3-malware-backdoor.rules) * 1:48325 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:36524 <-> DISABLED <-> FILE-JAVA Oracle Java TrueType font parsing mort table ligature subtable buffer overflow attempt (snort3-file-java.rules) * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (snort3-file-identify.rules) * 1:49002 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Longs ASCII request (snort3-protocol-scada.rules) * 1:43261 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (snort3-file-other.rules) * 1:41778 <-> ENABLED <-> PROTOCOL-SCADA Yokogawa CS3000 BKFSim_vhfd buffer overflow attempt (snort3-protocol-scada.rules) * 1:36585 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari user assisted applescript code execution attempt (snort3-browser-webkit.rules) * 1:38698 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:43146 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (snort3-policy-other.rules) * 1:42774 <-> DISABLED <-> OS-WINDOWS Microsoft Windows COM privilege escalation attempt (snort3-os-windows.rules) * 1:39598 <-> DISABLED <-> FILE-MULTIMEDIA Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt (snort3-file-multimedia.rules) * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (snort3-browser-firefox.rules) * 1:40094 <-> DISABLED <-> INDICATOR-SCAN Microsoft Internet Explorer AnchorElement information disclosure attempt (snort3-indicator-scan.rules) * 1:38307 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (snort3-file-identify.rules) * 1:38329 <-> ENABLED <-> MALWARE-BACKDOOR ReGeorg socks proxy initial connection attempt (snort3-malware-backdoor.rules) * 1:37087 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Metafile invalid header size integer overflow (snort3-os-windows.rules) * 1:48863 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (snort3-indicator-obfuscation.rules) * 1:36498 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (snort3-file-other.rules) * 1:48249 <-> DISABLED <-> SERVER-OTHER GP ProEX WinGP Runtime directory traversal attempt (snort3-server-other.rules) * 1:45669 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (snort3-file-other.rules) * 1:47961 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (snort3-file-other.rules) * 1:37056 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (snort3-file-other.rules) * 1:44041 <-> DISABLED <-> SERVER-OTHER LCDproc test_func buffer overflow attempt (snort3-server-other.rules) * 1:40811 <-> DISABLED <-> SERVER-OTHER NTP origin timestamp denial of service attempt (snort3-server-other.rules) * 1:45207 <-> DISABLED <-> PROTOCOL-SCADA WelinTech Kingview History Server denial of service attempt (snort3-protocol-scada.rules) * 1:36315 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit relay traffic detected (snort3-exploit-kit.rules) * 1:44915 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PrintParams out of bounds array index attempt (snort3-file-pdf.rules) * 1:44096 <-> DISABLED <-> MALWARE-TOOLS Request to service that provices external IP address detected (snort3-malware-tools.rules) * 1:35247 <-> ENABLED <-> FILE-IDENTIFY GNI file download request (snort3-file-identify.rules) * 1:43104 <-> DISABLED <-> PROTOCOL-SCADA OPC Systems denial of service attempt (snort3-protocol-scada.rules) * 1:47095 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (snort3-pua-adware.rules) * 1:47267 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules) * 1:39708 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (snort3-browser-other.rules) * 1:38444 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (snort3-malware-other.rules) * 1:43161 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (snort3-policy-other.rules) * 1:43970 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIER16 out of bounds access attempt (snort3-file-multimedia.rules) * 1:48922 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:35770 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Cobrike outbound connection (snort3-malware-backdoor.rules) * 1:39863 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (snort3-os-windows.rules) * 1:41219 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric denial of service attempt (snort3-server-other.rules) * 1:46908 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows processor modification return to user-mode attempt (snort3-indicator-compromise.rules) * 1:49006 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Longs ASCII request (snort3-protocol-scada.rules) * 1:40610 <-> DISABLED <-> INDICATOR-COMPROMISE DNS response points to sinkholed domain (snort3-indicator-compromise.rules) * 1:39798 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (snort3-file-pdf.rules) * 1:39987 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (snort3-indicator-compromise.rules) * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (snort3-policy-other.rules) * 1:42865 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS MIBEntryGet buffer overflow attempt (snort3-os-windows.rules) * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (snort3-file-identify.rules) * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules) * 1:43816 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (snort3-os-windows.rules) * 1:43760 <-> DISABLED <-> PROTOCOL-NNTP Control overflow attempt (snort3-protocol-nntp.rules) * 1:44123 <-> DISABLED <-> FILE-OTHER EMF EMR_EXTTEXTOUTW record memory corruption attempt (snort3-file-other.rules) * 1:42773 <-> DISABLED <-> OS-WINDOWS Microsoft Windows COM privilege escalation attempt (snort3-os-windows.rules) * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (snort3-policy-other.rules) * 1:44369 <-> DISABLED <-> FILE-PDF Nitro Pro malformed object index buffer overflow attempt (snort3-file-pdf.rules) * 1:45577 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (snort3-protocol-voip.rules) * 1:45430 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ErrorPDU (snort3-protocol-scada.rules) * 1:37442 <-> ENABLED <-> FILE-OTHER Adobe Flash Player javascript parsing cross site scripting attempt (snort3-file-other.rules) * 1:44323 <-> DISABLED <-> FILE-OTHER RAR file malformed header antivirus evasion attempt (snort3-file-other.rules) * 1:40318 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (snort3-server-apache.rules) * 1:44705 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (snort3-policy-other.rules) * 1:46781 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (snort3-browser-firefox.rules) * 1:45745 <-> DISABLED <-> SERVER-OTHER CloudMe Sync Client stack buffer overflow attempt (snort3-server-other.rules) * 1:47313 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (snort3-file-image.rules) * 1:36563 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (snort3-os-windows.rules) * 1:43092 <-> DISABLED <-> INDICATOR-COMPROMISE OLE attachment with embedded PICT attempt (snort3-indicator-compromise.rules) * 1:48985 <-> DISABLED <-> PROTOCOL-SCADA PCOM Init Device ASCII request (snort3-protocol-scada.rules) * 1:43228 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 force on denial of service attempt (snort3-protocol-scada.rules) * 1:38526 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Troll dropper document file detected (snort3-malware-other.rules) * 1:43795 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (snort3-file-other.rules) * 1:43388 <-> DISABLED <-> OS-OTHER Apple OSX CFNetwork HTTP response denial of service attempt (snort3-os-other.rules) * 1:39773 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (snort3-malware-tools.rules) * 1:43682 <-> DISABLED <-> FILE-OTHER Xion Media Player AIFF denial of service attempt (snort3-file-other.rules) * 1:39799 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (snort3-file-pdf.rules) * 1:44382 <-> DISABLED <-> SERVER-OTHER D-Link router remote reboot attempt (snort3-server-other.rules) * 1:48109 <-> DISABLED <-> SERVER-OTHER Aktakom oscilloscope denial of service attempt (snort3-server-other.rules) * 1:36854 <-> DISABLED <-> FILE-OTHER IDEAL Administration IPJ file handling stack overflow attempt (snort3-file-other.rules) * 1:37620 <-> DISABLED <-> PUA-ADWARE Genieo Adware framework variant outbound connection (snort3-pua-adware.rules) * 1:43517 <-> DISABLED <-> BROWSER-OTHER Apple Safari nested xml tag denial of service attempt (snort3-browser-other.rules) * 1:42260 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (snort3-file-identify.rules) * 1:44468 <-> DISABLED <-> SERVER-OTHER SAP Netweaver Dynpro Engine denial of service attempt (snort3-server-other.rules) * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (snort3-policy-other.rules) * 1:44647 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB2 transfer attempt (snort3-malware-other.rules) * 1:40872 <-> DISABLED <-> FILE-PDF Iceni Argus loadTrailer heap corruption attempt (snort3-file-pdf.rules) * 1:48315 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:45153 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft MsMpEng shrink compressed zip code execution attempt (snort3-indicator-compromise.rules) * 1:37497 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter encrypted stream code execution attempt (snort3-file-pdf.rules) * 1:40895 <-> DISABLED <-> FILE-OTHER R Project PDF encoding buffer overflow attempt (snort3-file-other.rules) * 1:40597 <-> DISABLED <-> INDICATOR-COMPROMISE shell script download with wget from external source (snort3-indicator-compromise.rules) * 1:44974 <-> DISABLED <-> SERVER-OTHER Cisco IOS Smart Install identification attempt (snort3-server-other.rules) * 1:36803 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt (snort3-server-other.rules) * 1:39416 <-> DISABLED <-> PUA-OTHER RMS rmansys remote management tool cnc communication (snort3-pua-other.rules) * 1:47943 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (snort3-file-image.rules) * 1:43602 <-> DISABLED <-> SERVER-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (snort3-server-other.rules) * 1:45069 <-> DISABLED <-> SERVER-SAMBA Samba write andx command memory leak attempt (snort3-server-samba.rules) * 1:46766 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (snort3-browser-firefox.rules) * 1:40055 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (snort3-malware-other.rules) * 1:49024 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Bits ASCII reply (snort3-protocol-scada.rules) * 1:42000 <-> DISABLED <-> SERVER-OTHER WolfSSL X509 parsing off-by-one code execution attempt (snort3-server-other.rules) * 1:38268 <-> DISABLED <-> SERVER-APACHE 404 OK response (snort3-server-apache.rules) * 1:40538 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (snort3-file-image.rules) * 1:43094 <-> DISABLED <-> SERVER-OTHER Ecava IntegraXor SCADA information leak attempt (snort3-server-other.rules) * 1:36384 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (snort3-os-windows.rules) * 1:47384 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (snort3-file-other.rules) * 1:45233 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon Quantum modbus stop command attempt (snort3-protocol-scada.rules) * 1:48349 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:45350 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (snort3-file-java.rules) * 1:44795 <-> DISABLED <-> FILE-OFFICE Hewlett-Packard Autonomy KeyView library stack-based buffer overflow attempt (snort3-file-office.rules) * 1:43080 <-> ENABLED <-> BROWSER-OTHER Foscam IP Camera User-Agent string detected (snort3-browser-other.rules) * 1:44785 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (snort3-file-identify.rules) * 1:43828 <-> DISABLED <-> FILE-OTHER Snackamp malformed AIFF buffer overflow attempt (snort3-file-other.rules) * 1:47043 <-> DISABLED <-> INDICATOR-COMPROMISE Atvise SCADA user enumeration attempt (snort3-indicator-compromise.rules) * 1:46617 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (snort3-os-linux.rules) * 1:37498 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter encrypted stream code execution attempt (snort3-file-pdf.rules) * 1:43297 <-> DISABLED <-> SERVER-OTHER Cisco ASA 5500 series denial of service attempt (snort3-server-other.rules) * 1:43105 <-> DISABLED <-> SERVER-OTHER Novus WS10 Data Server buffer overflow attempt (snort3-server-other.rules) * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (snort3-policy-other.rules) * 1:41091 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Crash Ethernet attempt (snort3-protocol-scada.rules) * 1:43798 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (snort3-file-other.rules) * 1:42846 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF heap overflow attempt (snort3-file-image.rules) * 1:46448 <-> DISABLED <-> POLICY-OTHER TP-Link device enable remote management attempt (snort3-policy-other.rules) * 1:40486 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (snort3-file-pdf.rules) * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (snort3-file-identify.rules) * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (snort3-file-other.rules) * 1:35775 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (snort3-file-multimedia.rules) * 1:42054 <-> DISABLED <-> PROTOCOL-SCADA Moxa get SNMP read string attempt (snort3-protocol-scada.rules) * 1:36317 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URI loaded FLV potential information leak attempt (snort3-file-flash.rules) * 1:42320 <-> DISABLED <-> FILE-PDF Poppler PDF library embedded jp2 COD levels integer overflow attempt (snort3-file-pdf.rules) * 1:36377 <-> DISABLED <-> BROWSER-OTHER Google Chrome invalid URI denial of service attempt (snort3-browser-other.rules) * 1:35630 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (snort3-server-other.rules) * 1:38292 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (snort3-file-identify.rules) * 1:41062 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Packed start events (snort3-protocol-scada.rules) * 1:39762 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt (snort3-file-office.rules) * 1:42341 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (snort3-file-pdf.rules) * 1:37419 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (snort3-malware-backdoor.rules) * 1:40196 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (snort3-malware-other.rules) * 1:46980 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office Discovery User-Agent to a potential URL shortener service (snort3-indicator-compromise.rules) * 1:43131 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (snort3-file-other.rules) * 1:36492 <-> DISABLED <-> EXPLOIT-KIT Neutrino exploit kit gate detected (snort3-exploit-kit.rules) * 1:37306 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (snort3-app-detect.rules) * 1:45687 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded JPEG out of bounds read attempt (snort3-file-other.rules) * 1:41304 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (snort3-file-image.rules) * 1:41066 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Regulating step command (snort3-protocol-scada.rules) * 1:48925 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:40492 <-> DISABLED <-> PUA-ADWARE Win.Adware.DownloadManager outbound connection (snort3-pua-adware.rules) * 1:43772 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (snort3-server-other.rules) * 1:35335 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (snort3-exploit-kit.rules) * 1:42367 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (snort3-file-identify.rules) * 1:38867 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_chunk_parse_get_avatar out of bounds read attempt (snort3-server-other.rules) * 1:42420 <-> DISABLED <-> SERVER-OTHER HP Operations Agent for NonStop server HEALTH packet parsing stack buffer overflow attempt (snort3-server-other.rules) * 1:35628 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime tkhd atom matrix integer overflow attempt (snort3-file-multimedia.rules) * 1:43705 <-> DISABLED <-> SERVER-OTHER HPE LoadRunner buffer overflow exploitation attempt (snort3-server-other.rules) * 1:43264 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (snort3-file-other.rules) * 1:47875 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (snort3-file-image.rules) * 1:35784 <-> DISABLED <-> FILE-PDF Adobe Reader AcroForm null pointer dereference attempt (snort3-file-pdf.rules) * 1:40844 <-> DISABLED <-> SERVER-OTHER OpenSSL Invalid CMS structure null pointer dereference attempt (snort3-server-other.rules) * 1:36493 <-> DISABLED <-> SERVER-OTHER Squid snmphandleUDP off-by-one buffer overflow attempt (snort3-server-other.rules) * 1:35547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (snort3-file-flash.rules) * 1:42876 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (snort3-file-pdf.rules) * 1:48318 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:35765 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (snort3-server-other.rules) * 1:44957 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed XObject use after free attempt (snort3-file-pdf.rules) * 1:40517 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Network Policy Change attempt (snort3-protocol-scada.rules) * 1:37892 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS tunneling attempt (snort3-indicator-obfuscation.rules) * 1:35239 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (snort3-file-pdf.rules) * 1:45499 <-> DISABLED <-> SERVER-OTHER ISC DHCPD remote denial of service attempt (snort3-server-other.rules) * 1:37367 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST hostname overflow attempt (snort3-os-windows.rules) * 1:35797 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file download request (snort3-file-identify.rules) * 1:36251 <-> DISABLED <-> SERVER-OTHER ntpq atoascii memory corruption attempt (snort3-server-other.rules) * 1:48895 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - Web Open Font Format evasion attempt (snort3-policy-spam.rules) * 1:40187 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (snort3-policy-other.rules) * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules) * 1:42343 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (snort3-file-pdf.rules) * 1:48988 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Inputs ASCII request (snort3-protocol-scada.rules) * 1:45398 <-> DISABLED <-> PUA-ADWARE Osx.Adware.SurfBuyer adware outbound connection detected (snort3-pua-adware.rules) * 1:44577 <-> DISABLED <-> SERVER-OTHER Samsung Security Manager ActiveMQ cross site scripting attempt (snort3-server-other.rules) * 1:35917 <-> DISABLED <-> SERVER-OTHER Websense Triton Web Security untrusted remote file creation attempt (snort3-server-other.rules) * 1:35284 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (snort3-file-flash.rules) * 1:47033 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (snort3-file-multimedia.rules) * 1:48334 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:37328 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (snort3-file-image.rules) * 1:35418 <-> DISABLED <-> SERVER-OTHER Fortinet Single Sign On hello message denial of service attempt (snort3-server-other.rules) * 1:44418 <-> DISABLED <-> SERVER-OTHER Tipping Point IPS reverse DNS lookup format string exploit attempt (snort3-server-other.rules) * 1:43566 <-> DISABLED <-> SERVER-OTHER LAN Messenger initiation request buffer overflow attempt (snort3-server-other.rules) * 1:41604 <-> DISABLED <-> FILE-FLASH Adobe Flash player BitmapData class use after free attempt (snort3-file-flash.rules) * 1:42935 <-> DISABLED <-> FILE-OTHER Everest Software PeakHMI malicious .bsu file buffer overflow attempt (snort3-file-other.rules) * 1:45780 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (snort3-file-other.rules) * 1:42463 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (snort3-file-image.rules) * 1:36766 <-> DISABLED <-> FILE-OTHER Microsoft Outlook for Mac EML file http-equiv refresh url attempt (snort3-file-other.rules) * 1:49010 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get RTC ASCII reply (snort3-protocol-scada.rules) * 1:46393 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file detected (snort3-file-identify.rules) * 1:43942 <-> DISABLED <-> FILE-OTHER Abbs Media Player LST buffer overflow attempt (snort3-file-other.rules) * 1:41738 <-> DISABLED <-> PROTOCOL-SCADA Sunway DOS attempt (snort3-protocol-scada.rules) * 1:40460 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (snort3-file-office.rules) * 1:49017 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Inputs ASCII reply (snort3-protocol-scada.rules) * 1:36378 <-> DISABLED <-> BROWSER-OTHER Google Chrome invalid URI denial of service attempt (snort3-browser-other.rules) * 1:39926 <-> ENABLED <-> MALWARE-OTHER pisloader DNS drive command response attempt (snort3-malware-other.rules) * 1:48553 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file download request (snort3-file-identify.rules) * 1:41365 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RtlQueryRegistryValues buffer overflow attempt (snort3-os-windows.rules) * 1:45630 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS privilege escalation attempt (snort3-file-other.rules) * 1:43162 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (snort3-policy-other.rules) * 1:44004 <-> DISABLED <-> POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected (snort3-policy-other.rules) * 1:36912 <-> DISABLED <-> SERVER-OTHER Novell eDirectory dhost buffer overflow attempt (snort3-server-other.rules) * 1:44786 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (snort3-file-identify.rules) * 1:41417 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader image cache use after free attempt (snort3-file-pdf.rules) * 1:36252 <-> DISABLED <-> SERVER-OTHER ntpd remote configuration denial of service attempt (snort3-server-other.rules) * 1:46495 <-> DISABLED <-> SERVER-OTHER HTTP request smuggling attempt (snort3-server-other.rules) * 1:47129 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (snort3-file-image.rules) * 1:48992 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Integers ASCII request (snort3-protocol-scada.rules) * 1:45386 <-> DISABLED <-> OS-OTHER Mac OS X setuid privilege esclatation exploit attempt (snort3-os-other.rules) * 1:43945 <-> DISABLED <-> FILE-OTHER Magic Music Editor malformed CDA buffer overflow attempt (snort3-file-other.rules) * 1:47116 <-> DISABLED <-> SERVER-MAIL Zerofont phishing attempt (snort3-server-mail.rules) * 1:45536 <-> DISABLED <-> FILE-OTHER Ghostscript eqproc type confusion attempt (snort3-file-other.rules) * 1:38294 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (snort3-file-other.rules) * 1:44720 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (snort3-server-other.rules) * 1:36250 <-> DISABLED <-> SERVER-OTHER ntpd keyfile buffer overflow attempt (snort3-server-other.rules) * 1:45619 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (snort3-file-office.rules) * 1:45550 <-> ENABLED <-> PUA-OTHER CPUMiner-Multi cryptocurrency mining pool connection attempt (snort3-pua-other.rules) * 1:48221 <-> DISABLED <-> SERVER-OTHER Oracle MySQL uninitialized variable remote code execution attempt (snort3-server-other.rules) * 1:43627 <-> DISABLED <-> FILE-OTHER Schneider Electric MaxStream Configuration X-CTU code execution attempt (snort3-file-other.rules) * 1:47230 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (snort3-file-other.rules) * 1:41090 <-> DISABLED <-> SERVER-OTHER Rockwell Factorytalk RNADiagReceiver denial of service attempt (snort3-server-other.rules) * 1:38452 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (snort3-malware-other.rules) * 1:45224 <-> DISABLED <-> FILE-FLASH Adobe Flash memory corruption exploit attempt (snort3-file-flash.rules) * 1:47874 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (snort3-file-image.rules) * 1:40321 <-> DISABLED <-> SERVER-APACHE Apache Tomcat credential disclosure attempt (snort3-server-apache.rules) * 1:44906 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javscript use after free attempt (snort3-file-pdf.rules) * 1:37337 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (snort3-file-image.rules) * 1:43966 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .doc file denial of service attempt (snort3-os-windows.rules) * 1:48909 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:44703 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (snort3-policy-other.rules) * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (snort3-server-other.rules) * 1:36527 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (snort3-file-flash.rules) * 1:44985 <-> DISABLED <-> SERVER-OTHER Galil RIO-47100 denial of service attempt (snort3-server-other.rules) * 1:47908 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (snort3-file-image.rules) * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:40535 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (snort3-file-image.rules) * 1:46664 <-> DISABLED <-> INDICATOR-COMPROMISE Outbound freegeoip.net geo-IP location connection attempt (snort3-indicator-compromise.rules) * 1:46374 <-> DISABLED <-> PROTOCOL-OTHER CLDAP potential reflected distributed denial of service attempt (snort3-protocol-other.rules) * 1:38525 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Troll dropper document file detected (snort3-malware-other.rules) * 1:38319 <-> DISABLED <-> NETBIOS SMB winreg named pipe creation attempt (snort3-netbios.rules) * 1:41061 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Measured value (snort3-protocol-scada.rules) * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (snort3-policy-other.rules) * 1:38442 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (snort3-malware-other.rules) * 1:46259 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip out of bounds write attempt (snort3-file-flash.rules) * 1:42015 <-> DISABLED <-> SERVER-OTHER Randombit Botan Library X509 DistinguishedName out of bounds read attempt (snort3-server-other.rules) * 1:42268 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (snort3-file-other.rules) * 1:48965 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (snort3-file-pdf.rules) * 1:38660 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (snort3-malware-other.rules) * 1:37891 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS tunneling attempt (snort3-indicator-obfuscation.rules) * 1:39776 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (snort3-file-identify.rules) * 1:39150 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT negative message length underflow attempt (snort3-server-other.rules) * 1:39449 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server sp_addsrvrolemember privilege escalation attempt (snort3-server-mssql.rules) * 1:47382 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (snort3-file-image.rules) * 1:44056 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (snort3-file-multimedia.rules) * 1:39151 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT message length overflow attempt (snort3-server-other.rules) * 1:47196 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules) * 1:44058 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file EMR_ALPHABLEND record memory corruption attempt (snort3-file-other.rules) * 1:35563 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime esds atom buffer overread attempt (snort3-file-multimedia.rules) * 1:39665 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (snort3-file-other.rules) * 1:43239 <-> DISABLED <-> PROTOCOL-FTP WS-FTP REST command overly large file creation attempt (snort3-protocol-ftp.rules) * 1:35432 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (snort3-file-identify.rules) * 1:36735 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (snort3-protocol-voip.rules) * 1:41075 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 counter interrogation command (snort3-protocol-scada.rules) * 1:42824 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (snort3-malware-other.rules) * 1:44676 <-> DISABLED <-> SERVER-OTHER Wireshark Sigcomp buffer overflow attempt (snort3-server-other.rules) * 1:35849 <-> DISABLED <-> POLICY-OTHER EMC Documentum Content Server remote access attempt (snort3-policy-other.rules) * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (snort3-policy-other.rules) * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (snort3-file-identify.rules) * 1:41204 <-> DISABLED <-> FILE-PDF Adobe Reader XSL type confusion attempt (snort3-file-pdf.rules) * 1:45380 <-> DISABLED <-> SERVER-OTHER Sixnet SixView Manager directory traversal attempt (snort3-server-other.rules) * 1:40990 <-> DISABLED <-> OS-WINDOWS empty PostScript Type 1 font pfb file null dereference attempt (snort3-os-windows.rules) * 1:36071 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit browser version detection attempt (snort3-exploit-kit.rules) * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (snort3-file-office.rules) * 1:46931 <-> DISABLED <-> INDICATOR-COMPROMISE dynamic Excel web query file download attempt (snort3-indicator-compromise.rules) * 1:42971 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (snort3-file-pdf.rules) * 1:47319 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds write attempt (snort3-file-pdf.rules) * 1:48331 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:36410 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (snort3-os-windows.rules) * 1:35567 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid mvhd atom size out of bounds read attempt (snort3-file-multimedia.rules) * 1:43626 <-> DISABLED <-> FILE-OTHER Schneider Electric MaxStream Configuration X-CTU code execution attempt (snort3-file-other.rules) * 1:39977 <-> DISABLED <-> SERVER-OTHER BGP invalid length (snort3-server-other.rules) * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (snort3-file-identify.rules) * 1:36734 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (snort3-protocol-voip.rules) * 1:48932 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules) * 1:38697 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (snort3-file-identify.rules) * 1:38933 <-> DISABLED <-> INDICATOR-COMPROMISE IRC nick change on non-standard port (snort3-indicator-compromise.rules) * 1:38306 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (snort3-file-identify.rules) * 1:41736 <-> DISABLED <-> SERVER-OTHER Beck IPC CHIP DoS attempt (snort3-server-other.rules) * 1:36279 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (snort3-file-flash.rules) * 1:38327 <-> ENABLED <-> MALWARE-BACKDOOR ReGeorg proxy read attempt (snort3-malware-backdoor.rules) * 1:37401 <-> DISABLED <-> FILE-OTHER librtmp invalid pointer dereference attempt (snort3-file-other.rules) * 1:42823 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (snort3-malware-other.rules) * 1:45871 <-> DISABLED <-> PROTOCOL-SCADA IntegraXor 6x denial of service attempt (snort3-protocol-scada.rules) * 1:36767 <-> DISABLED <-> FILE-OTHER Microsoft Outlook for Mac EML file http-equiv refresh url attempt (snort3-file-other.rules) * 1:47352 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (snort3-file-image.rules) * 1:38373 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (snort3-malware-other.rules) * 1:42344 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (snort3-file-pdf.rules) * 1:39045 <-> DISABLED <-> FILE-OTHER libarchive RAR RestartModel out of bounds write attempt (snort3-file-other.rules) * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (snort3-file-identify.rules) * 1:47153 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (snort3-file-other.rules) * 1:44907 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javscript use after free attempt (snort3-file-pdf.rules) * 1:43623 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file HostList processing stack buffer overflow attempt (snort3-file-other.rules) * 1:36010 <-> DISABLED <-> OS-WINDOWS Microsoft Windows task scheduler race condition attempt (snort3-os-windows.rules) * 1:44864 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer OLE auto-open attempt (snort3-indicator-compromise.rules) * 1:37060 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (snort3-file-other.rules) * 1:44109 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (snort3-file-other.rules) * 1:45188 <-> DISABLED <-> SERVER-OTHER ElectraSoft 32bit FTP PASV reply stack buffer overflow attempt (snort3-server-other.rules) * 1:43226 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework CLI loader denial of service attempt (snort3-os-windows.rules) * 1:49027 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Ouputs ASCII reply (snort3-protocol-scada.rules) * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (snort3-server-other.rules) * 1:49031 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get PLC Name binary reply (snort3-protocol-scada.rules) * 1:38717 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:41049 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STOPDT ACT (snort3-protocol-scada.rules) * 1:45584 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP SIP servers discovery attempt (snort3-protocol-voip.rules) * 1:39922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (snort3-file-pdf.rules) * 1:43276 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (snort3-os-windows.rules) * 1:47357 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (snort3-file-image.rules) * 1:38499 <-> DISABLED <-> MALWARE-OTHER samsam sqlsrvtmg1.exe file load attempt (snort3-malware-other.rules) * 1:43840 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP response format string exploit attempt (snort3-file-other.rules) * 1:40564 <-> DISABLED <-> OS-LINUX Linux kernel madvise race condition attempt (snort3-os-linux.rules) * 1:39983 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt (snort3-indicator-compromise.rules) * 1:39769 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Alfa download attempt (snort3-malware-other.rules) * 1:37869 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (snort3-file-pdf.rules) * 1:45108 <-> DISABLED <-> PROTOCOL-RPC XDR string allocation denial of service attempt (snort3-protocol-rpc.rules) * 1:40530 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (snort3-pua-adware.rules) * 1:37642 <-> ENABLED <-> PUA-ADWARE Win.Adware.Dealply outbound POST attempt (snort3-pua-adware.rules) * 1:48135 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (snort3-file-image.rules) * 1:42870 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (snort3-file-pdf.rules) * 1:44666 <-> DISABLED <-> SERVER-OTHER Easy Chat Server buffer overflow attempt (snort3-server-other.rules) * 1:39766 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Ogimant outbound connection detected (snort3-malware-other.rules) * 1:39744 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (snort3-malware-tools.rules) * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (snort3-file-other.rules) * 1:36017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows use after free kernel privilege escalation attempt (snort3-os-windows.rules) * 1:43928 <-> DISABLED <-> PROTOCOL-OTHER NETBIOS Session Service header length field denial of service attempt (snort3-protocol-other.rules) * 1:37311 <-> DISABLED <-> BROWSER-CHROME Google Chrome MOTW pageSerializer HTML injection attempt (snort3-browser-chrome.rules) * 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (snort3-protocol-scada.rules) * 1:43143 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX arbitrary memory disclosure attempt (snort3-protocol-scada.rules) * 1:41526 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (snort3-indicator-compromise.rules) * 1:48913 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:37304 <-> DISABLED <-> APP-DETECT Hola VPN non-http port ping (snort3-app-detect.rules) * 1:35787 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader trusted function privilege escalation attempt (snort3-file-pdf.rules) * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (snort3-browser-firefox.rules) * 1:35639 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (snort3-file-flash.rules) * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (snort3-server-other.rules) * 1:36201 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit exfiltration attempt (snort3-exploit-kit.rules) * 1:38322 <-> DISABLED <-> NETBIOS SMB samr named pipe creation attempt (snort3-netbios.rules) * 1:43663 <-> DISABLED <-> SERVER-OTHER WSFTP IpSwitch custom SITE command execution attempt (snort3-server-other.rules) * 1:43387 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (snort3-os-windows.rules) * 1:49021 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Ouputs ASCII reply (snort3-protocol-scada.rules) * 1:37314 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (snort3-file-pdf.rules) * 1:36306 <-> DISABLED <-> FILE-PDF Foxit Reader PNG to PDF conversion heap buffer overflow attempt (snort3-file-pdf.rules) * 1:38551 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling splash_remove directory traversal attempt (snort3-server-other.rules) * 1:37331 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (snort3-file-image.rules) * 1:45411 <-> DISABLED <-> POLICY-OTHER TrendMicro ServerProtect server configuration file download detected (snort3-policy-other.rules) * 1:43806 <-> DISABLED <-> MALWARE-BACKDOOR HVL Rat inbound command (snort3-malware-backdoor.rules) * 1:44320 <-> DISABLED <-> SERVER-OTHER Symantec Firewalls DNS response denial of service attempt (snort3-server-other.rules) * 1:40050 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (snort3-malware-other.rules) * 1:40046 <-> DISABLED <-> SERVER-OTHER PHP locale_accept_from_http out of bounds read attempt (snort3-server-other.rules) * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (snort3-policy-other.rules) * 1:42223 <-> ENABLED <-> FILE-IDENTIFY AOP file download request (snort3-file-identify.rules) * 1:38691 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:39071 <-> DISABLED <-> SERVER-OTHER Aruba Networks IAP PAPI authentication bypass attempt (snort3-server-other.rules) * 1:48029 <-> DISABLED <-> SERVER-MAIL PHPMailer information disclosure attempt (snort3-server-mail.rules) * 1:41531 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (snort3-indicator-compromise.rules) * 1:43225 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework CLI loader denial of service attempt (snort3-os-windows.rules) * 1:43673 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products obfuscated cross site scripting attempt (snort3-browser-firefox.rules) * 1:39928 <-> ENABLED <-> MALWARE-OTHER pisloader DNS open command response attempt (snort3-malware-other.rules) * 1:46387 <-> DISABLED <-> SERVER-OTHER Multiple Vendors NTP zero-origin timestamp denial of service attempt (snort3-server-other.rules) * 1:49001 <-> DISABLED <-> PROTOCOL-SCADA PCOM Start Device ASCII request (snort3-protocol-scada.rules) * 1:45068 <-> DISABLED <-> SERVER-OTHER Oracle Identity Manager default login attempt (snort3-server-other.rules) * 1:39667 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (snort3-file-other.rules) * 1:41064 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Query Log (snort3-protocol-scada.rules) * 1:45027 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (snort3-file-pdf.rules) * 1:45085 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (snort3-file-flash.rules) * 1:44324 <-> DISABLED <-> POLICY-OTHER vsFTPd denial of service attempt (snort3-policy-other.rules) * 1:35433 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (snort3-file-identify.rules) * 1:39974 <-> ENABLED <-> MALWARE-OTHER Andr.Trojan.KungFu variant download (snort3-malware-other.rules) * 1:41796 <-> DISABLED <-> POLICY-OTHER Cisco IOS privileged user configuration transfer via TFTP detected (snort3-policy-other.rules) * 1:46373 <-> DISABLED <-> PROTOCOL-OTHER CLDAP potential reflected distributed denial of service attempt (snort3-protocol-other.rules) * 1:36477 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (snort3-file-flash.rules) * 1:44826 <-> DISABLED <-> OS-WINDOWS Microsoft Edge out of bounds write attempt (snort3-os-windows.rules) * 1:43384 <-> DISABLED <-> INDICATOR-COMPROMISE Wing FTP Server potentially malicious admin user creation attempt (snort3-indicator-compromise.rules) * 1:47266 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules) * 1:48321 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48585 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript resolveNode use-after-free attempt (snort3-file-pdf.rules) * 1:40330 <-> DISABLED <-> SERVER-OTHER JBoss directory traversal attempt (snort3-server-other.rules) * 1:46975 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (snort3-browser-chrome.rules) * 1:37325 <-> DISABLED <-> BROWSER-CHROME Google Chrome same origin policy bypass attempt (snort3-browser-chrome.rules) * 1:48991 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Bits ASCII request (snort3-protocol-scada.rules) * 1:45784 <-> DISABLED <-> FILE-PDF Adobe Reader annotation object out of bounds read attempt (snort3-file-pdf.rules) * 1:46670 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules) * 1:36034 <-> DISABLED <-> FILE-FLASH Infinity popup toolkit detected (snort3-file-flash.rules) * 1:38659 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (snort3-malware-other.rules) * 1:40015 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox about field spoofing attempt (snort3-browser-firefox.rules) * 1:37301 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (snort3-app-detect.rules) * 1:43227 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 force off denial of service attempt (snort3-protocol-scada.rules) * 1:44110 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (snort3-file-other.rules) * 1:43349 <-> DISABLED <-> SERVER-OTHER Karjasoft Sami HTTP Server denial of service attempt (snort3-server-other.rules) * 1:40389 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (snort3-file-identify.rules) * 1:48346 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:49011 <-> DISABLED <-> PROTOCOL-SCADA PCOM Identification ASCII reply (snort3-protocol-scada.rules) * 1:36596 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos privilege escalation attempt (snort3-os-windows.rules) * 1:38711 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:36278 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (snort3-file-flash.rules) * 1:43639 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (snort3-file-office.rules) * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (snort3-file-identify.rules) * 1:46399 <-> DISABLED <-> BROWSER-OTHER Mozilla Firefox table object integer underflow (snort3-browser-other.rules) * 1:39357 <-> ENABLED <-> MALWARE-OTHER Flopex outbound communication attempt (snort3-malware-other.rules) * 1:43764 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree node removal memory corruption attempt (snort3-browser-firefox.rules) * 1:43844 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (snort3-file-other.rules) * 1:43926 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA javascript use after free exploitation attempt (snort3-file-pdf.rules) * 1:37402 <-> DISABLED <-> FILE-OTHER librtmp invalid pointer dereference attempt (snort3-file-other.rules) * 1:41528 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (snort3-indicator-compromise.rules) * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (snort3-policy-other.rules) * 1:45777 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (snort3-file-other.rules) * 1:44020 <-> DISABLED <-> FILE-IMAGE malformed png missing IHDR (snort3-file-image.rules) * 1:35552 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (snort3-server-mail.rules) * 1:39047 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Internet Security kl1.sys out of bounds read attempt (snort3-file-executable.rules) * 1:48915 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:39048 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Internet Security kl1.sys out of bounds read attempt (snort3-file-executable.rules) * 1:48926 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:47154 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (snort3-file-other.rules) * 1:48343 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:40376 <-> DISABLED <-> OS-WINDOWS Microsoft GDI local privilege escalation attempt (snort3-os-windows.rules) * 1:39806 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (snort3-malware-other.rules) * 1:37649 <-> DISABLED <-> FILE-OTHER Sophos Anti-Virus reserved device name handling vulnerability attempt (snort3-file-other.rules) * 1:39109 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (snort3-file-pdf.rules) * 1:37864 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf xref offset out of bounds read attempt (snort3-file-pdf.rules) * 1:37732 <-> DISABLED <-> POLICY-OTHER eicar test string download attempt (snort3-policy-other.rules) * 1:46932 <-> DISABLED <-> INDICATOR-COMPROMISE dynamic Excel web query file download attempt (snort3-indicator-compromise.rules) * 1:47962 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (snort3-file-other.rules) * 1:44581 <-> DISABLED <-> SERVER-OTHER TrendMicro OfficeScan LogonUser buffer overflow attempt (snort3-server-other.rules) * 1:47886 <-> DISABLED <-> FILE-OTHER Microsoft Windows JET Database Engine out-of-bounds write attempt (snort3-file-other.rules) * 1:46409 <-> DISABLED <-> OS-WINDOWS Attempted DNS overflow (snort3-os-windows.rules) * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (snort3-server-other.rules) * 1:36062 <-> DISABLED <-> FILE-PDF Adobe Reader makeMeasurement information disclosure attempt (snort3-file-pdf.rules) * 1:43891 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (snort3-malware-other.rules) * 1:41440 <-> DISABLED <-> MALWARE-OTHER Dos.Tool.LOIC TCP default U dun goofed attack (snort3-malware-other.rules) * 1:45759 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View built-in function WebGetFile usage attempt (snort3-policy-other.rules) * 1:45587 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (snort3-server-other.rules) * 1:45431 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-RequestPDU (snort3-protocol-scada.rules) * 1:45311 <-> DISABLED <-> POLICY-OTHER Vicon Security and Infinova IP cameras IP filer state change (snort3-policy-other.rules) * 1:37500 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Basefont string overflow attempt (snort3-file-pdf.rules) * 1:40772 <-> DISABLED <-> PUA-ADWARE Win.Trojan.Miuref variant outbound connection (snort3-pua-adware.rules) * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules) * 1:41658 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.MagicHound dropper document file detected (snort3-malware-other.rules) * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (snort3-app-detect.rules) * 1:45024 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (snort3-file-pdf.rules) * 1:38449 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (snort3-malware-other.rules) * 1:48333 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:39830 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrypMIC outbound connection detected (snort3-malware-other.rules) * 1:48923 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:40485 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (snort3-file-pdf.rules) * 1:42226 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (snort3-os-solaris.rules) * 1:45030 <-> DISABLED <-> FILE-PDF JPEG2000 image coding style default information disclosure attempt (snort3-file-pdf.rules) * 1:38271 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt (snort3-server-other.rules) * 1:47328 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (snort3-file-image.rules) * 1:37365 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST client identifier overflow attempt (snort3-os-windows.rules) * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (snort3-policy-other.rules) * 1:44121 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (snort3-file-other.rules) * 1:36256 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (snort3-server-other.rules) * 1:42085 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (snort3-file-image.rules) * 1:43546 <-> DISABLED <-> INDICATOR-COMPROMISE Juniper vSRX Application Firewall IPv6 REJECT buffer overflow attempt (snort3-indicator-compromise.rules) * 1:35545 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (snort3-file-flash.rules) * 1:43670 <-> DISABLED <-> FILE-OTHER Node.js JS-YAML js function tag code execution attempt (snort3-file-other.rules) * 1:42271 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (snort3-file-other.rules) * 1:43547 <-> DISABLED <-> SERVER-APACHE httpd mod_mime content-type buffer overflow attempt (snort3-server-apache.rules) * 1:47896 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (snort3-server-other.rules) * 1:36011 <-> DISABLED <-> OS-WINDOWS Microsoft Windows task scheduler race condition attempt (snort3-os-windows.rules) * 1:38953 <-> ENABLED <-> PUA-ADWARE Win.Adware.OpenSoftwareUpdater variant outbound connection attempt (snort3-pua-adware.rules) * 1:47625 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (snort3-file-other.rules) * 1:43685 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod variant outbound connection (snort3-malware-other.rules) * 1:36479 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (snort3-file-flash.rules) * 1:40093 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineUnderline property use (snort3-indicator-compromise.rules) * 1:39777 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (snort3-file-identify.rules) * 1:47318 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds write attempt (snort3-file-pdf.rules) * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (snort3-server-mail.rules) * 1:39907 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 SMTP upload attempt (snort3-malware-other.rules) * 1:35807 <-> DISABLED <-> FILE-PDF Adobe Reader validation bypass privilege escalation attempt (snort3-file-pdf.rules) * 1:48571 <-> DISABLED <-> MALWARE-TOOLS JexBoss User-Agent detected (snort3-malware-tools.rules) * 1:39759 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (snort3-file-office.rules) * 1:36338 <-> ENABLED <-> MALWARE-OTHER Apple iTunes Connect HTTP response phishing attempt (snort3-malware-other.rules) * 1:43122 <-> DISABLED <-> PROTOCOL-SCADA Advantech WebAccess webvrpcs denial of service attempt (snort3-protocol-scada.rules) * 1:47612 <-> DISABLED <-> FILE-OTHER Easy MPEG to DVD Burner buffer overflow attempt (snort3-file-other.rules) * 1:44194 <-> DISABLED <-> FILE-MULTIMEDIA multiple audio players playlist file handling heap overflow attempt (snort3-file-multimedia.rules) * 1:38695 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:35414 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (snort3-file-multimedia.rules) * 1:38372 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (snort3-malware-other.rules) * 1:38548 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling null pointer dereference attempt (snort3-server-other.rules) * 1:45583 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP SIP servers discovery attempt (snort3-protocol-voip.rules) * 1:48864 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (snort3-indicator-obfuscation.rules) * 1:35241 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (snort3-file-pdf.rules) * 1:37418 <-> ENABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (snort3-malware-backdoor.rules) * 1:47944 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (snort3-file-image.rules) * 1:41070 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Single point information (snort3-protocol-scada.rules) * 1:35795 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (snort3-file-identify.rules) * 1:42082 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (snort3-indicator-compromise.rules) * 1:42928 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office with embedded EPS download attempt (snort3-indicator-compromise.rules) * 1:37452 <-> DISABLED <-> FILE-IDENTIFY PESpin v0.3 packer file magic detected (snort3-file-identify.rules) * 1:38682 <-> ENABLED <-> EXPLOIT-KIT Angler Exploit Kit email gate (snort3-exploit-kit.rules) * 1:38390 <-> DISABLED <-> SERVER-OTHER HP JetDirect PJL path traversal attempt (snort3-server-other.rules) * 1:43651 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox large window null pointer dereference attempt (snort3-browser-firefox.rules) * 1:35544 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (snort3-file-flash.rules) * 1:35641 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (snort3-file-flash.rules) * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (snort3-file-identify.rules) * 1:45641 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (snort3-policy-other.rules) * 1:43128 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration overwrite attempt (snort3-policy-other.rules) * 1:42460 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Reader PDF embedded null JPEG image (snort3-indicator-compromise.rules) * 1:48928 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:42127 <-> DISABLED <-> PROTOCOL-SCADA Eaton Network Pi3Web DOS attempt (snort3-protocol-scada.rules) * 1:43922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (snort3-file-pdf.rules) * 1:41529 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (snort3-indicator-compromise.rules) * 1:43259 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (snort3-file-other.rules) * 1:48987 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get UnitID ASCII request (snort3-protocol-scada.rules) * 1:38700 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:37362 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 conversion library code execution attempt (snort3-file-office.rules) * 1:38290 <-> DISABLED <-> FILE-PDF Oracle IOT IX SDK libvs_pdf null pointer dereference attempt (snort3-file-pdf.rules) * 1:35529 <-> DISABLED <-> FILE-OTHER Microsoft Windows malformed TTF table hmtx remote code execution attempt (snort3-file-other.rules) * 1:41640 <-> DISABLED <-> FILE-EXECUTABLE QuickHeal Internet Security malformed Mach-O file buffer overflow attempt (snort3-file-executable.rules) * 1:40827 <-> DISABLED <-> PUA-ADWARE MindSpark framework installer attempt (snort3-pua-adware.rules) * 1:40356 <-> DISABLED <-> PUA-ADWARE Win.Trojan.InstantAccess variant outbound connection (snort3-pua-adware.rules) * 1:44948 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (snort3-file-pdf.rules) * 1:40595 <-> DISABLED <-> PUA-ADWARE Win.Adware.CoolMirage outbound ad download attempt (snort3-pua-adware.rules) * 1:37499 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Basefont string overflow attempt (snort3-file-pdf.rules) * 1:44704 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (snort3-policy-other.rules) * 1:48332 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:48211 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out-of-bounds write attempt (snort3-file-pdf.rules) * 1:39599 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image tile size heap buffer overflow attempt (snort3-file-image.rules) * 1:45781 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (snort3-file-other.rules) * 1:46976 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (snort3-browser-chrome.rules) * 1:39633 <-> DISABLED <-> PUA-ADWARE Win.Adware.Mizenota outbound connection (snort3-pua-adware.rules) * 1:42351 <-> DISABLED <-> PROTOCOL-SCADA InduSoft Web Studio CEServer buffer overflow attempt (snort3-protocol-scada.rules) * 1:35253 <-> DISABLED <-> SERVER-OTHER LibreOffice Impress socket manager Use After Free attempt (snort3-server-other.rules) * 1:47269 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules) * 1:41755 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (snort3-indicator-compromise.rules) * 1:45348 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (snort3-file-java.rules) * 1:35851 <-> DISABLED <-> SERVER-OTHER QEMU VNC set-pixel-format memory corruption attempt (snort3-server-other.rules) * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (snort3-os-solaris.rules) * 1:44839 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF memory corruption attempt (snort3-file-office.rules) * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (snort3-policy-other.rules) * 1:38457 <-> DISABLED <-> POLICY-OTHER Suspicious typo squatting DNS query to .om TLD attempt (snort3-policy-other.rules) * 1:47019 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 __defineGetter__ memory corruption attempt (snort3-browser-chrome.rules) * 1:48167 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (snort3-server-other.rules) * 1:44208 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (snort3-file-pdf.rules) * 1:36376 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework lcfd endpoint daemon buffer overflow attempt (snort3-server-other.rules) * 1:44120 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record crash attempt (snort3-file-other.rules) * 1:45351 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (snort3-file-java.rules) * 1:44375 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid signature algorithm (snort3-server-other.rules) * 1:47685 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (snort3-file-pdf.rules) * 1:46382 <-> DISABLED <-> SERVER-OTHER Micro Focus Operations Orchestration denial of service attempt (snort3-server-other.rules) * 1:41132 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (snort3-file-office.rules) * 1:42229 <-> DISABLED <-> INDICATOR-COMPROMISE RTF url moniker COM file download attempt (snort3-indicator-compromise.rules) * 1:43229 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (snort3-file-other.rules) * 1:45758 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View guest login attempt (snort3-policy-other.rules) * 1:43751 <-> DISABLED <-> FILE-OTHER Sorensoft Media Player asz file buffer overflow attempt (snort3-file-other.rules) * 1:49008 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Operands binary request (snort3-protocol-scada.rules) * 1:37342 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (snort3-file-image.rules) * 1:43562 <-> DISABLED <-> POLICY-OTHER Teleopti WFM database information request detected (snort3-policy-other.rules) * 1:36277 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (snort3-file-flash.rules) * 1:45234 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon Quantum modbus start command attempt (snort3-protocol-scada.rules) * 1:43684 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod variant file download (snort3-malware-other.rules) * 1:36416 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel ALPC synchronous requests memory corruption attempt (snort3-os-windows.rules) * 1:41060 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 List directory (snort3-protocol-scada.rules) * 1:43302 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (snort3-file-flash.rules) * 1:45686 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded JPEG out of bounds read attempt (snort3-file-other.rules) * 1:38453 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (snort3-malware-other.rules) * 1:44691 <-> DISABLED <-> PUA-ADWARE Win.Adware.Clover outbound connection (snort3-pua-adware.rules) * 1:44476 <-> DISABLED <-> PUA-ADWARE Win.Adware.OutBrowse variant outbound connection detected (snort3-pua-adware.rules) * 1:45582 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (snort3-protocol-voip.rules) * 1:35546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (snort3-file-flash.rules) * 1:38446 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (snort3-malware-other.rules) * 1:38693 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:45591 <-> DISABLED <-> PROTOCOL-FTP LabF nfsAxe FTP Client buffer overflow attempt (snort3-protocol-ftp.rules) * 1:48340 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:44650 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB transfer attempt (snort3-malware-other.rules) * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:35740 <-> DISABLED <-> FILE-PDF Adobe Reader GoToE javascript execution attempt (snort3-file-pdf.rules) * 1:45476 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox HTTP index format out of bounds read attempt (snort3-browser-firefox.rules) * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (snort3-policy-other.rules) * 1:40529 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (snort3-pua-adware.rules) * 1:44050 <-> DISABLED <-> BROWSER-OTHER Apple Safari document.write buffer overflow attempt (snort3-browser-other.rules) * 1:46367 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file download detected (snort3-file-identify.rules) * 1:43369 <-> DISABLED <-> FILE-OTHER Compface xbm long declaration buffer overflow attempt (snort3-file-other.rules) * 1:44113 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (snort3-file-other.rules) * 1:40064 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (snort3-os-windows.rules) * 1:40186 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (snort3-policy-other.rules) * 1:39110 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office HCell HncChart out of bounds write attempt (snort3-file-office.rules) * 1:49026 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Bits ASCII reply (snort3-protocol-scada.rules) * 1:42263 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (snort3-file-other.rules) * 1:43075 <-> DISABLED <-> INDICATOR-COMPROMISE SysAid mssql potentially malicious user permissions creation (snort3-indicator-compromise.rules) * 1:46078 <-> DISABLED <-> FILE-IMAGE Gifsicle gifread double-free attempt (snort3-file-image.rules) * 1:37446 <-> DISABLED <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt (snort3-server-other.rules) * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (snort3-file-identify.rules) * 1:36435 <-> DISABLED <-> SERVER-OTHER Xerox Administrator Console password extraction attempt (snort3-server-other.rules) * 1:37407 <-> DISABLED <-> FILE-OTHER librtmp invalid pointer dereference attempt (snort3-file-other.rules) * 1:43610 <-> DISABLED <-> SERVER-OTHER Piwigo LocalFiles editor cross-site request forgery attempt (snort3-server-other.rules) * 1:40329 <-> DISABLED <-> SERVER-OTHER Axis2 directory traversal attempt (snort3-server-other.rules) * 1:41051 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 TESTFR ACT (snort3-protocol-scada.rules) * 1:45670 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (snort3-file-other.rules) * 1:39904 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 download attempt (snort3-malware-other.rules) * 1:43581 <-> DISABLED <-> SERVER-OTHER Oracle DBMS AUTH_ALTER_SESSION SQL injection attempt (snort3-server-other.rules) * 1:45803 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (snort3-file-other.rules) * 1:39450 <-> DISABLED <-> PROTOCOL-TFTP Firmware upgrade request (snort3-protocol-tftp.rules) * 1:48917 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:42269 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (snort3-file-other.rules) * 1:42918 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (snort3-file-identify.rules) * 1:39669 <-> DISABLED <-> FILE-PDF Adobe Reader submitForm SOP bypass attempt (snort3-file-pdf.rules) * 1:37302 <-> DISABLED <-> APP-DETECT Hola VPN X-Hola-Version header nonstandard port attempt (snort3-app-detect.rules) * 1:44103 <-> DISABLED <-> FILE-PDF Multiple products PDF JavaScript saveAs arbitrary file write attempt (snort3-file-pdf.rules) * 1:48339 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:43236 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (snort3-file-other.rules) * 1:37154 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid RSASSA-PSS certificate denial of service attempt (snort3-server-other.rules) * 1:37281 <-> DISABLED <-> FILE-OTHER Microsoft Office MScomctl.ocx memory leak attempt (snort3-file-other.rules) * 1:46073 <-> DISABLED <-> FILE-OTHER Python lib wave.py wav zero channel denial of service attempt (snort3-file-other.rules) * 1:38344 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT is operation null pointer dereference attempt (snort3-server-other.rules) * 1:42872 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (snort3-file-pdf.rules) * 1:45685 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro BMP out of bounds read attempt (snort3-file-image.rules) * 1:41649 <-> DISABLED <-> POLICY-OTHER Wordpress Press-This page access detected (snort3-policy-other.rules) * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (snort3-policy-other.rules) * 1:41990 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Com Session Moniker pivilege escalation attempt (snort3-file-executable.rules) * 1:48347 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:38454 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (snort3-malware-other.rules) * 1:45589 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (snort3-server-other.rules) * 1:48341 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:36612 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (snort3-indicator-compromise.rules) * 1:41055 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 End of initialization (snort3-protocol-scada.rules) * 1:43638 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (snort3-file-office.rules) * 1:38641 <-> DISABLED <-> INDICATOR-OBFUSCATION Invalid header line evasion attempt (snort3-indicator-obfuscation.rules) * 1:40327 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion fckeditor arbitrary file upload (snort3-server-other.rules) * 1:39362 <-> DISABLED <-> INDICATOR-COMPROMISE User-Agent blank user-agent string (snort3-indicator-compromise.rules) * 1:35411 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor Policy ByPass command injection attempt (snort3-browser-chrome.rules) * 1:39586 <-> DISABLED <-> PUA-ADWARE Win.Adware.Antivirus Container.exe referral link attempt (snort3-pua-adware.rules) * 1:41118 <-> DISABLED <-> SERVER-OTHER OpenSSL ChaCha20 Poly1305 heap-buffer overflow attempt (snort3-server-other.rules) * 1:44633 <-> DISABLED <-> SERVER-OTHER Colorado FTP Server directory traversal attempt (snort3-server-other.rules) * 1:40087 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineThrough property use (snort3-indicator-compromise.rules) * 1:39807 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Lethic outbound connection detected (snort3-malware-other.rules) * 1:48145 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (snort3-file-other.rules) * 1:37338 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (snort3-file-image.rules) * 1:38710 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:48584 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript resolveNode use-after-free attempt (snort3-file-pdf.rules) * 1:45776 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (snort3-file-other.rules) * 1:41050 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STOPDT CON (snort3-protocol-scada.rules) * 1:42352 <-> DISABLED <-> FILE-PDF Poppler readProgressiveSOF out of bounds write attempt (snort3-file-pdf.rules) * 1:48144 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (snort3-file-other.rules) * 1:43642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox multiple vulnerabilities memory corruption attempt (snort3-browser-firefox.rules) * 1:35528 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (snort3-policy-other.rules) * 1:38701 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:38270 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt (snort3-server-other.rules) * 1:47032 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (snort3-file-multimedia.rules) * 1:47252 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (snort3-file-other.rules) * 1:36253 <-> DISABLED <-> SERVER-OTHER ntpd saveconfig directory traversal attempt (snort3-server-other.rules) * 1:41081 <-> ENABLED <-> SERVER-OTHER Tarantool initial connection banner detected (snort3-server-other.rules) * 1:42087 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (snort3-file-image.rules) * 1:47361 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (snort3-file-image.rules) * 1:35988 <-> DISABLED <-> FILE-EXECUTABLE NtGdiStretchBlt buffer overflow privilege escalation attempt (snort3-file-executable.rules) * 1:44358 <-> DISABLED <-> PUA-ADWARE DealPly Adware variant outbound connection (snort3-pua-adware.rules) * 1:35287 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (snort3-file-flash.rules) * 1:35514 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtGdiGetTextMetricsW TEXTMETRICW kernel mode ASLR bypass attempt (snort3-os-windows.rules) * 1:41853 <-> DISABLED <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt (snort3-os-linux.rules) * 1:40190 <-> DISABLED <-> POLICY-OTHER SSH weak blowfish cipher suite use attempt (snort3-policy-other.rules) * 1:48894 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - Web Open Font Format evasion attempt (snort3-policy-spam.rules) * 1:47146 <-> DISABLED <-> POLICY-OTHER Siemens SICAM PAS hard coded factory account usage attempt (snort3-policy-other.rules) * 1:45640 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (snort3-policy-other.rules) * 1:48999 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Ouputs ASCII request (snort3-protocol-scada.rules) * 1:47687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (snort3-file-pdf.rules) * 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (snort3-server-other.rules) * 1:42318 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream width out of bounds read attempt (snort3-file-pdf.rules) * 1:45435 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ResponsePDU (snort3-protocol-scada.rules) * 1:37354 <-> DISABLED <-> APP-DETECT Jenkins Groovy script access through script console attempt (snort3-app-detect.rules) * 1:45919 <-> DISABLED <-> EXPLOIT-KIT Sundown/Terror EK landing page attempt (snort3-exploit-kit.rules) * 1:41299 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (snort3-file-image.rules) * 1:45253 <-> DISABLED <-> SERVER-OTHER Dahua DVR hard-coded root login attempt (snort3-server-other.rules) * 1:38279 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (snort3-malware-other.rules) * 1:47688 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (snort3-file-pdf.rules) * 1:40211 <-> DISABLED <-> PUA-ADWARE Win.Adware.EoRezo outbound connection (snort3-pua-adware.rules) * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (snort3-policy-other.rules) * 1:44111 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (snort3-file-other.rules) * 1:40839 <-> DISABLED <-> PUA-ADWARE Sokuxuan outbound connection attempt (snort3-pua-adware.rules) * 1:43879 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF polygon heap buffer overflow attempt (snort3-file-other.rules) * 1:48336 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:41065 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Read command (snort3-protocol-scada.rules) * 1:41027 <-> DISABLED <-> OS-LINUX Linux net af_packet.c tpacket version race condition use after free attempt (snort3-os-linux.rules) * 1:38500 <-> DISABLED <-> MALWARE-OTHER samsam delfiletype.exe file load attempt (snort3-malware-other.rules) * 1:45618 <-> DISABLED <-> PROTOCOL-SNMP Cambium ePMP SNMP request with read-only community string attempt (snort3-protocol-snmp.rules) * 1:42264 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (snort3-file-other.rules) * 1:35333 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (snort3-exploit-kit.rules) * 1:43233 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (snort3-file-other.rules) * 1:48212 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out-of-bounds write attempt (snort3-file-pdf.rules) * 1:37305 <-> DISABLED <-> APP-DETECT Hola VPN tunnel keep alive (snort3-app-detect.rules) * 1:43700 <-> DISABLED <-> SERVER-OTHER Monkey HTTPD null request denial of service attempt (snort3-server-other.rules) * 1:44204 <-> DISABLED <-> FILE-OTHER VideoLAN VLC Media Player Ogg/Vorbis denial of service attempt (snort3-file-other.rules) * 1:46957 <-> DISABLED <-> OS-WINDOWS Microsoft Windows hidparse.sys privilege escalation attempt (snort3-os-windows.rules) * 1:43263 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (snort3-file-other.rules) * 1:47018 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 __defineGetter__ memory corruption attempt (snort3-browser-chrome.rules) * 1:47362 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (snort3-file-image.rules) * 1:38863 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (snort3-file-identify.rules) * 1:37843 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK possible DoS attempt (snort3-server-other.rules) * 1:35979 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file download request (snort3-file-identify.rules) * 1:36404 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SepReferenceLowBoxObjects privilege escalation attempt (snort3-os-windows.rules) * 1:43368 <-> DISABLED <-> FILE-OTHER Compface xbm long declaration buffer overflow attempt (snort3-file-other.rules) * 1:36061 <-> DISABLED <-> SERVER-OTHER SAP SQL Anywhere .NET malformed integer buffer overflow attempt (snort3-server-other.rules) * 1:44982 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Kristina encryption over SMB attempt (snort3-malware-other.rules) * 1:44980 <-> DISABLED <-> FILE-PDF Foxit Reader util printf information disclosure attempt (snort3-file-pdf.rules) * 1:44615 <-> DISABLED <-> INDICATOR-OBFUSCATION suspicious javascript deobfuscation calls attempt (snort3-indicator-obfuscation.rules) * 1:37868 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (snort3-file-pdf.rules) * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (snort3-file-identify.rules) * 1:36029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys use after free attempt (snort3-os-windows.rules) * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules) * 1:45785 <-> DISABLED <-> FILE-PDF Adobe Reader annotation object out of bounds read attempt (snort3-file-pdf.rules) * 1:44055 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (snort3-file-multimedia.rules) * 1:36307 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (snort3-file-image.rules) * 1:48996 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Longs ASCII request (snort3-protocol-scada.rules) * 1:45534 <-> DISABLED <-> FILE-OTHER Ghostscript rsdparams type confusion attempt (snort3-file-other.rules) * 1:43136 <-> DISABLED <-> SERVER-MAIL SysGauge SMTP response buffer overflow (snort3-server-mail.rules) * 1:46729 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS out of bounds read attempt (snort3-file-other.rules) * 1:48039 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (snort3-file-image.rules) * 1:35845 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (snort3-exploit-kit.rules) * 1:44108 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (snort3-file-other.rules) * 1:48168 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (snort3-server-other.rules) * 1:40053 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (snort3-malware-other.rules) * 1:43603 <-> DISABLED <-> FILE-OTHER Schneider Electric ClearSCADA malicious OPF file (snort3-file-other.rules) * 1:41989 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Com Session Moniker pivilege escalation attempt (snort3-file-executable.rules) * 1:45533 <-> DISABLED <-> FILE-OTHER Ghostscript rsdparams type confusion attempt (snort3-file-other.rules) * 1:46074 <-> DISABLED <-> FILE-OTHER Microsoft Windows Remote Assistance external entity remote file download attempt (snort3-file-other.rules) * 1:39670 <-> DISABLED <-> FILE-PDF Adobe Reader submitForm SOP bypass attempt (snort3-file-pdf.rules) * 1:48338 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:43130 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (snort3-file-other.rules) * 1:43044 <-> DISABLED <-> SERVER-OTHER RaySharp DVR administrative interface access attempt (snort3-server-other.rules) * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (snort3-policy-other.rules) * 1:48577 <-> DISABLED <-> PROTOCOL-SCADA PNIO-CM Connect Operation (snort3-protocol-scada.rules) * 1:39050 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office NXDeleteLineObj memory corruption attempt (snort3-file-office.rules) * 1:44878 <-> DISABLED <-> SERVER-OTHER Mako Web Server arbitrary file upload attempt (snort3-server-other.rules) * 1:39682 <-> DISABLED <-> PUA-ADWARE Win.Adware.EoRezo outbound ad download attempt (snort3-pua-adware.rules) * 1:39264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (snort3-file-flash.rules) * 1:40484 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (snort3-file-pdf.rules) * 1:48989 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set RTC ASCII request (snort3-protocol-scada.rules) * 1:36096 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake oversized fragment length denial of service attempt (snort3-server-other.rules) * 1:44674 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query integer overflow attempt (snort3-server-mysql.rules) * 1:35764 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (snort3-server-other.rules) * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (snort3-file-java.rules) * 1:46304 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ JMS ObjectMessage deserialization attempt (snort3-server-other.rules) * 1:39671 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (snort3-file-other.rules) * 1:41784 <-> DISABLED <-> INDICATOR-COMPROMISE clorius controls information gathering attempt (snort3-indicator-compromise.rules) * 1:35665 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (snort3-file-flash.rules) * 1:39356 <-> ENABLED <-> MALWARE-OTHER Lamer outbound communication attempt (snort3-malware-other.rules) * 1:39902 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (snort3-pua-adware.rules) * 1:44935 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (snort3-file-other.rules) * 1:41301 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (snort3-file-image.rules) * 1:47157 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (snort3-file-image.rules) * 1:46909 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows Interrupt Service Routine stack rollback attempt (snort3-indicator-compromise.rules) * 1:42315 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream tile height out of bounds read attempt (snort3-file-pdf.rules) * 1:38864 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (snort3-file-identify.rules) * 1:39378 <-> DISABLED <-> PROTOCOL-FTP PUT overflow attempt (snort3-protocol-ftp.rules) * 1:43748 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox BOM character cross site scripting attempt (snort3-browser-firefox.rules) * 1:44574 <-> DISABLED <-> SERVER-OTHER Ipass Client control pipe remote code execution attempt (snort3-server-other.rules) * 1:47611 <-> DISABLED <-> FILE-OTHER Easy MPEG to DVD Burner buffer overflow attempt (snort3-file-other.rules) * 1:38546 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT table markup command out of bounds read attempt (snort3-server-other.rules) * 1:38709 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (snort3-policy-other.rules) * 1:42101 <-> DISABLED <-> FILE-EXECUTABLE AnC MMU side channel ASLR bypass attack (snort3-file-executable.rules) * 1:40525 <-> DISABLED <-> FILE-IMAGE LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt (snort3-file-image.rules) * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (snort3-file-identify.rules) * 1:44207 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (snort3-file-pdf.rules) * 1:35974 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SURFACE objects kernel privilege escalation attempt (snort3-os-windows.rules) * 1:38686 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:44394 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab variant outbound connection detected (snort3-pua-adware.rules) * 1:36012 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel SettingsSyncDiagnostics privilege escalation attempt (snort3-os-windows.rules) * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (snort3-server-mail.rules) * 1:46903 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows SYSTEM token stealing attempt (snort3-indicator-compromise.rules) * 1:44808 <-> DISABLED <-> INDICATOR-COMPROMISE Apache HTTP Server possible mod_dav.c remote denial of service vulnerability attempt (snort3-indicator-compromise.rules) * 1:35773 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (snort3-file-multimedia.rules) * 1:35469 <-> ENABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (snort3-file-java.rules) * 1:41069 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Single command (snort3-protocol-scada.rules) * 1:38699 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:47839 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (snort3-file-image.rules) * 1:47231 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (snort3-file-other.rules) * 1:35986 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserSetWindowsHook memory disclosure attempt (snort3-os-windows.rules) * 1:35980 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (snort3-file-identify.rules) * 1:44825 <-> DISABLED <-> OS-WINDOWS Microsoft Edge out of bounds write attempt (snort3-os-windows.rules) * 1:48337 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:49014 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Data Table binary request (snort3-protocol-scada.rules) * 1:40891 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file download request (snort3-file-identify.rules) * 1:41647 <-> DISABLED <-> POLICY-OTHER Piwik Analytics Platform PHP plugin installation detected (snort3-policy-other.rules) * 1:38497 <-> DISABLED <-> MALWARE-OTHER samsam delfiletype.exe file load attempt (snort3-malware-other.rules) * 1:43253 <-> DISABLED <-> PROTOCOL-SCADA IEC 61850 virtual manufacturing device domain variable enumeration attempt (snort3-protocol-scada.rules) * 1:45434 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-RequestPDU (snort3-protocol-scada.rules) * 1:45225 <-> DISABLED <-> FILE-FLASH Adobe Flash memory corruption exploit attempt (snort3-file-flash.rules) * 1:35562 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (snort3-file-multimedia.rules) * 1:43765 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL null menu memory corruption attempt (snort3-browser-firefox.rules) * 1:40317 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (snort3-server-apache.rules) * 1:42342 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (snort3-file-pdf.rules) * 1:43620 <-> DISABLED <-> SERVER-OTHER Real Networks Helix Server RTSP denial of service attempt (snort3-server-other.rules) * 1:48312 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:38856 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt (snort3-file-other.rules) * 1:39735 <-> DISABLED <-> FILE-OTHER VideoCharge buffer overflow SEH attempt (snort3-file-other.rules) * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (snort3-server-other.rules) * 1:40390 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (snort3-file-identify.rules) * 1:44585 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx object type confusion attempt (snort3-file-office.rules) * 1:36530 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (snort3-file-flash.rules) * 1:37496 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter compressed stream length code execution attempt (snort3-file-pdf.rules) * 1:45684 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro BMP out of bounds read attempt (snort3-file-image.rules) * 1:48862 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (snort3-indicator-obfuscation.rules) * 1:43301 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (snort3-file-flash.rules) * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules) * 1:36525 <-> DISABLED <-> FILE-JAVA Oracle Java TrueType font parsing mort table ligature subtable buffer overflow attempt (snort3-file-java.rules) * 1:44325 <-> DISABLED <-> FILE-OTHER ZIP file malformed header antivirus evasion attempt (snort3-file-other.rules) * 1:35186 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (snort3-file-flash.rules) * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (snort3-policy-other.rules) * 1:35189 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (snort3-file-flash.rules) * 1:49052 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (snort3-server-other.rules) * 1:49053 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (snort3-server-other.rules) * 1:49054 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (snort3-server-other.rules) * 1:49055 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (snort3-server-other.rules) * 1:49056 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (snort3-server-other.rules) * 1:49057 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (snort3-server-other.rules) * 1:49058 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (snort3-server-other.rules) * 1:49059 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (snort3-server-other.rules) * 1:49060 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (snort3-server-other.rules) * 1:49061 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (snort3-server-other.rules) * 1:49062 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (snort3-server-other.rules) * 1:49063 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (snort3-server-other.rules) * 1:49064 <-> DISABLED <-> SERVER-OTHER Westermo router default credential login attempt (snort3-server-other.rules) * 1:49065 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner getSystemState attempt (snort3-server-other.rules) * 1:49066 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (snort3-server-other.rules) * 1:49067 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (snort3-server-other.rules) * 1:35188 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (snort3-file-flash.rules) * 1:49050 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC S7-1500 remote denial of service attempt (snort3-protocol-scada.rules) * 1:35187 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (snort3-file-flash.rules) * 1:36546 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (snort3-server-other.rules) * 1:39993 <-> DISABLED <-> SERVER-OTHER Netcore router backdoor access attempt (snort3-server-other.rules) * 1:44206 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (snort3-file-pdf.rules) * 1:44114 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (snort3-file-other.rules) * 1:48223 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantomPDF use after free exploitation attempt (snort3-file-pdf.rules) * 1:49018 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Bits ASCII reply (snort3-protocol-scada.rules) * 1:39262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (snort3-file-flash.rules) * 1:41078 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 traffic to/from EXTERNAL_NET (snort3-protocol-scada.rules) * 1:41757 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (snort3-indicator-compromise.rules) * 1:37524 <-> DISABLED <-> FILE-OTHER ReGet Deluxe wjr file buffer overflow attempt (snort3-file-other.rules) * 1:42938 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (snort3-file-image.rules) * 1:48936 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:40894 <-> DISABLED <-> FILE-OTHER R Project PDF encoding buffer overflow attempt (snort3-file-other.rules) * 1:44172 <-> DISABLED <-> INDICATOR-OBFUSCATION suspicious dynamic http link creation attempt (snort3-indicator-obfuscation.rules) * 1:38650 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (snort3-malware-other.rules) * 1:44304 <-> DISABLED <-> FILE-OFFICE Microsoft PowerPoint CString atom overflow attempt (snort3-file-office.rules) * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (snort3-file-identify.rules) * 1:43918 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (snort3-file-pdf.rules) * 1:44743 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (snort3-server-other.rules) * 1:38578 <-> DISABLED <-> SERVER-OTHER Pidgin multimx_message_received out of bounds read attempt (snort3-server-other.rules) * 1:36362 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (snort3-os-mobile.rules) * 1:35548 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (snort3-file-flash.rules) * 1:41097 <-> DISABLED <-> SERVER-OTHER Moxa AWK-3131A serviceAgent information disclosure attempt (snort3-server-other.rules) * 1:45256 <-> DISABLED <-> BROWSER-OTHER IBM Notes denial of service attempt (snort3-browser-other.rules) * 1:38130 <-> DISABLED <-> POLICY-OTHER HTTP Request missing user-agent (snort3-policy-other.rules) * 1:46905 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows malicious CONTEXT structure creation attempt (snort3-indicator-compromise.rules) * 1:46336 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed User Manager service unauthorized API access attempt (snort3-server-apache.rules) * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (snort3-server-other.rules) * 1:43988 <-> DISABLED <-> SERVER-OTHER Konqueror KDE ftp iframe denial of service attempt (snort3-server-other.rules) * 1:35413 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (snort3-file-multimedia.rules) * 1:40296 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (snort3-file-image.rules) * 1:40526 <-> DISABLED <-> FILE-IMAGE LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt (snort3-file-image.rules) * 1:49016 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set RTC ASCII reply (snort3-protocol-scada.rules) * 1:37291 <-> DISABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (snort3-server-other.rules) * 1:40054 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (snort3-malware-other.rules) * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (snort3-file-flash.rules) * 1:42847 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF heap overflow attempt (snort3-file-image.rules) * 1:47379 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (snort3-file-pdf.rules) * 1:38136 <-> DISABLED <-> SERVER-MAIL excessive email recipients - potential spam attempt (snort3-server-mail.rules) * 1:36248 <-> DISABLED <-> SERVER-OTHER IRC w3wt0rk pitbull perl bot remote command execution attempt (snort3-server-other.rules) * 1:36309 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (snort3-file-image.rules) * 1:41530 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (snort3-indicator-compromise.rules) * 1:40774 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (snort3-file-pdf.rules) * 1:43127 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration enumeration attempt (snort3-policy-other.rules) * 1:40333 <-> DISABLED <-> PROTOCOL-SCADA Rockwell firmware upload attempt (snort3-protocol-scada.rules) * 1:45747 <-> DISABLED <-> SERVER-OTHER CloudMe Sync Client stack buffer overflow attempt (snort3-server-other.rules) * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (snort3-policy-other.rules) * 1:39595 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (snort3-file-image.rules) * 1:48310 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:43138 <-> DISABLED <-> FILE-OTHER INSAT MasterSCADA malicious project command execution attempt (snort3-file-other.rules) * 1:36241 <-> ENABLED <-> MALWARE-OTHER self-signed SSL certificate transfer for EXEPROXY attempt (snort3-malware-other.rules) * 1:47369 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (snort3-file-other.rules) * 1:48823 <-> DISABLED <-> POLICY-OTHER C-More Programming Simulator denial of service attempt (snort3-policy-other.rules) * 1:44920 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusRectF out of bounds read attempt (snort3-file-other.rules) * 1:42940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (snort3-file-image.rules) * 1:44648 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB transfer attempt (snort3-malware-other.rules) * 1:44203 <-> DISABLED <-> SERVER-OTHER HP Data Protector memory corruption attempt (snort3-server-other.rules) * 1:38655 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (snort3-malware-other.rules) * 1:35876 <-> DISABLED <-> FILE-OTHER InduSoft Web Studio insecure visual basic code execution attempt (snort3-file-other.rules) * 1:37318 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rpawinet.dll dll-load exploit attempt (snort3-file-office.rules) * 1:39929 <-> ENABLED <-> MALWARE-OTHER pisloader DNS sinfo command response attempt (snort3-malware-other.rules) * 1:46906 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows malicious CONTEXT structure creation attempt (snort3-indicator-compromise.rules) * 1:39771 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (snort3-malware-tools.rules) * 1:39706 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (snort3-browser-other.rules) * 1:43123 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Password read or write attempt (snort3-indicator-compromise.rules) * 1:43768 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox floating layer denial of service attempt (snort3-browser-firefox.rules) * 1:49028 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Integers ASCII reply (snort3-protocol-scada.rules) * 1:37299 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (snort3-app-detect.rules) * 1:37403 <-> DISABLED <-> SERVER-OTHER Easy Chat server authentication request password parameter overflow attempt (snort3-server-other.rules) * 1:43683 <-> DISABLED <-> FILE-OTHER Xion Media Player AIFF denial of service attempt (snort3-file-other.rules) * 1:35542 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit flash exploit download attempt (snort3-exploit-kit.rules) * 1:36528 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (snort3-file-flash.rules) * 1:36973 <-> DISABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (snort3-file-other.rules) * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (snort3-policy-other.rules) * 1:38376 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (snort3-malware-other.rules) * 1:38951 <-> ENABLED <-> PUA-ADWARE Win.Adware.OpenSoftwareUpdater variant outbound connection attempt (snort3-pua-adware.rules) * 1:38545 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_update_contact out of bounds read attempt (snort3-server-other.rules) * 1:47059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (snort3-file-image.rules) * 1:35417 <-> DISABLED <-> SERVER-OTHER Fortinet Single Sign On hello message denial of service attempt (snort3-server-other.rules) * 1:41483 <-> DISABLED <-> FILE-OTHER LexMark Perceptive Document Filters BZIP2 convert out of bounds write attempt (snort3-file-other.rules) * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:48920 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:41207 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed PlaceObject3 memory corruption attempt (snort3-file-flash.rules) * 1:38657 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (snort3-malware-other.rules) * 1:43827 <-> DISABLED <-> BROWSER-OTHER Opera animation element denial of service attempt (snort3-browser-other.rules) * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (snort3-policy-other.rules) * 1:44057 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file EMR_ALPHABLEND record memory corruption attempt (snort3-file-other.rules) * 1:45545 <-> DISABLED <-> PUA-ADWARE Osx.Adware.Mughthesec outbound connection attempt (snort3-pua-adware.rules) * 1:46916 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (snort3-file-multimedia.rules) * 1:37330 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (snort3-file-image.rules) * 1:45492 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word PlfLfo use after free attempt (snort3-file-office.rules) * 1:35769 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Cobrike inbound connection (snort3-malware-backdoor.rules) * 1:42307 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF out of bounds memory access attempt (snort3-file-pdf.rules) * 1:43443 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Sorebrect download attempt (snort3-malware-other.rules) * 1:43624 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file InformixServerList processing stack buffer overflow attempt (snort3-file-other.rules) * 1:39663 <-> DISABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt (snort3-file-other.rules) * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (snort3-file-identify.rules) * 1:43769 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (snort3-server-other.rules) * 1:35786 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader trusted function privilege escalation attempt (snort3-file-pdf.rules) * 1:39927 <-> ENABLED <-> MALWARE-OTHER pisloader DNS list command response attempt (snort3-malware-other.rules) * 1:38575 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS change cipher spec protocol denial of service attempt (snort3-server-other.rules) * 1:40316 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (snort3-server-apache.rules) * 1:46375 <-> DISABLED <-> SERVER-OTHER DualDesk v20 Proxy.exe long string denial of service attempt (snort3-server-other.rules) * 1:47413 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic T3 inbound connection detected (snort3-policy-other.rules) * 1:37300 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (snort3-app-detect.rules) * 1:41068 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Set point command (snort3-protocol-scada.rules) * 1:39596 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (snort3-file-image.rules) * 1:38365 <-> DISABLED <-> SERVER-OTHER TCPDUMP ISAKMP payload handling denial of service attempt (snort3-server-other.rules) * 1:39059 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:41701 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DSGetNCChanges attempt (snort3-policy-other.rules) * 1:39600 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image tile size heap buffer overflow attempt (snort3-file-image.rules) * 1:47060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (snort3-file-image.rules) * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (snort3-server-other.rules) * 1:37375 <-> DISABLED <-> SERVER-MAIL Multiple IMAP servers EXAMINE command buffer overflow attempt (snort3-server-mail.rules) * 1:37368 <-> DISABLED <-> SERVER-OTHER Multiple Vendors SOAP large array information disclosure attempt (snort3-server-other.rules) * 1:39975 <-> ENABLED <-> MALWARE-OTHER Andr.Trojan.KungFu variant download (snort3-malware-other.rules) * 1:39900 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (snort3-pua-adware.rules) * 1:48861 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (snort3-indicator-obfuscation.rules) * 1:44679 <-> DISABLED <-> SERVER-OTHER Beetel Connection Manager username buffer overflow attempt (snort3-server-other.rules) * 1:39637 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ranscam initial download attempt (snort3-malware-other.rules) * 1:40387 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (snort3-file-identify.rules) * 1:46910 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows Interrupt Service Routine stack rollback attempt (snort3-indicator-compromise.rules) * 1:42939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (snort3-file-image.rules) * 1:39772 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (snort3-malware-tools.rules) * 1:44690 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (snort3-server-other.rules) * 1:43125 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Password read or write attempt (snort3-indicator-compromise.rules) * 1:42937 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (snort3-file-image.rules) * 1:38360 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (snort3-malware-other.rules) * 1:36733 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (snort3-protocol-voip.rules) * 1:40594 <-> DISABLED <-> PUA-ADWARE Win.Adware.CoolMirage outbound ad download attempt (snort3-pua-adware.rules) * 1:35554 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (snort3-server-mail.rules) * 1:49013 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get UnitID ASCII reply (snort3-protocol-scada.rules) * 1:40773 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (snort3-file-pdf.rules) * 1:41812 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ fileserver broker service file move attempt (snort3-server-other.rules) * 1:47884 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (snort3-file-other.rules) * 1:43843 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (snort3-file-other.rules) * 1:47332 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (snort3-file-other.rules) * 1:36456 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (snort3-file-multimedia.rules) * 1:43144 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX arbitrary memory disclosure attempt (snort3-protocol-scada.rules) * 1:44784 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (snort3-file-identify.rules) * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (snort3-os-solaris.rules) * 1:42875 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (snort3-file-pdf.rules) * 1:35664 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (snort3-file-flash.rules) * 1:43542 <-> DISABLED <-> SERVER-OTHER CCProxy telnet ping buffer overflow attempt (snort3-server-other.rules) * 1:41059 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Last section (snort3-protocol-scada.rules) * 1:44586 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx object type confusion attempt (snort3-file-office.rules) * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (snort3-policy-other.rules) * 1:36607 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (snort3-file-flash.rules) * 1:44119 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record crash attempt (snort3-file-other.rules) * 1:37420 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT initial connection (snort3-malware-backdoor.rules) * 1:46258 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip out of bounds write attempt (snort3-file-flash.rules) * 1:49032 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Data Table binary reply (snort3-protocol-scada.rules) * 1:35977 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateObjectTask privilege escalation attempt (snort3-os-windows.rules) * 1:40295 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (snort3-file-image.rules) * 1:41057 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Integrated totals (snort3-protocol-scada.rules) * 1:48313 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:44064 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (snort3-file-other.rules) * 1:42970 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (snort3-file-pdf.rules) * 1:35334 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (snort3-exploit-kit.rules) * 1:38280 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (snort3-malware-other.rules) * 1:37315 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (snort3-file-pdf.rules) * 1:47093 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (snort3-pua-adware.rules) * 1:41527 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (snort3-indicator-compromise.rules) * 1:48127 <-> DISABLED <-> SERVER-OTHER Reliance SCADA Control Server Denial of Service attempt (snort3-server-other.rules) * 1:44663 <-> DISABLED <-> SERVER-OTHER Mikrotik RouterOS SNMP security bypass attempt (snort3-server-other.rules) * 1:46958 <-> DISABLED <-> OS-WINDOWS Microsoft Windows hidparse.sys privilege escalation attempt (snort3-os-windows.rules) * 1:41762 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (snort3-policy-other.rules) * 1:38707 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (snort3-policy-other.rules) * 1:46327 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed PageManagementService persistent XSS attempt (snort3-server-apache.rules) * 1:45879 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF listoverride memory corruption attempt (snort3-file-office.rules) * 1:36403 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SepReferenceLowBoxObjects privilege escalation attempt (snort3-os-windows.rules) * 1:48345 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:46619 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (snort3-os-linux.rules) * 1:35530 <-> DISABLED <-> FILE-OTHER Microsoft Windows malformed TTF table hmtx remote code execution attempt (snort3-file-other.rules) * 1:43987 <-> DISABLED <-> SERVER-OTHER Konqueror KDE ftp iframe denial of service attempt (snort3-server-other.rules) * 1:35805 <-> DISABLED <-> FILE-EXECUTABLE Adobe Reader NtSetInformationFile privilege escalation attempt (snort3-file-executable.rules) * 1:42064 <-> DISABLED <-> SERVER-OTHER kaskad SCADA daserver heap overflow exploitation attempt (snort3-server-other.rules) * 1:36420 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (snort3-policy-other.rules) * 1:47378 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (snort3-file-pdf.rules) * 1:41302 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (snort3-file-image.rules) * 1:37863 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (snort3-file-pdf.rules) * 1:46420 <-> DISABLED <-> OS-WINDOWS Microsoft Windows XXE information disclosure attempt (snort3-os-windows.rules) * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules) * 1:38060 <-> DISABLED <-> POLICY-OTHER SSLv2 Client Hello attempt (snort3-policy-other.rules) * 1:45028 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (snort3-file-pdf.rules) * 1:41637 <-> DISABLED <-> INDICATOR-COMPROMISE Writable SQL directories discovery attempt (snort3-indicator-compromise.rules) * 1:43763 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree node removal memory corruption attempt (snort3-browser-firefox.rules) * 1:43753 <-> DISABLED <-> SERVER-OTHER Sami FTP RETR denial of service attempt (snort3-server-other.rules) * 1:37654 <-> DISABLED <-> OS-LINUX Linux kernel SCTP handshake COOKIE ECHO Chunks denial of service attempt (snort3-os-linux.rules) * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (snort3-file-identify.rules) * 1:38683 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:41925 <-> DISABLED <-> FILE-OTHER Notepad++ scilexer.dll dll-load exploit attempt (snort3-file-other.rules) * 1:42972 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (snort3-file-pdf.rules) * 1:45023 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (snort3-file-pdf.rules) * 1:38855 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (snort3-file-identify.rules) * 1:38893 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (snort3-malware-other.rules) * 1:38502 <-> DISABLED <-> MALWARE-OTHER samsam sqlsrvtmg1.exe file load attempt (snort3-malware-other.rules) * 1:39787 <-> DISABLED <-> PUA-ADWARE Win.Dowadmin.Adware outbound connection detected (snort3-pua-adware.rules) * 1:38712 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:38719 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:35240 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (snort3-file-pdf.rules) * 1:38663 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (snort3-malware-other.rules) * 1:47233 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules) * 1:44686 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (snort3-server-other.rules) * 1:44756 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK denial of service attempt (snort3-server-other.rules) * 1:48319 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:40095 <-> DISABLED <-> INDICATOR-SCAN Microsoft Internet Explorer AnchorElement information disclosure attempt (snort3-indicator-scan.rules) * 1:48929 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:44941 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader FDF file security bypass attempt (snort3-file-other.rules) * 1:42995 <-> DISABLED <-> PROTOCOL-SCADA Weintek EB Pro denial of service attempt (snort3-protocol-scada.rules) * 1:46613 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (snort3-os-linux.rules) * 1:36548 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (snort3-server-other.rules) * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (snort3-file-identify.rules) * 1:46879 <-> DISABLED <-> SERVER-OTHER BMC Server Automation RSCD Agent remote code execution attempt (snort3-server-other.rules) * 1:39587 <-> DISABLED <-> PUA-ADWARE Win.Adware.Antivirus Container.exe referral link attempt (snort3-pua-adware.rules) * 1:36611 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (snort3-indicator-compromise.rules) * 1:38702 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:43826 <-> DISABLED <-> BROWSER-OTHER Opera animation element denial of service attempt (snort3-browser-other.rules) * 1:45770 <-> DISABLED <-> POLICY-OTHER Polycom VoIP config download attempt (snort3-policy-other.rules) * 1:38716 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:43221 <-> ENABLED <-> MALWARE-OTHER Win.Trojan-Downloader.Jadtree GET request of RAR file to server (snort3-malware-other.rules) * 1:36825 <-> DISABLED <-> PUA-ADWARE DealPly Adware variant outbound connection (snort3-pua-adware.rules) * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (snort3-policy-other.rules) * 1:48342 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco WebEx explicit use of web plugin (snort3-policy-other.rules) * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (snort3-server-other.rules) * 1:47889 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (snort3-file-office.rules) * 1:40188 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (snort3-policy-other.rules) * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (snort3-policy-other.rules) * 1:36035 <-> DISABLED <-> FILE-FLASH Infinity popup toolkit detected (snort3-file-flash.rules) * 1:37059 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (snort3-file-other.rules) * 1:45432 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ResponsePDU (snort3-protocol-scada.rules) * 1:47232 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules) * 1:44143 <-> DISABLED <-> SERVER-OTHER LCDproc test_func format string code execution attempt (snort3-server-other.rules) * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (snort3-file-identify.rules) * 1:40361 <-> DISABLED <-> BROWSER-OTHER Android Browser potential denial of service attempt (snort3-browser-other.rules) * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (snort3-policy-other.rules) * 1:35776 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (snort3-file-multimedia.rules) * 1:38857 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt (snort3-file-other.rules) * 1:45535 <-> DISABLED <-> FILE-OTHER Ghostscript eqproc type confusion attempt (snort3-file-other.rules) * 1:43956 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine integer overflow attempt (snort3-browser-chrome.rules) * 1:46122 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (snort3-protocol-other.rules) * 1:47344 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (snort3-file-image.rules) * 1:45440 <-> DISABLED <-> SERVER-OTHER HP LoadRunner remote command execution attempt (snort3-server-other.rules) * 1:46878 <-> DISABLED <-> SERVER-OTHER BMC Server Automation RSCD Agent remote code execution attempt (snort3-server-other.rules) * 1:37431 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ExtGState use after free attempt (snort3-file-pdf.rules) * 1:47275 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules) * 1:43277 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (snort3-os-windows.rules) * 1:39673 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (snort3-file-image.rules) * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (snort3-file-flash.rules) * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (snort3-file-identify.rules) * 1:43601 <-> DISABLED <-> FILE-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (snort3-file-other.rules) * 1:41298 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (snort3-file-image.rules) * 1:43300 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (snort3-file-flash.rules) * 1:36462 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost verifypwd buffer overflow attempt (snort3-server-other.rules) * 1:42281 <-> DISABLED <-> OS-SOLARIS Solaris catflap telnet remote code execution attempt (snort3-os-solaris.rules) * 1:39780 <-> DISABLED <-> FILE-OTHER Ubisoft Heroes of Might and Magic III .h3m map file buffer overflow attempt (snort3-file-other.rules) * 1:44374 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid hash algorithm (snort3-server-other.rules) * 1:38550 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling splash_remove directory traversal attempt (snort3-server-other.rules) * 1:40459 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (snort3-file-office.rules) * 1:44039 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Launch action buffer overflow attempt (snort3-file-pdf.rules) * 1:46798 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (snort3-file-other.rules) * 1:45436 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ErrorPDU (snort3-protocol-scada.rules) * 1:40357 <-> DISABLED <-> PUA-ADWARE Win.Trojan.InstantAccess variant outbound connection (snort3-pua-adware.rules) * 1:41043 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Ethernet Reset attempt (snort3-protocol-scada.rules) * 1:35973 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SURFACE objects kernel privilege escalation attempt (snort3-os-windows.rules) * 1:46616 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (snort3-os-linux.rules) * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules) * 1:37648 <-> DISABLED <-> SQL Oracle e-Business Suite JTF_BISUTILITY_PUB SQL injection attempt (snort3-sql.rules) * 1:36025 <-> DISABLED <-> SERVER-OTHER Digium Asterisk TLS Certificate Common Name null byte validation bypass attempt (snort3-server-other.rules) * 1:44651 <-> DISABLED <-> NETBIOS SMB NTLMSSP authentication brute force attempt (snort3-netbios.rules) * 1:38328 <-> ENABLED <-> MALWARE-BACKDOOR ReGeorg socks proxy connection attempt (snort3-malware-backdoor.rules) * 1:35289 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (snort3-file-flash.rules) * 1:36305 <-> DISABLED <-> FILE-PDF Foxit Reader PNG to PDF conversion heap buffer overflow attempt (snort3-file-pdf.rules) * 1:44662 <-> DISABLED <-> SERVER-OTHER D-Link DIR-300 and DIR-600 information disclosure attempt (snort3-server-other.rules) * 1:38866 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (snort3-file-identify.rules) * 1:39265 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (snort3-file-flash.rules) * 1:43054 <-> DISABLED <-> OS-WINDOWS Microsoft Windows IIS buffer overflow attempt (snort3-os-windows.rules) * 1:36446 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 10 low integrity level NTFS mount reparse point bypass attempt (snort3-os-windows.rules) * 1:35826 <-> DISABLED <-> FILE-OTHER TAR archive with absolute path detected (snort3-file-other.rules) * 1:35564 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime esds atom buffer overread attempt (snort3-file-multimedia.rules) * 1:38662 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (snort3-malware-other.rules) * 1:36013 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel SettingsSyncDiagnostics privilege escalation attempt (snort3-os-windows.rules) * 1:47360 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (snort3-file-image.rules) * 1:42065 <-> DISABLED <-> SERVER-OTHER kaskad SCADA daserver heap overflow exploitation attempt (snort3-server-other.rules) * 1:41054 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Double point information (snort3-protocol-scada.rules) * 1:46672 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules) * 1:36067 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (snort3-server-other.rules) * 1:46712 <-> DISABLED <-> FILE-OTHER Adobe Professional BMP embedded image heap overflow attempt (snort3-file-other.rules) * 1:46618 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (snort3-os-linux.rules) * 1:35994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop window privilege escalation attempt (snort3-os-windows.rules) * 1:42055 <-> DISABLED <-> PROTOCOL-SCADA Moxa password retrieval attempt (snort3-protocol-scada.rules) * 1:40164 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (snort3-file-flash.rules) * 1:44368 <-> DISABLED <-> PROTOCOL-SCADA CoDeSys GatewayService heap overrun attempt (snort3-protocol-scada.rules) * 1:37545 <-> DISABLED <-> POLICY-OTHER Netcore/Netis firmware hard-coded backdoor account access attempt (snort3-policy-other.rules) * 1:47383 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (snort3-file-image.rules) * 1:38687 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (snort3-file-identify.rules) * 1:43971 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIER16 out of bounds access attempt (snort3-file-multimedia.rules) * 1:35371 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Bimteni variant initial outbound connection (snort3-malware-backdoor.rules) * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules) * 1:37054 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (snort3-file-other.rules) * 1:40171 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player use after free attempt (snort3-file-flash.rules) * 1:36409 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (snort3-os-windows.rules) * 1:41462 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (snort3-file-executable.rules) * 1:36063 <-> DISABLED <-> FILE-PDF Adobe Reader makeMeasurement information disclosure attempt (snort3-file-pdf.rules) * 1:36239 <-> ENABLED <-> FILE-JAVA Oracle Java System.arraycopy race condition attempt (snort3-file-java.rules) * 1:46671 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules) * 1:39734 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Xtrat outbound connection detected (snort3-malware-other.rules) * 1:45125 <-> DISABLED <-> FILE-OTHER Adobe Shockwave newModel memory disclosure attempt (snort3-file-other.rules) * 1:42086 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (snort3-file-image.rules) * 1:36562 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (snort3-os-windows.rules) * 1:38569 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (snort3-file-other.rules) * 1:46403 <-> DISABLED <-> NETBIOS SMB NTLM Authentication with unknown authentication message type attempt (snort3-netbios.rules) * 1:36408 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (snort3-os-windows.rules) * 1:43662 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Servlet information disclosure attempt (snort3-server-oracle.rules) * 1:42261 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (snort3-file-identify.rules) * 1:46484 <-> DISABLED <-> SERVER-MAIL Multiple IMAP servers DELETE command buffer overflow attempt (snort3-server-mail.rules) * 1:38851 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file download request (snort3-file-identify.rules) * 1:47329 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (snort3-file-image.rules) * 1:38704 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:36308 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (snort3-file-image.rules) * 1:45043 <-> DISABLED <-> BROWSER-OTHER Adobe Acrobat Pro WebCapture information disclosure attempt (snort3-browser-other.rules) * 1:37355 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page detected (snort3-exploit-kit.rules) * 1:38658 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (snort3-malware-other.rules) * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (snort3-file-identify.rules) * 1:38342 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf Root xref stack exhaustion attempt (snort3-file-pdf.rules) * 1:37028 <-> DISABLED <-> PROTOCOL-OTHER Websocket upgrade request without a client key detected (snort3-protocol-other.rules) * 1:44958 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed XObject use after free attempt (snort3-file-pdf.rules) * 1:38731 <-> DISABLED <-> SERVER-OTHER Squid Proxy range header denial of service attempt (snort3-server-other.rules) * 1:39676 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (snort3-file-image.rules) * 1:47251 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (snort3-file-other.rules) * 1:47686 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (snort3-file-pdf.rules) * 1:43874 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (snort3-file-image.rules) * 1:45571 <-> DISABLED <-> SERVER-OTHER Commvault Communications Service command injection attempt (snort3-server-other.rules) * 1:43133 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (snort3-file-other.rules) * 1:38321 <-> DISABLED <-> NETBIOS SMB svcctl named pipe creation attempt (snort3-netbios.rules) * 1:36523 <-> DISABLED <-> EXPLOIT-KIT Sundown exploit kit landing page detected (snort3-exploit-kit.rules) * 1:43235 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (snort3-file-other.rules) * 1:39760 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (snort3-file-office.rules) * 1:47897 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (snort3-server-other.rules) * 1:39908 <-> DISABLED <-> SERVER-APACHE Apache Tomcat Commons FileUpload library denial of service attempt (snort3-server-apache.rules) * 1:37432 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ExtGState use after free attempt (snort3-file-pdf.rules) * 1:40532 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (snort3-pua-adware.rules) * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (snort3-server-other.rules) * 1:40313 <-> DISABLED <-> SQL PostgreSQL potential remote code execution attempt (snort3-sql.rules) * 1:39899 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (snort3-pua-adware.rules) * 1:43103 <-> DISABLED <-> PROTOCOL-SCADA Weintek EasyBuilder Pro denial of service attempt (snort3-protocol-scada.rules) * 1:43632 <-> DISABLED <-> FILE-EXECUTABLE SandboxEscaper WER download attempt (snort3-file-executable.rules) * 1:45427 <-> DISABLED <-> PROTOCOL-SCADA MMS RejectPDU (snort3-protocol-scada.rules) * 1:40191 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (snort3-malware-other.rules) * 1:42378 <-> DISABLED <-> SERVER-OTHER Yealink VoIP phone remote code execution attempt (snort3-server-other.rules) * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (snort3-browser-firefox.rules) * 1:40089 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationBlink property use (snort3-indicator-compromise.rules) * 1:38375 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (snort3-malware-other.rules) * 1:48918 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:37057 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (snort3-file-other.rules) * 1:43872 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (snort3-file-image.rules) * 1:40922 <-> DISABLED <-> FILE-PDF Iceni Argus loadLZWBuffer out of bounds write attempt (snort3-file-pdf.rules) * 1:38172 <-> DISABLED <-> FILE-OTHER Adobe Acrobat updaternotifications.dll dll-load exploit attempt (snort3-file-other.rules) * 1:41771 <-> ENABLED <-> MALWARE-TOOLS slowhttptest DoS tool (snort3-malware-tools.rules) * 1:39263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (snort3-file-flash.rules) * 1:36564 <-> DISABLED <-> FILE-MULTIMEDIA libav LZO integer overflow attempt (snort3-file-multimedia.rules) * 1:39984 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (snort3-indicator-compromise.rules) * 1:49030 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Operands binary reply (snort3-protocol-scada.rules) * 1:39736 <-> DISABLED <-> FILE-OTHER VideoCharge buffer overflow SEH attempt (snort3-file-other.rules) * 1:44475 <-> DISABLED <-> MALWARE-OTHER GHBkdr TLS Handshake spoof runtime detection (snort3-malware-other.rules) * 1:36608 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (snort3-file-flash.rules) * 1:36419 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (snort3-policy-other.rules) * 1:48966 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (snort3-file-pdf.rules) * 1:45802 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (snort3-file-other.rules) * 1:48930 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:39805 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (snort3-malware-other.rules) * 1:40518 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Stop CPU attempt (snort3-protocol-scada.rules) * 1:45426 <-> DISABLED <-> PROTOCOL-SCADA MMS UnconfirmedPDU (snort3-protocol-scada.rules) * 1:43944 <-> DISABLED <-> FILE-OTHER multiple products malformed CUE file buffer overflow attempt (snort3-file-other.rules) * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (snort3-file-identify.rules) * 1:46848 <-> DISABLED <-> INDICATOR-COMPROMISE Possible Samba internal DNS forged response (snort3-indicator-compromise.rules) * 1:44717 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate Collector process remote start attempt (snort3-server-other.rules) * 1:36789 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript large regex memory corruption attempt (snort3-browser-firefox.rules) * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (snort3-policy-other.rules) * 1:39901 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (snort3-pua-adware.rules) * 1:41309 <-> DISABLED <-> FILE-OTHER Dell Precision Optimizer dll-load exploit attempt (snort3-file-other.rules) * 1:47422 <-> DISABLED <-> FILE-OTHER SAP GUI ABAP code arbitrary dll-load attempt (snort3-file-other.rules) * 1:44416 <-> DISABLED <-> INDICATOR-COMPROMISE png file attachment without matching file magic (snort3-indicator-compromise.rules) * 1:42871 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (snort3-file-pdf.rules) * 1:35987 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserSetWindowsHook memory disclosure attempt (snort3-os-windows.rules) * 1:44159 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media Player malformed au denial of service attempt (snort3-file-other.rules) * 1:48314 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:37335 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (snort3-file-image.rules) * 1:46366 <-> ENABLED <-> PUA-OTHER CryptoNight webassembly download attempt (snort3-pua-other.rules) * 1:43771 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (snort3-server-other.rules) * 1:36445 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 10 low integrity level NTFS mount reparse point bypass attempt (snort3-os-windows.rules) * 1:47883 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (snort3-file-other.rules) * 1:43766 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL null menu memory corruption attempt (snort3-browser-firefox.rules) * 1:43841 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (snort3-file-other.rules) * 1:43142 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large size value denial of service attempt (snort3-protocol-scada.rules) * 1:40294 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (snort3-file-image.rules) * 1:42283 <-> DISABLED <-> OS-SOLARIS Solaris catflap telnet remote code execution attempt (snort3-os-solaris.rules) * 1:48967 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (snort3-file-pdf.rules) * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (snort3-file-identify.rules) * 1:38498 <-> DISABLED <-> MALWARE-OTHER samsam samsam.exe file load attempt (snort3-malware-other.rules) * 1:42284 <-> DISABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server DOS attempt (snort3-protocol-scada.rules) * 1:40162 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (snort3-file-flash.rules) * 1:43749 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox BOM character cross site scripting attempt (snort3-browser-firefox.rules) * 1:42262 <-> ENABLED <-> FILE-IDENTIFY ISO file download request (snort3-file-identify.rules) * 1:43959 <-> DISABLED <-> SERVER-OTHER Sybase Open Server function pointer array code execution attempt (snort3-server-other.rules) * 1:44660 <-> DISABLED <-> SERVER-OTHER D-Link DIR-300 and DIR-600 command execution attempt (snort3-server-other.rules) * 1:35256 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (snort3-exploit-kit.rules) * 1:38690 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:44286 <-> DISABLED <-> FILE-IMAGE Real-DRAW PRO malformed PNG denial of service attempt (snort3-file-image.rules) * 1:45576 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Function focus overflow attempt (snort3-browser-firefox.rules) * 1:42316 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream tile height out of bounds read attempt (snort3-file-pdf.rules) * 1:38501 <-> DISABLED <-> MALWARE-OTHER samsam samsam.exe file load attempt (snort3-malware-other.rules) * 1:35763 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (snort3-server-other.rules) * 1:35989 <-> DISABLED <-> FILE-EXECUTABLE NtGdiStretchBlt buffer overflow privilege escalation attempt (snort3-file-executable.rules) * 1:43565 <-> DISABLED <-> APP-DETECT HTTPTunnel proxy outbound connection detected (snort3-app-detect.rules) * 1:39757 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (snort3-file-office.rules) * 1:43660 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Server information disclosure attempt (snort3-server-oracle.rules) * 1:38689 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:46326 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed PageManagementService persistent XSS attempt (snort3-server-apache.rules) * 1:46978 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (snort3-browser-chrome.rules) * 1:38706 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:35827 <-> DISABLED <-> FILE-OTHER TAR archive with absolute path detected (snort3-file-other.rules) * 1:41053 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Ack file (snort3-protocol-scada.rules) * 1:47910 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (snort3-file-image.rules) * 1:44865 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer OLE auto-open attempt (snort3-indicator-compromise.rules) * 1:44661 <-> DISABLED <-> SERVER-OTHER D-Link DIR-300 and DIR-600 information disclosure attempt (snort3-server-other.rules) * 1:35314 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_proxy denial of service attempt (snort3-server-apache.rules) * 1:45029 <-> DISABLED <-> FILE-PDF JPEG2000 image coding style default information disclosure attempt (snort3-file-pdf.rules) * 1:35758 <-> DISABLED <-> FILE-PDF Adobe Reader exclGroup element null pointer dereference attempt (snort3-file-pdf.rules) * 1:43919 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (snort3-file-pdf.rules) * 1:41416 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader image cache use after free attempt (snort3-file-pdf.rules) * 1:47195 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules) * 1:38718 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:47314 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (snort3-file-image.rules) * 1:46418 <-> DISABLED <-> SERVER-OTHER X.509 IPAddressFamily extension buffer overread attempt (snort3-server-other.rules) * 1:39905 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 SMTP upload attempt (snort3-malware-other.rules) * 1:48993 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Longs ASCII request (snort3-protocol-scada.rules) * 1:36461 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost sadminpwd buffer overflow attempt (snort3-server-other.rules) * 1:40893 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (snort3-file-identify.rules) * 1:48994 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Integers ASCII request (snort3-protocol-scada.rules) * 1:37062 <-> DISABLED <-> APP-DETECT 12P DNS request attempt (snort3-app-detect.rules) * 1:37417 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT server file download (snort3-malware-backdoor.rules) * 1:45187 <-> DISABLED <-> SERVER-OTHER WinRadius long password denial of service attempt (snort3-server-other.rules) * 1:47356 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (snort3-file-image.rules) * 1:47939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (snort3-file-image.rules) * 1:44026 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (snort3-file-image.rules) * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (snort3-policy-other.rules) * 1:43923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (snort3-file-pdf.rules) * 1:36406 <-> DISABLED <-> OS-WINDOWS Microsoft Windows sandbox policy bypass attempt (snort3-os-windows.rules) * 1:44009 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox empty lookupGetter dangling pointer attempt (snort3-browser-firefox.rules) * 1:42317 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream width out of bounds read attempt (snort3-file-pdf.rules) * 1:40457 <-> DISABLED <-> PUA-ADWARE Win.Downloader.OpenCandy variant outbound connection (snort3-pua-adware.rules) * 1:48400 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds read attempt (snort3-file-flash.rules) * 1:40840 <-> DISABLED <-> PUA-OTHER Bitcoin Mining subscribe Stratum protocol client request attempt (snort3-pua-other.rules) * 1:36405 <-> DISABLED <-> OS-WINDOWS Microsoft Windows sandbox policy bypass attempt (snort3-os-windows.rules) * 1:41063 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Parameter value (snort3-protocol-scada.rules) * 1:40487 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (snort3-file-pdf.rules) * 1:42256 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB anonymous user session setup request detected (snort3-os-windows.rules) * 1:43976 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Hermit variant malicious dropper download attempt (snort3-malware-other.rules) * 1:44905 <-> DISABLED <-> FILE-PDF Adobe Acrobat untrusted pointer dereference attempt (snort3-file-pdf.rules) * 1:48911 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:49005 <-> DISABLED <-> PROTOCOL-SCADA PCOM Reset Device ASCII request (snort3-protocol-scada.rules) * 1:40052 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (snort3-malware-other.rules) * 1:45565 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant download attempt (snort3-malware-other.rules) * 1:38852 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (snort3-file-identify.rules) * 1:45071 <-> DISABLED <-> SERVER-SAMBA Samba write and unlock command memory leak attempt (snort3-server-samba.rules) * 1:39035 <-> DISABLED <-> FILE-OTHER libarchive mtree parse_device stack buffer overflow attempt (snort3-file-other.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules) * 1:43140 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large size value denial of service attempt (snort3-protocol-scada.rules) * 1:46667 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules) * 1:43880 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF polygon heap buffer overflow attempt (snort3-file-other.rules) * 1:47820 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid Diffie-Hellman parameter NULL pointer dereference attempt (snort3-server-other.rules) * 1:46767 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (snort3-browser-firefox.rules) * 1:43920 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (snort3-file-pdf.rules) * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (snort3-server-other.rules) * 1:36609 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (snort3-file-flash.rules) * 1:45933 <-> DISABLED <-> FILE-EXECUTABLE Binutils objdump integer overflow attempt (snort3-file-executable.rules) * 1:48439 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address/location detected (snort3-indicator-compromise.rules) * 1:48569 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell download (snort3-malware-tools.rules) * 1:42058 <-> DISABLED <-> PROTOCOL-SCADA Moxa unlock function code attempt (snort3-protocol-scada.rules) * 1:48986 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set UnitID ASCII request (snort3-protocol-scada.rules) * 1:40979 <-> ENABLED <-> FILE-IDENTIFY ico file download request (snort3-file-identify.rules) * 1:46116 <-> DISABLED <-> SERVER-APACHE FrontPage privilege escalation attempt (snort3-server-apache.rules) * 1:48326 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:49029 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Longs ASCII reply (snort3-protocol-scada.rules) * 1:40172 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player out of bounds memory access attempt (snort3-file-flash.rules) * 1:42163 <-> DISABLED <-> FILE-OTHER Microsoft Office OneNote 2007 dll-load exploit attempt (snort3-file-other.rules) * 1:37422 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT server file download (snort3-malware-backdoor.rules) * 1:41303 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (snort3-file-image.rules) * 1:47158 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (snort3-file-image.rules) * 1:42419 <-> DISABLED <-> FILE-EXECUTABLE Win.Trojan.DoubleAgent download attempt (snort3-file-executable.rules) * 1:44716 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (snort3-server-other.rules) * 1:39058 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:37364 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST client identifier overflow attempt (snort3-os-windows.rules) * 1:35288 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (snort3-file-flash.rules) * 1:43921 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (snort3-file-pdf.rules) * 1:39995 <-> DISABLED <-> POLICY-SOCIAL IRC server connection (snort3-policy-social.rules) * 1:47335 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out of bounds write attempt (snort3-file-pdf.rules) * 1:43873 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (snort3-file-image.rules) * 1:38549 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_parse_cmd_extprofile out of bounds read attempt (snort3-server-other.rules) * 1:36316 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URI loaded MP4 potential information leak attempt (snort3-file-flash.rules) * 1:41737 <-> DISABLED <-> PROTOCOL-SCADA Sunway DOS attempt (snort3-protocol-scada.rules) * 1:47115 <-> DISABLED <-> SERVER-MAIL Zerofont phishing attempt (snort3-server-mail.rules) * 1:40301 <-> DISABLED <-> SERVER-OTHER Redis CONFIG SET array index out of bounds attempt (snort3-server-other.rules) * 1:38654 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (snort3-malware-other.rules) * 1:43141 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large data allocation denial of service attempt (snort3-protocol-scada.rules) * 1:45070 <-> DISABLED <-> SERVER-SAMBA Samba write and close command memory leak attempt (snort3-server-samba.rules) * 1:43834 <-> DISABLED <-> FILE-OTHER Bmxplay malformed BMX buffer overflow attempt (snort3-file-other.rules) * 1:38450 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (snort3-malware-other.rules) * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules) * 1:43915 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode type confusion exploitation attempt (snort3-file-pdf.rules) * 1:39674 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (snort3-file-image.rules) * 1:43965 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .doc file denial of service attempt (snort3-os-windows.rules) * 1:37865 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf xref offset out of bounds read attempt (snort3-file-pdf.rules) * 1:35777 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (snort3-file-multimedia.rules) * 1:42282 <-> DISABLED <-> OS-SOLARIS Solaris catflap telnet remote code execution attempt (snort3-os-solaris.rules) * 1:39877 <-> DISABLED <-> PROTOCOL-SNMP Allen-Bradley MicroLogix PLC firmware update detected (snort3-protocol-snmp.rules) * 1:40842 <-> DISABLED <-> PUA-OTHER Bitcoin Mining extranonce Stratum protocol subscribe client request attempt (snort3-pua-other.rules) * 1:49015 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get PLC Name binary request (snort3-protocol-scada.rules) * 1:41074 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 clock sync command (snort3-protocol-scada.rules) * 1:45425 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ErrorPDU (snort3-protocol-scada.rules) * 1:37319 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word request for rpawinet.dll over SMB attempt (snort3-file-office.rules) * 1:46342 <-> DISABLED <-> SERVER-OTHER QNAP QTS cross site request forgery attempt (snort3-server-other.rules) * 1:41915 <-> DISABLED <-> POLICY-OTHER Carel PlantVisorPRO insecure SQL query transmission (snort3-policy-other.rules) * 1:43770 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (snort3-server-other.rules) * 1:40200 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (snort3-malware-other.rules) * 1:40876 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT file transfer length memory disclosure attempt (snort3-server-other.rules) * 1:37416 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT download (snort3-malware-backdoor.rules) * 1:40531 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (snort3-pua-adware.rules) * 1:42874 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (snort3-file-pdf.rules) * 1:37861 <-> DISABLED <-> SERVER-OTHER SafeNEt SoftRemote IKE service buffer overflow attempt (snort3-server-other.rules) * 1:48296 <-> DISABLED <-> FILE-OTHER out-of-bounds write attempt with malicious MAR file detected (snort3-file-other.rules) * 1:40084 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationBlink property use (snort3-indicator-compromise.rules) * 1:44180 <-> DISABLED <-> FILE-OTHER Bluezone Desktop buffer overflow attempt (snort3-file-other.rules) * 1:40199 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (snort3-malware-other.rules) * 1:39049 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office NXDeleteLineObj memory corruption attempt (snort3-file-office.rules) * 1:40323 <-> ENABLED <-> SERVER-OTHER Adobe ColdFusion RDS admin bypass attempt (snort3-server-other.rules) * 1:38324 <-> DISABLED <-> FILE-OTHER 7zip HFS+ handling heap buffer overflow attempt (snort3-file-other.rules) * 1:41507 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString denial of service attempt (snort3-server-other.rules) * 1:45385 <-> DISABLED <-> OS-OTHER Mac OS X setuid privilege esclatation exploit attempt (snort3-os-other.rules) * 1:43644 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox display moz-deck style memory corruption attempt (snort3-browser-firefox.rules) * 1:41688 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_http2 denial of service attempt (snort3-server-apache.rules) * 1:46679 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (snort3-indicator-compromise.rules) * 1:39746 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Apocalypse download attempt (snort3-malware-other.rules) * 1:40197 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (snort3-malware-other.rules) * 1:39638 <-> DISABLED <-> MALWARE-TOOLS Win.Packer.ConfuserEx packed .NET executable attempt (snort3-malware-tools.rules) * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (snort3-file-identify.rules) * 1:43960 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products element style change memory corruption code execution attempt (snort3-browser-firefox.rules) * 1:47909 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (snort3-file-image.rules) * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (snort3-policy-other.rules) * 1:46124 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (snort3-protocol-other.rules) * 1:39672 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (snort3-file-other.rules) * 1:43002 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (snort3-protocol-other.rules) * 1:45166 <-> DISABLED <-> POLICY-OTHER RPC Portmapper getstat request attempt (snort3-policy-other.rules) * 1:40297 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (snort3-file-image.rules) * 1:41537 <-> DISABLED <-> SERVER-OTHER Siemens WinCC TIA Portal DOS attempt (snort3-server-other.rules) * 1:38295 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (snort3-file-other.rules) * 1:43232 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (snort3-file-other.rules) * 1:45588 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (snort3-server-other.rules) * 1:43914 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode type confusion exploitation attempt (snort3-file-pdf.rules) * 1:46669 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules) * 1:40305 <-> DISABLED <-> PUA-ADWARE Win.Adware.SupTab external connection attempt (snort3-pua-adware.rules) * 1:43750 <-> DISABLED <-> FILE-OTHER Sorensoft Media Player asz file buffer overflow attempt (snort3-file-other.rules) * 1:43234 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (snort3-file-other.rules) * 1:37918 <-> ENABLED <-> EXPLOIT-KIT Magnitude exploit kit Internet Explorer exploit attempt (snort3-exploit-kit.rules) * 1:41758 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (snort3-indicator-compromise.rules) * 1:44209 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (snort3-file-pdf.rules) * 1:37340 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (snort3-file-image.rules) * 1:40913 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Flokibot variant download attempt (snort3-malware-other.rules) * 1:49033 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Data Table binary reply (snort3-protocol-scada.rules) * 1:43132 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (snort3-file-other.rules) * 1:43669 <-> DISABLED <-> FILE-OTHER Node.js JS-YAML js function tag code execution attempt (snort3-file-other.rules) * 1:38696 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:38858 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt (snort3-file-other.rules) * 1:46077 <-> DISABLED <-> FILE-IMAGE Gifsicle gifread double-free attempt (snort3-file-image.rules) * 1:38823 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (snort3-policy-other.rules) * 1:47312 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (snort3-file-image.rules) * 1:48576 <-> DISABLED <-> PROTOCOL-SCADA PNIO-CM Connect Operation (snort3-protocol-scada.rules) * 1:35995 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop window privilege escalation attempt (snort3-os-windows.rules) * 1:40388 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (snort3-file-identify.rules) * 1:41534 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy server method negotiation on non-standard port (snort3-indicator-compromise.rules) * 1:39781 <-> DISABLED <-> FILE-OTHER Ubisoft Heroes of Might and Magic III .h3m map file buffer overflow attempt (snort3-file-other.rules) * 1:43106 <-> DISABLED <-> PROTOCOL-SCADA Optima PLC APIFTP denial of service attempt (snort3-protocol-scada.rules) * 1:43247 <-> DISABLED <-> SERVER-APACHE Apache Rave information disclosure attempt (snort3-server-apache.rules) * 1:43231 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (snort3-file-other.rules) * 1:41079 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 traffic to/from EXTERNAL_NET (snort3-protocol-scada.rules) * 1:49025 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Integers ASCII reply (snort3-protocol-scada.rules) * 1:36711 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file attachment detected (snort3-file-identify.rules) * 1:35307 <-> DISABLED <-> SERVER-OTHER OpenSSL alternative chains certificate forgery attempt (snort3-server-other.rules) * 1:45671 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (snort3-file-other.rules) * 1:35778 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (snort3-file-multimedia.rules) * 1:42279 <-> DISABLED <-> FILE-OTHER Adobe Acrobat request for RARfsClientNP.dll over SMB attempt (snort3-file-other.rules) * 1:48134 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (snort3-file-image.rules) * 1:39713 <-> ENABLED <-> MALWARE-OTHER MKVIS outbound communication attempt (snort3-malware-other.rules) * 1:43946 <-> DISABLED <-> FILE-OTHER Guitar Pro malformed GPX buffer overflow attempt (snort3-file-other.rules) * 1:35916 <-> DISABLED <-> SERVER-OTHER Websense Triton Web Security untrusted remote file creation attempt (snort3-server-other.rules) * 1:48329 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:44759 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (snort3-file-other.rules) * 1:44991 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (snort3-browser-firefox.rules) * 1:36786 <-> DISABLED <-> FILE-OTHER Apple SceneKit qlmanage setelementname buffer overflow attempt (snort3-file-other.rules) * 1:42786 <-> DISABLED <-> PROTOCOL-SCADA Moxa unlock function code attempt (snort3-protocol-scada.rules) * 1:42266 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (snort3-file-other.rules) * 1:45174 <-> DISABLED <-> BROWSER-FIREFOX Mozilla download directory file deletion attempt (snort3-browser-firefox.rules) * 1:45247 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox DOM event handler privilege escalation attempt (snort3-browser-firefox.rules) * 1:46715 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader use after free attempt (snort3-file-pdf.rules) * 1:48040 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (snort3-file-image.rules) * 1:45719 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader OCG heap overflow attempt (snort3-file-pdf.rules) * 1:44355 <-> DISABLED <-> FILE-IMAGE Free Opener malformed JPEG file buffer overflow attempt (snort3-file-image.rules) * 1:41052 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 TESTFR CON (snort3-protocol-scada.rules) * 1:40088 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineUnderline property use (snort3-indicator-compromise.rules) * 1:48570 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell commands sent in X-JEX headers (snort3-malware-tools.rules) * 1:42397 <-> DISABLED <-> EXPLOIT-KIT Blacole inbound malformed pdf download attempt (snort3-exploit-kit.rules) * 1:39668 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (snort3-file-other.rules) * 1:43003 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (snort3-protocol-other.rules) * 1:40980 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (snort3-file-identify.rules) * 1:47024 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (snort3-indicator-compromise.rules) * 1:35785 <-> DISABLED <-> FILE-PDF Adobe Reader AcroForm null pointer dereference attempt (snort3-file-pdf.rules) * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (snort3-file-identify.rules) * 1:44442 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (snort3-file-identify.rules) * 1:45072 <-> DISABLED <-> SERVER-SAMBA Samba write command memory leak attempt (snort3-server-samba.rules) * 1:44936 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (snort3-file-other.rules) * 1:45672 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (snort3-file-other.rules) * 1:38651 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (snort3-malware-other.rules) * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (snort3-policy-other.rules) * 1:41603 <-> DISABLED <-> FILE-FLASH Adobe Flash player BitmapData class use after free attempt (snort3-file-flash.rules) * 1:43252 <-> DISABLED <-> PROTOCOL-SCADA IEC 61850 device connection enumeration attempt (snort3-protocol-scada.rules) * 1:48114 <-> DISABLED <-> SERVER-OTHER Delta Industrial Automation Robot DRAStudio Arbitrary File Disclosure attempt (snort3-server-other.rules) * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (snort3-policy-other.rules) * 1:35487 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Notepad remote printer file access attempt (snort3-os-windows.rules) * 1:38708 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules) * 1:43871 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (snort3-file-image.rules) * 1:40202 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (snort3-malware-other.rules) * 1:37282 <-> DISABLED <-> FILE-OTHER Microsoft Office MScomctl.ocx memory leak attempt (snort3-file-other.rules) * 1:40874 <-> DISABLED <-> FILE-PDF Iceni Argus icnChainAlloc heap corruption attempt (snort3-file-pdf.rules) * 1:45515 <-> ENABLED <-> NETBIOS SMB SESSION_SETUP subcommand detected (snort3-netbios.rules) * 1:43728 <-> DISABLED <-> SERVER-OTHER XChat heap buffer overflow attempt (snort3-server-other.rules) * 1:43672 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products obfuscated cross site scripting attempt (snort3-browser-firefox.rules) * 1:41308 <-> DISABLED <-> FILE-OTHER Dell Precision Optimizer dll-load exploit attempt (snort3-file-other.rules) * 1:46383 <-> DISABLED <-> SERVER-OTHER Micro Focus Operations Orchestration information disclosure attempt (snort3-server-other.rules) * 1:48910 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:47370 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (snort3-file-other.rules) * 1:41048 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STARTDT CON (snort3-protocol-scada.rules) * 1:36383 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (snort3-os-windows.rules) * 1:43975 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Hermit variant malicious dropper download attempt (snort3-malware-other.rules) * 1:40593 <-> DISABLED <-> PUA-ADWARE Win.Adware.CoolMirage outbound ad download attempt (snort3-pua-adware.rules) * 1:48997 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Integers ASCII request (snort3-protocol-scada.rules) * 1:42224 <-> DISABLED <-> SERVER-OTHER Moxa MX-AOPC XML external entity injection attempt (snort3-server-other.rules) * 1:48556 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (snort3-file-identify.rules) * 1:49003 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get RTC ASCII request (snort3-protocol-scada.rules) * 1:48316 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:41648 <-> DISABLED <-> PROTOCOL-SCADA SCADA Trace Mode DoS attempt (snort3-protocol-scada.rules) * 1:36407 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (snort3-os-windows.rules) * 1:43767 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox floating layer denial of service attempt (snort3-browser-firefox.rules) * 1:35829 <-> DISABLED <-> FILE-OTHER OpenOffice Starview metafile arbitrary read write attempt (snort3-file-other.rules) * 1:35887 <-> DISABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (snort3-policy-other.rules) * 1:44719 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (snort3-server-other.rules) * 1:43573 <-> DISABLED <-> SERVER-OTHER Cisco IOS DHCP denial of service attempt (snort3-server-other.rules) * 1:45424 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ResponsePDU (snort3-protocol-scada.rules) * 1:35640 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object after free attempt (snort3-file-flash.rules) * 1:44115 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (snort3-file-other.rules) * 1:45746 <-> DISABLED <-> SERVER-OTHER CloudMe Sync Client stack buffer overflow attempt (snort3-server-other.rules) * 1:44202 <-> DISABLED <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt (snort3-server-other.rules) * 1:45611 <-> DISABLED <-> PROTOCOL-SNMP Cambium cnPilot SNMP request with read-only community string attempt (snort3-protocol-snmp.rules) * 1:40841 <-> DISABLED <-> PUA-OTHER Bitcoin Mining authorize Stratum protocol client request attempt (snort3-pua-other.rules) * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (snort3-server-other.rules) * 1:46977 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (snort3-browser-chrome.rules) * 1:37333 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (snort3-file-image.rules) * 1:37502 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt (snort3-file-pdf.rules) * 1:42133 <-> DISABLED <-> SERVER-APACHE Apache mod_session_crypto padding oracle brute force attempt (snort3-server-apache.rules) * 1:47274 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules) * 1:45491 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word PlfLfo use after free attempt (snort3-file-office.rules) * 1:43842 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP response format string exploit attempt (snort3-file-other.rules) * 1:41947 <-> DISABLED <-> FILE-IMAGE GDI+ malformed EMF description out of bounds read attempt (snort3-file-image.rules) * 1:44024 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (snort3-file-image.rules) * 1:36545 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (snort3-server-other.rules) * 1:37866 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf arbitrary pointer access attempt (snort3-file-pdf.rules) * 1:45397 <-> DISABLED <-> PUA-ADWARE Osx.Adware.SurfBuyer adware outbound connection detected (snort3-pua-adware.rules) * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules) * 1:37619 <-> DISABLED <-> SERVER-OTHER InterSystems Cache UtilConfigHome.csp buffer overflow attempt (snort3-server-other.rules) * 1:39451 <-> DISABLED <-> PROTOCOL-TFTP Comtrol RocketLinx switch reboot request (snort3-protocol-tftp.rules) * 1:46398 <-> DISABLED <-> BROWSER-OTHER Mozilla Firefox table object integer underflow (snort3-browser-other.rules) * 1:48921 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (snort3-policy-other.rules) * 1:46979 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office Discovery User-Agent to a potential URL shortener service (snort3-indicator-compromise.rules) * 1:38922 <-> DISABLED <-> INDICATOR-OBFUSCATION Brotli encoding evasion attempt (snort3-indicator-obfuscation.rules) * 1:36454 <-> DISABLED <-> SERVER-OTHER multiple products WinExec function remote code execution attempt (snort3-server-other.rules) * 1:42267 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (snort3-file-other.rules) * 1:40320 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (snort3-server-apache.rules) * 1:42084 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (snort3-file-image.rules) * 1:37341 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (snort3-file-image.rules) * 1:37842 <-> DISABLED <-> SERVER-OTHER ntpd reference clock impersonation attempt (snort3-server-other.rules) * 1:43563 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user credentials request detected (snort3-policy-other.rules) * 1:40085 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineNone property use (snort3-indicator-compromise.rules) * 1:40170 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player use after free attempt (snort3-file-flash.rules) * 1:42056 <-> DISABLED <-> PROTOCOL-SCADA Moxa password retrieval attempt (snort3-protocol-scada.rules) * 1:39768 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Alfa download attempt (snort3-malware-other.rules) * 1:43640 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (snort3-file-office.rules) * 1:36375 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework Endpoint default HTTP password authentication attempt (snort3-server-other.rules) * 1:44947 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (snort3-file-pdf.rules) * 1:40126 <-> DISABLED <-> FILE-OTHER Ichitaro Office Excel TxO record heap overflow attempt (snort3-file-other.rules) * 1:42304 <-> DISABLED <-> FILE-OTHER fwpuclnt dll-load exploit attempt (snort3-file-other.rules) * 1:42969 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (snort3-file-pdf.rules) * 1:44889 <-> DISABLED <-> PUA-TOOLBARS WidgiToolbar toolbar runtime detection (snort3-pua-toolbars.rules) * 1:46075 <-> DISABLED <-> FILE-OTHER Microsoft Windows Remote Assistance external entity remote file download attempt (snort3-file-other.rules) * 1:46663 <-> DISABLED <-> INDICATOR-COMPROMISE Outbound telize.com geo-IP location connection attempt (snort3-indicator-compromise.rules) * 1:43677 <-> DISABLED <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt (snort3-file-pdf.rules) * 1:36748 <-> ENABLED <-> FILE-IDENTIFY TTF file attachment detected (snort3-file-identify.rules) * 1:38853 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (snort3-file-identify.rules) * 1:40163 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (snort3-file-flash.rules) * 1:43385 <-> DISABLED <-> INDICATOR-COMPROMISE Wing FTP Server potentially malicious admin user creation attempt (snort3-indicator-compromise.rules) * 1:45157 <-> DISABLED <-> SERVER-OTHER SSDP M-SEARCH ssdp-all potential amplified distributed denial-of-service attempt (snort3-server-other.rules) * 1:35637 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid swf tag parsing buffer overflow attempt (snort3-file-flash.rules) * 1:48327 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:41056 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 File ready (snort3-protocol-scada.rules) * 1:48351 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:38448 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (snort3-malware-other.rules) * 1:39034 <-> DISABLED <-> FILE-OTHER libarchive mtree parse_device stack buffer overflow attempt (snort3-file-other.rules) * 1:44981 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Kristina encryption over SMB attempt (snort3-malware-other.rules) * 1:44481 <-> DISABLED <-> SERVER-OTHER dnsmasq IPv6 heap overflow attempt (snort3-server-other.rules) * 1:40353 <-> DISABLED <-> SERVER-OTHER Linknat Vos Manager potential directory traversal attempt (snort3-server-other.rules) * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (snort3-file-java.rules) * 1:38898 <-> DISABLED <-> FILE-OTHER Adobe Illustrator CS4 aires.dll dll-load exploit attempt (snort3-file-other.rules) * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (snort3-file-identify.rules) * 1:40189 <-> DISABLED <-> POLICY-OTHER SSH weak 3DES cipher suite use attempt (snort3-policy-other.rules) * 1:45429 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ResponsePDU (snort3-protocol-scada.rules) * 1:47350 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (snort3-file-image.rules) * 1:48328 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:44680 <-> DISABLED <-> SERVER-OTHER Beetel Connection Manager username buffer overflow attempt (snort3-server-other.rules) * 1:46960 <-> DISABLED <-> FILE-OTHER Adobe Flash Player AMF0 Shared Object integer overflow attempt (snort3-file-other.rules) * 1:43845 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (snort3-file-other.rules) * 1:46428 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (snort3-server-apache.rules) * 1:40845 <-> DISABLED <-> SERVER-OTHER OpenSSL Invalid CMS structure null pointer dereference attempt (snort3-server-other.rules) * 1:36855 <-> ENABLED <-> FILE-OTHER Wireshark DECT packet dissector overflow attempt (snort3-file-other.rules) * 1:39729 <-> DISABLED <-> INDICATOR-COMPROMISE Content-Type image containing Portable Executable data (snort3-indicator-compromise.rules) * 1:42272 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (snort3-file-other.rules) * 1:40458 <-> DISABLED <-> BROWSER-OTHER Android browser file exfiltration attempt (snort3-browser-other.rules) * 1:49020 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Integers ASCII reply (snort3-protocol-scada.rules) * 1:40161 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (snort3-file-flash.rules) * 1:44326 <-> DISABLED <-> SERVER-OTHER Novell iPrint Client buffer overflow attempt (snort3-server-other.rules) * 1:40598 <-> DISABLED <-> INDICATOR-COMPROMISE shell script download with curl from external source (snort3-indicator-compromise.rules) * 1:47990 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (snort3-file-other.rules) * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (snort3-server-other.rules) * 1:42308 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF out of bounds memory access attempt (snort3-file-pdf.rules) * 1:38291 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (snort3-file-identify.rules) * 1:44051 <-> DISABLED <-> BROWSER-OTHER Apple Safari document.write buffer overflow attempt (snort3-browser-other.rules) * 1:40875 <-> DISABLED <-> FILE-PDF Iceni Argus icnChainAlloc heap corruption attempt (snort3-file-pdf.rules) * 1:45058 <-> DISABLED <-> FILE-OTHER Microsoft Windows UAC bypass attempt (snort3-file-other.rules) * 1:35808 <-> DISABLED <-> FILE-PDF Adobe Reader validation bypass privilege escalation attempt (snort3-file-pdf.rules) * 1:44758 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (snort3-file-other.rules) * 1:47351 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (snort3-file-image.rules) * 1:44694 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (snort3-file-office.rules) * 1:36332 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit relay traffic detected (snort3-exploit-kit.rules) * 1:48401 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds read attempt (snort3-file-flash.rules) * 1:43230 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (snort3-file-other.rules) * 1:44066 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (snort3-file-other.rules) * 1:35858 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (snort3-file-other.rules) * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (snort3-policy-other.rules) * 1:38767 <-> DISABLED <-> INDICATOR-COMPROMISE potential abuse of originating page privileges by new tab (snort3-indicator-compromise.rules) * 1:42257 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (snort3-file-identify.rules) * 1:48924 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:42280 <-> DISABLED <-> FILE-OTHER Adobe Acrobat RARfsClientNP.dll dll-load exploit attempt (snort3-file-other.rules) * 1:43784 <-> DISABLED <-> POLICY-OTHER D-Link DIR-645 router external authentication attempt (snort3-policy-other.rules) * 1:44718 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (snort3-server-other.rules) * 1:48311 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:42825 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (snort3-malware-other.rules) * 1:40536 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (snort3-file-image.rules) * 1:38665 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (snort3-malware-other.rules) * 1:40201 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (snort3-malware-other.rules) * 1:48990 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Ouputs ASCII request (snort3-protocol-scada.rules) * 1:40961 <-> DISABLED <-> FILE-OTHER Microsoft Office OLE DLL side load attempt (snort3-file-other.rules) * 1:46880 <-> DISABLED <-> SERVER-OTHER BMC Server Automation RSCD Agent remote code execution attempt (snort3-server-other.rules) * 1:46726 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (snort3-file-image.rules) * 1:37334 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (snort3-file-image.rules) * 1:44040 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Launch action buffer overflow attempt (snort3-file-pdf.rules) * 1:44205 <-> DISABLED <-> FILE-OTHER VideoLAN VLC Media Player Ogg/Vorbis denial of service attempt (snort3-file-other.rules) * 1:48330 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:36028 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys use after free attempt (snort3-os-windows.rules) * 1:35806 <-> DISABLED <-> FILE-EXECUTABLE Adobe Reader NtSetInformationFile privilege escalation attempt (snort3-file-executable.rules) * 1:43145 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (snort3-policy-other.rules) * 1:48309 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:43298 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit WebCore CSSSelector denial of service attempt (snort3-browser-webkit.rules) * 1:39661 <-> DISABLED <-> FILE-OTHER Oracle OIT gem metafile n_integers heap buffer overflow attempt (snort3-file-other.rules) * 1:41761 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (snort3-policy-other.rules) * 1:38361 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (snort3-malware-other.rules) * 1:41739 <-> DISABLED <-> PROTOCOL-SCADA Moxa Mass Config Tool DOS attempt (snort3-protocol-scada.rules) * 1:35249 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (snort3-file-identify.rules) * 1:40037 <-> DISABLED <-> PUA-ADWARE Google Chrome Google Contacts extension adware (snort3-pua-adware.rules) * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (snort3-file-identify.rules) * 1:44796 <-> DISABLED <-> FILE-OFFICE Hewlett-Packard Autonomy KeyView library stack-based buffer overflow attempt (snort3-file-office.rules) * 1:46673 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules) * 1:38897 <-> DISABLED <-> FILE-OTHER Adobe Illustrator CS4 request for aires.dll over SMB attempt (snort3-file-other.rules) * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (snort3-server-other.rules) * 1:44904 <-> DISABLED <-> FILE-PDF Adobe Acrobat untrusted pointer dereference attempt (snort3-file-pdf.rules) * 1:47187 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (snort3-file-pdf.rules) * 1:45402 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word memory corruption exploit attempt (snort3-file-office.rules) * 1:45590 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (snort3-server-other.rules) * 1:41533 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (snort3-indicator-compromise.rules) * 1:48914 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:39472 <-> DISABLED <-> SERVER-OTHER Jenkins server auto-discovery attempt (snort3-server-other.rules) * 1:42861 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon TM221CE16R password retrieval attempt (snort3-protocol-scada.rules) * 1:47639 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling (snort3-indicator-obfuscation.rules) * 1:35248 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (snort3-file-identify.rules) * 1:41532 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (snort3-indicator-compromise.rules) * 1:45164 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 3 dump request attempt (snort3-policy-other.rules) * 1:37329 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (snort3-file-image.rules) * 1:43582 <-> DISABLED <-> FILE-OTHER multiple vulnerabilities malformed .wav file buffer overflow attempt (snort3-file-other.rules) * 1:45428 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-RequestPDU (snort3-protocol-scada.rules) * 1:44122 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (snort3-file-other.rules) * 1:40328 <-> DISABLED <-> SERVER-OTHER Railo directory traversal attempt (snort3-server-other.rules) * 1:43348 <-> DISABLED <-> PROTOCOL-SCADA Advantech Studio DOS attempt (snort3-protocol-scada.rules) * 1:44155 <-> DISABLED <-> SERVER-APACHE Apache Qpid AMQP denial of service attempt (snort3-server-apache.rules) * 1:38293 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (snort3-file-other.rules) * 1:44479 <-> DISABLED <-> PROTOCOL-DNS dnsmasq overly large DNS query denial of service attempt (snort3-protocol-dns.rules) * 1:45579 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (snort3-protocol-voip.rules) * 1:43955 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine integer overflow attempt (snort3-browser-chrome.rules) * 1:35636 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid swf tag parsing buffer overflow attempt (snort3-file-flash.rules) * 1:38854 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (snort3-file-identify.rules) * 1:35886 <-> DISABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (snort3-policy-other.rules) * 1:41997 <-> DISABLED <-> OS-WINDOWS Microsoft GDI+ privilege escalation attempt (snort3-os-windows.rules) * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (snort3-file-identify.rules) * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (snort3-policy-other.rules) * 1:43450 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file double free attempt (snort3-file-office.rules) * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (snort3-file-other.rules) * 1:35766 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (snort3-server-other.rules) * 1:41044 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Crash CPU attempt (snort3-protocol-scada.rules) * 1:44038 <-> DISABLED <-> SERVER-OTHER LCDproc parse_all_client_messages buffer overflow attempt (snort3-server-other.rules) * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (snort3-server-other.rules) * 1:39444 <-> DISABLED <-> INDICATOR-COMPROMISE Netgear D6000 or D3600 password recovery page access attempt (snort3-indicator-compromise.rules) * 1:41463 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (snort3-file-executable.rules) * 1:36823 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack Server buffer overflow attempt (snort3-server-other.rules) * 1:38952 <-> ENABLED <-> PUA-ADWARE Win.Adware.OpenSoftwareUpdater variant outbound connection attempt (snort3-pua-adware.rules) * 1:47940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (snort3-file-image.rules) * 1:36888 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (snort3-file-office.rules) * 1:40092 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineThrough property use (snort3-indicator-compromise.rules) * 1:48555 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (snort3-file-identify.rules) * 1:42418 <-> DISABLED <-> FILE-EXECUTABLE Win.Trojan.DoubleAgent download attempt (snort3-file-executable.rules) * 1:42466 <-> DISABLED <-> SERVER-OTHER WinRadius long password denial of service attempt (snort3-server-other.rules) * 1:45349 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (snort3-file-java.rules) * 1:43177 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIPROTEC V4.24 crafted packet denial of service attempt (snort3-protocol-scada.rules) * 1:44623 <-> DISABLED <-> POLICY-OTHER EMC Autostart default domain login attempt (snort3-policy-other.rules) * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (snort3-policy-other.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (snort3-policy-other.rules) * 1:39666 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (snort3-file-other.rules) * 1:38572 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (snort3-file-other.rules) * 1:45059 <-> DISABLED <-> FILE-OTHER Microsoft Windows UAC bypass attempt (snort3-file-other.rules) * 1:38570 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (snort3-file-other.rules) * 1:44665 <-> DISABLED <-> SERVER-OTHER Easy Chat Server buffer overflow attempt (snort3-server-other.rules) * 1:44067 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (snort3-file-other.rules) * 1:40562 <-> DISABLED <-> OS-LINUX Linux kernel madvise race condition attempt (snort3-os-linux.rules) * 1:37336 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (snort3-file-image.rules) * 1:46098 <-> DISABLED <-> PROTOCOL-OTHER Routing Information Protocol version 1 potential amplified distributed denial of service attempt (snort3-protocol-other.rules) * 1:48935 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:46615 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (snort3-os-linux.rules) * 1:41077 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 unknown ASDU type detected (snort3-protocol-scada.rules) * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (snort3-policy-other.rules) * 1:35513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtGdiGetTextMetricsW TEXTMETRICW kernel mode ASLR bypass attempt (snort3-os-windows.rules) * 1:43730 <-> DISABLED <-> SERVER-OTHER multiple vulnerabilities malformed mp3 buffer overflow attempt (snort3-server-other.rules) * 1:41794 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (snort3-policy-other.rules) * 1:41744 <-> DISABLED <-> POLICY-OTHER Cisco IOS configuration transfer via TFTP detected (snort3-policy-other.rules) * 1:40165 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (snort3-file-flash.rules) * 1:41524 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy server method negotiation on non-standard port (snort3-indicator-compromise.rules) * 1:43641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (snort3-file-office.rules) * 1:47541 <-> DISABLED <-> SERVER-MAIL EHLO user overflow attempt (snort3-server-mail.rules) * 1:40174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (snort3-file-flash.rules) * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:45165 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 2 dump request attempt (snort3-policy-other.rules) * 1:46668 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules) * 1:39758 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (snort3-file-office.rules) * 1:36650 <-> DISABLED <-> PROTOCOL-ICMP Squid Pinger IPv6 denial of service attempt (snort3-protocol-icmp.rules) * 1:41747 <-> DISABLED <-> PROTOCOL-SCADA Moxa SoftCMS webserver DOS attempt (snort3-protocol-scada.rules) * 1:43124 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Username read or write attempt (snort3-indicator-compromise.rules) * 1:47333 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (snort3-file-other.rules) * 1:40051 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (snort3-malware-other.rules) * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (snort3-policy-other.rules) * 1:38345 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT is operation null pointer dereference attempt (snort3-server-other.rules) * 1:40912 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Flokibot variant download attempt (snort3-malware-other.rules) * 1:41564 <-> DISABLED <-> FILE-OFFICE Microsoft Office imjp12k.dll dll-load exploit attempt (snort3-file-office.rules) * 1:40086 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineOverline property use (snort3-indicator-compromise.rules) * 1:35831 <-> DISABLED <-> SERVER-OTHER multiple vendors NTP daemon integer overflow attempt (snort3-server-other.rules) * 1:43761 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox wyciwgy domain forgery attempt (snort3-browser-firefox.rules) * 1:36478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (snort3-file-flash.rules) * 1:49023 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Integers ASCII reply (snort3-protocol-scada.rules) * 1:35782 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (snort3-file-pdf.rules) * 1:44152 <-> DISABLED <-> SERVER-OTHER Multmedia Builder MEF buffer overflow attempt (snort3-server-other.rules) * 1:38451 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (snort3-malware-other.rules) * 1:41073 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 bitstring of 32 bits (snort3-protocol-scada.rules) * 1:43892 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (snort3-malware-other.rules) * 1:45639 <-> DISABLED <-> SERVER-MAIL SqWebMail print_header_ua cross site scripting attempt (snort3-server-mail.rules) * 1:36361 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (snort3-os-mobile.rules) * 1:38870 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_chunk_parse_cr out of bounds read attempt (snort3-server-other.rules) * 1:46915 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (snort3-file-multimedia.rules) * 1:46904 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows SYSTEM token stealing attempt (snort3-indicator-compromise.rules) * 1:39778 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file download request (snort3-file-identify.rules) * 1:42305 <-> DISABLED <-> FILE-OTHER fwpuclnt dll-load exploit attempt (snort3-file-other.rules) * 1:43643 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox design mode deleted style memory corruption attempt (snort3-browser-firefox.rules) * 1:40377 <-> DISABLED <-> OS-WINDOWS Microsoft GDI local privilege escalation attempt (snort3-os-windows.rules) * 1:37061 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (snort3-file-other.rules) * 1:41305 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (snort3-file-image.rules) * 1:40198 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (snort3-malware-other.rules) * 1:38461 <-> ENABLED <-> OS-WINDOWS DCERPC Bind auth level packet privacy connection detected (snort3-os-windows.rules) * 1:45394 <-> DISABLED <-> SERVER-OTHER Quest Privilege Manager pmmasterd denial of service attempt (snort3-server-other.rules) * 1:47268 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (snort3-file-other.rules) * 1:42231 <-> DISABLED <-> FILE-OFFICE RTF url moniker COM file download attempt (snort3-file-office.rules) * 1:42919 <-> DISABLED <-> FILE-IDENTIFY ISO file attachment with executable detected (snort3-file-identify.rules) * 1:40057 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (snort3-malware-other.rules) * 1:45423 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU (snort3-protocol-scada.rules) * 1:35282 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (snort3-file-flash.rules) * 1:37651 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.Downloader outbound connection attempt (snort3-malware-tools.rules) * 1:36718 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel memory information disclosure attempt (snort3-os-windows.rules) * 1:48222 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantomPDF use after free exploitation attempt (snort3-file-pdf.rules) * 1:40325 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion default credential login attempt (snort3-server-other.rules) * 1:39747 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Apocalypse download attempt (snort3-malware-other.rules) * 1:44685 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (snort3-server-other.rules) * 1:44576 <-> DISABLED <-> SERVER-OTHER Samsung Security Manager ActiveMQ arbitrary file upload attempt (snort3-server-other.rules) * 1:39755 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Retefe variant malicious certificate installation page (snort3-malware-other.rules) * 1:43541 <-> DISABLED <-> FILE-OTHER Aktiv Player wma file buffer overflow attempt (snort3-file-other.rules) * 1:48933 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:39888 <-> DISABLED <-> PUA-ADWARE Dorv Adware variant outbound connection (snort3-pua-adware.rules) * 1:44112 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (snort3-file-other.rules) * 1:48121 <-> DISABLED <-> SERVER-OTHER LSIS wXP Denial of Service attempt (snort3-server-other.rules) * 1:42258 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (snort3-file-identify.rules) * 1:40537 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (snort3-file-image.rules) * 1:48934 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:42100 <-> DISABLED <-> FILE-EXECUTABLE AnC MMU side channel ASLR bypass attack (snort3-file-executable.rules) * 1:37862 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (snort3-file-pdf.rules) * 1:43986 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electroc ModbusDrv.exe buffer overflow attempt (snort3-protocol-scada.rules) * 1:37310 <-> DISABLED <-> BROWSER-CHROME Google Chrome MOTW pageSerializer HTML injection attempt (snort3-browser-chrome.rules) * 1:43564 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user creation detected (snort3-policy-other.rules) * 1:46324 <-> ENABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (snort3-file-flash.rules) * 1:48146 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip variant runtime detection (snort3-malware-backdoor.rules) * 1:38377 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (snort3-malware-other.rules) * 1:44395 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab variant outbound connection detected (snort3-pua-adware.rules) * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules) * 1:48927 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:45126 <-> DISABLED <-> FILE-OTHER Adobe Shockwave newModel memory disclosure attempt (snort3-file-other.rules) * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (snort3-server-other.rules) * 1:48912 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:36856 <-> DISABLED <-> FILE-IMAGE Microsoft Windows malformed WMF meta escape record memory corruption attempt (snort3-file-image.rules) * 1:48205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Filter Manager Elevation Of Privilege attempt (snort3-os-windows.rules) * 1:37441 <-> ENABLED <-> FILE-OTHER Adobe Flash Player javascript parsing cross site scripting attempt (snort3-file-other.rules) * 1:40892 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (snort3-file-identify.rules) * 1:48320 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (snort3-protocol-voip.rules) * 1:45227 <-> DISABLED <-> SERVER-OTHER Docker Rancher Server remote code execution attempt (snort3-server-other.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (snort3-server-other.rules) * 1:10064 <-> DISABLED <-> SERVER-OTHER Peercast URL Parameter overflow attempt (snort3-server-other.rules) * 1:10078 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (snort3-malware-other.rules) * 1:10079 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (snort3-malware-other.rules) * 1:10080 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (snort3-malware-other.rules) * 1:10081 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (snort3-malware-other.rules) * 1:10082 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (snort3-malware-other.rules) * 1:10083 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (snort3-malware-other.rules) * 1:10088 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by smtp (snort3-malware-other.rules) * 1:10089 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by ftp (snort3-malware-other.rules) * 1:10090 <-> DISABLED <-> PUA-ADWARE Trickler zango easymessenger outbound connection (snort3-pua-adware.rules) * 1:10091 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool spylply.a runtime detection (snort3-malware-tools.rules) * 1:10092 <-> DISABLED <-> MALWARE-OTHER Trackware russian searchbar runtime detection (snort3-malware-other.rules) * 1:10093 <-> DISABLED <-> PUA-TOOLBARS Hijacker kuaiso toolbar runtime detection (snort3-pua-toolbars.rules) * 1:10094 <-> DISABLED <-> PUA-ADWARE Adware borlan runtime detection (snort3-pua-adware.rules) * 1:10095 <-> DISABLED <-> MALWARE-OTHER Trackware bydou runtime detection (snort3-malware-other.rules) * 1:10096 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - keylog (snort3-malware-other.rules) * 1:10097 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (snort3-malware-other.rules) * 1:10098 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - get system info (snort3-malware-other.rules) * 1:10099 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (snort3-malware-other.rules) * 1:10100 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - open website (snort3-malware-other.rules) * 1:10101 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - delete file (snort3-malware-backdoor.rules) * 1:10102 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - chat with victim (snort3-malware-backdoor.rules) * 1:10103 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (snort3-malware-backdoor.rules) * 1:10104 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (snort3-malware-backdoor.rules) * 1:10105 <-> DISABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection - retrieve pc info (snort3-malware-backdoor.rules) * 1:10107 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pslist (snort3-malware-backdoor.rules) * 1:10108 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pskill (snort3-malware-backdoor.rules) * 1:10109 <-> DISABLED <-> MALWARE-BACKDOOR k-msnrat 1.0.0 runtime detection - init connection (snort3-malware-backdoor.rules) * 1:10110 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection (snort3-malware-backdoor.rules) * 1:10111 <-> DISABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection - init connection (snort3-malware-backdoor.rules) * 1:10112 <-> DISABLED <-> MALWARE-BACKDOOR rix3 1.0 runtime detection - init connection (snort3-malware-backdoor.rules) * 1:10115 <-> DISABLED <-> FILE-IMAGE Microsoft Windows WMF denial of service attempt (snort3-file-image.rules) * 1:10123 <-> DISABLED <-> PROTOCOL-VOIP PA168 chipset based IP phone default password attempt (snort3-protocol-voip.rules) * 1:10124 <-> DISABLED <-> PROTOCOL-VOIP PA168 chipset based IP phone authentication bypass (snort3-protocol-voip.rules) * 1:10125 <-> DISABLED <-> SERVER-OTHER bomberclone buffer overflow attempt (snort3-server-other.rules) * 1:10131 <-> DISABLED <-> BROWSER-FIREFOX Mozilla compareTo arbitrary code execution attempt (snort3-browser-firefox.rules) * 1:10134 <-> DISABLED <-> SERVER-OTHER CA Brightstor discovery service buffer overflow attempt (snort3-server-other.rules) * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (snort3-os-solaris.rules) * 1:10164 <-> DISABLED <-> PUA-ADWARE Adware adclicker-ej runtime detection (snort3-pua-adware.rules) * 1:10165 <-> DISABLED <-> MALWARE-OTHER Keylogger mybr Keylogger runtime detection (snort3-malware-other.rules) * 1:10166 <-> DISABLED <-> MALWARE-OTHER Trackware baigoo runtime detection (snort3-malware-other.rules) * 1:10167 <-> DISABLED <-> MALWARE-OTHER Keylogger radar spy 1.0 runtime detection - send html log (snort3-malware-other.rules) * 1:10168 <-> DISABLED <-> MALWARE-BACKDOOR one runtime detection (snort3-malware-backdoor.rules) * 1:10169 <-> DISABLED <-> MALWARE-BACKDOOR matrix 1.03 by mtronic runtime detection - init connection (snort3-malware-backdoor.rules) * 1:10180 <-> DISABLED <-> PUA-TOOLBARS Adware eqiso runtime detection (snort3-pua-toolbars.rules) * 1:10181 <-> DISABLED <-> MALWARE-OTHER Keylogger systemsleuth runtime detection (snort3-malware-other.rules) * 1:10182 <-> DISABLED <-> PUA-ADWARE Adware newweb runtime detection (snort3-pua-adware.rules) * 1:10183 <-> DISABLED <-> MALWARE-OTHER Keylogger activity Keylogger runtime detection (snort3-malware-other.rules) * 1:10184 <-> DISABLED <-> MALWARE-BACKDOOR wow 23 runtime detection (snort3-malware-backdoor.rules) * 1:10185 <-> DISABLED <-> MALWARE-BACKDOOR x-door runtime detection (snort3-malware-backdoor.rules) * 1:10186 <-> DISABLED <-> SERVER-MAIL ClamAV mime parsing directory traversal (snort3-server-mail.rules) * 1:10196 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor feed.php code execution (snort3-malware-backdoor.rules) * 1:10197 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor theme.php code execution (snort3-malware-backdoor.rules) * 1:10285 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP svcctl ChangeServiceConfig2A attempt (snort3-netbios.rules) * 1:10408 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD tcp request (snort3-protocol-rpc.rules) * 1:10409 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD udp request (snort3-protocol-rpc.rules) * 1:10410 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD tcp request (snort3-protocol-rpc.rules) * 1:10411 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD udp request (snort3-protocol-rpc.rules) * 1:10418 <-> DISABLED <-> OS-SOLARIS Oracle Solaris lpd unlink file attempt (snort3-os-solaris.rules) * 1:10435 <-> DISABLED <-> MALWARE-OTHER Trackware admedia runtime detection (snort3-malware-other.rules) * 1:10436 <-> DISABLED <-> MALWARE-OTHER Keylogger keyspy runtime detection (snort3-malware-other.rules) * 1:10437 <-> DISABLED <-> PUA-ADWARE Hijacker bazookabar outbound connection (snort3-pua-adware.rules) * 1:10439 <-> DISABLED <-> PUA-ADWARE Adware mokead runtime detection (snort3-pua-adware.rules) * 1:10440 <-> DISABLED <-> MALWARE-OTHER Keylogger pc black box runtime detection (snort3-malware-other.rules) * 1:10441 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool statwin runtime detection (snort3-malware-tools.rules) * 1:10442 <-> DISABLED <-> MALWARE-BACKDOOR nirvana 2.0 runtime detection - explore c drive (snort3-malware-backdoor.rules) * 1:10443 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - sniff info (snort3-malware-backdoor.rules) * 1:10444 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - open ftp serice (snort3-malware-backdoor.rules) * 1:10445 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get password (snort3-malware-backdoor.rules) * 1:10446 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get server info (snort3-malware-backdoor.rules) * 1:10448 <-> DISABLED <-> MALWARE-BACKDOOR acessor 2.0 runtime detection - init connection (snort3-malware-backdoor.rules) * 1:10449 <-> DISABLED <-> MALWARE-BACKDOOR acid shivers runtime detection - init telnet connection (snort3-malware-backdoor.rules) * 1:10450 <-> ENABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (snort3-malware-backdoor.rules) * 1:10451 <-> DISABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (snort3-malware-backdoor.rules) * 1:10453 <-> DISABLED <-> MALWARE-BACKDOOR zalivator 1.4.2 pro runtime detection - smtp notification (snort3-malware-backdoor.rules) * 1:10454 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - init connection (snort3-malware-backdoor.rules) * 1:10455 <-> ENABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (snort3-malware-backdoor.rules) * 1:10456 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (snort3-malware-backdoor.rules) * 1:10457 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - start keylogger (snort3-malware-backdoor.rules) * 1:10458 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 or illusion runtime detection - open file manager (snort3-malware-backdoor.rules) * 1:10459 <-> DISABLED <-> MALWARE-BACKDOOR wineggdrop shell pro runtime detection - init connection (snort3-malware-backdoor.rules) * 1:10460 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (snort3-malware-backdoor.rules) * 1:10461 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (snort3-malware-backdoor.rules) * 1:10462 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (snort3-malware-backdoor.rules) * 1:10463 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (snort3-malware-backdoor.rules) * 1:10464 <-> DISABLED <-> PROTOCOL-TELNET kerberos login environment variable authentication bypass attempt (snort3-protocol-telnet.rules) * 1:11001 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.delete_refresh_operations buffer overflow attempt (snort3-server-oracle.rules) * 1:11002 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.generate_refresh_operations buffer overflow attempt (snort3-server-oracle.rules) * 1:11003 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.generate_refresh_operations buffer overflow attempt (snort3-server-oracle.rules) * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (snort3-protocol-imap.rules) * 1:11073 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss _RemoteGetClassObject attempt (snort3-os-windows.rules) * 1:11074 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss _RemoteGetClassObject attempt (snort3-os-windows.rules) * 1:11175 <-> DISABLED <-> SERVER-ORACLE dbms_cdc_ipublish.chgtab_cache buffer overflow attempt (snort3-server-oracle.rules) * 1:11191 <-> DISABLED <-> SERVER-IIS Microsoft Content Management Server memory corruption (snort3-server-iis.rules) * 1:11203 <-> DISABLED <-> SERVER-ORACLE sys.dbms_apply_user_agent.set_registration_handler access attempt (snort3-server-oracle.rules) * 1:11205 <-> DISABLED <-> SERVER-ORACLE sys.dbms_upgrade_internal access attempt (snort3-server-oracle.rules) * 1:11263 <-> DISABLED <-> SERVER-APACHE Apache mod_ssl non-SSL connection to SSL port denial of service attempt (snort3-server-apache.rules) * 1:11264 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server 2000 Server hello buffer overflow attempt (snort3-server-mssql.rules) * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (snort3-server-other.rules) * 1:11266 <-> DISABLED <-> SERVER-OTHER Kerio Personal Firewall authentication buffer overflow attempt (snort3-server-other.rules) * 1:11272 <-> DISABLED <-> SERVER-APACHE Apache newline exploit attempt (snort3-server-apache.rules) * 1:11273 <-> DISABLED <-> SERVER-APACHE Apache header parsing space saturation denial of service attempt (snort3-server-apache.rules) * 1:11305 <-> DISABLED <-> PUA-ADWARE Snoopware childwebguardian outbound connection - send log through smtp (snort3-pua-adware.rules) * 1:11306 <-> DISABLED <-> PUA-ADWARE Snoopware childwebguardian outbound connection - udp broadcast (snort3-pua-adware.rules) * 1:11307 <-> DISABLED <-> MALWARE-OTHER Keylogger computer monitor Keylogger runtime detection (snort3-malware-other.rules) * 1:11309 <-> DISABLED <-> MALWARE-OTHER Keylogger sskc v2.0 runtime detection (snort3-malware-other.rules) * 1:11310 <-> DISABLED <-> PUA-ADWARE Trickler iowa webdownloader - icq notification (snort3-pua-adware.rules) * 1:11311 <-> DISABLED <-> MALWARE-OTHER Keylogger pcsentinelsoftware Keylogger runtime detection - upload infor (snort3-malware-other.rules) * 1:11312 <-> DISABLED <-> MALWARE-OTHER Trackware uplink runtime detection (snort3-malware-other.rules) * 1:11314 <-> DISABLED <-> MALWARE-BACKDOOR shadownet remote spy 2.0 runtime detection (snort3-malware-backdoor.rules) * 1:11316 <-> DISABLED <-> MALWARE-BACKDOOR lurker 1.1 runtime detection - init connection (snort3-malware-backdoor.rules) * 1:11317 <-> DISABLED <-> MALWARE-BACKDOOR abremote pro 3.1 runtime detection - init connection (snort3-malware-backdoor.rules) * 1:11318 <-> DISABLED <-> MALWARE-BACKDOOR boer runtime detection - init connection (snort3-malware-backdoor.rules) * 1:11319 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - init connection request (snort3-malware-backdoor.rules) * 1:11320 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - reverse mode init connection request (snort3-malware-backdoor.rules) * 1:11321 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - udp broadcast (snort3-malware-backdoor.rules) * 1:11322 <-> ENABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (snort3-malware-backdoor.rules) * 1:11323 <-> DISABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (snort3-malware-backdoor.rules) * 1:11681 <-> DISABLED <-> SERVER-OTHER Openview Omni II command bypass attempt (snort3-server-other.rules) * 1:11682 <-> DISABLED <-> SERVER-OTHER niprint_lpd module attack attempt (snort3-server-other.rules) * 1:11684 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS overflow attempt (snort3-os-windows.rules) * 1:11816 <-> DISABLED <-> NETBIOS Session Service NetDDE attack (snort3-netbios.rules) * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (snort3-file-identify.rules) * 1:11843 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP spoolss AddPrinter overflow attempt (snort3-os-windows.rules) * 1:11945 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (snort3-netbios.rules) * 1:11946 <-> DISABLED <-> NETBIOS Datagram Service NetDDE attack (snort3-netbios.rules) * 1:11948 <-> DISABLED <-> PUA-TOOLBARS Hijacker snap toolbar runtime detection - cookie (snort3-pua-toolbars.rules) * 1:11949 <-> DISABLED <-> MALWARE-BACKDOOR lame rat v1.0 runtime detection (snort3-malware-backdoor.rules) * 1:11951 <-> DISABLED <-> MALWARE-BACKDOOR winshadow runtime detection - init connection request (snort3-malware-backdoor.rules) * 1:11952 <-> DISABLED <-> MALWARE-BACKDOOR winshadow runtime detection - udp response (snort3-malware-backdoor.rules) * 1:11953 <-> ENABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (snort3-malware-backdoor.rules) * 1:11954 <-> DISABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (snort3-malware-backdoor.rules) * 1:11955 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt (snort3-netbios.rules) * 1:11956 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt (snort3-netbios.rules) * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (snort3-netbios.rules) * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (snort3-netbios.rules) * 1:11959 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (snort3-netbios.rules) * 1:11960 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (snort3-netbios.rules) * 1:11961 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt (snort3-netbios.rules) * 1:11962 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt (snort3-netbios.rules) * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (snort3-netbios.rules) * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (snort3-netbios.rules) * 1:11968 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (snort3-protocol-voip.rules) * 1:11969 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (snort3-protocol-voip.rules) * 1:11972 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (snort3-protocol-voip.rules) * 1:11973 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (snort3-protocol-voip.rules) * 1:11975 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (snort3-protocol-voip.rules) * 1:11976 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (snort3-protocol-voip.rules) * 1:11977 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (snort3-protocol-voip.rules) * 1:11979 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (snort3-protocol-voip.rules) * 1:11980 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (snort3-protocol-voip.rules) * 1:11981 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (snort3-protocol-voip.rules) * 1:11982 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (snort3-protocol-voip.rules) * 1:11983 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (snort3-protocol-voip.rules) * 1:11984 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (snort3-protocol-voip.rules) * 1:11985 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (snort3-protocol-voip.rules) * 1:11986 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (snort3-protocol-voip.rules) * 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (snort3-protocol-voip.rules) * 1:11988 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (snort3-protocol-voip.rules) * 1:11989 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (snort3-protocol-voip.rules) * 1:11990 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (snort3-protocol-voip.rules) * 1:11991 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (snort3-protocol-voip.rules) * 1:11992 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (snort3-protocol-voip.rules) * 1:11993 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (snort3-protocol-voip.rules) * 1:11994 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (snort3-protocol-voip.rules) * 1:11995 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (snort3-protocol-voip.rules) * 1:11996 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (snort3-protocol-voip.rules) * 1:11997 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (snort3-protocol-voip.rules) * 1:11998 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (snort3-protocol-voip.rules) * 1:11999 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (snort3-protocol-voip.rules) * 1:12000 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (snort3-protocol-voip.rules) * 1:12001 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (snort3-protocol-voip.rules) * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (snort3-protocol-voip.rules) * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (snort3-protocol-voip.rules) * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (snort3-protocol-voip.rules) * 1:12005 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (snort3-protocol-voip.rules) * 1:12006 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (snort3-protocol-voip.rules) * 1:12007 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (snort3-protocol-voip.rules) * 1:12009 <-> DISABLED <-> SQL Firebird SQL Fbserver buffer overflow attempt (snort3-sql.rules) * 1:12031 <-> DISABLED <-> CONTENT-REPLACE MSN deny in-bound file transfer attempts (snort3-content-replace.rules) * 1:12032 <-> DISABLED <-> CONTENT-REPLACE MSN deny out-bound file transfer attempts (snort3-content-replace.rules) * 1:12033 <-> DISABLED <-> CONTENT-REPLACE Jabber deny in-bound file transfer attempts (snort3-content-replace.rules) * 1:12034 <-> DISABLED <-> CONTENT-REPLACE Jabber deny out-bound file transfer attempts (snort3-content-replace.rules) * 1:12035 <-> DISABLED <-> CONTENT-REPLACE IRC deny in-bound file transfer attempts (snort3-content-replace.rules) * 1:12036 <-> DISABLED <-> CONTENT-REPLACE IRC deny out-bound file transfer attempts (snort3-content-replace.rules) * 1:12037 <-> DISABLED <-> CONTENT-REPLACE AIM deny in-bound file transfer attempts (snort3-content-replace.rules) * 1:12038 <-> DISABLED <-> CONTENT-REPLACE AIM deny out-bound file transfer attempts (snort3-content-replace.rules) * 1:12039 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny in-bound file transfer attempts (snort3-content-replace.rules) * 1:12040 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny out-bound file transfer attempts (snort3-content-replace.rules) * 1:12041 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny in-bound file transfer attempts (snort3-content-replace.rules) * 1:12042 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny out-bound file transfer attempts (snort3-content-replace.rules) * 1:12043 <-> DISABLED <-> SERVER-IIS Microsoft XML parser IIS WebDAV attack attempt (snort3-server-iis.rules) * 1:12044 <-> DISABLED <-> SERVER-ORACLE Oracle Web Cache denial of service attempt (snort3-server-oracle.rules) * 1:12045 <-> DISABLED <-> SERVER-ORACLE Oracle Web Cache denial of service attempt (snort3-server-oracle.rules) * 1:12047 <-> DISABLED <-> PUA-ADWARE Adware yayad runtime detection (snort3-pua-adware.rules) * 1:12048 <-> DISABLED <-> MALWARE-OTHER Keylogger computer Keylogger runtime detection (snort3-malware-other.rules) * 1:12049 <-> DISABLED <-> MALWARE-OTHER Keylogger apophis spy 1.0 runtime detection (snort3-malware-other.rules) * 1:12050 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-greets toolbar runtime detection (snort3-pua-toolbars.rules) * 1:12051 <-> DISABLED <-> MALWARE-BACKDOOR ultimate rat 2.1 runtime detection (snort3-malware-backdoor.rules) * 1:12052 <-> DISABLED <-> MALWARE-BACKDOOR the[x] 1.2 runtime detection - execute command (snort3-malware-backdoor.rules) * 1:12053 <-> DISABLED <-> MALWARE-BACKDOOR trail of destruction 2.0 runtime detection - get system info (snort3-malware-backdoor.rules) * 1:12054 <-> ENABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection - flowbit set (snort3-malware-backdoor.rules) * 1:12055 <-> DISABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection (snort3-malware-backdoor.rules) * 1:12058 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SPNEGO ASN.1 library heap corruption overflow attempt (snort3-os-windows.rules) * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (snort3-policy-other.rules) * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (snort3-policy-other.rules) * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (snort3-policy-other.rules) * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (snort3-policy-other.rules) * 1:12073 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (snort3-protocol-voip.rules) * 1:12074 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (snort3-protocol-voip.rules) * 1:12080 <-> DISABLED <-> OS-SOLARIS Oracle Solaris printd arbitrary file deletion vulnerability (snort3-os-solaris.rules) * 1:12082 <-> DISABLED <-> SERVER-ORACLE Oracle 9i TNS denial of service attempt (snort3-server-oracle.rules) * 1:12112 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (snort3-protocol-voip.rules) * 1:12113 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (snort3-protocol-voip.rules) * 1:12120 <-> DISABLED <-> PUA-ADWARE Adware pprich runtime detection - version check (snort3-pua-adware.rules) * 1:12121 <-> DISABLED <-> PUA-ADWARE Adware pprich runtime detection - udp info sent out (snort3-pua-adware.rules) * 1:12122 <-> DISABLED <-> PUA-TOOLBARS Trackware spynova runtime detection (snort3-pua-toolbars.rules) * 1:12123 <-> DISABLED <-> PUA-ADWARE Hijacker lookquick outbound connection - hijack ie (snort3-pua-adware.rules) * 1:12124 <-> DISABLED <-> PUA-ADWARE Hijacker lookquick outbound connection - monitor and collect user info (snort3-pua-adware.rules) * 1:12125 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - hijack ie search assistant (snort3-pua-toolbars.rules) * 1:12126 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - collect user information (snort3-pua-toolbars.rules) * 1:12127 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - ads (snort3-pua-toolbars.rules) * 1:12128 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - init connection (snort3-malware-other.rules) * 1:12129 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (snort3-malware-other.rules) * 1:12130 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (snort3-malware-other.rules) * 1:12131 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (snort3-malware-other.rules) * 1:12132 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (snort3-malware-other.rules) * 1:12133 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (snort3-malware-other.rules) * 1:12134 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (snort3-malware-other.rules) * 1:12135 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (snort3-malware-other.rules) * 1:12136 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (snort3-malware-other.rules) * 1:12137 <-> DISABLED <-> MALWARE-OTHER Keylogger Keylogger king home 2.3 runtime detection (snort3-malware-other.rules) * 1:12138 <-> DISABLED <-> PUA-ADWARE Adware zamingo runtime detection (snort3-pua-adware.rules) * 1:12139 <-> DISABLED <-> MALWARE-OTHER Trackware stealth website logger 3.4 runtime detection (snort3-malware-other.rules) * 1:12140 <-> DISABLED <-> PUA-ADWARE Hijacker cnnic update outbound connection (snort3-pua-adware.rules) * 1:12141 <-> DISABLED <-> MALWARE-OTHER Keylogger logit v1.0 runtime detection (snort3-malware-other.rules) * 1:12142 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (snort3-malware-backdoor.rules) * 1:12143 <-> DISABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (snort3-malware-backdoor.rules) * 1:12144 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (snort3-malware-backdoor.rules) * 1:12145 <-> DISABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (snort3-malware-backdoor.rules) * 1:12146 <-> ENABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (snort3-malware-backdoor.rules) * 1:12147 <-> DISABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (snort3-malware-backdoor.rules) * 1:12148 <-> ENABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (snort3-malware-backdoor.rules) * 1:12149 <-> DISABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (snort3-malware-backdoor.rules) * 1:12150 <-> ENABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection - init connection (snort3-malware-backdoor.rules) * 1:12151 <-> DISABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection (snort3-malware-backdoor.rules) * 1:12152 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - init connection (snort3-malware-backdoor.rules) * 1:12153 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (snort3-malware-backdoor.rules) * 1:12154 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (snort3-malware-backdoor.rules) * 1:12155 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (snort3-malware-backdoor.rules) * 1:12156 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (snort3-malware-backdoor.rules) * 1:12157 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (snort3-malware-backdoor.rules) * 1:12158 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (snort3-malware-backdoor.rules) * 1:12159 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - keylogging (snort3-malware-backdoor.rules) * 1:12160 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (snort3-malware-backdoor.rules) * 1:12161 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (snort3-malware-backdoor.rules) * 1:12162 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (snort3-malware-backdoor.rules) * 1:12163 <-> ENABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (snort3-malware-backdoor.rules) * 1:12164 <-> DISABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (snort3-malware-backdoor.rules) * 1:12167 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (snort3-protocol-voip.rules) * 1:12170 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (snort3-protocol-voip.rules) * 1:12171 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (snort3-protocol-voip.rules) * 1:12172 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (snort3-protocol-voip.rules) * 1:12173 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (snort3-protocol-voip.rules) * 1:12174 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (snort3-protocol-voip.rules) * 1:12175 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (snort3-protocol-voip.rules) * 1:12176 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (snort3-protocol-voip.rules) * 1:12177 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (snort3-protocol-voip.rules) * 1:12178 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (snort3-protocol-voip.rules) * 1:12179 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (snort3-protocol-voip.rules) * 1:12180 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (snort3-protocol-voip.rules) * 1:12181 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (snort3-protocol-voip.rules) * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (snort3-file-identify.rules) * 1:12209 <-> ENABLED <-> PUA-P2P P2PTv TVAnt udp traffic detected (snort3-pua-p2p.rules) * 1:12210 <-> ENABLED <-> PUA-P2P P2PTv TVAnts TCP tracker connect traffic detected (snort3-pua-p2p.rules) * 1:12211 <-> ENABLED <-> PUA-P2P P2PTv TVAnts TCP connection traffic detected (snort3-pua-p2p.rules) * 1:12220 <-> DISABLED <-> SERVER-OTHER IBM Informix Dynamic Server long username buffer overflow attempt (snort3-server-other.rules) * 1:12224 <-> DISABLED <-> PUA-ADWARE Adware enbrowser snackman runtime detection (snort3-pua-adware.rules) * 1:12225 <-> DISABLED <-> PUA-TOOLBARS Adware zango2007 toolbar runtime detection (snort3-pua-toolbars.rules) * 1:12226 <-> DISABLED <-> MALWARE-OTHER Keylogger overspy runtime detection (snort3-malware-other.rules) * 1:12227 <-> DISABLED <-> PUA-TOOLBARS Trackware snap ultrasearch/desktop toolbar runtime detection - search (snort3-pua-toolbars.rules) * 1:12228 <-> DISABLED <-> PUA-TOOLBARS Trackware snap ultrasearch/desktop toolbar runtime detection - cookie (snort3-pua-toolbars.rules) * 1:12229 <-> DISABLED <-> PUA-ADWARE Adware vroomsearch runtime detection (snort3-pua-adware.rules) * 1:12230 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool hippynotify 2.0 runtime detection (snort3-malware-tools.rules) * 1:12231 <-> DISABLED <-> PUA-ADWARE Adware vroomsearch runtime detection (snort3-pua-adware.rules) * 1:12232 <-> DISABLED <-> PUA-ADWARE Adware errorsafe runtime detection (snort3-pua-adware.rules) * 1:12233 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (snort3-malware-backdoor.rules) * 1:12234 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (snort3-malware-backdoor.rules) * 1:12235 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (snort3-malware-backdoor.rules) * 1:12236 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (snort3-malware-backdoor.rules) * 1:12237 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (snort3-malware-backdoor.rules) * 1:12238 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (snort3-malware-backdoor.rules) * 1:12239 <-> DISABLED <-> MALWARE-BACKDOOR webcenter v1.0 Backdoor - init connection (snort3-malware-backdoor.rules) * 1:12240 <-> ENABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (snort3-malware-backdoor.rules) * 1:12241 <-> DISABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (snort3-malware-backdoor.rules) * 1:12242 <-> ENABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (snort3-malware-backdoor.rules) * 1:12243 <-> DISABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (snort3-malware-backdoor.rules) * 1:12244 <-> DISABLED <-> MALWARE-BACKDOOR itadem trojan 3.0 runtime detection (snort3-malware-backdoor.rules) * 1:12245 <-> DISABLED <-> MALWARE-BACKDOOR furax 1.0 b3 runtime detection (snort3-malware-backdoor.rules) * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (snort3-file-identify.rules) * 1:12287 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - ebrss request (snort3-pua-toolbars.rules) * 1:12288 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - hijack ie searches (snort3-pua-toolbars.rules) * 1:12289 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - get updates (snort3-pua-toolbars.rules) * 1:12290 <-> DISABLED <-> PUA-ADWARE Hijacker newdotnet quick! search outbound connection (snort3-pua-adware.rules) * 1:12291 <-> DISABLED <-> PUA-TOOLBARS Trackware vmn toolbar runtime detection (snort3-pua-toolbars.rules) * 1:12292 <-> DISABLED <-> PUA-TOOLBARS Hijacker morpheus toolbar runtime detection - hijack/search (snort3-pua-toolbars.rules) * 1:12293 <-> DISABLED <-> PUA-TOOLBARS Hijacker morpheus toolbar runtime detection - get cfg info (snort3-pua-toolbars.rules) * 1:12294 <-> DISABLED <-> PUA-TOOLBARS Hijacker 3search runtime detection - counter (snort3-pua-toolbars.rules) * 1:12295 <-> DISABLED <-> PUA-ADWARE Hijacker 3search outbound connection - hijacking (snort3-pua-adware.rules) * 1:12296 <-> DISABLED <-> PUA-TOOLBARS Hijacker 3search runtime detection - update (snort3-pua-toolbars.rules) * 1:12297 <-> ENABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (snort3-malware-backdoor.rules) * 1:12298 <-> DISABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (snort3-malware-backdoor.rules) * 1:12299 <-> DISABLED <-> OS-OTHER Cisco NHRP incorrect packet size (snort3-os-other.rules) * 1:12300 <-> DISABLED <-> OS-OTHER Cisco NHRP incorrect packet size (snort3-os-other.rules) * 1:12303 <-> DISABLED <-> POLICY-SOCIAL Google Chat web client connection (snort3-policy-social.rules) * 1:12304 <-> DISABLED <-> POLICY-SOCIAL AOL Instant Messenger web client connection (snort3-policy-social.rules) * 1:12305 <-> DISABLED <-> POLICY-SOCIAL Yahoo Messenger web client connection (snort3-policy-social.rules) * 1:12306 <-> DISABLED <-> POLICY-SOCIAL Microsoft Messenger web client connection (snort3-policy-social.rules) * 1:12357 <-> DISABLED <-> SERVER-OTHER Apple mDNSresponder excessive HTTP headers (snort3-server-other.rules) * 1:12359 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk data length field overflow attempt (snort3-protocol-voip.rules) * 1:12361 <-> DISABLED <-> PUA-ADWARE Infostealer.Monstres outbound connection (snort3-pua-adware.rules) * 1:12363 <-> DISABLED <-> PUA-ADWARE Other-Technologies malware-stopper outbound connection (snort3-pua-adware.rules) * 1:12364 <-> DISABLED <-> PUA-TOOLBARS Hijacker proventactics 3.5 runtime detection - get cfg information (snort3-pua-toolbars.rules) * 1:12365 <-> DISABLED <-> PUA-ADWARE Hijacker proventactics 3.5 outbound connection - redirect searches (snort3-pua-adware.rules) * 1:12366 <-> DISABLED <-> PUA-TOOLBARS Hijacker proventactics 3.5 runtime detection - toolbar search function (snort3-pua-toolbars.rules) * 1:12367 <-> DISABLED <-> PUA-ADWARE Hijacker imesh mediabar outbound connection - hijack ie searches (snort3-pua-adware.rules) * 1:12368 <-> DISABLED <-> PUA-ADWARE Hijacker imesh mediabar outbound connection - hijack ie side search (snort3-pua-adware.rules) * 1:12369 <-> DISABLED <-> PUA-ADWARE Hijacker imesh mediabar outbound connection - collect user information (snort3-pua-adware.rules) * 1:12370 <-> DISABLED <-> PUA-TOOLBARS Hijacker imesh mediabar runtime detection - auto update (snort3-pua-toolbars.rules) * 1:12372 <-> DISABLED <-> MALWARE-OTHER Keylogger mg-shadow 2.0 runtime detection (snort3-malware-other.rules) * 1:12373 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (snort3-malware-backdoor.rules) * 1:12374 <-> DISABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (snort3-malware-backdoor.rules) * 1:12375 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (snort3-malware-backdoor.rules) * 1:12376 <-> DISABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (snort3-malware-backdoor.rules) * 1:12377 <-> ENABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (snort3-malware-backdoor.rules) * 1:12378 <-> DISABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (snort3-malware-backdoor.rules) * 1:12379 <-> DISABLED <-> MALWARE-OTHER Keylogger PaqKeylogger 5.1 runtime detection - ftp (snort3-malware-other.rules) * 1:12390 <-> DISABLED <-> POLICY-SOCIAL Yahoo Webmail client chat applet (snort3-policy-social.rules) * 1:12391 <-> DISABLED <-> POLICY-SOCIAL Google Webmail client chat applet (snort3-policy-social.rules) * 1:12421 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long transport header (snort3-server-other.rules) * 1:12422 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long describe request exploit attempt (snort3-server-other.rules) * 1:12425 <-> DISABLED <-> PUA-P2P Ruckus P2P client activity (snort3-pua-p2p.rules) * 1:12426 <-> DISABLED <-> PUA-P2P Ruckus P2P broadcast domain probe (snort3-pua-p2p.rules) * 1:12427 <-> DISABLED <-> PUA-P2P Ruckus P2P encrypted authentication connection (snort3-pua-p2p.rules) * 1:12436 <-> DISABLED <-> POLICY-MULTIMEDIA Youtube video player file request (snort3-policy-multimedia.rules) * 1:12437 <-> DISABLED <-> POLICY-MULTIMEDIA Google video player request (snort3-policy-multimedia.rules) * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (snort3-file-identify.rules) * 1:12455 <-> ENABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (snort3-file-identify.rules) * 1:12457 <-> DISABLED <-> POLICY-SOCIAL Microsoft Live chat video feed initiation (snort3-policy-social.rules) * 1:12458 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt (snort3-protocol-rpc.rules) * 1:12464 <-> DISABLED <-> PROTOCOL-NNTP cancel overflow attempt (snort3-protocol-nntp.rules) * 1:12465 <-> DISABLED <-> SERVER-APACHE Apache APR memory corruption attempt (snort3-server-apache.rules) * 1:12480 <-> ENABLED <-> MALWARE-OTHER Keylogger inside website logger 2.4 runtime detection (snort3-malware-other.rules) * 1:12481 <-> DISABLED <-> PUA-TOOLBARS Hijacker 411web toolbar runtime detection (snort3-pua-toolbars.rules) * 1:12483 <-> DISABLED <-> PUA-ADWARE Other-Technologies virusprotectpro 3.7 outbound connection (snort3-pua-adware.rules) * 1:12484 <-> DISABLED <-> PUA-ADWARE Adware instant buzz runtime detection - ads for members (snort3-pua-adware.rules) * 1:12485 <-> DISABLED <-> PUA-ADWARE Adware instant buzz runtime detection - random text ads (snort3-pua-adware.rules) * 1:12486 <-> DISABLED <-> PUA-TOOLBARS Hijacker soso toolbar runtime detection - get weather information (snort3-pua-toolbars.rules) * 1:12487 <-> DISABLED <-> PUA-TOOLBARS Hijacker soso toolbar runtime detection - hijack ie auto searches / soso toolbar searches requests (snort3-pua-toolbars.rules) * 1:12593 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Apple Quicktime chrome exploit (snort3-browser-firefox.rules) * 1:12594 <-> DISABLED <-> SERVER-OTHER Oracle TNS Service_CurLoad command (snort3-server-other.rules) * 1:12597 <-> DISABLED <-> SERVER-OTHER utf8 filename transfer attempt (snort3-server-other.rules) * 1:12608 <-> DISABLED <-> PROTOCOL-RPC portmap walld udp request (snort3-protocol-rpc.rules) * 1:12609 <-> DISABLED <-> PROTOCOL-RPC portmap walld udp format string attack attempt (snort3-protocol-rpc.rules) * 1:12611 <-> DISABLED <-> POLICY-SOCIAL ebuddy.com login attempt (snort3-policy-social.rules) * 1:12619 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange ical/vcal malformed property (snort3-server-mail.rules) * 1:12620 <-> DISABLED <-> PUA-ADWARE Adware drive cleaner 1.0.111 runtime detection (snort3-pua-adware.rules) * 1:12621 <-> DISABLED <-> PUA-TOOLBARS Trackware extra toolbar 1.0 runtime detection (snort3-pua-toolbars.rules) * 1:12622 <-> DISABLED <-> PUA-TOOLBARS Trackware extra toolbar 1.0 runtime detection - file download (snort3-pua-toolbars.rules) * 1:12623 <-> DISABLED <-> PUA-ADWARE Hijacker onestepsearch 1.0.118 outbound connection (snort3-pua-adware.rules) * 1:12624 <-> DISABLED <-> PUA-ADWARE Hijacker onestepsearch 1.0.118 outbound connection - upgrade (snort3-pua-adware.rules) * 1:12625 <-> DISABLED <-> MALWARE-OTHER Keylogger windows family safety 2.0 runtime detection (snort3-malware-other.rules) * 1:12626 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmap sadmin port query request attempt (snort3-protocol-rpc.rules) * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (snort3-protocol-rpc.rules) * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (snort3-protocol-rpc.rules) * 1:12652 <-> DISABLED <-> PUA-ADWARE Hijacker new.net domain 7.2.2 outbound connection - hijack browser (snort3-pua-adware.rules) * 1:12653 <-> DISABLED <-> PUA-ADWARE Hijacker new.net domain 7.2.2 outbound connection - download code (snort3-pua-adware.rules) * 1:12654 <-> DISABLED <-> PUA-ADWARE Hijacker rabio 4.2 outbound connection - hijack browser (snort3-pua-adware.rules) * 1:12655 <-> DISABLED <-> PUA-ADWARE Hijacker rabio 4.2 outbound connection - download updates (snort3-pua-adware.rules) * 1:12656 <-> DISABLED <-> PUA-ADWARE Adware icoo loader 2.5 runtime detection 1 (snort3-pua-adware.rules) * 1:12657 <-> DISABLED <-> PUA-ADWARE Adware icoo loader 2.5 runtime detection 2 (snort3-pua-adware.rules) * 1:12658 <-> DISABLED <-> PUA-ADWARE Adware winantivirus pro 2007 runtime detection (snort3-pua-adware.rules) * 1:12659 <-> DISABLED <-> PUA-ADWARE Trickler zlob media codec outbound connection - automatic updates (snort3-pua-adware.rules) * 1:12660 <-> DISABLED <-> PUA-ADWARE Trickler zlob media codec outbound connection - download redirect domains (snort3-pua-adware.rules) * 1:12672 <-> DISABLED <-> PUA-TOOLBARS Trackware searchmiracle elitebar runtime detection - get ads (snort3-pua-toolbars.rules) * 1:12675 <-> DISABLED <-> MALWARE-BACKDOOR Versi TheTheef Detection (snort3-malware-backdoor.rules) * 1:12676 <-> DISABLED <-> PUA-ADWARE Conspy Update Checking Detected (snort3-pua-adware.rules) * 1:12677 <-> DISABLED <-> PUA-ADWARE Adware ISTBar runtime detection - softwares (snort3-pua-adware.rules) * 1:12678 <-> DISABLED <-> PUA-ADWARE SpyTech Realtime Spy Detection (snort3-pua-adware.rules) * 1:12679 <-> DISABLED <-> PUA-TOOLBARS Trackware myway speedbar / mywebsearch toolbar user-agent detection (snort3-pua-toolbars.rules) * 1:12680 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (snort3-protocol-voip.rules) * 1:12681 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (snort3-protocol-voip.rules) * 1:12682 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (snort3-protocol-voip.rules) * 1:12683 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (snort3-protocol-voip.rules) * 1:12684 <-> DISABLED <-> MALWARE-BACKDOOR Sygate Remote Administration Engine (snort3-malware-backdoor.rules) * 1:12686 <-> DISABLED <-> POLICY-SOCIAL AIM Express usage (snort3-policy-social.rules) * 1:12691 <-> DISABLED <-> PUA-P2P Outbound Joltid PeerEnabler traffic detected (snort3-pua-p2p.rules) * 1:12693 <-> DISABLED <-> PUA-ADWARE Hijacker personalweb outbound connection (snort3-pua-adware.rules) * 1:12694 <-> DISABLED <-> PUA-ADWARE Adware avsystemcare runtime detection (snort3-pua-adware.rules) * 1:12695 <-> DISABLED <-> PUA-ADWARE Adware coopen 3.6.1 runtime detection - initial connection (snort3-pua-adware.rules) * 1:12696 <-> DISABLED <-> PUA-ADWARE Adware coopen 3.6.1 runtime detection - automatic upgrade (snort3-pua-adware.rules) * 1:12697 <-> DISABLED <-> MALWARE-OTHER Trackware browser accelerator runtime detection - pass user information to server (snort3-malware-other.rules) * 1:12698 <-> DISABLED <-> MALWARE-OTHER Keylogger net vizo 5.2 runtime detection (snort3-malware-other.rules) * 1:12699 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (snort3-malware-backdoor.rules) * 1:12700 <-> DISABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (snort3-malware-backdoor.rules) * 1:12704 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer MIFFILE comment overflow (snort3-server-mail.rules) * 1:12705 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer statement overflow (snort3-server-mail.rules) * 1:12710 <-> DISABLED <-> SERVER-OTHER ASN.1 constructed bit string (snort3-server-other.rules) * 1:12711 <-> DISABLED <-> SERVER-APACHE Apache Tomcat WebDAV system tag remote file disclosure attempt (snort3-server-apache.rules) * 1:12712 <-> DISABLED <-> PROTOCOL-SNMP oversized sysName set request (snort3-protocol-snmp.rules) * 1:12718 <-> DISABLED <-> PUA-ADWARE Hijacker side find 1.0 outbound connection - initial connection (snort3-pua-adware.rules) * 1:12719 <-> DISABLED <-> PUA-ADWARE Hijacker side find 1.0 outbound connection - hijacks search engine (snort3-pua-adware.rules) * 1:12720 <-> DISABLED <-> PUA-ADWARE Adware pestbot runtime detection - update (snort3-pua-adware.rules) * 1:12721 <-> DISABLED <-> PUA-ADWARE Adware pestbot runtime detection - purchase (snort3-pua-adware.rules) * 1:12722 <-> DISABLED <-> PUA-ADWARE Hijacker sexyvideoscreensaver outbound connection (snort3-pua-adware.rules) * 1:12724 <-> ENABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (snort3-malware-backdoor.rules) * 1:12725 <-> DISABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (snort3-malware-backdoor.rules) * 1:12726 <-> ENABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (snort3-malware-backdoor.rules) * 1:12727 <-> DISABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (snort3-malware-backdoor.rules) * 1:12758 <-> ENABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (snort3-malware-other.rules) * 1:12759 <-> DISABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (snort3-malware-other.rules) * 1:12760 <-> ENABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (snort3-malware-other.rules) * 1:12761 <-> DISABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (snort3-malware-other.rules) * 1:12789 <-> DISABLED <-> PUA-ADWARE Adware sunshine spy 1.0 runtime detection - check update (snort3-pua-adware.rules) * 1:12790 <-> DISABLED <-> MALWARE-OTHER Trackware partypoker runtime detection (snort3-malware-other.rules) * 1:12791 <-> DISABLED <-> PUA-TOOLBARS Adware gophoria toolbar runtime detection (snort3-pua-toolbars.rules) * 1:12792 <-> ENABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (snort3-malware-other.rules) * 1:12793 <-> DISABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (snort3-malware-other.rules) * 1:12794 <-> DISABLED <-> PUA-ADWARE Hijacker gralicwrap outbound connection - search frauddb process (snort3-pua-adware.rules) * 1:12795 <-> DISABLED <-> PUA-ADWARE Hijacker gralicwrap outbound connection - display frauddb information (snort3-pua-adware.rules) * 1:12796 <-> DISABLED <-> PUA-TOOLBARS Trackware happytofind toolbar runtime detection (snort3-pua-toolbars.rules) * 1:12797 <-> DISABLED <-> PUA-ADWARE Adware x-con spyware destroyer eh 3.2.8 runtime detection (snort3-pua-adware.rules) * 1:12801 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (snort3-indicator-shellcode.rules) * 1:12808 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss OpenPrinter overflow attempt (snort3-netbios.rules) * 1:12946 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS SMBv2 protocol negotiation attempt (snort3-os-windows.rules) * 1:12947 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB SMBv2 protocol negotiation attempt (snort3-os-windows.rules) * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (snort3-file-identify.rules) * 1:13236 <-> ENABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (snort3-malware-other.rules) * 1:13237 <-> DISABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (snort3-malware-other.rules) * 1:13238 <-> DISABLED <-> PUA-ADWARE Adware adult p2p 1.5 runtime detection (snort3-pua-adware.rules) * 1:13239 <-> DISABLED <-> PUA-TOOLBARS Hijacker blue wave adult links toolbar runtime detection (snort3-pua-toolbars.rules) * 1:13240 <-> DISABLED <-> PUA-ADWARE Adware live protection 2.1 runtime detection - redirects to purchase page (snort3-pua-adware.rules) * 1:13241 <-> DISABLED <-> PUA-ADWARE Adware live protection 2.1 runtime detection - application updates (snort3-pua-adware.rules) * 1:13242 <-> DISABLED <-> PUA-ADWARE Adware netpumper 1.26 runtime detection (snort3-pua-adware.rules) * 1:13243 <-> ENABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (snort3-malware-other.rules) * 1:13244 <-> DISABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (snort3-malware-other.rules) * 1:13246 <-> DISABLED <-> MALWARE-BACKDOOR troya 1.4 inbound connection (snort3-malware-backdoor.rules) * 1:13247 <-> ENABLED <-> MALWARE-BACKDOOR yuri 1.2 runtime detection - init connection (snort3-malware-backdoor.rules) * 1:13277 <-> DISABLED <-> PUA-ADWARE Adware netword agent runtime detection (snort3-pua-adware.rules) * 1:13278 <-> ENABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (snort3-malware-other.rules) * 1:13279 <-> DISABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (snort3-malware-other.rules) * 1:13280 <-> ENABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (snort3-malware-other.rules) * 1:13281 <-> DISABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (snort3-malware-other.rules) * 1:13282 <-> DISABLED <-> PUA-TOOLBARS Adware jily ie toolbar runtime detection (snort3-pua-toolbars.rules) * 1:13283 <-> DISABLED <-> PUA-ADWARE Hijacker dreambar outbound connection (snort3-pua-adware.rules) * 1:13284 <-> DISABLED <-> PUA-ADWARE Adware netguarder web cleaner runtime detection (snort3-pua-adware.rules) * 1:13285 <-> DISABLED <-> PUA-ADWARE Hijacker phazebar outbound connection (snort3-pua-adware.rules) * 1:13286 <-> DISABLED <-> PUA-ADWARE Adware 3wplayer 1.7 runtime detection (snort3-pua-adware.rules) * 1:13339 <-> DISABLED <-> PUA-TOOLBARS Hijacker direct toolbar runtime detection (snort3-pua-toolbars.rules) * 1:13340 <-> DISABLED <-> PUA-ADWARE Hijacker search4top outbound connection - hijack ie searches and error pages (snort3-pua-adware.rules) * 1:13341 <-> DISABLED <-> PUA-ADWARE Hijacker search4top outbound connection - popup ads (snort3-pua-adware.rules) * 1:13342 <-> DISABLED <-> PUA-TOOLBARS Hijacker ditto toolbar runtime detection (snort3-pua-toolbars.rules) * 1:13343 <-> DISABLED <-> PUA-ADWARE Adware 2005-search loader runtime detection (snort3-pua-adware.rules) * 1:13344 <-> DISABLED <-> PUA-ADWARE Adware yourprivacyguard runtime detection - presale request (snort3-pua-adware.rules) * 1:13345 <-> DISABLED <-> PUA-ADWARE Adware yourprivacyguard runtime detection - update (snort3-pua-adware.rules) * 1:13346 <-> ENABLED <-> PUA-ADWARE Snoopware remote desktop inspector outbound connection - init connection (snort3-pua-adware.rules) * 1:13347 <-> DISABLED <-> PUA-ADWARE Snoopware remote desktop inspector runtime detection - init connection (snort3-pua-adware.rules) * 1:13357 <-> DISABLED <-> SERVER-MYSQL failed Oracle Mysql login attempt (snort3-server-mysql.rules) * 1:13358 <-> DISABLED <-> SERVER-MYSQL Oracle Mysql login attempt from unauthorized location (snort3-server-mysql.rules) * 1:13359 <-> DISABLED <-> APP-DETECT failed IMAP login attempt - invalid username/password (snort3-app-detect.rules) * 1:13360 <-> DISABLED <-> APP-DETECT failed FTP login attempt (snort3-app-detect.rules) * 1:13367 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss GetPrinterData attempt (snort3-netbios.rules) * 1:13415 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (snort3-server-other.rules) * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (snort3-file-identify.rules) * 1:13471 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher invalid pathname overwrite attempt (snort3-file-office.rules) * 1:13477 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.collectEmailInfo exploit attempt - compressed (snort3-file-pdf.rules) * 1:13478 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.collectEmailInfo exploit attempt (snort3-file-pdf.rules) * 1:13479 <-> ENABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (snort3-malware-other.rules) * 1:13480 <-> DISABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (snort3-malware-other.rules) * 1:13481 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - hijacks search engine (snort3-pua-toolbars.rules) * 1:13482 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - discloses information (snort3-pua-toolbars.rules) * 1:13483 <-> ENABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (snort3-pua-toolbars.rules) * 1:13484 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (snort3-pua-toolbars.rules) * 1:13485 <-> DISABLED <-> PUA-TOOLBARS Hijacker sofa toolbar runtime detection - hijacks search engine (snort3-pua-toolbars.rules) * 1:13486 <-> DISABLED <-> PUA-TOOLBARS Hijacker sofa toolbar runtime detection - records search information (snort3-pua-toolbars.rules) * 1:13487 <-> DISABLED <-> PUA-ADWARE Adware elite protector runtime detection (snort3-pua-adware.rules) * 1:13488 <-> DISABLED <-> PUA-TOOLBARS Hijacker people pal toolbar runtime detection - automatic upgrade (snort3-pua-toolbars.rules) * 1:13489 <-> DISABLED <-> PUA-TOOLBARS Hijacker people pal toolbar runtime detection - traffic for searching (snort3-pua-toolbars.rules) * 1:13490 <-> DISABLED <-> PUA-ADWARE Adware spy shredder 2.1 runtime detection - presale request (snort3-pua-adware.rules) * 1:13491 <-> DISABLED <-> PUA-ADWARE Adware spy shredder 2.1 runtime detection - update (snort3-pua-adware.rules) * 1:13492 <-> DISABLED <-> PUA-TOOLBARS Hijacker deepdo toolbar runtime detection - redirects search engine (snort3-pua-toolbars.rules) * 1:13493 <-> DISABLED <-> PUA-TOOLBARS Hijacker deepdo toolbar runtime detection - automatic update (snort3-pua-toolbars.rules) * 1:13494 <-> DISABLED <-> MALWARE-OTHER Keylogger smart pc Keylogger runtime detection (snort3-malware-other.rules) * 1:13495 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - initial traffic 1 (snort3-pua-toolbars.rules) * 1:13496 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - initial traffic 2 (snort3-pua-toolbars.rules) * 1:13497 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - tracking traffic (snort3-pua-toolbars.rules) * 1:13498 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - search traffic 1 (snort3-pua-adware.rules) * 1:13499 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - search traffic 2 (snort3-pua-adware.rules) * 1:13500 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - log information (snort3-pua-adware.rules) * 1:13501 <-> DISABLED <-> PUA-ADWARE Adware contravirus runtime detection - presale request (snort3-pua-adware.rules) * 1:13502 <-> DISABLED <-> PUA-ADWARE Adware contravirus runtime detection - update (snort3-pua-adware.rules) * 1:13503 <-> DISABLED <-> PUA-TOOLBARS Hijacker dealio toolbar runtime detection user-agent detected (snort3-pua-toolbars.rules) * 1:13504 <-> DISABLED <-> PUA-ADWARE Adware iedefender runtime detection - presale request (snort3-pua-adware.rules) * 1:13505 <-> DISABLED <-> PUA-ADWARE Adware iedefender runtime detection - update (snort3-pua-adware.rules) * 1:13506 <-> ENABLED <-> MALWARE-BACKDOOR evilotus 1.3.2 runtime detection - init connection (snort3-malware-backdoor.rules) * 1:13515 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (snort3-file-multimedia.rules) * 1:13556 <-> DISABLED <-> PUA-ADWARE Hijacker kword interkey outbound connection - search traffic 1 (snort3-pua-adware.rules) * 1:13557 <-> DISABLED <-> PUA-ADWARE Hijacker kword interkey outbound connection - search traffic 2 (snort3-pua-adware.rules) * 1:13558 <-> DISABLED <-> PUA-ADWARE Hijacker kword interkey outbound connection - log user info (snort3-pua-adware.rules) * 1:13559 <-> DISABLED <-> PUA-TOOLBARS Hijacker kompass toolbar runtime detection - initial connection (snort3-pua-toolbars.rules) * 1:13560 <-> DISABLED <-> PUA-TOOLBARS Hijacker kompass toolbar runtime detection - search traffic (snort3-pua-toolbars.rules) * 1:13561 <-> DISABLED <-> PUA-ADWARE Adware malware alarm runtime detection - presale request (snort3-pua-adware.rules) * 1:13562 <-> DISABLED <-> PUA-ADWARE Adware malware alarm runtime detection - update request (snort3-pua-adware.rules) * 1:13563 <-> DISABLED <-> PUA-ADWARE Adware system doctor runtime detection - presale request (snort3-pua-adware.rules) * 1:13564 <-> DISABLED <-> PUA-ADWARE Adware system doctor runtime detection - update status (snort3-pua-adware.rules) * 1:13565 <-> DISABLED <-> PUA-ADWARE Trickler iecodec outbound connection - initial traffic (snort3-pua-adware.rules) * 1:13566 <-> DISABLED <-> PUA-ADWARE Trickler iecodec outbound connection - message dialog (snort3-pua-adware.rules) * 1:13567 <-> DISABLED <-> MALWARE-OTHER Keylogger msn spy monitor runtime detection (snort3-malware-other.rules) * 1:13568 <-> DISABLED <-> MALWARE-OTHER Keylogger sys keylog 1.3 advanced runtime detection (snort3-malware-other.rules) * 1:13586 <-> DISABLED <-> APP-DETECT SSH server detected on non-standard port (snort3-app-detect.rules) * 1:13589 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via header request misplaced - after terminating newline (snort3-protocol-voip.rules) * 1:13590 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (snort3-protocol-voip.rules) * 1:13594 <-> DISABLED <-> OS-WINDOWS Microsoft Windows print spooler little endian DoS attempt (snort3-os-windows.rules) * 1:13613 <-> DISABLED <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt (snort3-os-solaris.rules) * 1:13614 <-> DISABLED <-> SERVER-OTHER CVS Argument overflow attempt (snort3-server-other.rules) * 1:13615 <-> DISABLED <-> SERVER-OTHER CVS Argument overflow attempt (snort3-server-other.rules) * 1:13616 <-> DISABLED <-> SERVER-OTHER CVS Argument overflow (snort3-server-other.rules) * 1:13617 <-> DISABLED <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt (snort3-server-oracle.rules) * 1:13618 <-> DISABLED <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt (snort3-server-oracle.rules) * 1:13620 <-> DISABLED <-> SERVER-OTHER CA Brightstor discovery service alternate buffer overflow attempt (snort3-server-other.rules) * 1:13632 <-> DISABLED <-> SERVER-OTHER Zango adware installation request (snort3-server-other.rules) * 1:13635 <-> DISABLED <-> PUA-ADWARE Trickler downloader trojan.gen outbound connection - get malicious link (snort3-pua-adware.rules) * 1:13636 <-> DISABLED <-> PUA-ADWARE Trickler downloader trojan.gen outbound connection - download malicious link (snort3-pua-adware.rules) * 1:13637 <-> DISABLED <-> PUA-ADWARE Adware virus heat runtime detection - presale request (snort3-pua-adware.rules) * 1:13639 <-> DISABLED <-> PUA-TOOLBARS Hijacker locmag toolbar runtime detection - connection to toolbar (snort3-pua-toolbars.rules) * 1:13640 <-> DISABLED <-> PUA-TOOLBARS Hijacker locmag toolbar runtime detection - hijacks address bar (snort3-pua-toolbars.rules) * 1:13641 <-> DISABLED <-> PUA-TOOLBARS Hijacker eclickz toolbar runtime detection - search traffic (snort3-pua-toolbars.rules) * 1:13642 <-> DISABLED <-> MALWARE-OTHER Keylogger easy Keylogger runtime detection (snort3-malware-other.rules) * 1:13643 <-> DISABLED <-> PUA-TOOLBARS Hijacker zztoolbar runtime detection - toolbar traffic (snort3-pua-toolbars.rules) * 1:13644 <-> DISABLED <-> PUA-TOOLBARS Hijacker zztoolbar runtime detection - search traffic (snort3-pua-toolbars.rules) * 1:13645 <-> DISABLED <-> PUA-TOOLBARS Hijacker mxs toolbar runtime detection (snort3-pua-toolbars.rules) * 1:13646 <-> DISABLED <-> PUA-ADWARE Adware registry defender runtime detection - presale request (snort3-pua-adware.rules) * 1:13647 <-> DISABLED <-> PUA-ADWARE Adware registry defender runtime detection - error report request (snort3-pua-adware.rules) * 1:13648 <-> DISABLED <-> PUA-ADWARE Hijacker mysearch bar 2.0.2.28 runtime detection (snort3-pua-adware.rules) * 1:13649 <-> DISABLED <-> PUA-ADWARE Adware spyware stop runtime detection - presale request (snort3-pua-adware.rules) * 1:13650 <-> DISABLED <-> PUA-ADWARE Adware spyware stop runtime detection - auto updates (snort3-pua-adware.rules) * 1:13651 <-> DISABLED <-> MALWARE-OTHER Keylogger family cyber alert runtime detection - smtp traffic for recorded activities (snort3-malware-other.rules) * 1:13652 <-> DISABLED <-> PUA-ADWARE Keylogger all in one Keylogger runtime detection (snort3-pua-adware.rules) * 1:13653 <-> DISABLED <-> PUA-ADWARE Adware cashfiesta adbar runtime detection - updates traffic (snort3-pua-adware.rules) * 1:13694 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long get request exploit attempt (snort3-server-other.rules) * 1:13695 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long setup request exploit attempt (snort3-server-other.rules) * 1:13697 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation - alternate port (snort3-policy-other.rules) * 1:13698 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation - second alternate port (snort3-policy-other.rules) * 1:13719 <-> DISABLED <-> SERVER-ORACLE database username buffer overflow (snort3-server-oracle.rules) * 1:13762 <-> DISABLED <-> PUA-ADWARE Adware system defender runtime detection (snort3-pua-adware.rules) * 1:13764 <-> DISABLED <-> PUA-ADWARE Snoopware xpress remote outbound connection - init connection (snort3-pua-adware.rules) * 1:13765 <-> DISABLED <-> PUA-ADWARE Adware winxdefender runtime detection - presale request (snort3-pua-adware.rules) * 1:13766 <-> DISABLED <-> PUA-ADWARE Adware winxdefender runtime detection - auto update (snort3-pua-adware.rules) * 1:13767 <-> ENABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (snort3-malware-other.rules) * 1:13768 <-> DISABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (snort3-malware-other.rules) * 1:13769 <-> DISABLED <-> PUA-TOOLBARS Hijacker searchnine toolbar runtime detection - hijacks address bar (snort3-pua-toolbars.rules) * 1:13770 <-> DISABLED <-> PUA-TOOLBARS Hijacker searchnine toolbar runtime detection - redirects search function (snort3-pua-toolbars.rules) * 1:13771 <-> DISABLED <-> PUA-TOOLBARS Hijacker music of faith toolbar runtime detection - hijacks search engine traffic #1 (snort3-pua-toolbars.rules) * 1:13772 <-> DISABLED <-> PUA-TOOLBARS Hijacker music of faith toolbar runtime detection - hijacks search engine traffic #2 (snort3-pua-toolbars.rules) * 1:13774 <-> DISABLED <-> PUA-ADWARE Trickler trojan ecodec outbound connection - initial server connection #1 (snort3-pua-adware.rules) * 1:13775 <-> DISABLED <-> PUA-ADWARE Trickler trojan ecodec outbound connection - initial server connection #2 (snort3-pua-adware.rules) * 1:13776 <-> DISABLED <-> MALWARE-OTHER Trackware syscleaner runtime detection - presale traffic (snort3-malware-other.rules) * 1:13778 <-> DISABLED <-> MALWARE-OTHER Keylogger kgb employee monitor runtime detection (snort3-malware-other.rules) * 1:13779 <-> DISABLED <-> PUA-TOOLBARS Trackware proofile toolbar runtime detection (snort3-pua-toolbars.rules) * 1:13780 <-> DISABLED <-> PUA-TOOLBARS Hijacker find.fm toolbar runtime detection - automatic updates (snort3-pua-toolbars.rules) * 1:13781 <-> DISABLED <-> PUA-TOOLBARS Hijacker find.fm toolbar runtime detection - hijacks address bar (snort3-pua-toolbars.rules) * 1:13791 <-> DISABLED <-> INDICATOR-OBFUSCATION oversized cast statement - possible sql injection obfuscation (snort3-indicator-obfuscation.rules) * 1:13797 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (snort3-file-identify.rules) * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (snort3-file-identify.rules) * 1:13808 <-> DISABLED <-> PUA-ADWARE Adware ie antivirus runtime detection - presale request (snort3-pua-adware.rules) * 1:13809 <-> DISABLED <-> PUA-ADWARE Adware ie antivirus runtime detection - update request (snort3-pua-adware.rules) * 1:13810 <-> DISABLED <-> PUA-ADWARE Trickler Adware.Win32.Ejik runtime detection - udp payload (snort3-pua-adware.rules) * 1:13811 <-> DISABLED <-> PUA-ADWARE Adware xp antivirus runtime detection (snort3-pua-adware.rules) * 1:13812 <-> DISABLED <-> MALWARE-OTHER Keylogger refog Keylogger runtime detection (snort3-malware-other.rules) * 1:13813 <-> DISABLED <-> PUA-ADWARE Trickler mm.exe outbound connection (snort3-pua-adware.rules) * 1:13840 <-> DISABLED <-> SERVER-OTHER Borland Interbase service attach operation buffer overflow (snort3-server-other.rules) * 1:13841 <-> DISABLED <-> SERVER-OTHER Borland Interbase create operation buffer overflow (snort3-server-other.rules) * 1:13842 <-> DISABLED <-> SERVER-OTHER Borland Interbase operation buffer overflow (snort3-server-other.rules) * 1:13844 <-> DISABLED <-> SERVER-MAIL BDAT size longer than contents exploit attempt (snort3-server-mail.rules) * 1:13845 <-> DISABLED <-> SERVER-MAIL BDAT size public exploit attempt (snort3-server-mail.rules) * 1:13847 <-> DISABLED <-> PUA-ADWARE Adware phoenician casino runtime detection (snort3-pua-adware.rules) * 1:13848 <-> DISABLED <-> PUA-ADWARE Trickler zwinky runtime detection (snort3-pua-adware.rules) * 1:13849 <-> DISABLED <-> PUA-ADWARE Hijacker rcse 4.4 outbound connection - hijack ie browser (snort3-pua-adware.rules) * 1:13850 <-> DISABLED <-> PUA-ADWARE Adware roogoo 2.0 runtime detection - popup ads (snort3-pua-adware.rules) * 1:13851 <-> DISABLED <-> PUA-ADWARE Adware roogoo 2.0 runtime detection - upgrade (snort3-pua-adware.rules) * 1:13852 <-> DISABLED <-> PUA-ADWARE Hijacker bitroll 5.0 outbound connection (snort3-pua-adware.rules) * 1:13853 <-> DISABLED <-> PUA-TOOLBARS Hijacker alot toolbar runtime detection - weather request (snort3-pua-toolbars.rules) * 1:13854 <-> DISABLED <-> PUA-TOOLBARS Hijacker alot toolbar runtime detection - auto update (snort3-pua-toolbars.rules) * 1:13861 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client avatar control (snort3-policy-social.rules) * 1:13862 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client item information download (snort3-policy-social.rules) * 1:13863 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client successful login (snort3-policy-social.rules) * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Dr. Watson error reporting attempt (snort3-policy-other.rules) * 1:13866 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker-fc.gen.a runtime detection - popup ads (snort3-malware-other.rules) * 1:13867 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker-fc.gen.a runtime detection (snort3-malware-other.rules) * 1:13868 <-> DISABLED <-> PUA-ADWARE Adware antispywaremaster runtime detection - start fake scanning (snort3-pua-adware.rules) * 1:13869 <-> DISABLED <-> PUA-ADWARE Adware antispywaremaster runtime detection - sale/register request (snort3-pua-adware.rules) * 1:13870 <-> DISABLED <-> PUA-ADWARE Adware coopen 5.0.0.87 runtime detection - init conn (snort3-pua-adware.rules) * 1:13871 <-> DISABLED <-> PUA-ADWARE Adware coopen 5.0.0.87 runtime detection - ads (snort3-pua-adware.rules) * 1:13872 <-> DISABLED <-> PUA-ADWARE Trickler fushion 1.2.4.17 outbound connection - notice (snort3-pua-adware.rules) * 1:13873 <-> DISABLED <-> PUA-ADWARE Trickler fushion 1.2.4.17 outbound connection - underground traffic (snort3-pua-adware.rules) * 1:13874 <-> DISABLED <-> PUA-ADWARE Adware malware destructor 4.5 runtime detection - order request (snort3-pua-adware.rules) * 1:13875 <-> DISABLED <-> PUA-ADWARE Adware malware destructor 4.5 runtime detection - auto update (snort3-pua-adware.rules) * 1:13898 <-> ENABLED <-> APP-DETECT Apple iTunes client request for server info (snort3-app-detect.rules) * 1:13899 <-> DISABLED <-> APP-DETECT Apple iTunes client login attempt (snort3-app-detect.rules) * 1:13900 <-> DISABLED <-> APP-DETECT Apple iTunes server multicast DNS response (snort3-app-detect.rules) * 1:13915 <-> ENABLED <-> FILE-IDENTIFY BAK file download request (snort3-file-identify.rules) * 1:13923 <-> DISABLED <-> SERVER-MAIL MailEnable SMTP HELO command denial of service attempt (snort3-server-mail.rules) * 1:13930 <-> DISABLED <-> PUA-ADWARE Trickler pc privacy cleaner outbound connection - order/register request (snort3-pua-adware.rules) * 1:13933 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - ads (snort3-malware-other.rules) * 1:13937 <-> DISABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant runtime detection - call home (snort3-pua-adware.rules) * 1:13938 <-> ENABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant outbound connection (snort3-pua-adware.rules) * 1:13939 <-> DISABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant runtime detection - auto update (snort3-pua-adware.rules) * 1:13940 <-> DISABLED <-> PUA-ADWARE Hijacker win32.bho.bgf outbound connection (snort3-pua-adware.rules) * 1:13943 <-> ENABLED <-> PUA-ADWARE Trickler dropper agent.rqg outbound connection (snort3-pua-adware.rules) * 1:13970 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (snort3-file-office.rules) * 1:13979 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Event System Subscription VBScript access (snort3-os-windows.rules) * 1:13983 <-> ENABLED <-> FILE-IDENTIFY EPS file download request (snort3-file-identify.rules) * 1:13987 <-> DISABLED <-> INDICATOR-OBFUSCATION oversized convert statement - possible sql injection obfuscation (snort3-indicator-obfuscation.rules) * 1:13988 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to ascii function - possible sql injection obfuscation (snort3-indicator-obfuscation.rules) * 1:13989 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to char function - possible sql injection obfuscation (snort3-indicator-obfuscation.rules) * 1:13991 <-> DISABLED <-> SQL xp_regaddmultistring attempt (snort3-sql.rules) * 1:13992 <-> DISABLED <-> SQL xp_regdeletevalue attempt (snort3-sql.rules) * 1:13993 <-> DISABLED <-> SQL xp_regenumkeys attempt (snort3-sql.rules) * 1:13994 <-> DISABLED <-> SQL xp_regenumvalues attempt (snort3-sql.rules) * 1:13995 <-> DISABLED <-> SQL xp_regremovemultistring attempt (snort3-sql.rules) * 1:13996 <-> DISABLED <-> SQL xp_servicecontrol attempt (snort3-sql.rules) * 1:13997 <-> DISABLED <-> SQL xp_loginconfig attempt (snort3-sql.rules) * 1:13998 <-> DISABLED <-> SQL xp_terminate_process attempt (snort3-sql.rules) * 1:14008 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to concat function - possible sql injection obfuscation (snort3-indicator-obfuscation.rules) * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (snort3-file-identify.rules) * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (snort3-file-identify.rules) * 1:14019 <-> DISABLED <-> FILE-MULTIMEDIA CyberLink PowerDVD playlist file handling stack overflow attempt (snort3-file-multimedia.rules) * 1:14020 <-> DISABLED <-> FILE-MULTIMEDIA CyberLink PowerDVD playlist file handling stack overflow attempt (snort3-file-multimedia.rules) * 1:14054 <-> DISABLED <-> PUA-ADWARE Adware AdwareALERT runtime detection - auto update (snort3-pua-adware.rules) * 1:14055 <-> DISABLED <-> PUA-TOOLBARS Hijacker rediff toolbar runtime detection - hijack ie auto search (snort3-pua-toolbars.rules) * 1:14056 <-> DISABLED <-> PUA-TOOLBARS Hijacker rediff toolbar runtime detection - get news info (snort3-pua-toolbars.rules) * 1:14058 <-> DISABLED <-> PUA-ADWARE Hijacker cpush 2 outbound connection - pass info to controlling server (snort3-pua-adware.rules) * 1:14061 <-> DISABLED <-> PUA-ADWARE Trickler antimalware guard runtime detection - order/register request (snort3-pua-adware.rules) * 1:14062 <-> DISABLED <-> PUA-ADWARE Trickler antimalware guard runtime detection - auto update (snort3-pua-adware.rules) * 1:14063 <-> DISABLED <-> PUA-ADWARE Hijacker cashon outbound connection - hijack ie searches (snort3-pua-adware.rules) * 1:14064 <-> DISABLED <-> PUA-ADWARE Hijacker cashon outbound connection - auto update (snort3-pua-adware.rules) * 1:14065 <-> DISABLED <-> MALWARE-OTHER Keylogger emptybase j runtime detection (snort3-malware-other.rules) * 1:14066 <-> DISABLED <-> PUA-ADWARE Adware winsecuredisc runtime detection (snort3-pua-adware.rules) * 1:14067 <-> DISABLED <-> PUA-ADWARE Adware swizzor runtime detection (snort3-pua-adware.rules) * 1:14068 <-> DISABLED <-> PUA-ADWARE Adware rond runtime detection (snort3-pua-adware.rules) * 1:14069 <-> DISABLED <-> PUA-ADWARE Adware brave sentry runtime detection - order request (snort3-pua-adware.rules) * 1:14070 <-> DISABLED <-> PUA-ADWARE Adware brave sentry runtime detection - self update (snort3-pua-adware.rules) * 1:14071 <-> DISABLED <-> PUA-ADWARE Hijacker Adware bho.gen runtime detection - pop-up window traffic #1 (snort3-pua-adware.rules) * 1:14072 <-> DISABLED <-> PUA-ADWARE Hijacker Adware bho.gen runtime detection - pop-up window traffic #2 (snort3-pua-adware.rules) * 1:14073 <-> DISABLED <-> PUA-ADWARE Hijacker Adware bho.gen runtime detection - prompt download page (snort3-pua-adware.rules) * 1:14074 <-> DISABLED <-> MALWARE-OTHER Keylogger spybosspro 4.2 runtime detection (snort3-malware-other.rules) * 1:14075 <-> DISABLED <-> MALWARE-OTHER Keylogger ultimate Keylogger pro runtime detection (snort3-malware-other.rules) * 1:14076 <-> DISABLED <-> PUA-ADWARE Hijacker Adware win32 mostofate runtime detection - hijack search (snort3-pua-adware.rules) * 1:14077 <-> DISABLED <-> PUA-ADWARE Hijacker Adware win32 mostofate runtime detection - redirect search results (snort3-pua-adware.rules) * 1:14078 <-> DISABLED <-> PUA-ADWARE Adware winspywareprotect runtime detection - download malicous code (snort3-pua-adware.rules) * 1:14079 <-> DISABLED <-> PUA-ADWARE Adware winspywareprotect runtime detection - connection to malicious sites (snort3-pua-adware.rules) * 1:14080 <-> DISABLED <-> PUA-ADWARE Adware winspywareprotect runtime detection - connection to malicious server (snort3-pua-adware.rules) * 1:14264 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (snort3-file-identify.rules) * 1:14265 <-> DISABLED <-> PROTOCOL-SCADA Multiple Schneider Electric SCADA products buffer overflow attempt (snort3-protocol-scada.rules) * 1:14600 <-> DISABLED <-> SERVER-OTHER SAP Message Server Heap buffer overflow attempt (snort3-server-other.rules) * 1:14602 <-> DISABLED <-> SERVER-OTHER Borland Interbase open_marker_file overflow attempt (snort3-server-other.rules) * 1:14608 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt (snort3-protocol-voip.rules) * 1:14609 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt (snort3-protocol-voip.rules) * 1:14615 <-> DISABLED <-> SERVER-OTHER Oracle Java web console format string attempt (snort3-server-other.rules) * 1:14741 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Foundation Service NULL service authentication attempt (snort3-server-other.rules) * 1:14777 <-> DISABLED <-> PROTOCOL-DNS single byte encoded name response (snort3-protocol-dns.rules) * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (snort3-file-identify.rules) * 1:15071 <-> DISABLED <-> PROTOCOL-SCADA Modbus exception returned (snort3-protocol-scada.rules) * 1:15074 <-> DISABLED <-> PROTOCOL-SCADA Modbus user-defined function code - 65 to 72 (snort3-protocol-scada.rules) * 1:15075 <-> DISABLED <-> PROTOCOL-SCADA Modbus user-defined function code - 100 to 110 (snort3-protocol-scada.rules) * 1:15076 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple coils - too many outputs (snort3-protocol-scada.rules) * 1:15077 <-> DISABLED <-> PROTOCOL-SCADA Modbus read multiple coils - too many inputs (snort3-protocol-scada.rules) * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (snort3-file-identify.rules) * 1:15083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file double free attempt (snort3-file-office.rules) * 1:15115 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt (snort3-os-windows.rules) * 1:15127 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (snort3-os-windows.rules) * 1:15128 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (snort3-os-windows.rules) * 1:15129 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (snort3-os-windows.rules) * 1:15130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (snort3-os-windows.rules) * 1:15131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function andx attempt (snort3-os-windows.rules) * 1:15132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function attempt (snort3-os-windows.rules) * 1:15133 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode andx attempt (snort3-os-windows.rules) * 1:15134 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode attempt (snort3-os-windows.rules) * 1:15135 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (snort3-os-windows.rules) * 1:15136 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (snort3-os-windows.rules) * 1:15137 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (snort3-os-windows.rules) * 1:15138 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (snort3-os-windows.rules) * 1:15139 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function andx attempt (snort3-os-windows.rules) * 1:15140 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function attempt (snort3-os-windows.rules) * 1:15141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode andx attempt (snort3-os-windows.rules) * 1:15142 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode attempt (snort3-os-windows.rules) * 1:15144 <-> DISABLED <-> SERVER-MSSQL sp_replwritetovarbin vulnerable function attempt (snort3-server-mssql.rules) * 1:15150 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server login Authentication bypass attempt (snort3-pua-other.rules) * 1:15151 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server logout Authentication bypass attempt (snort3-pua-other.rules) * 1:15152 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server setup-index Authentication bypass attempt (snort3-pua-other.rules) * 1:15154 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server gif Authentication bypass attempt (snort3-pua-other.rules) * 1:15155 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server png Authentication bypass attempt (snort3-pua-other.rules) * 1:15156 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server serverdown Authentication bypass attempt (snort3-pua-other.rules) * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (snort3-file-identify.rules) * 1:15167 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cn dns query (snort3-indicator-compromise.rules) * 1:15168 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .ru dns query (snort3-indicator-compromise.rules) * 1:15169 <-> DISABLED <-> POLICY-SOCIAL XBOX Live Kerberos authentication request (snort3-policy-social.rules) * 1:15170 <-> DISABLED <-> POLICY-SOCIAL XBOX Netflix client activity (snort3-policy-social.rules) * 1:15171 <-> DISABLED <-> POLICY-SOCIAL XBOX Marketplace http request (snort3-policy-social.rules) * 1:15172 <-> DISABLED <-> POLICY-SOCIAL XBOX avatar retrieval request (snort3-policy-social.rules) * 1:15183 <-> DISABLED <-> POLICY-SOCIAL Yahoo messenger http link transmission attempt (snort3-policy-social.rules) * 1:15184 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN messenger http link transmission attempt (snort3-policy-social.rules) * 1:15185 <-> DISABLED <-> APP-DETECT Nintendo Wii SSL Server Hello (snort3-app-detect.rules) * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (snort3-file-identify.rules) * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (snort3-file-identify.rules) * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (snort3-file-identify.rules) * 1:15259 <-> DISABLED <-> PROTOCOL-DNS DNS root query traffic amplification attempt (snort3-protocol-dns.rules) * 1:15260 <-> DISABLED <-> PROTOCOL-DNS DNS root query response traffic amplification attempt (snort3-protocol-dns.rules) * 1:15292 <-> DISABLED <-> POLICY-SOCIAL QQ protocol detected - version 2006 (snort3-policy-social.rules) * 1:15293 <-> DISABLED <-> POLICY-SOCIAL QQ protocol detected - version 2008 (snort3-policy-social.rules) * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (snort3-file-identify.rules) * 1:15319 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (snort3-netbios.rules) * 1:15320 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (snort3-netbios.rules) * 1:15321 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (snort3-netbios.rules) * 1:15322 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (snort3-netbios.rules) * 1:15323 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (snort3-netbios.rules) * 1:15324 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (snort3-netbios.rules) * 1:15325 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (snort3-netbios.rules) * 1:15326 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (snort3-netbios.rules) * 1:15361 <-> ENABLED <-> FILE-PDF pdf file sent via email (snort3-file-pdf.rules) * 1:15363 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential obfuscated javascript eval unescape attack attempt (snort3-indicator-obfuscation.rules) * 1:15385 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file download request (snort3-file-identify.rules) * 1:15389 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area write attempt (snort3-protocol-scada.rules) * 1:15390 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area fill attempt (snort3-protocol-scada.rules) * 1:15391 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area transfer attempt (snort3-protocol-scada.rules) * 1:15392 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS parameter area write attempt (snort3-protocol-scada.rules) * 1:15393 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS parameter area clear attempt (snort3-protocol-scada.rules) * 1:15394 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect attempt (snort3-protocol-scada.rules) * 1:15395 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect clear attempt (snort3-protocol-scada.rules) * 1:15396 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area write attempt (snort3-protocol-scada.rules) * 1:15397 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area clear attempt (snort3-protocol-scada.rules) * 1:15398 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS RUN attempt (snort3-protocol-scada.rules) * 1:15399 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS STOP attempt (snort3-protocol-scada.rules) * 1:15400 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS clock write attempt (snort3-protocol-scada.rules) * 1:15401 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS access right acquire attempt (snort3-protocol-scada.rules) * 1:15402 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS access right forced acquire attempt (snort3-protocol-scada.rules) * 1:15403 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS single file write attempt (snort3-protocol-scada.rules) * 1:15404 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS file delete attempt (snort3-protocol-scada.rules) * 1:15405 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS forced set/reset attempt (snort3-protocol-scada.rules) * 1:15406 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS forced set/reset cancel attempt (snort3-protocol-scada.rules) * 1:15407 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS file memory write attempt (snort3-protocol-scada.rules) * 1:15408 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS data link table write attempt (snort3-protocol-scada.rules) * 1:15409 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS RESET attempt (snort3-protocol-scada.rules) * 1:15410 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS name delete attempt (snort3-protocol-scada.rules) * 1:15411 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory card format attempt (snort3-protocol-scada.rules) * 1:15412 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area write overflow attempt (snort3-protocol-scada.rules) * 1:15413 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area fill overflow attempt (snort3-protocol-scada.rules) * 1:15414 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect clear brute force attempt (snort3-protocol-scada.rules) * 1:15415 <-> DISABLED <-> CONTENT-REPLACE AIM or ICQ deny unencrypted login connection (snort3-content-replace.rules) * 1:15416 <-> DISABLED <-> CONTENT-REPLACE ICQ deny http proxy login (snort3-content-replace.rules) * 1:15417 <-> DISABLED <-> CONTENT-REPLACE AIM deny server certificate for encrypted login (snort3-content-replace.rules) * 1:15418 <-> DISABLED <-> POLICY-SOCIAL AIM server certificate for encrypted login (snort3-policy-social.rules) * 1:15420 <-> DISABLED <-> CONTENT-REPLACE MSN deny login (snort3-content-replace.rules) * 1:15426 <-> ENABLED <-> FILE-IDENTIFY MAKI file download request (snort3-file-identify.rules) * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (snort3-file-identify.rules) * 1:15429 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny outbound login attempt (snort3-content-replace.rules) * 1:15435 <-> DISABLED <-> SERVER-OTHER IBM Director CIM server consumer name handling denial of service attempt (snort3-server-other.rules) * 1:15438 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny udp login (snort3-content-replace.rules) * 1:15439 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (snort3-content-replace.rules) * 1:15440 <-> DISABLED <-> CONTENT-REPLACE QQ 2008 deny udp login (snort3-content-replace.rules) * 1:15441 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (snort3-content-replace.rules) * 1:15442 <-> DISABLED <-> SERVER-MYSQL XML Functions ExtractValue Scalar XPath denial of service attempt (snort3-server-mysql.rules) * 1:15444 <-> ENABLED <-> FILE-IDENTIFY Core Audio Format file download request (snort3-file-identify.rules) * 1:15448 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrShareEnum null policy handle attempt (snort3-netbios.rules) * 1:15456 <-> DISABLED <-> SERVER-OTHER WinHTTP SSL/TLS impersonation attempt (snort3-server-other.rules) * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (snort3-file-identify.rules) * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (snort3-file-identify.rules) * 1:15470 <-> DISABLED <-> FILE-EXECUTABLE IIS ASP/ASP.NET potentially malicious file upload attempt (snort3-file-executable.rules) * 1:15475 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ISA Server cross-site scripting attempt (snort3-os-windows.rules) * 1:15476 <-> DISABLED <-> PUA-ADWARE Waledac spam bot HTTP POST request (snort3-pua-adware.rules) * 1:15480 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie record invalid version number exploit attempt (snort3-file-multimedia.rules) * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (snort3-file-identify.rules) * 1:15487 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime SMIL qtnext redirect file execution attempt (snort3-file-multimedia.rules) * 1:15501 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint ParaBuildAtom memory corruption attempt (snort3-file-office.rules) * 1:15502 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint DiagramBuildContainer memory corruption attempt (snort3-file-office.rules) * 1:15512 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss2_RemoteGetClassObject attempt (snort3-os-windows.rules) * 1:15513 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss2_RemoteGetClassObject attempt (snort3-os-windows.rules) * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (snort3-file-identify.rules) * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (snort3-file-identify.rules) * 1:15522 <-> DISABLED <-> SERVER-OTHER Active Directory invalid OID denial of service attempt (snort3-server-other.rules) * 1:15528 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DCERPC NCACN-IP-TCP spoolss RpcSetPrinterDataEx attempt (snort3-os-windows.rules) * 1:15560 <-> DISABLED <-> POLICY-SOCIAL Yahoo Messenger web client activity (snort3-policy-social.rules) * 1:15561 <-> DISABLED <-> POLICY-SOCIAL AOL Aimexpress web client login (snort3-policy-social.rules) * 1:15562 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt (snort3-file-pdf.rules) * 1:15566 <-> DISABLED <-> PUA-ADWARE Gumblar HTTP GET request attempt (snort3-pua-adware.rules) * 1:15567 <-> DISABLED <-> PUA-ADWARE Martuz HTTP GET request attempt (snort3-pua-adware.rules) * 1:15568 <-> DISABLED <-> POLICY-SOCIAL AIM encrypted login attempt (snort3-policy-social.rules) * 1:15569 <-> DISABLED <-> POLICY-SOCIAL Yahoo encrypted login attempt (snort3-policy-social.rules) * 1:15570 <-> DISABLED <-> CONTENT-REPLACE Google Talk deny login (snort3-content-replace.rules) * 1:15572 <-> DISABLED <-> SERVER-OTHER Curse of Silence Nokia SMS DoS attempt (snort3-server-other.rules) * 1:15574 <-> DISABLED <-> SERVER-MAIL MAIL FROM command overflow attempt (snort3-server-mail.rules) * 1:15576 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web client login (snort3-policy-social.rules) * 1:15577 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web client activity (snort3-policy-social.rules) * 1:15578 <-> DISABLED <-> MALWARE-TOOLS Slowloris http DoS tool (snort3-malware-tools.rules) * 1:15579 <-> DISABLED <-> SERVER-OTHER Squid NTLM fakeauth_auth Helper denial of service attempt (snort3-server-other.rules) * 1:15581 <-> DISABLED <-> SERVER-SAMBA Samba wildcard filename matching denial of service attempt (snort3-server-samba.rules) * 1:15582 <-> ENABLED <-> FILE-IDENTIFY ARJ format file download request (snort3-file-identify.rules) * 1:15583 <-> DISABLED <-> FILE-OTHER F-Secure AntiVirus library heap overflow attempt (snort3-file-other.rules) * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (snort3-file-identify.rules) * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (snort3-file-identify.rules) * 1:15680 <-> DISABLED <-> OS-WINDOWS Microsoft DirectShow QuickTime file atom size parsing heap corruption attempt (snort3-os-windows.rules) * 1:15683 <-> DISABLED <-> SERVER-OTHER ISA Server OTP-based Forms-authorization fallback policy bypass attempt (snort3-server-other.rules) * 1:15699 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3.5 unicode stack overflow attempt (snort3-browser-firefox.rules) * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (snort3-os-windows.rules) * 1:15713 <-> DISABLED <-> PROTOCOL-SCADA DNP3 device trouble (snort3-protocol-scada.rules) * 1:15714 <-> DISABLED <-> PROTOCOL-SCADA DNP3 corrupt configuration (snort3-protocol-scada.rules) * 1:15715 <-> DISABLED <-> PROTOCOL-SCADA DNP3 event buffer overflow error (snort3-protocol-scada.rules) * 1:15716 <-> DISABLED <-> PROTOCOL-SCADA DNP3 parameter error (snort3-protocol-scada.rules) * 1:15717 <-> DISABLED <-> PROTOCOL-SCADA DNP3 unknown object error (snort3-protocol-scada.rules) * 1:15718 <-> DISABLED <-> PROTOCOL-SCADA DNP3 unsupported function code error (snort3-protocol-scada.rules) * 1:15719 <-> DISABLED <-> PROTOCOL-SCADA DNP3 link service not supported (snort3-protocol-scada.rules) * 1:15728 <-> DISABLED <-> FILE-PDF Possible Adobe Acrobat Reader ActionScript byte_array heap spray attempt (snort3-file-pdf.rules) * 1:15729 <-> DISABLED <-> FILE-FLASH Possible Adobe Flash Player ActionScript byte_array heap spray attempt (snort3-file-flash.rules) * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (snort3-file-identify.rules) * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (snort3-file-identify.rules) * 1:15873 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox location spoofing attempt via invalid window.open characters (snort3-browser-firefox.rules) * 1:15882 <-> DISABLED <-> SERVER-OTHER McAfee E-Business Server remote preauth code execution attempt (snort3-server-other.rules) * 1:15883 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x01 command buffer overflow attempt (snort3-server-other.rules) * 1:15884 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x02 command buffer overflow attempt (snort3-server-other.rules) * 1:15885 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x03 command buffer overflow attempt (snort3-server-other.rules) * 1:15886 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x04 command buffer overflow attempt (snort3-server-other.rules) * 1:15887 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x05 command buffer overflow attempt (snort3-server-other.rules) * 1:15888 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x31 command buffer overflow attempt (snort3-server-other.rules) * 1:15889 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x32 command buffer overflow attempt (snort3-server-other.rules) * 1:15890 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x33 command buffer overflow attempt (snort3-server-other.rules) * 1:15891 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x34 command buffer overflow attempt (snort3-server-other.rules) * 1:15892 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x53 command denial of service attempt (snort3-server-other.rules) * 1:15893 <-> DISABLED <-> FILE-OTHER fCreateShellLink function use - potential attack (snort3-file-other.rules) * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (snort3-file-identify.rules) * 1:15903 <-> DISABLED <-> INDICATOR-SHELLCODE x86 PoC CVE-2003-0605 (snort3-indicator-shellcode.rules) * 1:15913 <-> DISABLED <-> OS-WINDOWS Microsoft Windows javascript arguments keyword override rce attempt (snort3-os-windows.rules) * 1:15921 <-> ENABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (snort3-file-identify.rules) * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (snort3-file-identify.rules) * 1:15932 <-> DISABLED <-> PROTOCOL-FTP LIST globbing denial of service attack (snort3-protocol-ftp.rules) * 1:15934 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 172.16/12 address detected (snort3-protocol-dns.rules) * 1:15935 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 192.168/16 address detected (snort3-protocol-dns.rules) * 1:15936 <-> DISABLED <-> SERVER-MAIL Sendmail identd command parsing vulnerability (snort3-server-mail.rules) * 1:15937 <-> DISABLED <-> SERVER-OTHER protos h323 buffer overflow (snort3-server-other.rules) * 1:15939 <-> DISABLED <-> SERVER-OTHER MSN Messenger IRC bot calling home attempt (snort3-server-other.rules) * 1:15945 <-> ENABLED <-> FILE-IDENTIFY RSS file download request (snort3-file-identify.rules) * 1:15963 <-> DISABLED <-> OS-LINUX Red Hat Enterprise Linux DNS resolver buffer overflow attempt (snort3-os-linux.rules) * 1:15964 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange OWA XSS and spoofing attempt (snort3-server-mail.rules) * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (snort3-os-windows.rules) * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (snort3-file-other.rules) * 1:15967 <-> DISABLED <-> SERVER-OTHER ICQ SRV_MULTI/SRV_META_USER overflow attempt (snort3-server-other.rules) * 1:15969 <-> DISABLED <-> SERVER-OTHER Symantec Multiple Products ISAKMPd denial of service attempt (snort3-server-other.rules) * 1:15970 <-> DISABLED <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt (snort3-server-other.rules) * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (snort3-server-other.rules) * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (snort3-server-other.rules) * 1:15979 <-> DISABLED <-> SERVER-OTHER Check Point VPN-1 ASN.1 Decoding heap overflow attempt (snort3-server-other.rules) * 1:15980 <-> DISABLED <-> SERVER-APACHE Apache mod_ssl hook functions format string attempt (snort3-server-apache.rules) * 1:15981 <-> DISABLED <-> FILE-OTHER zlib Denial of Service (snort3-file-other.rules) * 1:15983 <-> DISABLED <-> SERVER-SAMBA Samba arbitrary file access exploit attempt (snort3-server-samba.rules) * 1:15984 <-> DISABLED <-> SERVER-SAMBA Samba Printer Change Notification Request DoS attempt (snort3-server-samba.rules) * 1:15985 <-> DISABLED <-> OS-WINDOWS Microsoft ASP.NET canonicalization exploit attempt (snort3-os-windows.rules) * 1:15986 <-> DISABLED <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt (snort3-server-samba.rules) * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (snort3-file-identify.rules) * 1:15988 <-> DISABLED <-> OS-WINDOWS Microsoft ISA Server DNS spoofing attempt (snort3-os-windows.rules) * 1:15989 <-> DISABLED <-> SERVER-OTHER Squid ASN.1 header parsing denial of service attempt (snort3-server-other.rules) * 1:15996 <-> DISABLED <-> OS-WINDOWS Microsoft Negotiate SSP buffer overflow attempt (snort3-os-windows.rules) * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (snort3-server-other.rules) * 1:16025 <-> DISABLED <-> SERVER-MAIL MailEnable SMTP service SPF lookup buffer overflow attempt (snort3-server-mail.rules) * 1:16038 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Thunderbird WYSIWYG engine filtering IFRAME JavaScript execution attempt (snort3-browser-firefox.rules) * 1:16040 <-> DISABLED <-> SERVER-OTHER SpamAssassin spamd vpopmail and paranoid options code execution attempt (snort3-server-other.rules) * 1:16044 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox CSS Letter-Spacing overflow attempt (snort3-browser-firefox.rules) * 1:16051 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 conversion library code execution attempt (snort3-file-office.rules) * 1:16053 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (snort3-file-other.rules) * 1:16057 <-> DISABLED <-> SERVER-MAIL Sendmail smtp timeout buffer overflow attempt (snort3-server-mail.rules) * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (snort3-file-identify.rules) * 1:16062 <-> DISABLED <-> FILE-OTHER ACD Systems ACDSee Products XPM values section buffer overflow attempt (snort3-file-other.rules) * 1:16076 <-> DISABLED <-> SERVER-OTHER Tripwire format string vulnerability nfs exploit attempt (snort3-server-other.rules) * 1:16077 <-> DISABLED <-> SERVER-OTHER Tripwire format string vulnerability ftp exploit attempt (snort3-server-other.rules) * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (snort3-server-other.rules) * 1:16092 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.delf.jwh runtime detection (snort3-malware-backdoor.rules) * 1:16114 <-> DISABLED <-> PUA-TOOLBARS Hijacker cramtoolbar runtime detection - hijack (snort3-pua-toolbars.rules) * 1:16115 <-> DISABLED <-> PUA-TOOLBARS Hijacker cramtoolbar runtime detection - search (snort3-pua-toolbars.rules) * 1:16116 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - pass user info to remote server (snort3-malware-other.rules) * 1:16117 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - ads (snort3-malware-other.rules) * 1:16118 <-> DISABLED <-> PUA-ADWARE Adware winreanimator runtime detection - register request (snort3-pua-adware.rules) * 1:16119 <-> DISABLED <-> PUA-ADWARE Adware winreanimator runtime detection - daily update (snort3-pua-adware.rules) * 1:16120 <-> DISABLED <-> PUA-TOOLBARS Trackware 6sq toolbar runtime detection (snort3-pua-toolbars.rules) * 1:16121 <-> DISABLED <-> PUA-ADWARE Hijacker weatherstudio outbound connection (snort3-pua-adware.rules) * 1:16122 <-> DISABLED <-> PUA-ADWARE rogue antivirus xp 2008 runtime detection - buy (snort3-pua-adware.rules) * 1:16123 <-> DISABLED <-> PUA-ADWARE rogue antivirus xp 2008 runtime detection - update (snort3-pua-adware.rules) * 1:16125 <-> DISABLED <-> MALWARE-OTHER Keylogger spyyahoo v2.2 runtime detection (snort3-malware-other.rules) * 1:16126 <-> DISABLED <-> PUA-ADWARE Trickler virusremover 2008 outbound connection (snort3-pua-adware.rules) * 1:16127 <-> DISABLED <-> PUA-ADWARE Adware superiorads runtime detection (snort3-pua-adware.rules) * 1:16129 <-> DISABLED <-> MALWARE-OTHER Keylogger kamyab Keylogger v.3 runtime detection (snort3-malware-other.rules) * 1:16130 <-> DISABLED <-> MALWARE-OTHER Keylogger lord spy pro 1.4 runtime detection (snort3-malware-other.rules) * 1:16131 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker trojan zlob.dnz runtime detection - ads (snort3-malware-other.rules) * 1:16132 <-> DISABLED <-> MALWARE-OTHER Trackware owlforce runtime detection - remote server #1 (snort3-malware-other.rules) * 1:16133 <-> DISABLED <-> MALWARE-OTHER Trackware owlforce runtime detection - remote server #2 (snort3-malware-other.rules) * 1:16134 <-> DISABLED <-> PUA-ADWARE Adware spyware guard 2008 runtime detection - contacts remote server (snort3-pua-adware.rules) * 1:16135 <-> DISABLED <-> PUA-ADWARE Adware spyware guard 2008 runtime detection - purchase page (snort3-pua-adware.rules) * 1:16136 <-> DISABLED <-> PUA-ADWARE Hijacker xp antispyware 2009 runtime detection - pre-sale webpage (snort3-pua-adware.rules) * 1:16137 <-> DISABLED <-> MALWARE-OTHER Keylogger cheat monitor runtime detection (snort3-malware-other.rules) * 1:16138 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool 0desa msn pass stealer 8.5 runtime detection (snort3-malware-tools.rules) * 1:16141 <-> DISABLED <-> SERVER-OTHER Kaspersky Online Scanner trojaned Dll download attempt (snort3-server-other.rules) * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (snort3-file-identify.rules) * 1:16153 <-> DISABLED <-> FILE-IMAGE Microsoft Windows malformed WMF meta escape record memory corruption attempt (snort3-file-image.rules) * 1:16154 <-> DISABLED <-> FILE-EXECUTABLE GDI+ .NET image property parsing memory corruption (snort3-file-executable.rules) * 1:16156 <-> DISABLED <-> FILE-MULTIMEDIA Windows Media Player ASF marker object memory corruption attempt (snort3-file-multimedia.rules) * 1:16157 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed ASF voice codec memory corruption attempt (snort3-os-windows.rules) * 1:16158 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Runtime malformed ASF codec memory corruption attempt (snort3-os-windows.rules) * 1:16167 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSASS integer wrap denial of service attempt (snort3-os-windows.rules) * 1:16168 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 integer overflow denial of service attempt (snort3-os-windows.rules) * 1:16173 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D progressive mesh continuation pointer overwrite attempt (snort3-file-pdf.rules) * 1:16174 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D progressive mesh continuation off by one index attempt (snort3-file-pdf.rules) * 1:16175 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.removeStateModel denial of service attempt (snort3-file-pdf.rules) * 1:16176 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.addStateModel remote corruption attempt (snort3-file-pdf.rules) * 1:16177 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word GDI+ Office Art Property Table remote code execution attempt (snort3-file-office.rules) * 1:16178 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel GDI+ Office Art Property Table remote code execution attempt (snort3-file-office.rules) * 1:16179 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET MSIL CLR interface multiple instantiation attempt (snort3-file-executable.rules) * 1:16181 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI ASN.1 integer overflow attempt (snort3-os-windows.rules) * 1:16182 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET MSIL stack corruption attempt (snort3-file-executable.rules) * 1:16183 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows .NET MSIL CombineImpl suspicious usage attempt (snort3-file-executable.rules) * 1:16184 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (snort3-file-image.rules) * 1:16185 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ compressed TIFF file parsing remote code execution attempt (snort3-os-windows.rules) * 1:16186 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ interlaced PNG file parsing heap overflow attempt (snort3-file-image.rules) * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (snort3-file-identify.rules) * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (snort3-file-identify.rules) * 1:16220 <-> DISABLED <-> FILE-OTHER Adobe Shockwave director file malformed lcsr block memory corruption attempt (snort3-file-other.rules) * 1:16223 <-> DISABLED <-> FILE-OTHER Adobe Shockwave tSAC pointer overwrite attempt (snort3-file-other.rules) * 1:16224 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes invalid tref box exploit attempt (snort3-file-multimedia.rules) * 1:16225 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Flash arbitrary memory access attempt (snort3-file-other.rules) * 1:16226 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel integer field in row record improper validation remote code execution attempt (snort3-file-office.rules) * 1:16227 <-> DISABLED <-> SERVER-OTHER Web Service on Devices API WSDAPI URL processing buffer corruption attempt (snort3-server-other.rules) * 1:16228 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed StartObject record arbitrary code execution attempt (snort3-file-office.rules) * 1:16229 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel oversized ib memory corruption attempt (snort3-file-office.rules) * 1:16233 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel oversized ptgFuncVar cparams value buffer overflow attempt (snort3-file-office.rules) * 1:16234 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (snort3-file-office.rules) * 1:16235 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SXDB record exploit attempt (snort3-file-office.rules) * 1:16236 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SxView record exploit attempt (snort3-file-office.rules) * 1:16237 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory NTDSA stack space exhaustion attempt (snort3-server-other.rules) * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (snort3-os-windows.rules) * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (snort3-os-windows.rules) * 1:16240 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file Window/Pane record exploit attempt (snort3-file-office.rules) * 1:16241 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FeatHdr BIFF record remote code execution attempt (snort3-file-office.rules) * 1:16244 <-> DISABLED <-> PUA-ADWARE rogue software xp police antivirus runtime detection - purchase (snort3-pua-adware.rules) * 1:16245 <-> DISABLED <-> PUA-ADWARE rogue software xp police antivirus install-timedetection (snort3-pua-adware.rules) * 1:16246 <-> DISABLED <-> PUA-ADWARE rogue software spyware protect 2009 outbound connection - purchase request (snort3-pua-adware.rules) * 1:16247 <-> DISABLED <-> PUA-ADWARE rogue software spyware protect 2009 outbound connection - block (snort3-pua-adware.rules) * 1:16248 <-> DISABLED <-> PUA-ADWARE rogue software ms antispyware 2009 runtime detection - start (snort3-pua-adware.rules) * 1:16249 <-> DISABLED <-> PUA-ADWARE rogue software ms antispyware 2009 runtime detection - pay (snort3-pua-adware.rules) * 1:16250 <-> DISABLED <-> PUA-ADWARE rogue software win pc defender outbound connection (snort3-pua-adware.rules) * 1:16251 <-> DISABLED <-> PUA-ADWARE rogue software win pc defender outbound connection (snort3-pua-adware.rules) * 1:16252 <-> DISABLED <-> PUA-ADWARE rogue software pro antispyware 2009 runtime detection - purchase (snort3-pua-adware.rules) * 1:16253 <-> DISABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (snort3-pua-adware.rules) * 1:16254 <-> ENABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (snort3-pua-adware.rules) * 1:16255 <-> DISABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (snort3-pua-adware.rules) * 1:16256 <-> DISABLED <-> PUA-ADWARE rogue software coreguard antivirus 2009 runtime detection (snort3-pua-adware.rules) * 1:16257 <-> DISABLED <-> PUA-ADWARE rogue software perfect defender 2009 outbound connection - update (snort3-pua-adware.rules) * 1:16258 <-> DISABLED <-> PUA-ADWARE rogue software perfect defender 2009 outbound connection - purchase (snort3-pua-adware.rules) * 1:16259 <-> DISABLED <-> PUA-ADWARE rogue software antivirusdoktor2009 runtime detection (snort3-pua-adware.rules) * 1:16260 <-> DISABLED <-> PUA-ADWARE rogue software xp antivirus protection runtime detection - installation (snort3-pua-adware.rules) * 1:16261 <-> DISABLED <-> PUA-ADWARE rogue software xp antivirus protection runtime detection - runtime (snort3-pua-adware.rules) * 1:16262 <-> DISABLED <-> PUA-ADWARE rogue software xp-shield outbound connection (snort3-pua-adware.rules) * 1:16263 <-> DISABLED <-> PUA-ADWARE rogue software xp-shield outbound connection - installation (snort3-pua-adware.rules) * 1:16264 <-> DISABLED <-> PUA-ADWARE rogue software 007 anti-spyware runtime detection - update (snort3-pua-adware.rules) * 1:16265 <-> DISABLED <-> PUA-ADWARE rogue software 007 anti-spyware runtime detection - register (snort3-pua-adware.rules) * 1:16266 <-> DISABLED <-> PUA-ADWARE rogue software pc antispyware 2010 runtime detection - buy (snort3-pua-adware.rules) * 1:16267 <-> DISABLED <-> PUA-ADWARE rogue software pc antispyware 2010 runtime detection - files (snort3-pua-adware.rules) * 1:16276 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl outbound connection (snort3-pua-adware.rules) * 1:16277 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl outbound connection - downloads malicious files (snort3-pua-adware.rules) * 1:16278 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl installime detection - updates remote server (snort3-pua-adware.rules) * 1:16279 <-> DISABLED <-> PUA-ADWARE rogue-software windows antivirus 2008 runtime detection - pre-sale page (snort3-pua-adware.rules) * 1:16280 <-> DISABLED <-> PUA-ADWARE rogue-software windows antivirus 2008 runtime detection - registration and payment page (snort3-pua-adware.rules) * 1:16281 <-> DISABLED <-> PUA-P2P BitTorrent scrape request (snort3-pua-p2p.rules) * 1:16282 <-> DISABLED <-> PUA-P2P Bittorrent uTP peer request (snort3-pua-p2p.rules) * 1:16285 <-> DISABLED <-> PROTOCOL-RPC AIX ttdbserv function 15 buffer overflow attempt (snort3-protocol-rpc.rules) * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (snort3-file-identify.rules) * 1:16287 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt (snort3-os-windows.rules) * 1:16290 <-> DISABLED <-> SERVER-ORACLE Oracle database server CREATE_TABLES SQL injection attempt (snort3-server-oracle.rules) * 1:16293 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Flash memory corruption attempt (snort3-file-other.rules) * 1:16294 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP stack zero window size exploit attempt (snort3-os-windows.rules) * 1:16309 <-> DISABLED <-> SERVER-ORACLE auth_sesskey buffer overflow attempt (snort3-server-oracle.rules) * 1:16312 <-> DISABLED <-> SERVER-IIS ADFS custom header arbitrary code execution attempt (snort3-server-iis.rules) * 1:16313 <-> DISABLED <-> FILE-EXECUTABLE download of executable content (snort3-file-executable.rules) * 1:16314 <-> DISABLED <-> FILE-OFFICE Microsoft Windows WordPad and Office text converter integer overflow attempt (snort3-file-office.rules) * 1:16315 <-> DISABLED <-> FILE-FLASH Adobe Flash PlugIn check if file exists attempt (snort3-file-flash.rules) * 1:16316 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed getPropertyLate actioncode attempt (snort3-file-flash.rules) * 1:16320 <-> DISABLED <-> FILE-IMAGE Adobe PNG empty sPLT exploit attempt (snort3-file-image.rules) * 1:16321 <-> DISABLED <-> FILE-IMAGE Adobe tiff oversized image length attempt (snort3-file-image.rules) * 1:16322 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader oversized object width attempt (snort3-file-pdf.rules) * 1:16323 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2k uninitialized QCC memory corruption attempt (snort3-file-pdf.rules) * 1:16324 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader doc.export arbitrary file write attempt (snort3-file-pdf.rules) * 1:16325 <-> DISABLED <-> FILE-PDF Adobe JPEG2k uninitialized QCC memory corruption attempt (snort3-file-pdf.rules) * 1:16327 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ TIFF RLE compressed data buffer overflow attempt (snort3-os-windows.rules) * 1:16328 <-> DISABLED <-> FILE-OFFICE Microsoft Office Project file parsing arbitrary memory access attempt (snort3-file-office.rules) * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt (snort3-server-other.rules) * 1:16335 <-> DISABLED <-> FILE-PDF XPDF ObjectStream integer overflow (snort3-file-pdf.rules) * 1:16336 <-> DISABLED <-> FILE-PDF Blackberry Server PDF JBIG2 numnewsyms remote code execution attempt (snort3-file-pdf.rules) * 1:16337 <-> DISABLED <-> FILE-FLASH Adobe Flash Player directory traversal attempt (snort3-file-flash.rules) * 1:16345 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file HostList processing stack buffer overflow attempt (snort3-file-other.rules) * 1:16346 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file InformixServerList processing stack buffer overflow attempt (snort3-file-other.rules) * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (snort3-browser-firefox.rules) * 1:16348 <-> DISABLED <-> SERVER-MYSQL database PROCEDURE ANALYSE denial of service attempt - 1 (snort3-server-mysql.rules) * 1:16349 <-> DISABLED <-> SERVER-MYSQL database Procedure Analyse denial of service attempt - 2 (snort3-server-mysql.rules) * 1:16350 <-> DISABLED <-> SERVER-OTHER ntp mode 7 denial of service attempt (snort3-server-other.rules) * 1:16354 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader start-of-file alternate header obfuscation (snort3-file-pdf.rules) * 1:16355 <-> DISABLED <-> FILE-PDF Xpdf Splash DrawImage integer overflow attempt (snort3-file-pdf.rules) * 1:16356 <-> DISABLED <-> SERVER-IIS multiple extension code execution attempt (snort3-server-iis.rules) * 1:16357 <-> DISABLED <-> PROTOCOL-FTP multiple extension code execution attempt (snort3-protocol-ftp.rules) * 1:16361 <-> DISABLED <-> FILE-OFFICE Microsoft Office BMP header biClrUsed integer overflow attempt (snort3-file-office.rules) * 1:16363 <-> DISABLED <-> FILE-EXECUTABLE potentially executable file upload via FTP (snort3-file-executable.rules) * 1:16365 <-> DISABLED <-> PUA-ADWARE OnlineGames download attempt (snort3-pua-adware.rules) * 1:16366 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded OpenType font engine LZX decompression buffer overflow attempt (snort3-os-windows.rules) * 1:16374 <-> DISABLED <-> SERVER-OTHER Oracle Internet Directory heap corruption attempt (snort3-server-other.rules) * 1:16381 <-> ENABLED <-> NETBIOS SMB session negotiation request (snort3-netbios.rules) * 1:16385 <-> DISABLED <-> SERVER-MYSQL yaSSL library cert parsing stack overflow attempt (snort3-server-mysql.rules) * 1:16390 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader alternate file magic obfuscation (snort3-file-pdf.rules) * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (snort3-file-identify.rules) * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (snort3-file-identify.rules) * 1:16410 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint file LinkedSlide10Atom record parsing heap corruption attempt (snort3-file-office.rules) * 1:16434 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.51-v0.61 packed file magic detected (snort3-file-identify.rules) * 1:16436 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v2.90 v2.93-v3.00 packed file magic detected (snort3-file-identify.rules) * 1:16437 <-> DISABLED <-> SERVER-OTHER CVS Entry line flag remote heap overflow attempt (snort3-server-other.rules) * 1:16443 <-> DISABLED <-> POLICY-SOCIAL deny Gmail chat DNS request (snort3-policy-social.rules) * 1:16454 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt - empty SMB 2 (snort3-os-windows.rules) * 1:16455 <-> DISABLED <-> MALWARE-OTHER Keylogger egyspy keylogger 1.13 runtime detection (snort3-malware-other.rules) * 1:16456 <-> DISABLED <-> PUA-ADWARE Rogue-Software ang antivirus 09 runtime detection (snort3-pua-adware.rules) * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (snort3-file-identify.rules) * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (snort3-file-identify.rules) * 1:16476 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (snort3-file-identify.rules) * 1:16477 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (snort3-file-identify.rules) * 1:16478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (snort3-file-identify.rules) * 1:16479 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer exploit attempt - public shell code (snort3-server-apache.rules) * 1:16480 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer exploit attempt (snort3-server-apache.rules) * 1:16486 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - command execution attempt (snort3-malware-backdoor.rules) * 1:16487 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - yes command attempt (snort3-malware-backdoor.rules) * 1:16488 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - write file attempt (snort3-malware-backdoor.rules) * 1:16494 <-> DISABLED <-> PUA-ADWARE Cutwail spambot server communication attempt (snort3-pua-adware.rules) * 1:16498 <-> DISABLED <-> PUA-ADWARE PC Antispyware 2010 FakeAV download/update attempt (snort3-pua-adware.rules) * 1:16513 <-> DISABLED <-> SQL Jive Software Openfire Jabber Server SQL injection attempt (snort3-sql.rules) * 1:16525 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web login attempt (snort3-policy-social.rules) * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (snort3-file-identify.rules) * 1:16535 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio improper attribute code execution attempt (snort3-file-office.rules) * 1:16536 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio off-by-one in array index code execution attempt (snort3-file-office.rules) * 1:16538 <-> ENABLED <-> NETBIOS NT QUERY SECURITY DESC flowbit (snort3-netbios.rules) * 1:16539 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 BytesNeeded ring0 buffer overflow attempt (snort3-os-windows.rules) * 1:16546 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader/Acrobat Pro CFF font parsing heap overflow attempt (snort3-file-pdf.rules) * 1:16550 <-> DISABLED <-> FILE-OTHER Oracle JRE Java Platform SE and Java Deployment Toolkit plugins code execution attempt - java-deployment-toolkit (snort3-file-other.rules) * 1:16552 <-> DISABLED <-> FILE-IDENTIFY Adobe .pfb file download request (snort3-file-identify.rules) * 1:16553 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ptg index parsing code execution attempt (snort3-file-office.rules) * 1:16556 <-> ENABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm get request attempt (snort3-file-other.rules) * 1:16557 <-> DISABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm inbound communication attempt (snort3-file-other.rules) * 1:16562 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 2 (snort3-file-image.rules) * 1:16563 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 3 (snort3-file-image.rules) * 1:16564 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 4 (snort3-file-image.rules) * 1:16577 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 compound request DoS attempt (snort3-os-windows.rules) * 1:16579 <-> DISABLED <-> PUA-OTHER mIRC IRC URL buffer overflow attempt (snort3-pua-other.rules) * 1:16582 <-> DISABLED <-> FILE-OTHER Un4seen Developments XMPlay crafted ASX file buffer overflow attempt (snort3-file-other.rules) * 1:16586 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (snort3-file-office.rules) * 1:16592 <-> DISABLED <-> BROWSER-OTHER Opera asynchronous document modifications attempted memory corruption (snort3-browser-other.rules) * 1:16594 <-> ENABLED <-> PROTOCOL-POP STAT command (snort3-protocol-pop.rules) * 1:16598 <-> DISABLED <-> SERVER-OTHER Green Dam URL handling overflow attempt (snort3-server-other.rules) * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (snort3-file-other.rules) * 1:16611 <-> DISABLED <-> SERVER-APACHE Apache 413 error HTTP request method cross-site scripting attack (snort3-server-apache.rules) * 1:16612 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox oversized SOCKS5 DNS reply memory corruption attempt (snort3-browser-firefox.rules) * 1:16613 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - cmd (snort3-indicator-compromise.rules) * 1:16614 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - search (snort3-indicator-compromise.rules) * 1:16615 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - upload (snort3-indicator-compromise.rules) * 1:16616 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - about (snort3-indicator-compromise.rules) * 1:16617 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - encoder (snort3-indicator-compromise.rules) * 1:16618 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - bind (snort3-indicator-compromise.rules) * 1:16619 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ps_aux (snort3-indicator-compromise.rules) * 1:16620 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ftpquickbrute (snort3-indicator-compromise.rules) * 1:16621 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - security (snort3-indicator-compromise.rules) * 1:16622 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - sql (snort3-indicator-compromise.rules) * 1:16623 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - eval (snort3-indicator-compromise.rules) * 1:16624 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - feedback (snort3-indicator-compromise.rules) * 1:16625 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - selfremove (snort3-indicator-compromise.rules) * 1:16626 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - fsbuff (snort3-indicator-compromise.rules) * 1:16627 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ls (snort3-indicator-compromise.rules) * 1:16628 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - phpinfo (snort3-indicator-compromise.rules) * 1:16630 <-> ENABLED <-> FILE-IDENTIFY DAT file download request (snort3-file-identify.rules) * 1:16655 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lbl record stack overflow attempt (snort3-file-office.rules) * 1:16680 <-> DISABLED <-> APP-DETECT Tandberg VCS SSH default key (snort3-app-detect.rules) * 1:16686 <-> DISABLED <-> SERVER-OTHER IBM WebSphere application server cross site scripting attempt (snort3-server-other.rules) * 1:16689 <-> DISABLED <-> SERVER-OTHER Palo Alto Networks Firewall editUser.esp XSS attempt (snort3-server-other.rules) * 1:16691 <-> ENABLED <-> FILE-IDENTIFY PLF playlist file download request (snort3-file-identify.rules) * 1:16696 <-> DISABLED <-> FILE-OTHER Astonsoft Deepburner db file path buffer overflow attempt (snort3-file-other.rules) * 1:16697 <-> DISABLED <-> PROTOCOL-FTP httpdx USER null byte denial of service (snort3-protocol-ftp.rules) * 1:16698 <-> DISABLED <-> PROTOCOL-FTP httpdx PASS null byte denial of service (snort3-protocol-ftp.rules) * 1:16707 <-> DISABLED <-> SERVER-MYSQL mysql_log COM_CREATE_DB format string vulnerability exploit attempt (snort3-server-mysql.rules) * 1:16708 <-> DISABLED <-> SERVER-MYSQL mysql_log COM_DROP_DB format string vulnerability exploit attempt (snort3-server-mysql.rules) * 1:16718 <-> DISABLED <-> PUA-OTHER Skype URI handler input validation exploit attempt (snort3-pua-other.rules) * 1:16726 <-> DISABLED <-> FILE-OTHER gAlan malformed file stack overflow attempt (snort3-file-other.rules) * 1:16727 <-> DISABLED <-> FILE-OTHER IDEAL Administration IPJ file handling stack overflow attempt (snort3-file-other.rules) * 1:16730 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (snort3-file-other.rules) * 1:16731 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (snort3-file-other.rules) * 1:16732 <-> DISABLED <-> FILE-OTHER SafeNet SoftRemote multiple policy file local overflow attempt (snort3-file-other.rules) * 1:16733 <-> DISABLED <-> FILE-OTHER UltraISO CCD file handling overflow attempt (snort3-file-other.rules) * 1:16734 <-> DISABLED <-> FILE-OTHER multiple products malformed CUE file buffer overflow attempt (snort3-file-other.rules) * 1:16735 <-> DISABLED <-> FILE-OTHER URSoft W32Dasm Import/Export function buffer overflow attempt (snort3-file-other.rules) * 1:16736 <-> DISABLED <-> FILE-OTHER VariCAD multiple products DWB file handling overflow attempt (snort3-file-other.rules) * 1:16737 <-> DISABLED <-> FILE-MULTIMEDIA Xenorate Media Player XPL file handling overflow attempt - 1 (snort3-file-multimedia.rules) * 1:16738 <-> DISABLED <-> FILE-MULTIMEDIA Xenorate Media Player XPL file handling overflow attempt - 2 (snort3-file-multimedia.rules) * 1:16739 <-> DISABLED <-> FILE-MULTIMEDIA Multiple audio players playlist file handling heap overflow attempt (snort3-file-multimedia.rules) * 1:16742 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file download request (snort3-file-identify.rules) * 1:16743 <-> DISABLED <-> FILE-OTHER Cain & Abel Remote Desktop Protocol file handling buffer overflow attempt (snort3-file-other.rules) * 1:16744 <-> DISABLED <-> FILE-MULTIMEDIA Worldweaver DX Studio Player plug-in command injection attempt (snort3-file-multimedia.rules) * 1:16787 <-> DISABLED <-> FILE-OTHER Symantec multiple products AeXNSConsoleUtilities RunCMD buffer overflow attempt (snort3-file-other.rules) * 1:16795 <-> DISABLED <-> BROWSER-CHROME Google Chrome FTP handling out-of-bounds array index denial of service attempt (snort3-browser-chrome.rules) * 1:16799 <-> DISABLED <-> SERVER-MAIL Eureka Mail 2.2q server error response overflow attempt (snort3-server-mail.rules) * 1:16801 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll remote memory corruption denial of service attempt (snort3-file-pdf.rules) * 1:16934 <-> DISABLED <-> POLICY-SPAM pku-edp.cn known spam email attempt (snort3-policy-spam.rules) * 1:16935 <-> DISABLED <-> POLICY-SPAM sjtu-edp.cn known spam email attempt (snort3-policy-spam.rules) * 1:16936 <-> DISABLED <-> POLICY-SPAM xoposuhop.cn xoposuhop.cn known spam email attempt (snort3-policy-spam.rules) * 1:16937 <-> DISABLED <-> POLICY-SPAM bestdrug-store.com known spam email attempt (snort3-policy-spam.rules) * 1:16938 <-> DISABLED <-> POLICY-SPAM pharmrik66y.ru known spam email attempt (snort3-policy-spam.rules) * 1:16939 <-> DISABLED <-> POLICY-SPAM refillleonardo59y.ru known spam email attempt (snort3-policy-spam.rules) * 1:16940 <-> DISABLED <-> POLICY-SPAM medfreddie55a.ru known spam email attempt (snort3-policy-spam.rules) * 1:16941 <-> DISABLED <-> POLICY-SPAM drugshershel38w.ru known spam email attempt (snort3-policy-spam.rules) * 1:16942 <-> DISABLED <-> POLICY-SPAM drugshayyim77n.ru known spam email attempt (snort3-policy-spam.rules) * 1:16943 <-> DISABLED <-> POLICY-SPAM erectguthry99c.ru known spam email attempt (snort3-policy-spam.rules) * 1:16944 <-> DISABLED <-> POLICY-SPAM pilldory92n.ru known spam email attempt (snort3-policy-spam.rules) * 1:16945 <-> DISABLED <-> POLICY-SPAM tabwinn77t.ru known spam email attempt (snort3-policy-spam.rules) * 1:16946 <-> DISABLED <-> POLICY-SPAM pillrenault15j.ru known spam email attempt (snort3-policy-spam.rules) * 1:16947 <-> DISABLED <-> POLICY-SPAM pharmrolland95h.ru known spam email attempt (snort3-policy-spam.rules) * 1:16948 <-> DISABLED <-> POLICY-SPAM onlineheindrick60i.ru known spam email attempt (snort3-policy-spam.rules) * 1:16949 <-> DISABLED <-> POLICY-SPAM erectnormie71a.ru known spam email attempt (snort3-policy-spam.rules) * 1:16950 <-> DISABLED <-> POLICY-SPAM tabscotti71i.ru known spam email attempt (snort3-policy-spam.rules) * 1:16951 <-> DISABLED <-> POLICY-SPAM drugsjudd45f.ru known spam email attempt (snort3-policy-spam.rules) * 1:16952 <-> DISABLED <-> POLICY-SPAM pharmharman55y.ru known spam email attempt (snort3-policy-spam.rules) * 1:16953 <-> DISABLED <-> POLICY-SPAM medgaultiero11e.ru known spam email attempt (snort3-policy-spam.rules) * 1:16954 <-> DISABLED <-> POLICY-SPAM pillgaylor21n.ru known spam email attempt (snort3-policy-spam.rules) * 1:16955 <-> DISABLED <-> POLICY-SPAM drugspenn84f.ru known spam email attempt (snort3-policy-spam.rules) * 1:16956 <-> DISABLED <-> POLICY-SPAM medebeneser68c.ru known spam email attempt (snort3-policy-spam.rules) * 1:16957 <-> DISABLED <-> POLICY-SPAM tabmario94r.ru known spam email attempt (snort3-policy-spam.rules) * 1:16958 <-> DISABLED <-> POLICY-SPAM tablennard88q.ru known spam email attempt (snort3-policy-spam.rules) * 1:16959 <-> DISABLED <-> POLICY-SPAM medforster79j.ru known spam email attempt (snort3-policy-spam.rules) * 1:16960 <-> DISABLED <-> POLICY-SPAM erectvincent21v.ru known spam email attempt (snort3-policy-spam.rules) * 1:16961 <-> DISABLED <-> POLICY-SPAM drugsdemott21o.ru known spam email attempt (snort3-policy-spam.rules) * 1:16962 <-> DISABLED <-> POLICY-SPAM onlinelovell30p.ru known spam email attempt (snort3-policy-spam.rules) * 1:16963 <-> DISABLED <-> POLICY-SPAM erecttaylor49i.ru known spam email attempt (snort3-policy-spam.rules) * 1:16964 <-> DISABLED <-> POLICY-SPAM smellexact.ru known spam email attempt (snort3-policy-spam.rules) * 1:16965 <-> DISABLED <-> POLICY-SPAM givehome.ru known spam email attempt (snort3-policy-spam.rules) * 1:16966 <-> DISABLED <-> POLICY-SPAM thingpath.ru known spam email attempt (snort3-policy-spam.rules) * 1:16967 <-> DISABLED <-> POLICY-SPAM wereif.ru known spam email attempt (snort3-policy-spam.rules) * 1:16968 <-> DISABLED <-> POLICY-SPAM bassmax.ru known spam email attempt (snort3-policy-spam.rules) * 1:16969 <-> DISABLED <-> POLICY-SPAM steadfig.ru known spam email attempt (snort3-policy-spam.rules) * 1:16970 <-> DISABLED <-> POLICY-SPAM drugsmayne5a.ru known spam email attempt (snort3-policy-spam.rules) * 1:16971 <-> DISABLED <-> POLICY-SPAM mystick.ru known spam email attempt (snort3-policy-spam.rules) * 1:16972 <-> DISABLED <-> POLICY-SPAM drugsrey95a.ru known spam email attempt (snort3-policy-spam.rules) * 1:16973 <-> DISABLED <-> POLICY-SPAM milklowly.ru known spam email attempt (snort3-policy-spam.rules) * 1:16974 <-> DISABLED <-> POLICY-SPAM numberenough.ru known spam email attempt (snort3-policy-spam.rules) * 1:16975 <-> DISABLED <-> POLICY-SPAM oldsheer.ru known spam email attempt (snort3-policy-spam.rules) * 1:16976 <-> DISABLED <-> POLICY-SPAM logzest.ru known spam email attempt (snort3-policy-spam.rules) * 1:16977 <-> DISABLED <-> POLICY-SPAM energypotent.ru known spam email attempt (snort3-policy-spam.rules) * 1:16978 <-> DISABLED <-> POLICY-SPAM outhave.ru known spam email attempt (snort3-policy-spam.rules) * 1:16979 <-> DISABLED <-> POLICY-SPAM solvecalm.ru known spam email attempt (snort3-policy-spam.rules) * 1:16980 <-> DISABLED <-> POLICY-SPAM stillvisit.ru known spam email attempt (snort3-policy-spam.rules) * 1:16981 <-> DISABLED <-> POLICY-SPAM livelycall.ru known spam email attempt (snort3-policy-spam.rules) * 1:16982 <-> DISABLED <-> POLICY-SPAM 64.com1.ru known spam email attempt (snort3-policy-spam.rules) * 1:16983 <-> DISABLED <-> POLICY-SPAM heatsettle.ru known spam email attempt (snort3-policy-spam.rules) * 1:16984 <-> DISABLED <-> POLICY-SPAM freshmuch.ru known spam email attempt (snort3-policy-spam.rules) * 1:16985 <-> DISABLED <-> POLICY-SPAM extoleye.ru known spam email attempt (snort3-policy-spam.rules) * 1:16987 <-> DISABLED <-> POLICY-SPAM tabemmerich86b.ru known spam email attempt (snort3-policy-spam.rules) * 1:16988 <-> DISABLED <-> POLICY-SPAM moderneight.ru known spam email attempt (snort3-policy-spam.rules) * 1:16989 <-> DISABLED <-> POLICY-SPAM tabferd49a.ru known spam email attempt (snort3-policy-spam.rules) * 1:16990 <-> DISABLED <-> POLICY-SPAM nextmail.ru known spam email attempt (snort3-policy-spam.rules) * 1:16991 <-> DISABLED <-> POLICY-SPAM fruitone.ru known spam email attempt (snort3-policy-spam.rules) * 1:16992 <-> DISABLED <-> POLICY-SPAM liquideat.ru known spam email attempt (snort3-policy-spam.rules) * 1:16993 <-> DISABLED <-> POLICY-SPAM tabwinn2a.ru known spam email attempt (snort3-policy-spam.rules) * 1:16994 <-> DISABLED <-> POLICY-SPAM abletool.ru known spam email attempt (snort3-policy-spam.rules) * 1:16995 <-> DISABLED <-> POLICY-SPAM miltyrefil.ru known spam email attempt (snort3-policy-spam.rules) * 1:16996 <-> DISABLED <-> POLICY-SPAM quincytab.ru known spam email attempt (snort3-policy-spam.rules) * 1:16997 <-> DISABLED <-> POLICY-SPAM giacoporx.ru known spam email attempt (snort3-policy-spam.rules) * 1:16998 <-> DISABLED <-> POLICY-SPAM drugsnevile.ru known spam email attempt (snort3-policy-spam.rules) * 1:16999 <-> DISABLED <-> POLICY-SPAM jasemed.ru known spam email attempt (snort3-policy-spam.rules) * 1:17000 <-> DISABLED <-> POLICY-SPAM ximenezdrug.ru known spam email attempt (snort3-policy-spam.rules) * 1:17001 <-> DISABLED <-> POLICY-SPAM dillonline.ru known spam email attempt (snort3-policy-spam.rules) * 1:17002 <-> DISABLED <-> POLICY-SPAM swellliquid.ru known spam email attempt (snort3-policy-spam.rules) * 1:17003 <-> DISABLED <-> POLICY-SPAM younglaugh.ru known spam email attempt (snort3-policy-spam.rules) * 1:17004 <-> DISABLED <-> POLICY-SPAM 2047757.kaskad-travel.ru known spam email attempt (snort3-policy-spam.rules) * 1:17005 <-> DISABLED <-> POLICY-SPAM paintwater.ru known spam email attempt (snort3-policy-spam.rules) * 1:17006 <-> DISABLED <-> POLICY-SPAM lovingover.ru known spam email attempt (snort3-policy-spam.rules) * 1:17007 <-> DISABLED <-> POLICY-SPAM pharmerastus.ru known spam email attempt (snort3-policy-spam.rules) * 1:17008 <-> DISABLED <-> POLICY-SPAM hisoffer.ru known spam email attempt (snort3-policy-spam.rules) * 1:17009 <-> DISABLED <-> POLICY-SPAM butleft.ru known spam email attempt (snort3-policy-spam.rules) * 1:17010 <-> DISABLED <-> POLICY-SPAM starknow.ru known spam email attempt (snort3-policy-spam.rules) * 1:17011 <-> DISABLED <-> POLICY-SPAM beginwisdom.ru known spam email attempt (snort3-policy-spam.rules) * 1:17012 <-> DISABLED <-> POLICY-SPAM oneus.ru known spam email attempt (snort3-policy-spam.rules) * 1:17013 <-> DISABLED <-> POLICY-SPAM reapcomfy.ru known spam email attempt (snort3-policy-spam.rules) * 1:17014 <-> DISABLED <-> POLICY-SPAM rowsay.ru known spam email attempt (snort3-policy-spam.rules) * 1:17015 <-> DISABLED <-> POLICY-SPAM pamperletter.ru known spam email attempt (snort3-policy-spam.rules) * 1:17016 <-> DISABLED <-> POLICY-SPAM boxdouble.ru known spam email attempt (snort3-policy-spam.rules) * 1:17017 <-> DISABLED <-> POLICY-SPAM beatmoon.ru known spam email attempt (snort3-policy-spam.rules) * 1:17018 <-> DISABLED <-> POLICY-SPAM ensureequate.ru known spam email attempt (snort3-policy-spam.rules) * 1:17020 <-> DISABLED <-> POLICY-SPAM sheerwheel.ru known spam email attempt (snort3-policy-spam.rules) * 1:17021 <-> DISABLED <-> POLICY-SPAM nearpass.ru known spam email attempt (snort3-policy-spam.rules) * 1:17022 <-> DISABLED <-> POLICY-SPAM thatmile.ru known spam email attempt (snort3-policy-spam.rules) * 1:17023 <-> DISABLED <-> POLICY-SPAM hillfoot.ru known spam email attempt (snort3-policy-spam.rules) * 1:17024 <-> DISABLED <-> POLICY-SPAM writeobject.ru known spam email attempt (snort3-policy-spam.rules) * 1:17025 <-> DISABLED <-> POLICY-SPAM thoughthese.ru known spam email attempt (snort3-policy-spam.rules) * 1:17026 <-> DISABLED <-> POLICY-SPAM redlead.ru known spam email attempt (snort3-policy-spam.rules) * 1:17027 <-> DISABLED <-> POLICY-SPAM scoreenjoy.ru known spam email attempt (snort3-policy-spam.rules) * 1:17029 <-> DISABLED <-> POLICY-SPAM tenderpower.ru known spam email attempt (snort3-policy-spam.rules) * 1:17030 <-> DISABLED <-> POLICY-SPAM fewvalley.ru known spam email attempt (snort3-policy-spam.rules) * 1:17031 <-> DISABLED <-> POLICY-SPAM burnshy.ru known spam email attempt (snort3-policy-spam.rules) * 1:17032 <-> DISABLED <-> POLICY-SPAM centtry.ru known spam email attempt (snort3-policy-spam.rules) * 1:17033 <-> DISABLED <-> POLICY-SPAM signpearl.ru known spam email attempt (snort3-policy-spam.rules) * 1:17041 <-> DISABLED <-> SERVER-OTHER ISA Server OTP-based Forms-authorization fallback policy bypass attempt (snort3-server-other.rules) * 1:17044 <-> ENABLED <-> SQL WinCC DB default password security bypass attempt (snort3-sql.rules) * 1:17059 <-> DISABLED <-> PROTOCOL-FTP Vermillion 1.31 vftpd port command memory corruption (snort3-protocol-ftp.rules) * 1:17104 <-> DISABLED <-> FILE-OTHER FeedDemon OPML file handling buffer overflow attempt (snort3-file-other.rules) * 1:17105 <-> DISABLED <-> FILE-OTHER FeedDemon unicode OPML file handling buffer overflow attempt (snort3-file-other.rules) * 1:17109 <-> DISABLED <-> SERVER-ORACLE Oracle Java Web Console logging functionality format string exploit attempt (snort3-server-oracle.rules) * 1:17110 <-> DISABLED <-> APP-DETECT VxWorks remote debugging agent login attempt (snort3-app-detect.rules) * 1:17112 <-> DISABLED <-> OS-WINDOWS DCERPC rpcss2 _RemoteGetClassObject attempt (snort3-os-windows.rules) * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (snort3-file-identify.rules) * 1:17118 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET CreateDelegate method arbitrary code execution attempt (snort3-file-executable.rules) * 1:17125 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 MaxDataCount overflow attempt (snort3-os-windows.rules) * 1:17126 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB large session length with small packet (snort3-os-windows.rules) * 1:17141 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid data precision arbitrary code execution exploit attempt (snort3-file-flash.rules) * 1:17142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF ActionScript exploit attempt (snort3-file-flash.rules) * 1:17151 <-> ENABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (snort3-netbios.rules) * 1:17180 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM record exploit attempt (snort3-file-other.rules) * 1:17181 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM record exploit attempt (snort3-file-other.rules) * 1:17182 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC record exploit attempt (snort3-file-other.rules) * 1:17183 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC record exploit attempt (snort3-file-other.rules) * 1:17184 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC record exploit attempt (snort3-file-other.rules) * 1:17185 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (snort3-file-other.rules) * 1:17186 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (snort3-file-other.rules) * 1:17187 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (snort3-file-other.rules) * 1:17188 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (snort3-file-other.rules) * 1:17189 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (snort3-file-other.rules) * 1:17190 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (snort3-file-other.rules) * 1:17192 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (snort3-file-other.rules) * 1:17193 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (snort3-file-other.rules) * 1:17196 <-> DISABLED <-> FILE-OTHER Adobe Director file exploit attempt (snort3-file-other.rules) * 1:17197 <-> DISABLED <-> FILE-OTHER Adobe Director file exploit attempt (snort3-file-other.rules) * 1:17198 <-> DISABLED <-> FILE-OTHER Adobe Director file exploit attempt (snort3-file-other.rules) * 1:17199 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director file lRTX overflow attempt (snort3-file-other.rules) * 1:17200 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM overflow attempt (snort3-file-other.rules) * 1:17201 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director file LsCM overflow attempt (snort3-file-other.rules) * 1:17203 <-> DISABLED <-> FILE-OTHER Adobe Director file file rcsL overflow attempt (snort3-file-other.rules) * 1:17204 <-> DISABLED <-> FILE-OTHER Adobe Director file mmap overflow attempt (snort3-file-other.rules) * 1:17216 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari TABLE tag with large CELLSPACING attribute exploit attempt (snort3-browser-webkit.rules) * 1:17217 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari invalid FRAME tag remote code execution attempt (snort3-browser-webkit.rules) * 1:17218 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari LI tag with large VALUE attribute exploit attempt (snort3-browser-webkit.rules) * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (snort3-file-identify.rules) * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (snort3-file-identify.rules) * 1:17240 <-> DISABLED <-> SERVER-MAIL Multiple IMAP server literal CREATE command buffer overflow attempt (snort3-server-mail.rules) * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (snort3-file-identify.rules) * 1:17249 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSASS integer overflow attempt (snort3-os-windows.rules) * 1:17257 <-> DISABLED <-> FILE-FLASH Adobe Flash Player and Reader remote code execution attempt (snort3-file-flash.rules) * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (snort3-file-identify.rules) * 1:17267 <-> DISABLED <-> FILE-OTHER Multiple vendor malformed ZIP archive Antivirus detection bypass attempt (snort3-file-other.rules) * 1:17277 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (snort3-file-other.rules) * 1:17278 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (snort3-file-other.rules) * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (snort3-file-identify.rules) * 1:17319 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MCAtom remote code execution attempt (snort3-file-office.rules) * 1:17320 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MCAtom remote code execution attempt (snort3-file-office.rules) * 1:17327 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (snort3-server-mail.rules) * 1:17332 <-> ENABLED <-> SERVER-MAIL Content-Disposition attachment (snort3-server-mail.rules) * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (snort3-file-identify.rules) * 1:17364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (snort3-file-identify.rules) * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (snort3-file-identify.rules) * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (snort3-file-identify.rules) * 1:17396 <-> ENABLED <-> SERVER-OTHER VNC client authentication response (snort3-server-other.rules) * 1:17417 <-> DISABLED <-> SERVER-ORACLE Database Intermedia Denial of Service Attempt (snort3-server-oracle.rules) * 1:17418 <-> ENABLED <-> SERVER-ORACLE Oracle connection established (snort3-server-oracle.rules) * 1:17426 <-> ENABLED <-> FILE-IDENTIFY RAT file download request (snort3-file-identify.rules) * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (snort3-file-identify.rules) * 1:17445 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (snort3-server-other.rules) * 1:17503 <-> DISABLED <-> SERVER-MAIL MailEnable IMAP Service Invalid Command Buffer Overlow LOGIN (snort3-server-mail.rules) * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (snort3-server-other.rules) * 1:17537 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel unspecified memory corruption attempt (snort3-file-office.rules) * 1:17539 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel unspecified memory corruption attempt (snort3-file-office.rules) * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (snort3-file-identify.rules) * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (snort3-file-identify.rules) * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (snort3-file-identify.rules) * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (snort3-file-identify.rules) * 1:17667 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Pragmatic General Multicast Protocol memory consumption denial of service attempt (snort3-os-windows.rules) * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (snort3-file-identify.rules) * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (snort3-file-identify.rules) * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (snort3-file-identify.rules) * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (snort3-file-identify.rules) * 1:17745 <-> ENABLED <-> NETBIOS SMB TRANS2 Find_First2 request attempt (snort3-netbios.rules) * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (snort3-file-identify.rules) * 1:17754 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word bookmark bound check remote code execution attempt (snort3-file-office.rules) * 1:17755 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unchecked index value remote code execution attempt (snort3-file-office.rules) * 1:17763 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel GhostRw record exploit attempt (snort3-file-office.rules) * 1:17773 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player Firefox plugin memory corruption attempt (snort3-file-multimedia.rules) * 1:17776 <-> DISABLED <-> FILE-JAVA Oracle Java HsbParser.getSoundBank stack buffer overflow attempt (snort3-file-java.rules) * 1:17782 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple registers from external source (snort3-protocol-scada.rules) * 1:17783 <-> DISABLED <-> PROTOCOL-SCADA Modbus write single register from external source (snort3-protocol-scada.rules) * 1:17784 <-> DISABLED <-> PROTOCOL-SCADA Modbus write single coil from external source (snort3-protocol-scada.rules) * 1:17785 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple coils from external source (snort3-protocol-scada.rules) * 1:17786 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record from external source (snort3-protocol-scada.rules) * 1:17787 <-> DISABLED <-> PROTOCOL-SCADA Modbus read discrete inputs from external source (snort3-protocol-scada.rules) * 1:17788 <-> DISABLED <-> PROTOCOL-SCADA Modbus read coils from external source (snort3-protocol-scada.rules) * 1:17789 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input register from external source (snort3-protocol-scada.rules) * 1:17790 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding registers from external source (snort3-protocol-scada.rules) * 1:17791 <-> DISABLED <-> PROTOCOL-SCADA Modbus read/write multiple registers from external source (snort3-protocol-scada.rules) * 1:17792 <-> DISABLED <-> PROTOCOL-SCADA Modbus read fifo queue from external source (snort3-protocol-scada.rules) * 1:17793 <-> DISABLED <-> PROTOCOL-SCADA Modbus read file record from external source (snort3-protocol-scada.rules) * 1:17794 <-> DISABLED <-> PROTOCOL-SCADA Modbus read exception status from external source (snort3-protocol-scada.rules) * 1:17795 <-> DISABLED <-> PROTOCOL-SCADA Modbus initiate diagnostic from external source (snort3-protocol-scada.rules) * 1:17796 <-> DISABLED <-> PROTOCOL-SCADA Modbus get com event counter from external source (snort3-protocol-scada.rules) * 1:17797 <-> DISABLED <-> PROTOCOL-SCADA Modbus get com event log from external source (snort3-protocol-scada.rules) * 1:17798 <-> DISABLED <-> PROTOCOL-SCADA Modbus report slave id from external source (snort3-protocol-scada.rules) * 1:17799 <-> DISABLED <-> PROTOCOL-SCADA Modbus read device identification from external source (snort3-protocol-scada.rules) * 1:17800 <-> DISABLED <-> PROTOCOL-SCADA Modbus mask write register from external source (snort3-protocol-scada.rules) * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (snort3-file-identify.rules) * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (snort3-file-identify.rules) * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (snort3-file-identify.rules) * 1:17810 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of server32.exe (snort3-indicator-compromise.rules) * 1:17812 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of iexplore.exe (snort3-indicator-compromise.rules) * 1:17813 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of iprinp.dll (snort3-indicator-compromise.rules) * 1:17814 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of winzf32.dll (snort3-indicator-compromise.rules) * 1:17817 <-> DISABLED <-> SERVER-OTHER Thinkpoint fake antivirus binary download (snort3-server-other.rules) * 1:17918 <-> DISABLED <-> POLICY-SPAM aaof.onlinelewiss22r.ru known spam email attempt (snort3-policy-spam.rules) * 1:17919 <-> DISABLED <-> POLICY-SPAM akiq.onlinetommie54y.ru known spam email attempt (snort3-policy-spam.rules) * 1:17920 <-> DISABLED <-> POLICY-SPAM aobuii.onlinelewiss22r.ru known spam email attempt (snort3-policy-spam.rules) * 1:17921 <-> DISABLED <-> POLICY-SPAM argue.medrayner44c.ru known spam email attempt (snort3-policy-spam.rules) * 1:17922 <-> DISABLED <-> POLICY-SPAM ava.refilleldredge89r.ru known spam email attempt (snort3-policy-spam.rules) * 1:17923 <-> DISABLED <-> POLICY-SPAM axoseb.medicdrugsxck.ru known spam email attempt (snort3-policy-spam.rules) * 1:17924 <-> DISABLED <-> POLICY-SPAM azo.onlinetommie54y.ru known spam email attempt (snort3-policy-spam.rules) * 1:17925 <-> DISABLED <-> POLICY-SPAM back.pharmroyce83b.ru known spam email attempt (snort3-policy-spam.rules) * 1:17926 <-> DISABLED <-> POLICY-SPAM by.pharmroyce83b.ru known spam email attempt (snort3-policy-spam.rules) * 1:17927 <-> DISABLED <-> POLICY-SPAM cardinals.refilldud86o.ru known spam email attempt (snort3-policy-spam.rules) * 1:17928 <-> DISABLED <-> POLICY-SPAM chemist.onlineruggiero33q.ru known spam email attempt (snort3-policy-spam.rules) * 1:17929 <-> DISABLED <-> POLICY-SPAM chula.pharmroyce83b.ru known spam email attempt (snort3-policy-spam.rules) * 1:17930 <-> DISABLED <-> POLICY-SPAM classification.refillreade47j.ru known spam email attempt (snort3-policy-spam.rules) * 1:17931 <-> DISABLED <-> POLICY-SPAM compensate.refilldud86o.ru known spam email attempt (snort3-policy-spam.rules) * 1:17932 <-> DISABLED <-> POLICY-SPAM cswjlxey.ru known spam email attempt (snort3-policy-spam.rules) * 1:17933 <-> DISABLED <-> POLICY-SPAM current.refillreade47j.ru known spam email attempt (snort3-policy-spam.rules) * 1:17934 <-> DISABLED <-> POLICY-SPAM cyacaz.pilltodd73p.ru known spam email attempt (snort3-policy-spam.rules) * 1:17935 <-> DISABLED <-> POLICY-SPAM deepcenter.ru known spam email attempt (snort3-policy-spam.rules) * 1:17936 <-> DISABLED <-> POLICY-SPAM delegate.refillreade47j.ru known spam email attempt (snort3-policy-spam.rules) * 1:17937 <-> DISABLED <-> POLICY-SPAM diet.medrayner44c.ru known spam email attempt (snort3-policy-spam.rules) * 1:17938 <-> DISABLED <-> POLICY-SPAM direct.refillreade47j.ru known spam email attempt (snort3-policy-spam.rules) * 1:17939 <-> DISABLED <-> POLICY-SPAM divyo.pillking74s.ru known spam email attempt (snort3-policy-spam.rules) * 1:17940 <-> DISABLED <-> POLICY-SPAM drugsgeorge65g.ru known spam email attempt (snort3-policy-spam.rules) * 1:17941 <-> DISABLED <-> POLICY-SPAM dux.erectnoll24k.ru known spam email attempt (snort3-policy-spam.rules) * 1:17942 <-> DISABLED <-> POLICY-SPAM dypoh.erectjefferey85n.ru known spam email attempt (snort3-policy-spam.rules) * 1:17943 <-> DISABLED <-> POLICY-SPAM eaihar.refilleldredge89r.ru known spam email attempt (snort3-policy-spam.rules) * 1:17944 <-> DISABLED <-> POLICY-SPAM eeez.onlinehamel83i.ru known spam email attempt (snort3-policy-spam.rules) * 1:17945 <-> DISABLED <-> POLICY-SPAM egi.refilleldredge89r.ru known spam email attempt (snort3-policy-spam.rules) * 1:17946 <-> DISABLED <-> POLICY-SPAM ehyw.cumedicdrugsx.ru known spam email attempt (snort3-policy-spam.rules) * 1:17947 <-> DISABLED <-> POLICY-SPAM eka.onlinehamel83i.ru known spam email attempt (snort3-policy-spam.rules) * 1:17948 <-> DISABLED <-> POLICY-SPAM election.refillreade47j.ru known spam email attempt (snort3-policy-spam.rules) * 1:17949 <-> DISABLED <-> POLICY-SPAM elik.drugslevy46b.ru known spam email attempt (snort3-policy-spam.rules) * 1:17950 <-> DISABLED <-> POLICY-SPAM epeno.onlinelewiss22r.ru known spam email attempt (snort3-policy-spam.rules) * 1:17951 <-> DISABLED <-> POLICY-SPAM erectgodart30s.ru known spam email attempt (snort3-policy-spam.rules) * 1:17952 <-> DISABLED <-> POLICY-SPAM erol.camedicdrugsx.ru known spam email attempt (snort3-policy-spam.rules) * 1:17953 <-> DISABLED <-> POLICY-SPAM exa.drugslevy46b.ru known spam email attempt (snort3-policy-spam.rules) * 1:17954 <-> DISABLED <-> POLICY-SPAM eyu.onlinehamel83i.ru known spam email attempt (snort3-policy-spam.rules) * 1:17955 <-> DISABLED <-> POLICY-SPAM fashionchannel.ru known spam email attempt (snort3-policy-spam.rules) * 1:17956 <-> DISABLED <-> POLICY-SPAM fauxy.pillking74s.ru known spam email attempt (snort3-policy-spam.rules) * 1:17957 <-> DISABLED <-> POLICY-SPAM food.refillreade47j.ru known spam email attempt (snort3-policy-spam.rules) * 1:17958 <-> DISABLED <-> POLICY-SPAM generality.onlinehill21q.ru known spam email attempt (snort3-policy-spam.rules) * 1:17959 <-> DISABLED <-> POLICY-SPAM goyry.ramedicdrugsx.ru known spam email attempt (snort3-policy-spam.rules) * 1:17960 <-> DISABLED <-> POLICY-SPAM gueepa.erectnoll24k.ru known spam email attempt (snort3-policy-spam.rules) * 1:17961 <-> DISABLED <-> POLICY-SPAM has.refillreade47j.ru known spam email attempt (snort3-policy-spam.rules) * 1:17962 <-> DISABLED <-> POLICY-SPAM have.medrayner44c.ru known spam email attempt (snort3-policy-spam.rules) * 1:17963 <-> DISABLED <-> POLICY-SPAM headtest.ru known spam email attempt (snort3-policy-spam.rules) * 1:17964 <-> DISABLED <-> POLICY-SPAM huhuh.pilltodd73p.ru known spam email attempt (snort3-policy-spam.rules) * 1:17965 <-> DISABLED <-> POLICY-SPAM hyem.pilltodd73p.ru known spam email attempt (snort3-policy-spam.rules) * 1:17966 <-> DISABLED <-> POLICY-SPAM icysa.refilleldredge89r.ru known spam email attempt (snort3-policy-spam.rules) * 1:17967 <-> DISABLED <-> POLICY-SPAM iiy.refilleldredge89r.ru known spam email attempt (snort3-policy-spam.rules) * 1:17968 <-> DISABLED <-> POLICY-SPAM iki.onlinetommie54y.ru known spam email attempt (snort3-policy-spam.rules) * 1:17969 <-> DISABLED <-> POLICY-SPAM iner.medicdrugsxdl.ru known spam email attempt (snort3-policy-spam.rules) * 1:17970 <-> DISABLED <-> POLICY-SPAM in.onlinehill21q.ru known spam email attempt (snort3-policy-spam.rules) * 1:17971 <-> DISABLED <-> POLICY-SPAM intelpost.ru known spam email attempt (snort3-policy-spam.rules) * 1:17972 <-> DISABLED <-> POLICY-SPAM inunuw.medicdrugsxpo.ru known spam email attempt (snort3-policy-spam.rules) * 1:17973 <-> DISABLED <-> POLICY-SPAM ipiig.drugslevy46b.ru known spam email attempt (snort3-policy-spam.rules) * 1:17974 <-> DISABLED <-> POLICY-SPAM iqor.pilltodd73p.ru known spam email attempt (snort3-policy-spam.rules) * 1:17975 <-> DISABLED <-> POLICY-SPAM is.medrayner44c.ru known spam email attempt (snort3-policy-spam.rules) * 1:17976 <-> DISABLED <-> POLICY-SPAM itaca.erectnoll24k.ru known spam email attempt (snort3-policy-spam.rules) * 1:17977 <-> DISABLED <-> POLICY-SPAM ive.pilltodd73p.ru known spam email attempt (snort3-policy-spam.rules) * 1:17978 <-> DISABLED <-> POLICY-SPAM iweqyz.erectjefferey85n.ru known spam email attempt (snort3-policy-spam.rules) * 1:17979 <-> DISABLED <-> POLICY-SPAM iycyde.medicdrugsxco.ru known spam email attempt (snort3-policy-spam.rules) * 1:17980 <-> DISABLED <-> POLICY-SPAM iyw.refilleldredge89r.ru known spam email attempt (snort3-policy-spam.rules) * 1:17981 <-> DISABLED <-> POLICY-SPAM jaecoh.erectnoll24k.ru known spam email attempt (snort3-policy-spam.rules) * 1:17982 <-> DISABLED <-> POLICY-SPAM jael.pillking74s.ru known spam email attempt (snort3-policy-spam.rules) * 1:17983 <-> DISABLED <-> POLICY-SPAM jex.remedicdrugsx.ru known spam email attempt (snort3-policy-spam.rules) * 1:17984 <-> DISABLED <-> POLICY-SPAM john.onlinehill21q.ru known spam email attempt (snort3-policy-spam.rules) * 1:17985 <-> DISABLED <-> POLICY-SPAM joseph.refillreade47j.ru known spam email attempt (snort3-policy-spam.rules) * 1:17986 <-> DISABLED <-> POLICY-SPAM jyn.medicdrugsxdl.ru known spam email attempt (snort3-policy-spam.rules) * 1:17987 <-> DISABLED <-> POLICY-SPAM jyzyv.refilleldredge89r.ru known spam email attempt (snort3-policy-spam.rules) * 1:17988 <-> DISABLED <-> POLICY-SPAM koosaf.erectnoll24k.ru known spam email attempt (snort3-policy-spam.rules) * 1:17989 <-> DISABLED <-> POLICY-SPAM lybah.pilltodd73p.ru known spam email attempt (snort3-policy-spam.rules) * 1:17990 <-> DISABLED <-> POLICY-SPAM manila.onlinephilbert42f.ru known spam email attempt (snort3-policy-spam.rules) * 1:17991 <-> DISABLED <-> POLICY-SPAM masa.erectjefferey85n.ru known spam email attempt (snort3-policy-spam.rules) * 1:17992 <-> DISABLED <-> POLICY-SPAM medpenny17j.ru known spam email attempt (snort3-policy-spam.rules) * 1:17993 <-> DISABLED <-> POLICY-SPAM minionspre.ru known spam email attempt (snort3-policy-spam.rules) * 1:17994 <-> DISABLED <-> POLICY-SPAM nazuwu.onlinelewiss22r.ru known spam email attempt (snort3-policy-spam.rules) * 1:17995 <-> DISABLED <-> POLICY-SPAM negotiations.refilldud86o.ru known spam email attempt (snort3-policy-spam.rules) * 1:17996 <-> DISABLED <-> POLICY-SPAM niqiv.erectjefferey85n.ru known spam email attempt (snort3-policy-spam.rules) * 1:17997 <-> DISABLED <-> POLICY-SPAM odimys.medicdrugsxlb.ru known spam email attempt (snort3-policy-spam.rules) * 1:17998 <-> DISABLED <-> POLICY-SPAM odoog.onlinelewiss22r.ru known spam email attempt (snort3-policy-spam.rules) * 1:17999 <-> DISABLED <-> POLICY-SPAM oekaka.aimedicdrugsx.ru known spam email attempt (snort3-policy-spam.rules) * 1:18000 <-> DISABLED <-> POLICY-SPAM oeqio.erectnoll24k.ru known spam email attempt (snort3-policy-spam.rules) * 1:18001 <-> DISABLED <-> POLICY-SPAM of.onlinephilbert42f.ru known spam email attempt (snort3-policy-spam.rules) * 1:18002 <-> DISABLED <-> POLICY-SPAM of.refilldud86o.ru known spam email attempt (snort3-policy-spam.rules) * 1:18003 <-> DISABLED <-> POLICY-SPAM of.refillreade47j.ru known spam email attempt (snort3-policy-spam.rules) * 1:18004 <-> DISABLED <-> POLICY-SPAM oipek.onlinehamel83i.ru known spam email attempt (snort3-policy-spam.rules) * 1:18005 <-> DISABLED <-> POLICY-SPAM oji.medicdrugsxto.ru known spam email attempt (snort3-policy-spam.rules) * 1:18006 <-> DISABLED <-> POLICY-SPAM onotye.onlinelewiss22r.ru known spam email attempt (snort3-policy-spam.rules) * 1:18007 <-> DISABLED <-> POLICY-SPAM opy.erectjefferey85n.ru known spam email attempt (snort3-policy-spam.rules) * 1:18008 <-> DISABLED <-> POLICY-SPAM orderbuzz.ru known spam email attempt (snort3-policy-spam.rules) * 1:18009 <-> DISABLED <-> POLICY-SPAM ouu.almedicdrugsx.ru known spam email attempt (snort3-policy-spam.rules) * 1:18010 <-> DISABLED <-> POLICY-SPAM oxuc.pillking74s.ru known spam email attempt (snort3-policy-spam.rules) * 1:18011 <-> DISABLED <-> POLICY-SPAM pillrolfe64l.ru known spam email attempt (snort3-policy-spam.rules) * 1:18012 <-> DISABLED <-> POLICY-SPAM recently.refilldud86o.ru known spam email attempt (snort3-policy-spam.rules) * 1:18013 <-> DISABLED <-> POLICY-SPAM records.onlinephilbert42f.ru known spam email attempt (snort3-policy-spam.rules) * 1:18014 <-> DISABLED <-> POLICY-SPAM reobaj.onlinehamel83i.ru known spam email attempt (snort3-policy-spam.rules) * 1:18015 <-> DISABLED <-> POLICY-SPAM research.onlinehill21q.ru known spam email attempt (snort3-policy-spam.rules) * 1:18016 <-> DISABLED <-> POLICY-SPAM returning.refillreade47j.ru known spam email attempt (snort3-policy-spam.rules) * 1:18017 <-> DISABLED <-> POLICY-SPAM right.refillreade47j.ru known spam email attempt (snort3-policy-spam.rules) * 1:18018 <-> DISABLED <-> POLICY-SPAM riwaro.erectjefferey85n.ru known spam email attempt (snort3-policy-spam.rules) * 1:18019 <-> DISABLED <-> POLICY-SPAM ruuav.erectnoll24k.ru known spam email attempt (snort3-policy-spam.rules) * 1:18020 <-> DISABLED <-> POLICY-SPAM ryhux.medicdrugsxpa.ru known spam email attempt (snort3-policy-spam.rules) * 1:18021 <-> DISABLED <-> POLICY-SPAM software-buyshop-7.ru known spam email attempt (snort3-policy-spam.rules) * 1:18022 <-> DISABLED <-> POLICY-SPAM specialyou.ru known spam email attempt (snort3-policy-spam.rules) * 1:18023 <-> DISABLED <-> POLICY-SPAM starring.pharmroyce83b.ru known spam email attempt (snort3-policy-spam.rules) * 1:18024 <-> DISABLED <-> POLICY-SPAM store-softwarebuy-7.ru known spam email attempt (snort3-policy-spam.rules) * 1:18025 <-> DISABLED <-> POLICY-SPAM sya.onlinehamel83i.ru known spam email attempt (snort3-policy-spam.rules) * 1:18026 <-> DISABLED <-> POLICY-SPAM tabdarin80s.ru known spam email attempt (snort3-policy-spam.rules) * 1:18027 <-> DISABLED <-> POLICY-SPAM tabgordan13n.ru known spam email attempt (snort3-policy-spam.rules) * 1:18028 <-> DISABLED <-> POLICY-SPAM tablangston19a.ru known spam email attempt (snort3-policy-spam.rules) * 1:18029 <-> DISABLED <-> POLICY-SPAM tabwebster77c.ru known spam email attempt (snort3-policy-spam.rules) * 1:18030 <-> DISABLED <-> POLICY-SPAM tanuen.dimedicdrugsx.ru known spam email attempt (snort3-policy-spam.rules) * 1:18031 <-> DISABLED <-> POLICY-SPAM the.onlinehill21q.ru known spam email attempt (snort3-policy-spam.rules) * 1:18032 <-> DISABLED <-> POLICY-SPAM the.onlineruggiero33q.ru known spam email attempt (snort3-policy-spam.rules) * 1:18033 <-> DISABLED <-> POLICY-SPAM to.medrayner44c.ru known spam email attempt (snort3-policy-spam.rules) * 1:18034 <-> DISABLED <-> POLICY-SPAM trails.pharmroyce83b.ru known spam email attempt (snort3-policy-spam.rules) * 1:18035 <-> DISABLED <-> POLICY-SPAM trusting-me.ru known spam email attempt (snort3-policy-spam.rules) * 1:18036 <-> DISABLED <-> POLICY-SPAM twodays.ru known spam email attempt (snort3-policy-spam.rules) * 1:18037 <-> DISABLED <-> POLICY-SPAM tyqaja.pilltodd73p.ru known spam email attempt (snort3-policy-spam.rules) * 1:18038 <-> DISABLED <-> POLICY-SPAM uboi.onlinehamel83i.ru known spam email attempt (snort3-policy-spam.rules) * 1:18039 <-> DISABLED <-> POLICY-SPAM uf.drugslevy46b.ru known spam email attempt (snort3-policy-spam.rules) * 1:18040 <-> DISABLED <-> POLICY-SPAM uielij.pillking74s.ru known spam email attempt (snort3-policy-spam.rules) * 1:18041 <-> DISABLED <-> POLICY-SPAM unasu.medicdrugsxto.ru known spam email attempt (snort3-policy-spam.rules) * 1:18042 <-> DISABLED <-> POLICY-SPAM upazo.pilltodd73p.ru known spam email attempt (snort3-policy-spam.rules) * 1:18043 <-> DISABLED <-> POLICY-SPAM utuqaj.pillking74s.ru known spam email attempt (snort3-policy-spam.rules) * 1:18044 <-> DISABLED <-> POLICY-SPAM uuji.refilleldredge89r.ru known spam email attempt (snort3-policy-spam.rules) * 1:18045 <-> DISABLED <-> POLICY-SPAM variation.refilldud86o.ru known spam email attempt (snort3-policy-spam.rules) * 1:18046 <-> DISABLED <-> POLICY-SPAM via.refillreade47j.ru known spam email attempt (snort3-policy-spam.rules) * 1:18047 <-> DISABLED <-> POLICY-SPAM voiceless.pharmroyce83b.ru known spam email attempt (snort3-policy-spam.rules) * 1:18048 <-> DISABLED <-> POLICY-SPAM was.medrayner44c.ru known spam email attempt (snort3-policy-spam.rules) * 1:18049 <-> DISABLED <-> POLICY-SPAM word.onlinephilbert42f.ru known spam email attempt (snort3-policy-spam.rules) * 1:18050 <-> DISABLED <-> POLICY-SPAM world.onlinehill21q.ru known spam email attempt (snort3-policy-spam.rules) * 1:18051 <-> DISABLED <-> POLICY-SPAM www.buhni.ru known spam email attempt (snort3-policy-spam.rules) * 1:18052 <-> DISABLED <-> POLICY-SPAM www.visitcover.ru known spam email attempt (snort3-policy-spam.rules) * 1:18053 <-> DISABLED <-> POLICY-SPAM xob.erectnoll24k.ru known spam email attempt (snort3-policy-spam.rules) * 1:18054 <-> DISABLED <-> POLICY-SPAM ygy.onlinetommie54y.ru known spam email attempt (snort3-policy-spam.rules) * 1:18055 <-> DISABLED <-> POLICY-SPAM yit.medicdrugsxor.ru known spam email attempt (snort3-policy-spam.rules) * 1:18056 <-> DISABLED <-> POLICY-SPAM ylum.onlinelewiss22r.ru known spam email attempt (snort3-policy-spam.rules) * 1:18057 <-> DISABLED <-> POLICY-SPAM ymyuto.onlinelewiss22r.ru known spam email attempt (snort3-policy-spam.rules) * 1:18058 <-> DISABLED <-> POLICY-SPAM yomy.pillking74s.ru known spam email attempt (snort3-policy-spam.rules) * 1:18059 <-> DISABLED <-> POLICY-SPAM yzugez.pillking74s.ru known spam email attempt (snort3-policy-spam.rules) * 1:18060 <-> DISABLED <-> POLICY-SPAM zeroprices.ru known spam email attempt (snort3-policy-spam.rules) * 1:18061 <-> DISABLED <-> POLICY-SPAM zueuz.onlinehamel83i.ru known spam email attempt (snort3-policy-spam.rules) * 1:18070 <-> DISABLED <-> FILE-OFFICE Microsoft Office pptimpconv.dll dll-load exploit attempt (snort3-file-office.rules) * 1:18071 <-> DISABLED <-> FILE-OFFICE Microsoft Office pptimpconv.dll dll-load exploit attempt (snort3-file-office.rules) * 1:18072 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG external redirect attempt (snort3-os-windows.rules) * 1:18073 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG arbitrary embedded scripting attempt (snort3-os-windows.rules) * 1:18074 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Forefront UAG URL XSS attempt (snort3-os-windows.rules) * 1:18077 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (snort3-browser-firefox.rules) * 1:18078 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (snort3-browser-firefox.rules) * 1:18096 <-> DISABLED <-> SERVER-APACHE Apache Tomcat username enumeration attempt (snort3-server-apache.rules) * 1:18132 <-> DISABLED <-> INDICATOR-OBFUSCATION malware-associated JavaScript obfuscation function (snort3-indicator-obfuscation.rules) * 1:18170 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox and SeaMonkey onUnload event handler memory corruption attempt (snort3-browser-firefox.rules) * 1:18176 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (snort3-browser-firefox.rules) * 1:18177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (snort3-browser-firefox.rules) * 1:18178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (snort3-browser-firefox.rules) * 1:18179 <-> DISABLED <-> INDICATOR-SCAN Proxyfire.net anonymous proxy scan (snort3-indicator-scan.rules) * 1:18180 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript remote code execution attempt (snort3-file-flash.rules) * 1:18181 <-> DISABLED <-> PROTOCOL-FTP ProFTPd 1.3.3c backdoor activity (snort3-protocol-ftp.rules) * 1:18182 <-> DISABLED <-> PROTOCOL-FTP ProFTPd 1.3.3c backdoor help access attempt (snort3-protocol-ftp.rules) * 1:18186 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products -moz-grid and -moz-grid-group display styles code execution attempt (snort3-browser-firefox.rules) * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (snort3-browser-firefox.rules) * 1:18188 <-> DISABLED <-> BROWSER-FIREFOX Multiple browser marquee tag denial of service attempt (snort3-browser-firefox.rules) * 1:18195 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt (snort3-os-windows.rules) * 1:18202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Address Book smmscrpt.dll malicious DLL load (snort3-os-windows.rules) * 1:18203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Address Book smmscrpt.dll malicious DLL load (snort3-os-windows.rules) * 1:18208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet peerdist.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:18209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet peerdist.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:18210 <-> DISABLED <-> OS-WINDOWS Microsoft Movie Maker hhctrl.ocx dll-load attempt (snort3-os-windows.rules) * 1:18211 <-> DISABLED <-> OS-WINDOWS Microsoft Movie Maker hhctrl.ocx dll-load attempt (snort3-os-windows.rules) * 1:18213 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher column and row remote code execution attempt (snort3-file-office.rules) * 1:18214 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 97 conversion remote code execution attempt (snort3-file-office.rules) * 1:18215 <-> DISABLED <-> OS-WINDOWS NETAPI RPC interface reboot attempt (snort3-os-windows.rules) * 1:18220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malformed character glyph remote code execution attempt (snort3-os-windows.rules) * 1:18222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:18223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:18224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:18225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:18226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:18227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:18229 <-> DISABLED <-> FILE-IMAGE Microsoft FlashPix tile length overflow attempt (snort3-file-image.rules) * 1:18230 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (snort3-file-office.rules) * 1:18231 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher oversized oti length attempt (snort3-file-office.rules) * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (snort3-file-identify.rules) * 1:18236 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFFIM32.FLT filter memory corruption attempt (snort3-file-office.rules) * 1:18246 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Fax Services Cover Page Editor overflow attempt (snort3-os-windows.rules) * 1:18249 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Route Information stack buffer overflow attempt (snort3-protocol-icmp.rules) * 1:18261 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript engine String.toSource memory corruption attempt (snort3-browser-firefox.rules) * 1:18262 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript engine function arguments memory corruption attempt (snort3-browser-firefox.rules) * 1:18263 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript deleted frame or window reference attempt (snort3-browser-firefox.rules) * 1:18264 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript deleted frame or window reference attempt (snort3-browser-firefox.rules) * 1:18266 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss2_RemoteGetClassObject attempt (snort3-os-windows.rules) * 1:18267 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss2_RemoteGetClassObject attempt (snort3-os-windows.rules) * 1:18273 <-> ENABLED <-> FILE-IDENTIFY BAT file download request (snort3-file-identify.rules) * 1:18274 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (snort3-file-identify.rules) * 1:18276 <-> DISABLED <-> FILE-OTHER Microsoft Data Access Components library attempt (snort3-file-other.rules) * 1:18286 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products element style change memory corruption code execution attempt (snort3-browser-firefox.rules) * 1:18298 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript large regex memory corruption attempt (snort3-browser-firefox.rules) * 1:18301 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox GeckoActiveXObject memory corruption attempt (snort3-browser-firefox.rules) * 1:18302 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox new function garbage collection remote code execution attempt (snort3-browser-firefox.rules) * 1:18312 <-> DISABLED <-> SERVER-OTHER Subversion 1.0.2 get-dated-rev buffer overflow attempt (snort3-server-other.rules) * 1:18315 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrValidateName2 overflow attempt (snort3-os-windows.rules) * 1:18320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt (snort3-os-windows.rules) * 1:18326 <-> DISABLED <-> PROTOCOL-FTP ProFTPD mod_site_misc module directory traversal attempt (snort3-protocol-ftp.rules) * 1:18327 <-> DISABLED <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt (snort3-protocol-scada.rules) * 1:18332 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JS Web Worker arbitrary code execution attempt (snort3-browser-firefox.rules) * 1:18396 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hypervisor OS-WINDOWS vfd download attempt (snort3-os-windows.rules) * 1:18397 <-> DISABLED <-> SERVER-OTHER HP DDMI Agent spoofing - command execution (snort3-server-other.rules) * 1:18400 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CRSS local process allowed to persist through logon or logoff attempt (snort3-os-windows.rules) * 1:18405 <-> ENABLED <-> OS-WINDOWS Microsoft Windows LSASS domain name buffer overflow attempt (snort3-os-windows.rules) * 1:18406 <-> DISABLED <-> FILE-OTHER Microsoft Windows Server 2003 update service principal name spn dos executable attempt (snort3-file-other.rules) * 1:18407 <-> DISABLED <-> FILE-OTHER Microsoft Windows Server 2003 update service principal name spn dos attempt (snort3-file-other.rules) * 1:18408 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WMI tracing api integer truncation attempt (snort3-os-windows.rules) * 1:18409 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys write message to dead thread code execution attempt (snort3-os-windows.rules) * 1:18410 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys write message to dead thread code execution attempt (snort3-os-windows.rules) * 1:18411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k!xxxTrackPopupMenuEx privilege escalation attempt (snort3-os-windows.rules) * 1:18412 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k!xxxTrackPopupMenuEx privilege escalation attempt (snort3-os-windows.rules) * 1:18413 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WMI tracing api integer truncation attempt (snort3-os-windows.rules) * 1:18414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos auth downgrade to DES MITM attempt (snort3-os-windows.rules) * 1:18415 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio deserialization double free attempt (snort3-file-office.rules) * 1:18418 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript apply function memory corruption attempt (snort3-file-flash.rules) * 1:18419 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader field flags exploit attempt (snort3-file-pdf.rules) * 1:18420 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript ASnative function remote code execution attempt (snort3-file-flash.rules) * 1:18421 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript beginGradientFill memory corruption attempt (snort3-file-flash.rules) * 1:18426 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin sqlite.dll dll-load exploit attempt (snort3-file-other.rules) * 1:18431 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin sqlite.dll dll-load exploit attempt (snort3-file-pdf.rules) * 1:18432 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader d3dref9.dll dll-load exploit attempt (snort3-file-pdf.rules) * 1:18433 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader d3dref9.dll dll-load exploit attempt (snort3-file-other.rules) * 1:18434 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin ace.dll dll-load exploit attempt (snort3-file-other.rules) * 1:18435 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin agm.dll dll-load exploit attempt (snort3-file-other.rules) * 1:18436 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin bibutils.dll dll-load exploit attempt (snort3-file-other.rules) * 1:18437 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin cooltype.dll dll-load exploit attempt (snort3-file-other.rules) * 1:18438 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin cryptocme2.dll dll-load exploit attempt (snort3-file-other.rules) * 1:18439 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin ace.dll dll-load exploit attempt (snort3-file-pdf.rules) * 1:18440 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin agm.dll dll-load exploit attempt (snort3-file-pdf.rules) * 1:18441 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin bibutils.dll dll-load exploit attempt (snort3-file-pdf.rules) * 1:18442 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin cooltype.dll dll-load exploit attempt (snort3-file-pdf.rules) * 1:18443 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin cryptocme2.dll dll-load exploit attempt (snort3-file-pdf.rules) * 1:18444 <-> DISABLED <-> FILE-FLASH Adobe Flash Player forged atom type attempt (snort3-file-flash.rules) * 1:18445 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player nvapi.dll dll-load exploit attempt (snort3-file-flash.rules) * 1:18446 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player nvapi.dll dll-load exploit attempt (snort3-file-flash.rules) * 1:18447 <-> DISABLED <-> FILE-FLASH Adobe OpenAction crafted URI action thru Firefox attempt (snort3-file-flash.rules) * 1:18449 <-> DISABLED <-> FILE-OTHER Adobe Acrobat font definition memory corruption attempt (snort3-file-other.rules) * 1:18452 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (snort3-file-other.rules) * 1:18455 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed jpeg2000 superbox attempt (snort3-file-pdf.rules) * 1:18456 <-> DISABLED <-> FILE-PDF Adobe Acrobat XML entity escape attempt (snort3-file-pdf.rules) * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (snort3-os-windows.rules) * 1:18473 <-> DISABLED <-> PROTOCOL-ICMP ICMPv6 Echo Reply (snort3-protocol-icmp.rules) * 1:18474 <-> DISABLED <-> PROTOCOL-ICMP ICMPv6 Echo Request (snort3-protocol-icmp.rules) * 1:18477 <-> DISABLED <-> SERVER-MAIL Lotus Notes MIF viewer statement data overflow 2 (snort3-server-mail.rules) * 1:18485 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript handler race condition memory corruption attempt (snort3-browser-firefox.rules) * 1:18486 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript handler race condition memory corruption attempt (snort3-browser-firefox.rules) * 1:18488 <-> DISABLED <-> FILE-OTHER Adobe Photoshop wintab32.dll dll-load exploit attempt (snort3-file-other.rules) * 1:18489 <-> DISABLED <-> FILE-OTHER Adobe Photoshop request for wintab32.dll over SMB attempt (snort3-file-other.rules) * 1:18493 <-> DISABLED <-> INDICATOR-OBFUSCATION generic PHP code obfuscation attempt (snort3-indicator-obfuscation.rules) * 1:18501 <-> DISABLED <-> OS-WINDOWS Microsoft Malware Protection Engine elevation of privilege attempt (snort3-os-windows.rules) * 1:18502 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Actionlf out of range negative offset attempt (snort3-file-flash.rules) * 1:18503 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript flash.geom.Point constructor memory corruption attempt (snort3-file-flash.rules) * 1:18504 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionConstantPool overflow attempt (snort3-file-flash.rules) * 1:18505 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionPush overflow attempt (snort3-file-flash.rules) * 1:18508 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit ParentStyleSheet exploit attempt (snort3-browser-webkit.rules) * 1:18509 <-> DISABLED <-> SERVER-OTHER PeerCast format string exploit attempt (snort3-server-other.rules) * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (snort3-file-identify.rules) * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (snort3-file-pdf.rules) * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (snort3-file-pdf.rules) * 1:18529 <-> DISABLED <-> FILE-OTHER Adobe Premiere Pro ibfs32.dll dll-load exploit attempt (snort3-file-other.rules) * 1:18530 <-> DISABLED <-> FILE-OTHER Adobe Premier Pro ibfs32.dll dll-load exploit attempt (snort3-file-other.rules) * 1:18550 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint with embedded Flash file attachment (snort3-file-office.rules) * 1:18565 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for mail.google.com detected (snort3-indicator-compromise.rules) * 1:18566 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for www.google.com detected (snort3-indicator-compromise.rules) * 1:18567 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (snort3-indicator-compromise.rules) * 1:18568 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (snort3-indicator-compromise.rules) * 1:18569 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (snort3-indicator-compromise.rules) * 1:18570 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.skype.com detected (snort3-indicator-compromise.rules) * 1:18571 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for addons.mozilla.org detected (snort3-indicator-compromise.rules) * 1:18572 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.live.com detected (snort3-indicator-compromise.rules) * 1:18573 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for global trustee detected (snort3-indicator-compromise.rules) * 1:18576 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate from usertrust.com detected (snort3-indicator-compromise.rules) * 1:18580 <-> DISABLED <-> PROTOCOL-FTP ACCT overflow attempt (snort3-protocol-ftp.rules) * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (snort3-file-identify.rules) * 1:18598 <-> DISABLED <-> SERVER-OTHER GoodTech SSH Server SFTP Processing Buffer Overflow (snort3-server-other.rules) * 1:18604 <-> DISABLED <-> MALWARE-OTHER lizamoon script injection (snort3-malware-other.rules) * 1:18605 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService path overflow attempt (snort3-protocol-scada.rules) * 1:18606 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService file access attempt (snort3-protocol-scada.rules) * 1:18607 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService file information access attempt (snort3-protocol-scada.rules) * 1:18608 <-> DISABLED <-> APP-DETECT Dropbox desktop software in use (snort3-app-detect.rules) * 1:18609 <-> DISABLED <-> APP-DETECT Dropbox desktop software in use (snort3-app-detect.rules) * 1:18610 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink vrn.exe opcode 9 or 10 string parsing overflow attempt (snort3-protocol-scada.rules) * 1:18614 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink vrn.exe file access attempt (snort3-protocol-scada.rules) * 1:18617 <-> DISABLED <-> SERVER-OTHER Tecnomatix FactoryLink CSService null pointer attempt (snort3-server-other.rules) * 1:18619 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc40.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:18620 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc42.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:18621 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc80.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:18622 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc90.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:18623 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc100.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:18624 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET framework optimizer escalation attempt (snort3-os-windows.rules) * 1:18625 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc40.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:18626 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc42.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:18627 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc80.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:18628 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc90.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:18629 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc100.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:18631 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (snort3-file-office.rules) * 1:18633 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (snort3-file-office.rules) * 1:18634 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Workspace file FontCount record memory corruption attempt (snort3-file-office.rules) * 1:18636 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint SlideAtom record exploit attempt (snort3-file-office.rules) * 1:18637 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint OfficeArt atom memory corruption attempt (snort3-file-office.rules) * 1:18641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record invalid cmo.ot exploit attempt (snort3-file-office.rules) * 1:18642 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (snort3-file-office.rules) * 1:18644 <-> DISABLED <-> FILE-OTHER Microsoft Windows OpenType Fonts CompactFontFormat FontMatrix tranform memory corruption attempt (snort3-file-other.rules) * 1:18645 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ arbitrary code execution attempt (snort3-file-image.rules) * 1:18652 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template operation overflow attempt (snort3-protocol-scada.rules) * 1:18658 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CONNECT_FCS_LOGIN overflow attempt (snort3-protocol-scada.rules) * 1:18660 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 write packet buffer overflow attempt (snort3-os-windows.rules) * 1:18661 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (snort3-os-windows.rules) * 1:18662 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (snort3-os-windows.rules) * 1:18663 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (snort3-os-windows.rules) * 1:18664 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (snort3-os-windows.rules) * 1:18665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (snort3-os-windows.rules) * 1:18666 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (snort3-os-windows.rules) * 1:18667 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (snort3-os-windows.rules) * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (snort3-file-identify.rules) * 1:18684 <-> DISABLED <-> FILE-PDF PDF file with embedded PDF object (snort3-file-pdf.rules) * 1:18685 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (snort3-file-office.rules) * 1:18691 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AFD.SYS null write attempt (snort3-os-windows.rules) * 1:18721 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1C84 integer overflow attempt (snort3-protocol-scada.rules) * 1:18722 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1C84 integer overflow attempt (snort3-protocol-scada.rules) * 1:18725 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 heap overflow attempt (snort3-protocol-scada.rules) * 1:18726 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B2 heap overflow attempt (snort3-protocol-scada.rules) * 1:18727 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 heap overflow attempt (snort3-protocol-scada.rules) * 1:18728 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DAE heap overflow attempt (snort3-protocol-scada.rules) * 1:18729 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBC heap overflow attempt (snort3-protocol-scada.rules) * 1:18730 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x089A integer overflow attempt (snort3-protocol-scada.rules) * 1:18731 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0453 integer overflow attempt (snort3-protocol-scada.rules) * 1:18732 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (snort3-protocol-scada.rules) * 1:18733 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (snort3-protocol-scada.rules) * 1:18734 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (snort3-protocol-scada.rules) * 1:18735 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (snort3-protocol-scada.rules) * 1:18736 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (snort3-protocol-scada.rules) * 1:18737 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (snort3-protocol-scada.rules) * 1:18738 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B2 integer overflow attempt (snort3-protocol-scada.rules) * 1:18744 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN vlc player subtitle buffer overflow attempt (snort3-file-multimedia.rules) * 1:18746 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CTAGLIST_FCS_XTAG overflow attempt (snort3-protocol-scada.rules) * 1:18747 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_BINFILE_FCS_xFILE overflow attempt (snort3-protocol-scada.rules) * 1:18748 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_MISC_FCS_MSGx overflow attempt (snort3-protocol-scada.rules) * 1:18749 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CTAGLIST_FCS_XTAG overflow attempt (snort3-protocol-scada.rules) * 1:18750 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_SCRIPT_FCS_STARTPROG overflow attempt (snort3-protocol-scada.rules) * 1:18752 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_INFOTAG_SET_CONTROL overflow attempt (snort3-protocol-scada.rules) * 1:18758 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Visual Basic script file download request (snort3-file-identify.rules) * 1:18763 <-> DISABLED <-> SERVER-OTHER ActFax Server LPD/LPR Remote Buffer Overflow (snort3-server-other.rules) * 1:18765 <-> DISABLED <-> SERVER-MAIL Majordomo2 smtp directory traversal attempt (snort3-server-mail.rules) * 1:18778 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 integer overflow attempt (snort3-protocol-scada.rules) * 1:18779 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 integer overflow attempt (snort3-protocol-scada.rules) * 1:18780 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x07D0 integer overflow attempt (snort3-protocol-scada.rules) * 1:18781 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x07D0 integer overflow attempt (snort3-protocol-scada.rules) * 1:18783 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DAE integer overflow attempt (snort3-protocol-scada.rules) * 1:18784 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DB0 integer overflow attempt (snort3-protocol-scada.rules) * 1:18785 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0FA4 integer overflow attempt (snort3-protocol-scada.rules) * 1:18786 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0FA7 integer overflow attempt (snort3-protocol-scada.rules) * 1:18787 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBC integer overflow attempt (snort3-protocol-scada.rules) * 1:18788 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBD integer overflow attempt (snort3-protocol-scada.rules) * 1:18789 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x26AC integer overflow attempt (snort3-protocol-scada.rules) * 1:18805 <-> DISABLED <-> FILE-FLASH Adobe Flash Player undefined tag exploit attempt (snort3-file-flash.rules) * 1:18811 <-> DISABLED <-> FILE-IDENTIFY .ade attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18812 <-> DISABLED <-> FILE-IDENTIFY .adp attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18813 <-> DISABLED <-> FILE-IDENTIFY .app attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18814 <-> DISABLED <-> FILE-IDENTIFY .asp attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18815 <-> DISABLED <-> FILE-IDENTIFY .bas attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18816 <-> DISABLED <-> FILE-IDENTIFY .bat attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18817 <-> DISABLED <-> FILE-IDENTIFY .cer attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18818 <-> DISABLED <-> FILE-IDENTIFY .chm attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18819 <-> DISABLED <-> FILE-IDENTIFY .cmd attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18820 <-> DISABLED <-> FILE-IDENTIFY .cnt attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18821 <-> DISABLED <-> FILE-IDENTIFY .com attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18822 <-> DISABLED <-> FILE-IDENTIFY .cpl attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18823 <-> DISABLED <-> FILE-IDENTIFY .crt attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18824 <-> DISABLED <-> FILE-IDENTIFY .csh attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18825 <-> DISABLED <-> FILE-IDENTIFY .der attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18826 <-> DISABLED <-> FILE-IDENTIFY .exe attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18827 <-> DISABLED <-> FILE-IDENTIFY .fxp attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18828 <-> DISABLED <-> FILE-IDENTIFY .gadget attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18829 <-> DISABLED <-> FILE-IDENTIFY .hlp attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18830 <-> DISABLED <-> FILE-IDENTIFY .hpj attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18831 <-> DISABLED <-> FILE-IDENTIFY .hta attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18832 <-> DISABLED <-> FILE-IDENTIFY .inf attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18833 <-> DISABLED <-> FILE-IDENTIFY .ins attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18834 <-> DISABLED <-> FILE-IDENTIFY .isp attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18835 <-> DISABLED <-> FILE-IDENTIFY .its attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18836 <-> DISABLED <-> FILE-IDENTIFY .js attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18837 <-> DISABLED <-> FILE-IDENTIFY .jse attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18838 <-> DISABLED <-> FILE-IDENTIFY .ksh attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18839 <-> DISABLED <-> FILE-IDENTIFY .lnk attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18840 <-> DISABLED <-> FILE-IDENTIFY .mad attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18841 <-> DISABLED <-> FILE-IDENTIFY .maf attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18842 <-> DISABLED <-> FILE-IDENTIFY .mag attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18843 <-> DISABLED <-> FILE-IDENTIFY .mam attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18844 <-> DISABLED <-> FILE-IDENTIFY .maq attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18845 <-> DISABLED <-> FILE-IDENTIFY .mar attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18846 <-> DISABLED <-> FILE-IDENTIFY .mas attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18847 <-> DISABLED <-> FILE-IDENTIFY .mat attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18848 <-> DISABLED <-> FILE-IDENTIFY .mau attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18849 <-> DISABLED <-> FILE-IDENTIFY .mav attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18850 <-> DISABLED <-> FILE-IDENTIFY .maw attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18851 <-> DISABLED <-> FILE-IDENTIFY .mda attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18852 <-> DISABLED <-> FILE-IDENTIFY .mdb attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18853 <-> DISABLED <-> FILE-IDENTIFY .mde attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18854 <-> DISABLED <-> FILE-IDENTIFY .mdt attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18855 <-> DISABLED <-> FILE-IDENTIFY .mdw attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18856 <-> DISABLED <-> FILE-IDENTIFY .mdz attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18857 <-> DISABLED <-> FILE-IDENTIFY .msc attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18858 <-> DISABLED <-> FILE-IDENTIFY .msh attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18859 <-> DISABLED <-> FILE-IDENTIFY .msh1 attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18860 <-> DISABLED <-> FILE-IDENTIFY .msh2 attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18861 <-> DISABLED <-> FILE-IDENTIFY .mshxml attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18862 <-> DISABLED <-> FILE-IDENTIFY .msh1xml attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18863 <-> DISABLED <-> FILE-IDENTIFY .msh2xml attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18864 <-> DISABLED <-> FILE-IDENTIFY .msi attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18865 <-> DISABLED <-> FILE-IDENTIFY .msp attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18866 <-> DISABLED <-> FILE-IDENTIFY .mst attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18867 <-> DISABLED <-> FILE-IDENTIFY .ops attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18868 <-> DISABLED <-> FILE-IDENTIFY .osd attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18869 <-> DISABLED <-> FILE-IDENTIFY .pcd attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18870 <-> DISABLED <-> FILE-IDENTIFY .pif attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18871 <-> DISABLED <-> FILE-IDENTIFY .plg attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18872 <-> DISABLED <-> FILE-IDENTIFY .prf attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18873 <-> DISABLED <-> FILE-IDENTIFY .prg attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18874 <-> DISABLED <-> FILE-IDENTIFY .pst attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18875 <-> DISABLED <-> FILE-IDENTIFY .reg attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18876 <-> DISABLED <-> FILE-IDENTIFY .scf attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18877 <-> DISABLED <-> FILE-IDENTIFY .scr attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18878 <-> DISABLED <-> FILE-IDENTIFY .sct attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18879 <-> DISABLED <-> FILE-IDENTIFY .shb attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18880 <-> DISABLED <-> FILE-IDENTIFY .shs attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18881 <-> DISABLED <-> FILE-IDENTIFY .ps1 attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18882 <-> DISABLED <-> FILE-IDENTIFY .ps1xml attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18883 <-> DISABLED <-> FILE-IDENTIFY .ps2 attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18884 <-> DISABLED <-> FILE-IDENTIFY .ps2xml attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18885 <-> DISABLED <-> FILE-IDENTIFY .psc1 attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18886 <-> DISABLED <-> FILE-IDENTIFY .psc2 attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18887 <-> DISABLED <-> FILE-IDENTIFY .tmp attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18888 <-> DISABLED <-> FILE-IDENTIFY .url attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18889 <-> DISABLED <-> FILE-IDENTIFY .vb attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18890 <-> DISABLED <-> FILE-IDENTIFY .vbe attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18891 <-> DISABLED <-> FILE-IDENTIFY .vbp attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18892 <-> DISABLED <-> FILE-IDENTIFY .vbs attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18893 <-> DISABLED <-> FILE-IDENTIFY .vsmacros attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18894 <-> DISABLED <-> FILE-IDENTIFY .vsw attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18895 <-> DISABLED <-> FILE-IDENTIFY .ws attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18896 <-> DISABLED <-> FILE-IDENTIFY .wsc attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18897 <-> DISABLED <-> FILE-IDENTIFY .wsf attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18898 <-> DISABLED <-> FILE-IDENTIFY .wsh attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18899 <-> DISABLED <-> FILE-IDENTIFY .xnk attachment file type blocked by Outlook detected (snort3-file-identify.rules) * 1:18931 <-> DISABLED <-> SERVER-APACHE Apache Struts OGNL parameter interception bypass command execution attempt (snort3-server-apache.rules) * 1:18933 <-> DISABLED <-> SERVER-OTHER SolarWinds TFTP Server Read request denial of service attempt (snort3-server-other.rules) * 1:18950 <-> DISABLED <-> OS-WINDOWS Microsoft WINS service oversize payload exploit attempt (snort3-os-windows.rules) * 1:18963 <-> DISABLED <-> FILE-FLASH Adobe ActionScript 3 addEventListener exploit attempt (snort3-file-flash.rules) * 1:18964 <-> DISABLED <-> FILE-FLASH Adobe Flash file DefineFont4 remote code execution attempt (snort3-file-flash.rules) * 1:18965 <-> DISABLED <-> FILE-FLASH Adobe Flash file ActionScript 2 ActionJump remote code execution attempt (snort3-file-flash.rules) * 1:18966 <-> DISABLED <-> FILE-FLASH Adobe Flash file DefineFont4 remote code execution attempt (snort3-file-flash.rules) * 1:18967 <-> DISABLED <-> FILE-FLASH Adobe ActionScript argumentCount download attempt (snort3-file-flash.rules) * 1:18968 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript3 stack integer overflow attempt (snort3-file-flash.rules) * 1:18969 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript ActionIf integer overflow attempt (snort3-file-flash.rules) * 1:18970 <-> DISABLED <-> FILE-FLASH Adobe Flash Player null pointer dereference attempt (snort3-file-flash.rules) * 1:18971 <-> DISABLED <-> FILE-FLASH Adobe Flash beginGradientfill improper color validation attempt (snort3-file-flash.rules) * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (snort3-os-windows.rules) * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (snort3-protocol-tftp.rules) * 1:19015 <-> DISABLED <-> POLICY-SPAM visiopharm-3d.eu known spam email attempt (snort3-policy-spam.rules) * 1:19020 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cc dns query (snort3-indicator-compromise.rules) * 1:19026 <-> DISABLED <-> PUA-ADWARE Smart Protector outbound connection (snort3-pua-adware.rules) * 1:19043 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.BestBoan outbound connection (snort3-pua-adware.rules) * 1:19044 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.ThinkPoint outbound connection (snort3-pua-adware.rules) * 1:19046 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.Winwebsec outbound connection (snort3-pua-adware.rules) * 1:19059 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.SystemDefragmenter outbound connection (snort3-pua-adware.rules) * 1:19061 <-> DISABLED <-> PUA-ADWARE Adware.Win32.Cashtitan contact to server attempt (snort3-pua-adware.rules) * 1:19067 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (snort3-file-office.rules) * 1:19068 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (snort3-file-office.rules) * 1:19069 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (snort3-file-office.rules) * 1:19070 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (snort3-file-office.rules) * 1:19075 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript uuencoded eval statement (snort3-indicator-obfuscation.rules) * 1:19106 <-> DISABLED <-> MALWARE-OTHER Keylogger Ardamax keylogger runtime detection - http (snort3-malware-other.rules) * 1:19122 <-> DISABLED <-> POLICY-SPAM appledownload.com known spam email attempt (snort3-policy-spam.rules) * 1:19125 <-> DISABLED <-> PROTOCOL-DNS ISC BIND DNSSEC authority response record overflow attempt (snort3-protocol-dns.rules) * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (snort3-file-identify.rules) * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (snort3-file-identify.rules) * 1:19135 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Buterat Checkin (snort3-malware-backdoor.rules) * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (snort3-file-identify.rules) * 1:19178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site request forgery attempt (snort3-file-flash.rules) * 1:19179 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site request forgery attempt (snort3-file-flash.rules) * 1:19185 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET ArraySegment escape exploit attempt (snort3-os-windows.rules) * 1:19188 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (snort3-os-windows.rules) * 1:19189 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans2 Distributed File System response PathConsumed integer overflow attempt (snort3-os-windows.rules) * 1:19190 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System GET_DFS_REFERRAL request (snort3-netbios.rules) * 1:19191 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 zero length write attempt (snort3-os-windows.rules) * 1:19199 <-> DISABLED <-> OS-WINDOWS Smb2Create_Finalize malformed EndOfFile field exploit attempt (snort3-os-windows.rules) * 1:19200 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff exploit attempt (snort3-file-office.rules) * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (snort3-file-identify.rules) * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (snort3-file-identify.rules) * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (snort3-file-identify.rules) * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (snort3-file-identify.rules) * 1:19229 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (snort3-file-office.rules) * 1:19230 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (snort3-file-office.rules) * 1:19231 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Series record exploit attempt (snort3-file-office.rules) * 1:19232 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel XF record exploit attempt (snort3-file-office.rules) * 1:19233 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Visual Studio DISCO file download request (snort3-file-identify.rules) * 1:19234 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio information disclosure attempt (snort3-os-windows.rules) * 1:19247 <-> DISABLED <-> FILE-IMAGE Adobe jpeg 2000 image exploit attempt (snort3-file-image.rules) * 1:19248 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D texture continuation integer overflow attempt (snort3-file-pdf.rules) * 1:19249 <-> DISABLED <-> FILE-FLASH Adobe Universal3D meshes.removeItem exploit attempt (snort3-file-flash.rules) * 1:19250 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D file include overflow attempt (snort3-file-pdf.rules) * 1:19251 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CIDFont dictionary glyph width corruption attempt (snort3-file-pdf.rules) * 1:19252 <-> ENABLED <-> FILE-IDENTIFY language.engtesselate.ln file download request (snort3-file-identify.rules) * 1:19253 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious language.engtesselate.ln file download attempt (snort3-file-pdf.rules) * 1:19254 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript in PDF go-to actions exploit attempt (snort3-file-pdf.rules) * 1:19255 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC ProfileDescriptionTag overflow attempt (snort3-file-pdf.rules) * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (snort3-file-flash.rules) * 1:19261 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF8 invalid Selection.cref exploit attempt (snort3-file-office.rules) * 1:19289 <-> ENABLED <-> FILE-IDENTIFY MHTML file download request (snort3-file-identify.rules) * 1:19297 <-> ENABLED <-> SERVER-OTHER sidename.js script injection (snort3-server-other.rules) * 1:19298 <-> ENABLED <-> SERVER-OTHER cssminibar.js script injection (snort3-server-other.rules) * 1:19299 <-> ENABLED <-> SERVER-OTHER banner.txt access - possible compromised multi-mesh injection server (snort3-server-other.rules) * 1:19300 <-> DISABLED <-> FILE-OTHER probable multi-mesh injection attack (snort3-file-other.rules) * 1:19301 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (snort3-protocol-voip.rules) * 1:19302 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (snort3-protocol-voip.rules) * 1:19309 <-> DISABLED <-> PUA-ADWARE hijacker starware videos outbound connection (snort3-pua-adware.rules) * 1:19311 <-> DISABLED <-> PUA-ADWARE Keylogger aspy v2.12 runtime detection (snort3-pua-adware.rules) * 1:19318 <-> DISABLED <-> MALWARE-OTHER Dos.Tool.LOIC UDP default U dun goofed attack (snort3-malware-other.rules) * 1:19319 <-> DISABLED <-> MALWARE-OTHER Dos.Tool.LOIC TCP default U dun goofed attack (snort3-malware-other.rules) * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (snort3-server-other.rules) * 1:19324 <-> ENABLED <-> MALWARE-OTHER Keylogger WL-Keylogger inbound connection (snort3-malware-other.rules) * 1:19325 <-> DISABLED <-> MALWARE-OTHER Keylogger WL-Keylogger outbound connection (snort3-malware-other.rules) * 1:19326 <-> ENABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (snort3-pua-adware.rules) * 1:19327 <-> DISABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (snort3-pua-adware.rules) * 1:19333 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (snort3-protocol-voip.rules) * 1:19334 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (snort3-protocol-voip.rules) * 1:19335 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (snort3-protocol-voip.rules) * 1:19336 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (snort3-protocol-voip.rules) * 1:19337 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (snort3-protocol-voip.rules) * 1:19338 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (snort3-protocol-voip.rules) * 1:19354 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Agent.bhxn variant outbound connection (snort3-malware-backdoor.rules) * 1:19362 <-> DISABLED <-> MALWARE-OTHER generic IRC botnet connection (snort3-malware-other.rules) * 1:19364 <-> DISABLED <-> PROTOCOL-VOIP Time Stop header invalid value (snort3-protocol-voip.rules) * 1:19365 <-> DISABLED <-> PROTOCOL-VOIP Time Stop Header invalid value (snort3-protocol-voip.rules) * 1:19373 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (snort3-protocol-voip.rules) * 1:19374 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (snort3-protocol-voip.rules) * 1:19375 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (snort3-protocol-voip.rules) * 1:19376 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (snort3-protocol-voip.rules) * 1:19377 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (snort3-protocol-voip.rules) * 1:19378 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (snort3-protocol-voip.rules) * 1:19379 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (snort3-protocol-voip.rules) * 1:19380 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (snort3-protocol-voip.rules) * 1:19381 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (snort3-protocol-voip.rules) * 1:19382 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (snort3-protocol-voip.rules) * 1:19383 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (snort3-protocol-voip.rules) * 1:19384 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (snort3-protocol-voip.rules) * 1:19385 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (snort3-protocol-voip.rules) * 1:19386 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (snort3-protocol-voip.rules) * 1:19387 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (snort3-protocol-voip.rules) * 1:19388 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (snort3-protocol-voip.rules) * 1:19391 <-> DISABLED <-> PUA-ADWARE Lost Door v3.0 (snort3-pua-adware.rules) * 1:19392 <-> ENABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (snort3-malware-other.rules) * 1:19393 <-> DISABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (snort3-malware-other.rules) * 1:19409 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (snort3-protocol-voip.rules) * 1:19410 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (snort3-protocol-voip.rules) * 1:19416 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPad download attempt (snort3-os-mobile.rules) * 1:19417 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPad download attempt (snort3-os-mobile.rules) * 1:19418 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPhone download attempt (snort3-os-mobile.rules) * 1:19419 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPod download attempt (snort3-os-mobile.rules) * 1:19422 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (snort3-file-identify.rules) * 1:19423 <-> ENABLED <-> FILE-IDENTIFY MKV file download request (snort3-file-identify.rules) * 1:19424 <-> ENABLED <-> FILE-IDENTIFY MKA file download request (snort3-file-identify.rules) * 1:19425 <-> ENABLED <-> FILE-IDENTIFY MKS file download request (snort3-file-identify.rules) * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (snort3-file-identify.rules) * 1:19453 <-> DISABLED <-> PUA-ADWARE Sus.BancDI-B trojan outbound connection (snort3-pua-adware.rules) * 1:19460 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRSS multiple consoles on a single process attempt (snort3-os-windows.rules) * 1:19461 <-> DISABLED <-> OS-WINDOWS Microsoft CSRSS NULL Fontface pointer attempt (snort3-os-windows.rules) * 1:19462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRSS negative array index code execution attempt (snort3-os-windows.rules) * 1:19463 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRSS double free attempt (snort3-os-windows.rules) * 1:19464 <-> DISABLED <-> OS-WINDOWS Microsoft CSRSS integer overflow attempt (snort3-os-windows.rules) * 1:19465 <-> DISABLED <-> OS-WINDOWS Visio mfc71 dll-load attempt (snort3-os-windows.rules) * 1:19466 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio mfc71 dll-load exploit attempt (snort3-file-office.rules) * 1:19467 <-> DISABLED <-> OS-WINDOWS Microsoft CSRSS NULL Fontface pointer attempt (snort3-os-windows.rules) * 1:19468 <-> DISABLED <-> OS-WINDOWS Microsoft stale data code execution attempt (snort3-os-windows.rules) * 1:19469 <-> DISABLED <-> OS-WINDOWS Microsoft invalid message kernel-mode memory disclosure attempt (snort3-os-windows.rules) * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (snort3-policy-other.rules) * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (snort3-policy-other.rules) * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (snort3-policy-other.rules) * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (snort3-policy-other.rules) * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (snort3-policy-other.rules) * 1:19486 <-> DISABLED <-> PUA-ADWARE W32.Fiala.A outbound connection (snort3-pua-adware.rules) * 1:19551 <-> DISABLED <-> MALWARE-OTHER self-signed SSL certificate with default Internet Widgits Pty Ltd organization name (snort3-malware-other.rules) * 1:19566 <-> DISABLED <-> PUA-ADWARE W32.Ackantta.C.mm mass-mailer outbound connection (snort3-pua-adware.rules) * 1:19567 <-> DISABLED <-> PUA-ADWARE W32.Ackantta.C.mm mass-mailer outbound connection (snort3-pua-adware.rules) * 1:19571 <-> DISABLED <-> PUA-ADWARE Antivirus Agent Pro outbound connection (snort3-pua-adware.rules) * 1:19576 <-> DISABLED <-> PUA-ADWARE Antivirus Pro 2010 outbound connection (snort3-pua-adware.rules) * 1:19578 <-> DISABLED <-> PUA-ADWARE Personal Guard 2009 outbound connection (snort3-pua-adware.rules) * 1:19594 <-> DISABLED <-> PUA-ADWARE Win32.Fruspam outbound connection (snort3-pua-adware.rules) * 1:19595 <-> DISABLED <-> MALWARE-OTHER known malicious email string - You have received a Hallmark E-Card (snort3-malware-other.rules) * 1:19598 <-> DISABLED <-> PUA-ADWARE Infostealer.Gampass outbound connection (snort3-pua-adware.rules) * 1:19601 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspotrc file load exploit attempt (snort3-server-other.rules) * 1:19602 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (snort3-server-other.rules) * 1:19603 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment .hotspotrc file load exploit attempt (snort3-file-java.rules) * 1:19604 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (snort3-file-java.rules) * 1:19605 <-> DISABLED <-> SERVER-ORACLE Glass Fish Server malformed username cross site scripting attempt (snort3-server-oracle.rules) * 1:19606 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word STSH record parsing memory corruption (snort3-file-office.rules) * 1:19607 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word STSH record parsing memory corruption (snort3-file-office.rules) * 1:19609 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management upload directory traversal attempt (snort3-server-other.rules) * 1:19617 <-> DISABLED <-> FILE-OTHER Adobe Audition assist.dll dll-load exploit attempt (snort3-file-other.rules) * 1:19619 <-> DISABLED <-> FILE-OTHER Adobe Audition assist.dll dll-load exploit attempt (snort3-file-other.rules) * 1:19621 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (snort3-file-multimedia.rules) * 1:19646 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (snort3-file-pdf.rules) * 1:19647 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (snort3-file-pdf.rules) * 1:19648 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (snort3-file-pdf.rules) * 1:19661 <-> DISABLED <-> SERVER-OTHER Alucar php shell download attempt (snort3-server-other.rules) * 1:19665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop web access cross site scripting attempt - GET request (snort3-os-windows.rules) * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (snort3-policy-other.rules) * 1:19673 <-> DISABLED <-> OS-WINDOWS Microsoft Data Access Components bidlab.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:19674 <-> DISABLED <-> OS-WINDOWS Microsoft Data Access Components bidlab.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:19676 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid UMLDTOptions object exploit attempt (snort3-file-office.rules) * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (snort3-os-windows.rules) * 1:19678 <-> DISABLED <-> SERVER-OTHER multiple products blacknurse ICMP denial of service attempt (snort3-server-other.rules) * 1:19679 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows NDISTAPI Driver code execution attempt (snort3-file-executable.rules) * 1:19680 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows CSRSS SrvDeviceEvent exploit attempt (snort3-file-executable.rules) * 1:19681 <-> DISABLED <-> OS-WINDOWS Microsoft Report Viewer reflect XSS attempt (snort3-os-windows.rules) * 1:19683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 buffer overflow attempt (snort3-file-flash.rules) * 1:19684 <-> DISABLED <-> FILE-OTHER Adobe CFF font storage memory corruption attempt (snort3-file-other.rules) * 1:19685 <-> DISABLED <-> FILE-FLASH Adobe Flash regular expression grouping depth buffer overflow attempt (snort3-file-flash.rules) * 1:19686 <-> DISABLED <-> FILE-FLASH Adobe Flash uninitialized bitmap structure memory corruption attempt (snort3-file-flash.rules) * 1:19688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript BitmapData buffer overflow attempt (snort3-file-flash.rules) * 1:19689 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript dynamic calculation double-free attempt (snort3-file-flash.rules) * 1:19690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript duplicateDoorInputArguments stack overwrite (snort3-file-flash.rules) * 1:19691 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript File reference buffer overflow attempt (snort3-file-flash.rules) * 1:19692 <-> DISABLED <-> FILE-FLASH Adobe Flash cross-site request forgery attempt (snort3-file-flash.rules) * 1:19709 <-> DISABLED <-> SERVER-APACHE Apache APR apr_fn match infinite loop denial of service attempt (snort3-server-apache.rules) * 1:19717 <-> DISABLED <-> PUA-ADWARE Virus.Win32.Virut.ce outbound connection (snort3-pua-adware.rules) * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (snort3-policy-other.rules) * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (snort3-policy-other.rules) * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (snort3-policy-other.rules) * 1:19741 <-> DISABLED <-> MALWARE-OTHER PWS.Win32.Scofted keylogger runtime detection (snort3-malware-other.rules) * 1:19747 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.GGDoor.22 variant outbound connection (snort3-malware-backdoor.rules) * 1:19775 <-> DISABLED <-> PUA-ADWARE PWS.Win32.Ldpinch.gen outbound connection (snort3-pua-adware.rules) * 1:19777 <-> DISABLED <-> PUA-ADWARE Fast Antivirus 2009 outbound connection (snort3-pua-adware.rules) * 1:19779 <-> DISABLED <-> INDICATOR-SCAN sqlmap SQL injection scan attempt (snort3-indicator-scan.rules) * 1:19780 <-> DISABLED <-> POLICY-OTHER logmein.com connection attempt (snort3-policy-other.rules) * 1:19806 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit SVG memory corruption attempt (snort3-browser-webkit.rules) * 1:19807 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit SVG memory corruption attempt (snort3-browser-webkit.rules) * 1:19816 <-> ENABLED <-> NETBIOS Juniper NeoterisSetupService named pipe access attempt (snort3-netbios.rules) * 1:19817 <-> DISABLED <-> NETBIOS Juniper Odyssey Access Client DSSETUPSERVICE_CMD_UNINSTALL overflow attempt (snort3-netbios.rules) * 1:19823 <-> DISABLED <-> PUA-ADWARE Downloader.Banload.AKBB outbound connection (snort3-pua-adware.rules) * 1:19827 <-> DISABLED <-> PUA-ADWARE PWS-QQGame outbound connection (snort3-pua-adware.rules) * 1:19835 <-> DISABLED <-> PUA-ADWARE Delphi-Piette Windows (snort3-pua-adware.rules) * 1:19837 <-> DISABLED <-> PUA-ADWARE Spyware Guard 2008 outbound connection (snort3-pua-adware.rules) * 1:19838 <-> DISABLED <-> PUA-ADWARE Spyware Guard 2008 outbound connection (snort3-pua-adware.rules) * 1:19839 <-> DISABLED <-> PUA-ADWARE Antivirus XP 2008 runtime detection (snort3-pua-adware.rules) * 1:19840 <-> DISABLED <-> PUA-ADWARE XP Antispyware 2009 outbound connection (snort3-pua-adware.rules) * 1:19841 <-> DISABLED <-> PUA-ADWARE 0desa MSN password stealer (snort3-pua-adware.rules) * 1:19842 <-> DISABLED <-> PUA-ADWARE Windows Antivirus 2008 (snort3-pua-adware.rules) * 1:19843 <-> DISABLED <-> PUA-ADWARE Windows Antivirus 2008 (snort3-pua-adware.rules) * 1:19848 <-> DISABLED <-> PUA-ADWARE Adware.Virtumonde runtime detection (snort3-pua-adware.rules) * 1:19849 <-> DISABLED <-> PUA-ADWARE Adware.Virtumonde runtime detection (snort3-pua-adware.rules) * 1:19853 <-> DISABLED <-> PUA-ADWARE Wowpa KI outbound connection (snort3-pua-adware.rules) * 1:19859 <-> DISABLED <-> PUA-ADWARE XP Deluxe Protector outbound connection (snort3-pua-adware.rules) * 1:19860 <-> DISABLED <-> PUA-ADWARE Trust Warrior outbound connection (snort3-pua-adware.rules) * 1:19868 <-> DISABLED <-> INDICATOR-OBFUSCATION hidden 1x1 div tag - potential malware obfuscation (snort3-indicator-obfuscation.rules) * 1:19869 <-> DISABLED <-> MALWARE-TOOLS Anonymous PHP RefRef DoS tool (snort3-malware-tools.rules) * 1:19870 <-> DISABLED <-> MALWARE-TOOLS Anonymous Perl RefRef DoS tool (snort3-malware-tools.rules) * 1:19883 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player libdirectx_plugin.dll AMV parsing buffer overflow attempt (snort3-file-multimedia.rules) * 1:19896 <-> DISABLED <-> PUA-ADWARE Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 Install Detection (snort3-pua-adware.rules) * 1:19897 <-> DISABLED <-> PUA-TOOLBARS Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 Runtime Detection (snort3-pua-toolbars.rules) * 1:19899 <-> ENABLED <-> MALWARE-OTHER Tong Keylogger outbound connectiooutbound connection (snort3-malware-other.rules) * 1:19900 <-> DISABLED <-> MALWARE-OTHER Tong Keylogger outbound connection (snort3-malware-other.rules) * 1:19901 <-> DISABLED <-> MALWARE-OTHER Tong Keylogger outbound connection (snort3-malware-other.rules) * 1:19902 <-> DISABLED <-> PUA-ADWARE Targetedbanner.biz Adrotator outbound connection (snort3-pua-adware.rules) * 1:19903 <-> DISABLED <-> PUA-ADWARE Win32.Agent.vvm outbound connection (snort3-pua-adware.rules) * 1:19904 <-> DISABLED <-> PUA-ADWARE WinReanimator outbound connection (snort3-pua-adware.rules) * 1:19906 <-> DISABLED <-> PUA-TOOLBARS 6SQ Toolbar runtime detection (snort3-pua-toolbars.rules) * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (snort3-file-identify.rules) * 1:19927 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (snort3-malware-backdoor.rules) * 1:19928 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (snort3-malware-backdoor.rules) * 1:19929 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (snort3-malware-backdoor.rules) * 1:19930 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (snort3-malware-backdoor.rules) * 1:19933 <-> DISABLED <-> INDICATOR-SCAN DirBuster brute forcing tool detected (snort3-indicator-scan.rules) * 1:19939 <-> DISABLED <-> PUA-ADWARE WeatherStudio outbound connection (snort3-pua-adware.rules) * 1:19984 <-> DISABLED <-> PUA-ADWARE Antivirus 2010 outbound connection (snort3-pua-adware.rules) * 1:19985 <-> DISABLED <-> PUA-ADWARE AntivirusPC2009 runtime traffic detected (snort3-pua-adware.rules) * 1:19986 <-> DISABLED <-> PUA-ADWARE AntivirusPC2009 install-time traffic detected (snort3-pua-adware.rules) * 1:19987 <-> DISABLED <-> PUA-ADWARE PCLiveGuard outbound connection (snort3-pua-adware.rules) * 1:19989 <-> DISABLED <-> PUA-ADWARE Total Protect 2009 outbound connection (snort3-pua-adware.rules) * 1:19990 <-> DISABLED <-> PUA-ADWARE Total Protect 2009 outbound connection (snort3-pua-adware.rules) * 1:19994 <-> DISABLED <-> PUA-ADWARE Antivirus 360 outbound connection (snort3-pua-adware.rules) * 1:19998 <-> ENABLED <-> PUA-ADWARE IP address disclosure to advertisement sites attempt (snort3-pua-adware.rules) * 1:19999 <-> DISABLED <-> PUA-ADWARE ThreatNuker outbound connection (snort3-pua-adware.rules) * 1:20000 <-> DISABLED <-> POLICY-OTHER Achievement Unlocked (Billion Dollar Company -- snort3-policy-other.rules) * 1:20007 <-> DISABLED <-> PUA-ADWARE Cinmus.asaq outbound connection (snort3-pua-adware.rules) * 1:20025 <-> DISABLED <-> PUA-ADWARE VirusBye outbound connection (snort3-pua-adware.rules) * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (snort3-file-identify.rules) * 1:20041 <-> DISABLED <-> PUA-ADWARE Adware.BB outbound connection (snort3-pua-adware.rules) * 1:20045 <-> DISABLED <-> SQL PHPSESSID SQL injection attempt (snort3-sql.rules) * 1:20046 <-> DISABLED <-> SQL PHPSESSID SQL injection attempt (snort3-sql.rules) * 1:20047 <-> DISABLED <-> SQL 1 = 1 - possible sql injection attempt (snort3-sql.rules) * 1:20048 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager CasLogDirectInsertHandler.cs cross site request forgery attempt (snort3-server-other.rules) * 1:20049 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (snort3-file-office.rules) * 1:20050 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory consumption vulnerability (snort3-file-flash.rules) * 1:20051 <-> DISABLED <-> SERVER-OTHER SAP MaxDB malformed handshake request buffer overflow attempt (snort3-server-other.rules) * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (snort3-protocol-scada.rules) * 1:20053 <-> DISABLED <-> SERVER-MYSQL Database SELECT subquery denial of service attempt (snort3-server-mysql.rules) * 1:20054 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager denial of service attempt (snort3-server-other.rules) * 1:20055 <-> DISABLED <-> FILE-JAVA Oracle Java runtime JPEGImageReader overflow attempt (snort3-file-java.rules) * 1:20058 <-> DISABLED <-> SERVER-OTHER VMWare authorization service user credential parsing DoS attempt (snort3-server-other.rules) * 1:20059 <-> DISABLED <-> FILE-IMAGE Apple Quicktime PictureViewer GIF rendering vulnerability (snort3-file-image.rules) * 1:20060 <-> DISABLED <-> SERVER-OTHER CVS annotate command buffer overflow attempt (snort3-server-other.rules) * 1:20063 <-> DISABLED <-> PUA-ADWARE SecurityTool outbound connection (snort3-pua-adware.rules) * 1:20084 <-> DISABLED <-> SERVER-OTHER ALTAP Salamander PE Viewer PDB Filename Buffer Overflow (snort3-server-other.rules) * 1:20089 <-> DISABLED <-> INDICATOR-COMPROMISE IRC nick change on non-standard port (snort3-indicator-compromise.rules) * 1:20090 <-> DISABLED <-> INDICATOR-COMPROMISE IRC DCC file transfer request on non-standard port (snort3-indicator-compromise.rules) * 1:20091 <-> DISABLED <-> INDICATOR-COMPROMISE IRC DCC chat request on non-standard port (snort3-indicator-compromise.rules) * 1:20092 <-> DISABLED <-> INDICATOR-COMPROMISE IRC channel join on non-standard port (snort3-indicator-compromise.rules) * 1:20093 <-> DISABLED <-> INDICATOR-COMPROMISE IRC channel notice on non-standard port (snort3-indicator-compromise.rules) * 1:20094 <-> DISABLED <-> INDICATOR-COMPROMISE IRC message on non-standard port (snort3-indicator-compromise.rules) * 1:20095 <-> DISABLED <-> INDICATOR-COMPROMISE IRC dns request on non-standard port (snort3-indicator-compromise.rules) * 1:20100 <-> DISABLED <-> PUA-ADWARE Adware Arcade Web - installation/update (snort3-pua-adware.rules) * 1:20101 <-> DISABLED <-> PUA-ADWARE Adware Arcade Web - User-Agent (snort3-pua-adware.rules) * 1:20102 <-> DISABLED <-> PUA-ADWARE Adware Arcade Web - X-Arcadeweb header (snort3-pua-adware.rules) * 1:20103 <-> DISABLED <-> PUA-ADWARE Adware playsushi - User-Agent (snort3-pua-adware.rules) * 1:20118 <-> DISABLED <-> OS-WINDOWS Microsoft Windows shell extensions deskpan.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:20119 <-> DISABLED <-> OS-WINDOWS Microsoft Windows shell extensions deskpan.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:20120 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS internal communications on network exploit attempt (snort3-os-windows.rules) * 1:20123 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ShrFmla record use after free attempt (snort3-file-office.rules) * 1:20125 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (snort3-file-office.rules) * 1:20126 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (snort3-file-office.rules) * 1:20129 <-> DISABLED <-> FILE-OFFICE Microsoft Office BpscBulletProof uninitialized pointer dereference attempt (snort3-file-office.rules) * 1:20132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vista SMB2 zero length write attempt (snort3-os-windows.rules) * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (snort3-policy-other.rules) * 1:20138 <-> DISABLED <-> SERVER-OTHER Nortel Networks Multiple UNIStim VoIP Products Remote Eavesdrop Attempt (snort3-server-other.rules) * 1:20142 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader app.openDoc path vulnerability (snort3-file-pdf.rules) * 1:20143 <-> DISABLED <-> PUA-ADWARE Adware mightymagoo/playpickle/livingplay - User-Agent (snort3-pua-adware.rules) * 1:20144 <-> DISABLED <-> FILE-PDF Adobe Acrobat embedded TIFF DotRange structure memory corruption attempt (snort3-file-pdf.rules) * 1:20145 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PICT parsing corruption attempt (snort3-file-pdf.rules) * 1:20146 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded PICT image (snort3-file-pdf.rules) * 1:20147 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PICT parsing corruption attempt (snort3-file-pdf.rules) * 1:20148 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PICT parsing corruption attempt (snort3-file-pdf.rules) * 1:20149 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded IFF file RGBA chunk memory corruption attempt (snort3-file-pdf.rules) * 1:20150 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PCX parsing corruption attempt (snort3-file-pdf.rules) * 1:20151 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded PCX image (snort3-file-pdf.rules) * 1:20152 <-> DISABLED <-> FILE-PDF Adobe Acrobat GDI object leak memory corruption attempt (snort3-file-pdf.rules) * 1:20153 <-> DISABLED <-> FILE-PDF Adobe Acrobat embedded JPEG file APP0 chunk memory corruption attempt (snort3-file-pdf.rules) * 1:20156 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getCosObj file overwrite attempt (snort3-file-pdf.rules) * 1:20157 <-> DISABLED <-> SERVER-ORACLE Oracle GlassFish Server war file upload attempt (snort3-server-oracle.rules) * 1:20162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader sandbox disable attempt (snort3-file-pdf.rules) * 1:20169 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP parsing corruption attempt (snort3-file-pdf.rules) * 1:20170 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP parsing corruption attempt (snort3-file-pdf.rules) * 1:20171 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP parsing corruption attempt (snort3-file-pdf.rules) * 1:20172 <-> DISABLED <-> FILE-IDENTIFY Metastock mwl file magic detected (snort3-file-identify.rules) * 1:20173 <-> DISABLED <-> PROTOCOL-SCADA Cogent DataHub server-side information disclosure (snort3-protocol-scada.rules) * 1:20174 <-> DISABLED <-> PROTOCOL-SCADA Cogent DataHub server-side information disclosure (snort3-protocol-scada.rules) * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (snort3-protocol-scada.rules) * 1:20178 <-> DISABLED <-> PROTOCOL-SCADA RSLogix rna protocol denial of service attempt (snort3-protocol-scada.rules) * 1:20181 <-> DISABLED <-> FILE-FLASH Adobe Flash Speex-encoded audio buffer underflow attempt (snort3-file-flash.rules) * 1:20182 <-> DISABLED <-> FILE-FLASH Adobe Flash Player viewSource blacklist exclusion attempt (snort3-file-flash.rules) * 1:20183 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setInterval use attempt (snort3-file-flash.rules) * 1:20184 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit php meterpreter stub .php file upload (snort3-indicator-shellcode.rules) * 1:20185 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_fs_method request/response attempt (snort3-indicator-shellcode.rules) * 1:20186 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_sys_process_method request/response attempt (snort3-indicator-shellcode.rules) * 1:20187 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_sys_eventlog_method request/response attempt (snort3-indicator-shellcode.rules) * 1:20189 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_ui_method request/response attempt (snort3-indicator-shellcode.rules) * 1:20190 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_registry_method request/response attempt (snort3-indicator-shellcode.rules) * 1:20192 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter incognito_method request/response attempt (snort3-indicator-shellcode.rules) * 1:20193 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter webcam_method request/response attempt (snort3-indicator-shellcode.rules) * 1:20194 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter sniffer_method request/response attempt (snort3-indicator-shellcode.rules) * 1:20195 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter priv_method request/response attempt (snort3-indicator-shellcode.rules) * 1:20196 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter lanattacks_method request/response attempt (snort3-indicator-shellcode.rules) * 1:20197 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter espia_method request/response attempt (snort3-indicator-shellcode.rules) * 1:20198 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter networkpug_method request/response attempt (snort3-indicator-shellcode.rules) * 1:20199 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_railgun_method request/response attempt (snort3-indicator-shellcode.rules) * 1:20206 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcre ActionScript under allocation (snort3-file-flash.rules) * 1:20207 <-> DISABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (snort3-protocol-scada.rules) * 1:20208 <-> DISABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (snort3-protocol-scada.rules) * 1:20209 <-> DISABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (snort3-protocol-scada.rules) * 1:20211 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursive stack overflow attempt (snort3-file-flash.rules) * 1:20212 <-> DISABLED <-> SERVER-OTHER SSL CBC encryption mode weakness brute force attempt (snort3-server-other.rules) * 1:20220 <-> DISABLED <-> PUA-ADWARE Adware.Wizpop outbound connection (snort3-pua-adware.rules) * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (snort3-file-identify.rules) * 1:20224 <-> DISABLED <-> FILE-MULTIMEDIA MPlayer SMI file buffer overflow attempt (snort3-file-multimedia.rules) * 1:20225 <-> ENABLED <-> FILE-OTHER SMI file download request (snort3-file-other.rules) * 1:20226 <-> DISABLED <-> FILE-OTHER MPlayer SMI file buffer overflow attempt (snort3-file-other.rules) * 1:20227 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC webm memory corruption attempt (snort3-file-multimedia.rules) * 1:20237 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Jukebox playlist file handling heap overflow attempt (snort3-file-multimedia.rules) * 1:20238 <-> DISABLED <-> SERVER-OTHER Oracle Java calendar deserialize vulnerability (snort3-server-other.rules) * 1:20239 <-> DISABLED <-> FILE-JAVA Oracle Java GIF LZW minimum code size overflow attempt (snort3-file-java.rules) * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (snort3-protocol-dns.rules) * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (snort3-policy-other.rules) * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (snort3-policy-other.rules) * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (snort3-policy-other.rules) * 1:20248 <-> DISABLED <-> PROTOCOL-RPC IBM AIX and Oracle Solaris nfsd v4 nfs_portmon security bypass attempt (snort3-protocol-rpc.rules) * 1:20249 <-> DISABLED <-> SERVER-OTHER Oracle Java Web Start BasicService arbitrary command execution attempt (snort3-server-other.rules) * 1:20251 <-> DISABLED <-> SERVER-OTHER PointBase 4.6 database DoS (snort3-server-other.rules) * 1:20253 <-> DISABLED <-> OS-WINDOWS Microsoft products oleacc.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:20254 <-> DISABLED <-> OS-WINDOWS Microsoft products oleacc.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:20256 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG http response splitting attempt (snort3-os-windows.rules) * 1:20257 <-> DISABLED <-> OS-WINDOWS Microsoft ForeFront UAG ExcelTable.asp XSS attempt (snort3-os-windows.rules) * 1:20260 <-> ENABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (snort3-file-identify.rules) * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (snort3-file-identify.rules) * 1:20270 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows afd.sys kernel-mode memory corruption attempt (snort3-file-executable.rules) * 1:20271 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Host Integration Server SNA length dos attempt (snort3-os-windows.rules) * 1:20272 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Forefront UAG NLSessionS cookie overflow attempt (snort3-os-windows.rules) * 1:20274 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP NetShareEnumAll request (snort3-netbios.rules) * 1:20282 <-> ENABLED <-> FILE-IDENTIFY S3M file download request (snort3-file-identify.rules) * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (snort3-file-identify.rules) * 1:20296 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (snort3-protocol-voip.rules) * 1:20297 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (snort3-protocol-voip.rules) * 1:20298 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (snort3-protocol-voip.rules) * 1:20299 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (snort3-protocol-voip.rules) * 1:20300 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (snort3-protocol-voip.rules) * 1:20301 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (snort3-protocol-voip.rules) * 1:20302 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (snort3-protocol-voip.rules) * 1:20303 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (snort3-protocol-voip.rules) * 1:20304 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (snort3-protocol-voip.rules) * 1:20305 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (snort3-protocol-voip.rules) * 1:20306 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (snort3-protocol-voip.rules) * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (snort3-protocol-voip.rules) * 1:20308 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (snort3-protocol-voip.rules) * 1:20309 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (snort3-protocol-voip.rules) * 1:20310 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (snort3-protocol-voip.rules) * 1:20311 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (snort3-protocol-voip.rules) * 1:20312 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (snort3-protocol-voip.rules) * 1:20313 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (snort3-protocol-voip.rules) * 1:20314 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (snort3-protocol-voip.rules) * 1:20315 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (snort3-protocol-voip.rules) * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (snort3-protocol-voip.rules) * 1:20317 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (snort3-protocol-voip.rules) * 1:20318 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (snort3-protocol-voip.rules) * 1:20319 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (snort3-protocol-voip.rules) * 1:20320 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (snort3-protocol-voip.rules) * 1:20321 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (snort3-protocol-voip.rules) * 1:20323 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (snort3-protocol-voip.rules) * 1:20324 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (snort3-protocol-voip.rules) * 1:20325 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (snort3-protocol-voip.rules) * 1:20326 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (snort3-protocol-voip.rules) * 1:20327 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (snort3-protocol-voip.rules) * 1:20328 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (snort3-protocol-voip.rules) * 1:20329 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (snort3-protocol-voip.rules) * 1:20330 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (snort3-protocol-voip.rules) * 1:20331 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (snort3-protocol-voip.rules) * 1:20332 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (snort3-protocol-voip.rules) * 1:20333 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (snort3-protocol-voip.rules) * 1:20334 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (snort3-protocol-voip.rules) * 1:20335 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (snort3-protocol-voip.rules) * 1:20336 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (snort3-protocol-voip.rules) * 1:20337 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (snort3-protocol-voip.rules) * 1:20338 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (snort3-protocol-voip.rules) * 1:20339 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (snort3-protocol-voip.rules) * 1:20340 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (snort3-protocol-voip.rules) * 1:20341 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (snort3-protocol-voip.rules) * 1:20342 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (snort3-protocol-voip.rules) * 1:20343 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (snort3-protocol-voip.rules) * 1:20344 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (snort3-protocol-voip.rules) * 1:20345 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (snort3-protocol-voip.rules) * 1:20346 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (snort3-protocol-voip.rules) * 1:20347 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (snort3-protocol-voip.rules) * 1:20348 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (snort3-protocol-voip.rules) * 1:20349 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (snort3-protocol-voip.rules) * 1:20350 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (snort3-protocol-voip.rules) * 1:20351 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (snort3-protocol-voip.rules) * 1:20352 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (snort3-protocol-voip.rules) * 1:20353 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (snort3-protocol-voip.rules) * 1:20354 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (snort3-protocol-voip.rules) * 1:20355 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (snort3-protocol-voip.rules) * 1:20356 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (snort3-protocol-voip.rules) * 1:20357 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (snort3-protocol-voip.rules) * 1:20358 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (snort3-protocol-voip.rules) * 1:20359 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (snort3-protocol-voip.rules) * 1:20360 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (snort3-protocol-voip.rules) * 1:20361 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (snort3-protocol-voip.rules) * 1:20362 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (snort3-protocol-voip.rules) * 1:20363 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (snort3-protocol-voip.rules) * 1:20364 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (snort3-protocol-voip.rules) * 1:20365 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (snort3-protocol-voip.rules) * 1:20366 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (snort3-protocol-voip.rules) * 1:20367 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (snort3-protocol-voip.rules) * 1:20370 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (snort3-protocol-voip.rules) * 1:20371 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (snort3-protocol-voip.rules) * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (snort3-protocol-voip.rules) * 1:20373 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (snort3-protocol-voip.rules) * 1:20374 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (snort3-protocol-voip.rules) * 1:20375 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (snort3-protocol-voip.rules) * 1:20376 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (snort3-protocol-voip.rules) * 1:20377 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (snort3-protocol-voip.rules) * 1:20378 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (snort3-protocol-voip.rules) * 1:20379 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (snort3-protocol-voip.rules) * 1:20380 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (snort3-protocol-voip.rules) * 1:20382 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (snort3-protocol-voip.rules) * 1:20383 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (snort3-protocol-voip.rules) * 1:20384 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (snort3-protocol-voip.rules) * 1:20385 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (snort3-protocol-voip.rules) * 1:20386 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (snort3-protocol-voip.rules) * 1:20387 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt (snort3-protocol-voip.rules) * 1:20388 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt (snort3-protocol-voip.rules) * 1:20389 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (snort3-protocol-voip.rules) * 1:20393 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (snort3-protocol-voip.rules) * 1:20394 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (snort3-protocol-voip.rules) * 1:20396 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood attempt (snort3-protocol-voip.rules) * 1:20397 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood (snort3-protocol-voip.rules) * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (snort3-protocol-voip.rules) * 1:20399 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (snort3-protocol-voip.rules) * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (snort3-policy-other.rules) * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (snort3-protocol-voip.rules) * 1:20401 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (snort3-protocol-voip.rules) * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (snort3-protocol-voip.rules) * 1:20403 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (snort3-protocol-voip.rules) * 1:20404 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (snort3-protocol-voip.rules) * 1:20405 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (snort3-protocol-voip.rules) * 1:20406 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (snort3-protocol-voip.rules) * 1:20407 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (snort3-protocol-voip.rules) * 1:20408 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (snort3-protocol-voip.rules) * 1:20409 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (snort3-protocol-voip.rules) * 1:20410 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (snort3-protocol-voip.rules) * 1:20411 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (snort3-protocol-voip.rules) * 1:20412 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (snort3-protocol-voip.rules) * 1:20413 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (snort3-protocol-voip.rules) * 1:20414 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (snort3-protocol-voip.rules) * 1:20415 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (snort3-protocol-voip.rules) * 1:20416 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (snort3-protocol-voip.rules) * 1:20417 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (snort3-protocol-voip.rules) * 1:20418 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (snort3-protocol-voip.rules) * 1:20419 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (snort3-protocol-voip.rules) * 1:20420 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (snort3-protocol-voip.rules) * 1:20421 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (snort3-protocol-voip.rules) * 1:20422 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via field request misplaced - after terminating newline (snort3-protocol-voip.rules) * 1:20423 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (snort3-protocol-voip.rules) * 1:20424 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (snort3-protocol-voip.rules) * 1:20426 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (snort3-protocol-voip.rules) * 1:20427 <-> DISABLED <-> PROTOCOL-VOIP OpenSBC VIA header denial of service attempt (snort3-protocol-voip.rules) * 1:20430 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start BasicServiceImpl security policy bypass attempt (snort3-file-java.rules) * 1:20431 <-> DISABLED <-> FILE-OTHER Wireshark DECT packet dissector overflow attempt (snort3-file-other.rules) * 1:20433 <-> DISABLED <-> PUA-ADWARE XP Guardian 2010 anutayadokalug host outbound connection (snort3-pua-adware.rules) * 1:20434 <-> DISABLED <-> PUA-ADWARE XP Guardian 2010 proantivirus21 host runtime traffic detection (snort3-pua-adware.rules) * 1:20436 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (snort3-malware-tools.rules) * 1:20437 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (snort3-malware-tools.rules) * 1:20438 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (snort3-malware-tools.rules) * 1:20439 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (snort3-malware-tools.rules) * 1:20440 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (snort3-server-other.rules) * 1:20441 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (snort3-server-other.rules) * 1:20442 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (snort3-server-other.rules) * 1:20443 <-> DISABLED <-> APP-DETECT Apple OSX Remote Mouse usage (snort3-app-detect.rules) * 1:20445 <-> DISABLED <-> FILE-PDF Foxit Reader title overflow attempt (snort3-file-pdf.rules) * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (snort3-file-identify.rules) * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (snort3-file-identify.rules) * 1:20453 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (snort3-file-identify.rules) * 1:20454 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (snort3-file-identify.rules) * 1:20455 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (snort3-file-identify.rules) * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (snort3-file-identify.rules) * 1:20458 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (snort3-file-identify.rules) * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (snort3-file-identify.rules) * 1:20460 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (snort3-file-identify.rules) * 1:20461 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (snort3-file-identify.rules) * 1:20462 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (snort3-file-identify.rules) * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules) * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules) * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules) * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules) * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules) * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules) * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules) * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (snort3-file-identify.rules) * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (snort3-file-identify.rules) * 1:20474 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (snort3-file-identify.rules) * 1:20475 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (snort3-file-identify.rules) * 1:20476 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (snort3-file-identify.rules) * 1:20477 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (snort3-file-identify.rules) * 1:20478 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (snort3-file-identify.rules) * 1:20479 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (snort3-file-identify.rules) * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (snort3-file-identify.rules) * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (snort3-file-identify.rules) * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (snort3-file-identify.rules) * 1:20484 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (snort3-file-identify.rules) * 1:20485 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (snort3-file-identify.rules) * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (snort3-file-identify.rules) * 1:20487 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (snort3-file-identify.rules) * 1:20488 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (snort3-file-identify.rules) * 1:20489 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (snort3-file-identify.rules) * 1:20490 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (snort3-file-identify.rules) * 1:20491 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (snort3-file-identify.rules) * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (snort3-file-identify.rules) * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (snort3-file-identify.rules) * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (snort3-file-identify.rules) * 1:20495 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (snort3-file-identify.rules) * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (snort3-file-identify.rules) * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (snort3-file-identify.rules) * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (snort3-file-identify.rules) * 1:20511 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (snort3-file-identify.rules) * 1:20512 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (snort3-file-identify.rules) * 1:20513 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (snort3-file-identify.rules) * 1:20514 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (snort3-file-identify.rules) * 1:20515 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (snort3-file-identify.rules) * 1:20516 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (snort3-file-identify.rules) * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (snort3-file-identify.rules) * 1:20519 <-> ENABLED <-> FILE-IDENTIFY vmd file download request (snort3-file-identify.rules) * 1:20520 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (snort3-file-identify.rules) * 1:20521 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (snort3-file-identify.rules) * 1:20522 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (snort3-file-identify.rules) * 1:20529 <-> DISABLED <-> FILE-JAVA Oracle Java trusted method chaining attempt (snort3-file-java.rules) * 1:20534 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (snort3-file-office.rules) * 1:20535 <-> DISABLED <-> BROWSER-OTHER Opera Config File script access attempt (snort3-browser-other.rules) * 1:20540 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document with embedded TrueType font (snort3-file-office.rules) * 1:20543 <-> DISABLED <-> OS-WINDOWS Microsoft Windows IppRateLimitIcmp integer overflow exploit attempt (snort3-os-windows.rules) * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (snort3-file-identify.rules) * 1:20545 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF embedded font null pointer attempt (snort3-file-flash.rules) * 1:20547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overlapping record overflow attempt (snort3-file-flash.rules) * 1:20548 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursive doaction stack exhaustion (snort3-file-flash.rules) * 1:20549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion attempt (snort3-file-flash.rules) * 1:20550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Mover3D clipping exploit (snort3-file-flash.rules) * 1:20551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Stage 3D texture format overflow attempt (snort3-file-flash.rules) * 1:20553 <-> DISABLED <-> FILE-MULTIMEDIA Un4seen Developments XMPlay crafted ASX file buffer overflow attempt (snort3-file-multimedia.rules) * 1:20556 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PlaceObjectX null pointer dereference attempt (snort3-file-flash.rules) * 1:20557 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionDefineFunction2 length overflow attempt (snort3-file-flash.rules) * 1:20558 <-> ENABLED <-> EXPLOIT-KIT URI request for known malicious URI /stat2.php (snort3-exploit-kit.rules) * 1:20559 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp MIDI file buffer overflow attempt (snort3-file-multimedia.rules) * 1:20560 <-> DISABLED <-> FILE-FLASH Adobe Flash Player salign null javascript access attempt (snort3-file-flash.rules) * 1:20563 <-> ENABLED <-> FILE-IDENTIFY amf file download request (snort3-file-identify.rules) * 1:20564 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (snort3-file-identify.rules) * 1:20565 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp AMF file buffer overflow attempt (snort3-file-other.rules) * 1:20566 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp AMF file buffer overflow attempt (snort3-file-other.rules) * 1:20567 <-> DISABLED <-> FILE-FLASH Adobe Flash SWF AVM2 namespace lookup deref exploit (snort3-file-flash.rules) * 1:20568 <-> DISABLED <-> FILE-FLASH Adobe Flash SWF ActionScript 3 ByteArray class vulnerability (snort3-file-flash.rules) * 1:20572 <-> DISABLED <-> FILE-OTHER Microsoft Windows Font Library file buffer overflow attempt (snort3-file-other.rules) * 1:20578 <-> DISABLED <-> SERVER-MAIL Qualcomm Eudora url buffer overflow attempt (snort3-server-mail.rules) * 1:20581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (snort3-protocol-scada.rules) * 1:20582 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (snort3-protocol-scada.rules) * 1:20583 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple location headers malicious redirect attempt (snort3-browser-firefox.rules) * 1:20584 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple content-type headers malicious redirect attempt (snort3-browser-firefox.rules) * 1:20585 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple content-length headers malicious redirect attempt (snort3-browser-firefox.rules) * 1:20586 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple content-disposition headers malicious redirect attempt (snort3-browser-firefox.rules) * 1:20588 <-> ENABLED <-> FILE-IDENTIFY CDR file download request (snort3-file-identify.rules) * 1:20589 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (snort3-file-identify.rules) * 1:20594 <-> DISABLED <-> SERVER-ORACLE Outside In CorelDRAW file parser integer overflow attempt (snort3-server-oracle.rules) * 1:20601 <-> DISABLED <-> PROTOCOL-SERVICES rlogin nobody (snort3-protocol-services.rules) * 1:20602 <-> DISABLED <-> PROTOCOL-SERVICES rlogin guest (snort3-protocol-services.rules) * 1:20603 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RSH daemon buffer overflow attempt (snort3-os-windows.rules) * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (snort3-server-other.rules) * 1:20609 <-> DISABLED <-> SERVER-OTHER Sunway ForceControl SNMP NetDBServer stack buffer overflow attempt (snort3-server-other.rules) * 1:20610 <-> DISABLED <-> FILE-FLASH Adobe Shockwave Flash Flex authoring tool XSS exploit attempt (snort3-file-flash.rules) * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (snort3-server-other.rules) * 1:20612 <-> DISABLED <-> SERVER-APACHE Apache Tomcat Java AJP connector invalid header timeout DOS attempt (snort3-server-apache.rules) * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (snort3-server-mail.rules) * 1:20616 <-> DISABLED <-> SERVER-OTHER Peercast Basic HTTP authentication buffer overflow attempt (snort3-server-other.rules) * 1:20618 <-> DISABLED <-> SERVER-OTHER Sage SalesLogix database credential disclosure attempt (snort3-server-other.rules) * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (snort3-file-identify.rules) * 1:20638 <-> DISABLED <-> PROTOCOL-SCADA Progea Movicon/PowerHMI EIDP over HTTP memory corruption attempt (snort3-protocol-scada.rules) * 1:20653 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player ASX file ref href buffer overflow attempt (snort3-file-multimedia.rules) * 1:20655 <-> DISABLED <-> PUA-OTHER Yahoo Messenger iframe injection status change attempt (snort3-pua-other.rules) * 1:20658 <-> DISABLED <-> POLICY-OTHER HP Printer firmware update attempt (snort3-policy-other.rules) * 1:20660 <-> DISABLED <-> SERVER-OTHER sl.php script injection (snort3-server-other.rules) * 1:20662 <-> DISABLED <-> SERVER-OTHER Dameware Mini Remote Control username buffer overflow (snort3-server-other.rules) * 1:20664 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (snort3-server-iis.rules) * 1:20665 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (snort3-server-iis.rules) * 1:20666 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Thunderbird / SeaMonkey Content-Type header buffer overflow attempt (snort3-browser-firefox.rules) * 1:20667 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Thunderbird / SeaMonkey Content-Type header buffer overflow attempt (snort3-browser-firefox.rules) * 1:20668 <-> DISABLED <-> EXPLOIT-KIT URI request for known malicious URI - /content/v1.jar (snort3-exploit-kit.rules) * 1:20669 <-> DISABLED <-> EXPLOIT-KIT URI request for known malicious URI - w.php?f= (snort3-exploit-kit.rules) * 1:20670 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk data length field overflow attempt (snort3-protocol-voip.rules) * 1:20673 <-> DISABLED <-> FILE-MULTIMEDIA invalid VLC media player SMB URI download attempt (snort3-file-multimedia.rules) * 1:20675 <-> DISABLED <-> SERVER-IIS Microsoft Active Directory Federation Services code execution attempt (snort3-server-iis.rules) * 1:20690 <-> DISABLED <-> SERVER-OTHER Quest NetVault SmartDisk libnvbasics.dll denial of service attempt (snort3-server-other.rules) * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (snort3-policy-other.rules) * 1:20698 <-> DISABLED <-> FILE-OTHER Telnet protocol specifier command injection attempt (snort3-file-other.rules) * 1:20717 <-> DISABLED <-> FILE-OFFICE Microsoft Windows OLE versioned stream missing data stream (snort3-file-office.rules) * 1:20718 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (snort3-file-office.rules) * 1:20719 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Opltc memory corruption attempt (snort3-file-office.rules) * 1:20721 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher PLC object memory corruption attempt (snort3-file-office.rules) * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (snort3-file-identify.rules) * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (snort3-os-solaris.rules) * 1:20727 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox user interface event dispatcher dos attempt (snort3-browser-firefox.rules) * 1:20729 <-> DISABLED <-> BROWSER-FIREFOX Mozilla XBL object init code execution attempt (snort3-browser-firefox.rules) * 1:20730 <-> DISABLED <-> BROWSER-FIREFOX Mozilla XBL.method memory corruption attempt (snort3-browser-firefox.rules) * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (snort3-file-identify.rules) * 1:20735 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (snort3-file-other.rules) * 1:20736 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari x-man-page URI terminal escape attempt (snort3-browser-webkit.rules) * 1:20738 <-> DISABLED <-> SERVER-OTHER Check Point vpn-1 ISAKMP buffer overflow attempt (snort3-server-other.rules) * 1:20739 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Object.watch parent access attempt (snort3-browser-firefox.rules) * 1:20741 <-> DISABLED <-> SERVER-OTHER SpamAssassin GTube string denial of service attempt (snort3-server-other.rules) * 1:20742 <-> DISABLED <-> BROWSER-FIREFOX Mozilla PLUGINSPAGE javascript execution attempt (snort3-browser-firefox.rules) * 1:20743 <-> DISABLED <-> BROWSER-OTHER Multiple web browser window injection attempt (snort3-browser-other.rules) * 1:20745 <-> DISABLED <-> SERVER-OTHER Ethereal Netflow dissector buffer overflow attempt (snort3-server-other.rules) * 1:20746 <-> DISABLED <-> SERVER-OTHER Ethereal IGAP Dissector Buffer Overflow attempt (snort3-server-other.rules) * 1:20747 <-> DISABLED <-> SERVER-OTHER Ethereal IGAP Dissector Buffer Overflow attempt (snort3-server-other.rules) * 1:20748 <-> DISABLED <-> SERVER-OTHER Yahoo Messenger possible file transfer spoofing (snort3-server-other.rules) * 1:20750 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (snort3-file-identify.rules) * 1:20751 <-> ENABLED <-> FILE-IDENTIFY webm file download request (snort3-file-identify.rules) * 1:20752 <-> DISABLED <-> PUA-ADWARE Win32.GameVance outbound connection (snort3-pua-adware.rules) * 1:20753 <-> DISABLED <-> PUA-ADWARE Win32.GamePlayLabs outbound connection (snort3-pua-adware.rules) * 1:20758 <-> DISABLED <-> POLICY-OTHER Progrea Movicon TCPUploadServer.exe unauthenticated access attempt (snort3-policy-other.rules) * 1:20761 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (snort3-server-other.rules) * 1:20768 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (snort3-file-other.rules) * 1:20769 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (snort3-file-other.rules) * 1:20770 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (snort3-file-other.rules) * 1:20771 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (snort3-file-other.rules) * 1:20772 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (snort3-file-other.rules) * 1:20773 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (snort3-file-other.rules) * 1:20774 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (snort3-file-other.rules) * 1:20775 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (snort3-file-other.rules) * 1:20776 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (snort3-file-other.rules) * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (snort3-file-identify.rules) * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (snort3-file-identify.rules) * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (snort3-file-identify.rules) * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (snort3-file-identify.rules) * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules) * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules) * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (snort3-file-identify.rules) * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (snort3-file-identify.rules) * 1:20802 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PRC file MarkupLinkedItem arbitrary code execution attempt (snort3-file-pdf.rules) * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (snort3-protocol-telnet.rules) * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (snort3-protocol-telnet.rules) * 1:20814 <-> DISABLED <-> BROWSER-FIREFOX Mozilla favicon href javascript execution attempt (snort3-browser-firefox.rules) * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (snort3-file-java.rules) * 1:20821 <-> DISABLED <-> SERVER-APACHE Apache APR header memory corruption attempt (snort3-server-apache.rules) * 1:20831 <-> ENABLED <-> FILE-JAVA Oracle Java Applet Rhino script engine remote code execution attempt (snort3-file-java.rules) * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (snort3-file-identify.rules) * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (snort3-file-identify.rules) * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (snort3-file-identify.rules) * 1:20848 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (snort3-file-identify.rules) * 1:20849 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (snort3-file-identify.rules) * 1:20852 <-> ENABLED <-> FILE-IDENTIFY DAZ Studio script download request (snort3-file-identify.rules) * 1:20853 <-> DISABLED <-> FILE-OTHER DAZ Studio dangerous scripting method attempt (snort3-file-other.rules) * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (snort3-file-identify.rules) * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (snort3-file-identify.rules) * 1:20856 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (snort3-file-identify.rules) * 1:20857 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (snort3-file-identify.rules) * 1:20858 <-> DISABLED <-> FILE-JAVA Oracle Java getSoundBank overflow Attempt malicious jar file (snort3-file-java.rules) * 1:20859 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya embedded language script download request (snort3-file-identify.rules) * 1:20860 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (snort3-file-identify.rules) * 1:20861 <-> DISABLED <-> FILE-OTHER Autodesk Maya dangerous scripting method attempt (snort3-file-other.rules) * 1:20869 <-> ENABLED <-> FILE-IDENTIFY Autodesk 3D Studio Maxscript download request (snort3-file-identify.rules) * 1:20870 <-> DISABLED <-> FILE-OTHER Autodesk 3D Studio Maxscript dangerous scripting method attempt (snort3-file-other.rules) * 1:20873 <-> DISABLED <-> POLICY-OTHER TRACE attempt (snort3-policy-other.rules) * 1:20874 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (snort3-server-other.rules) * 1:20876 <-> DISABLED <-> SERVER-OTHER IBM solidDB solid.exe authentication bypass attempt (snort3-server-other.rules) * 1:20880 <-> DISABLED <-> FILE-OFFICE Microsoft DirectShow Line 21 decoder exploit attempt (snort3-file-office.rules) * 1:20885 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (snort3-file-office.rules) * 1:20886 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (snort3-file-office.rules) * 1:20887 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (snort3-file-office.rules) * 1:20888 <-> ENABLED <-> FILE-IDENTIFY Video Spirit visprj download attempt (snort3-file-identify.rules) * 1:20889 <-> DISABLED <-> FILE-OTHER Video Spirit visprj buffer overflow (snort3-file-other.rules) * 1:20893 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (snort3-file-identify.rules) * 1:20894 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (snort3-file-identify.rules) * 1:20895 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (snort3-file-identify.rules) * 1:20896 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (snort3-file-identify.rules) * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (snort3-file-identify.rules) * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (snort3-file-identify.rules) * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (snort3-file-identify.rules) * 1:20902 <-> DISABLED <-> FILE-OTHER Microsoft Windows OpenType font parsing stack overflow attempt (snort3-file-other.rules) * 1:20904 <-> DISABLED <-> FILE-OTHER Microsoft Windows OpenType font parsing stack overflow attempt (snort3-file-other.rules) * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (snort3-file-identify.rules) * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (snort3-file-identify.rules) * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (snort3-file-identify.rules) * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (snort3-file-identify.rules) * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (snort3-file-identify.rules) * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (snort3-file-identify.rules) * 1:20911 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (snort3-file-identify.rules) * 1:20912 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (snort3-file-identify.rules) * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (snort3-file-identify.rules) * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (snort3-file-identify.rules) * 1:20915 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (snort3-file-identify.rules) * 1:20916 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (snort3-file-identify.rules) * 1:20917 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (snort3-file-identify.rules) * 1:20918 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (snort3-file-identify.rules) * 1:20919 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader BMP color unused corruption (snort3-file-pdf.rules) * 1:20920 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DCT dequantizer memory corruption attempt (snort3-file-pdf.rules) * 1:20921 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP colors used integer overflow attempt (snort3-file-pdf.rules) * 1:20922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP bit count integer overflow attempt (snort3-file-pdf.rules) * 1:20923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP bit count integer overflow attempt (snort3-file-pdf.rules) * 1:20924 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (snort3-file-identify.rules) * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (snort3-file-identify.rules) * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (snort3-file-identify.rules) * 1:20928 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (snort3-file-identify.rules) * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (snort3-file-identify.rules) * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (snort3-file-identify.rules) * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (snort3-file-identify.rules) * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (snort3-file-identify.rules) * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (snort3-file-identify.rules) * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (snort3-file-identify.rules) * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (snort3-file-identify.rules) * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (snort3-file-identify.rules) * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (snort3-file-identify.rules) * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (snort3-file-identify.rules) * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (snort3-file-identify.rules) * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (snort3-file-identify.rules) * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules) * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules) * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules) * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules) * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules) * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules) * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules) * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (snort3-file-identify.rules) * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:20960 <-> ENABLED <-> FILE-IDENTIFY Flac file download request (snort3-file-identify.rules) * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (snort3-file-identify.rules) * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (snort3-file-identify.rules) * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (snort3-file-identify.rules) * 1:20964 <-> ENABLED <-> FILE-IDENTIFY SAMI file download request (snort3-file-identify.rules) * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (snort3-file-identify.rules) * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (snort3-file-identify.rules) * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (snort3-file-identify.rules) * 1:20968 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (snort3-file-identify.rules) * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (snort3-file-identify.rules) * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (snort3-file-identify.rules) * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (snort3-file-identify.rules) * 1:20972 <-> ENABLED <-> FILE-IDENTIFY M4V file magic request (snort3-file-identify.rules) * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (snort3-file-identify.rules) * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (snort3-file-identify.rules) * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (snort3-file-identify.rules) * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (snort3-file-identify.rules) * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (snort3-file-identify.rules) * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (snort3-file-identify.rules) * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (snort3-file-identify.rules) * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (snort3-file-identify.rules) * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (snort3-file-identify.rules) * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (snort3-file-identify.rules) * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (snort3-file-identify.rules) * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (snort3-file-identify.rules) * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (snort3-file-identify.rules) * 1:20989 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic single_static_bit encoder (snort3-indicator-shellcode.rules) * 1:20990 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic avoid_utf8_tolower encoder (snort3-indicator-shellcode.rules) * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (snort3-file-identify.rules) * 1:20992 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (snort3-file-identify.rules) * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (snort3-policy-other.rules) * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (snort3-policy-other.rules) * 1:20997 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit Display box rendering corruption attempt (snort3-browser-webkit.rules) * 1:20998 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript submitform memory corruption attempt (snort3-file-pdf.rules) * 1:21000 <-> DISABLED <-> PROTOCOL-SCADA Microsys PROMOTIC ActiveX clsid access (snort3-protocol-scada.rules) * 1:21001 <-> DISABLED <-> PROTOCOL-SCADA Microsys PROMOTIC ActiveX function call access (snort3-protocol-scada.rules) * 1:21007 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (snort3-file-identify.rules) * 1:21008 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file download request (snort3-file-identify.rules) * 1:21009 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (snort3-file-identify.rules) * 1:21010 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (snort3-file-identify.rules) * 1:21011 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (snort3-file-identify.rules) * 1:21012 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (snort3-file-identify.rules) * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (snort3-file-identify.rules) * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (snort3-file-identify.rules) * 1:21015 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (snort3-file-identify.rules) * 1:21016 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (snort3-file-identify.rules) * 1:21017 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (snort3-file-identify.rules) * 1:21018 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (snort3-file-identify.rules) * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (snort3-file-identify.rules) * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (snort3-file-identify.rules) * 1:21040 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (snort3-indicator-obfuscation.rules) * 1:21052 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file download request (snort3-file-identify.rules) * 1:21053 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (snort3-file-identify.rules) * 1:21054 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (snort3-file-identify.rules) * 1:21056 <-> DISABLED <-> FILE-JAVA Oracle Java attempt to write in system32 (snort3-file-java.rules) * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (snort3-file-other.rules) * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (snort3-file-identify.rules) * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (snort3-file-identify.rules) * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (snort3-file-identify.rules) * 1:21075 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor (snort3-server-apache.rules) * 1:21078 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow GraphEdt closed captioning memory corruption (snort3-file-multimedia.rules) * 1:21079 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC HMI Administrator cookie detected (snort3-protocol-scada.rules) * 1:21082 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel window2 record use after free attempt (snort3-file-office.rules) * 1:21083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel window2 record use after free attempt (snort3-file-office.rules) * 1:21088 <-> DISABLED <-> OS-WINDOWS Microsoft Windows remote desktop denial of service attempt (snort3-os-windows.rules) * 1:21089 <-> DISABLED <-> OS-WINDOWS Microsoft Windows remote desktop oversized cookie attempt (snort3-os-windows.rules) * 1:21090 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp player mp4 memory corruption attempt (snort3-file-multimedia.rules) * 1:21091 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp player mp4 memory corruption attempt (snort3-file-multimedia.rules) * 1:21092 <-> ENABLED <-> MALWARE-TOOLS JavaScript LOIC attack (snort3-malware-tools.rules) * 1:21093 <-> DISABLED <-> FILE-MULTIMEDIA A-PDF Wav to mp3 converter buffer overfow (snort3-file-multimedia.rules) * 1:21095 <-> DISABLED <-> FILE-PDF Foxit Reader malicious pdf file write access (snort3-file-pdf.rules) * 1:21102 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (snort3-protocol-voip.rules) * 1:21103 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (snort3-protocol-voip.rules) * 1:21104 <-> ENABLED <-> MALWARE-TOOLS slowhttptest DoS tool (snort3-malware-tools.rules) * 1:21105 <-> DISABLED <-> SERVER-OTHER Avaya WinPDM Unite host router buffer overflow attempt (snort3-server-other.rules) * 1:21107 <-> DISABLED <-> FILE-MULTIMEDIA MJM Quickplayer s3m buffer overflow (snort3-file-multimedia.rules) * 1:21108 <-> DISABLED <-> EXPLOIT-KIT unknown exploit kit obfuscated landing page (snort3-exploit-kit.rules) * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (snort3-file-identify.rules) * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (snort3-file-identify.rules) * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (snort3-file-identify.rules) * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (snort3-file-identify.rules) * 1:21117 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell (snort3-indicator-compromise.rules) * 1:21118 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell security information display (snort3-indicator-compromise.rules) * 1:21119 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell interactive file system information display (snort3-indicator-compromise.rules) * 1:21120 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell interactive console display (snort3-indicator-compromise.rules) * 1:21121 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell interactive SQL display (snort3-indicator-compromise.rules) * 1:21129 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell (snort3-indicator-compromise.rules) * 1:21130 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell enumeration page (snort3-indicator-compromise.rules) * 1:21131 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell domain lookup page (snort3-indicator-compromise.rules) * 1:21132 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell sql interaction page (snort3-indicator-compromise.rules) * 1:21133 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell encoder page (snort3-indicator-compromise.rules) * 1:21134 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell security information page (snort3-indicator-compromise.rules) * 1:21135 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell password cracking page (snort3-indicator-compromise.rules) * 1:21136 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell security bypass page (snort3-indicator-compromise.rules) * 1:21137 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell tools page (snort3-indicator-compromise.rules) * 1:21138 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell database parsing page (snort3-indicator-compromise.rules) * 1:21139 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell spread shell page (snort3-indicator-compromise.rules) * 1:21140 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell kill shell page (snort3-indicator-compromise.rules) * 1:21146 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (snort3-protocol-scada.rules) * 1:21147 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (snort3-protocol-scada.rules) * 1:21148 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (snort3-protocol-scada.rules) * 1:21149 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (snort3-protocol-scada.rules) * 1:21150 <-> DISABLED <-> PROTOCOL-VOIP Grandstream networks denial of service (snort3-protocol-voip.rules) * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (snort3-file-identify.rules) * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (snort3-file-identify.rules) * 1:21154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products floating point buffer overflow attempt (snort3-browser-firefox.rules) * 1:21155 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products floating point buffer overflow attempt (snort3-browser-firefox.rules) * 1:21160 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (snort3-file-image.rules) * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (snort3-server-iis.rules) * 1:21162 <-> DISABLED <-> FILE-PDF Adobe Acrobat file extension overflow attempt (snort3-file-pdf.rules) * 1:21164 <-> DISABLED <-> SERVER-SAMBA Samba username map script command injection attempt (snort3-server-samba.rules) * 1:21165 <-> DISABLED <-> FILE-OTHER multiple products GeckoActiveX COM object recon attempt (snort3-file-other.rules) * 1:21166 <-> DISABLED <-> BROWSER-CHROME Google Chrome https spoofing attempt (snort3-browser-chrome.rules) * 1:21168 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (snort3-file-multimedia.rules) * 1:21169 <-> DISABLED <-> PUA-ADWARE Apperhand SDK advertising data request - Counterclank (snort3-pua-adware.rules) * 1:21171 <-> DISABLED <-> APP-DETECT Thunder p2p application activity detection (snort3-app-detect.rules) * 1:21172 <-> DISABLED <-> APP-DETECT Thunder p2p application activity detection (snort3-app-detect.rules) * 1:21173 <-> DISABLED <-> FILE-EXECUTABLE APP-CONTROL Thunder p2p application download detection (snort3-file-executable.rules) * 1:21174 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (snort3-file-identify.rules) * 1:21176 <-> DISABLED <-> PUA-ADWARE Win32.WindowsOptimizationAndSecurity outbound connection (snort3-pua-adware.rules) * 1:21184 <-> DISABLED <-> PUA-ADWARE Internet Security 2010 outbound connection (snort3-pua-adware.rules) * 1:21189 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari innerHTML use after free exploit attempt (snort3-browser-webkit.rules) * 1:21232 <-> DISABLED <-> SERVER-OTHER Remote Desktop Protocol brute force attempt (snort3-server-other.rules) * 1:21244 <-> DISABLED <-> FILE-IDENTIFY New Executable binary file magic detected (snort3-file-identify.rules) * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (snort3-server-other.rules) * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (snort3-server-other.rules) * 1:21254 <-> DISABLED <-> FILE-PDF Foxit Reader createDataObject file write attempt (snort3-file-pdf.rules) * 1:21255 <-> ENABLED <-> MALWARE-OTHER known malicious FTP login banner - 0wns j0 (snort3-malware-other.rules) * 1:21256 <-> ENABLED <-> MALWARE-OTHER known malicious FTP quit banner - Goodbye happy r00ting (snort3-malware-other.rules) * 1:21261 <-> DISABLED <-> SERVER-OTHER Xitami if-modified-since header buffer overflow attempt (snort3-server-other.rules) * 1:21262 <-> DISABLED <-> OS-WINDOWS DCERPC ISystemActivate flood attempt (snort3-os-windows.rules) * 1:21263 <-> DISABLED <-> SERVER-OTHER Embarcadero Interbase connect request buffer overflow attempt (snort3-server-other.rules) * 1:21265 <-> DISABLED <-> INDICATOR-SHELLCODE Piecemeal exploit and shellcode construction (snort3-indicator-shellcode.rules) * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (snort3-policy-other.rules) * 1:21281 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (snort3-os-windows.rules) * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (snort3-file-identify.rules) * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (snort3-file-identify.rules) * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (snort3-file-identify.rules) * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (snort3-file-identify.rules) * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (snort3-file-identify.rules) * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (snort3-file-identify.rules) * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (snort3-file-identify.rules) * 1:21291 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid row option attempt (snort3-file-office.rules) * 1:21293 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio corrupted compressed data memory corruption attempt (snort3-file-office.rules) * 1:21295 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (snort3-file-identify.rules) * 1:21296 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (snort3-file-identify.rules) * 1:21315 <-> DISABLED <-> SERVER-OTHER Quest NetVault SmartDisk libnvbasics.dll DOS attempt (snort3-server-other.rules) * 1:21317 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (snort3-file-other.rules) * 1:21319 <-> DISABLED <-> FILE-OTHER Multiple products request for version.dll over SMB attempt (snort3-file-other.rules) * 1:21320 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player request for atl.dll over SMB attempt (snort3-file-flash.rules) * 1:21321 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player request for uxtheme.dll over SMB attempt (snort3-file-flash.rules) * 1:21322 <-> DISABLED <-> FILE-OTHER Multiple products version.dll dll-load exploit attempt (snort3-file-other.rules) * 1:21323 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player atl.dll dll-load exploit attempt (snort3-file-flash.rules) * 1:21324 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player uxtheme.dll dll-load exploit attempt (snort3-file-flash.rules) * 1:21325 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross site request forgery attempt (snort3-file-flash.rules) * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (snort3-file-flash.rules) * 1:21328 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format server integer overflow attempt (snort3-server-other.rules) * 1:21329 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format client integer overflow attempt (snort3-server-other.rules) * 1:21330 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format server integer overflow attempt (snort3-server-other.rules) * 1:21331 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format client integer overflow attempt (snort3-server-other.rules) * 1:21332 <-> ENABLED <-> APP-DETECT Synergy network kvm usage detected (snort3-app-detect.rules) * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (snort3-file-flash.rules) * 1:21337 <-> DISABLED <-> SERVER-APACHE Apache XML HMAC truncation authentication bypass attempt (snort3-server-apache.rules) * 1:21349 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (snort3-server-other.rules) * 1:21350 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (snort3-server-other.rules) * 1:21356 <-> DISABLED <-> SERVER-APACHE Apache URI directory traversal attempt (snort3-server-apache.rules) * 1:21357 <-> DISABLED <-> OS-WINDOWS Microsoft Windows OLEAUT32.DLL malicious WMF file remote code execution attempt (snort3-os-windows.rules) * 1:21370 <-> DISABLED <-> SERVER-SAMBA Samba name mangling buffer overflow attempt (snort3-server-samba.rules) * 1:21387 <-> DISABLED <-> FILE-JAVA Oracle Java runtime RMIConnectionImpl deserialization execution attempt (snort3-file-java.rules) * 1:21393 <-> DISABLED <-> FILE-MULTIMEDIA Magix Musik Maker 16 buffer overflow attempt (snort3-file-multimedia.rules) * 1:21394 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox null byte file remote code execution attempt (snort3-browser-firefox.rules) * 1:21395 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (snort3-server-oracle.rules) * 1:21396 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (snort3-server-oracle.rules) * 1:21397 <-> DISABLED <-> FILE-MULTIMEDIA MicroP mppl stack buffer overflow (snort3-file-multimedia.rules) * 1:21398 <-> ENABLED <-> FILE-IDENTIFY MPPL file download request (snort3-file-identify.rules) * 1:21399 <-> DISABLED <-> BROWSER-OTHER Opera Web Browser History Search Input validation vulnerability (snort3-browser-other.rules) * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (snort3-server-other.rules) * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (snort3-file-identify.rules) * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (snort3-file-identify.rules) * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (snort3-file-identify.rules) * 1:21413 <-> DISABLED <-> FILE-OTHER PeaZip command injection attempt (snort3-file-other.rules) * 1:21417 <-> DISABLED <-> FILE-PDF hostile PDF associated with Laik exploit kit (snort3-file-pdf.rules) * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (snort3-file-other.rules) * 1:21431 <-> DISABLED <-> FILE-PDF Possible malicious pdf - new pdf exploit (snort3-file-pdf.rules) * 1:21432 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (snort3-file-identify.rules) * 1:21433 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (snort3-file-identify.rules) * 1:21437 <-> DISABLED <-> FILE-OTHER WordPerfect WP3TablesGroup heap overflow attempt (snort3-file-other.rules) * 1:21439 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ arbitrary code execution attempt (snort3-file-image.rules) * 1:21445 <-> DISABLED <-> SERVER-OTHER vsFTPd denial of service attempt (snort3-server-other.rules) * 1:21446 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileSystemObject clsid access (snort3-browser-chrome.rules) * 1:21459 <-> ENABLED <-> MALWARE-TOOLS Havij advanced SQL injection tool user-agent string (snort3-malware-tools.rules) * 1:21480 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (snort3-file-identify.rules) * 1:21483 <-> DISABLED <-> PROTOCOL-SCADA Moxa Device Manager buffer overflow attempt (snort3-protocol-scada.rules) * 1:21485 <-> DISABLED <-> SERVER-OTHER EMC RepliStor denial of service attempt (snort3-server-other.rules) * 1:21488 <-> DISABLED <-> APP-DETECT User-Agent known user agent - GetRight (snort3-app-detect.rules) * 1:21489 <-> DISABLED <-> FILE-OTHER Microsoft Windows chm file malware related exploit (snort3-file-other.rules) * 1:21490 <-> DISABLED <-> PROTOCOL-SCADA General Electric d20me configuration retrieval attempt (snort3-protocol-scada.rules) * 1:21491 <-> DISABLED <-> PROTOCOL-SCADA Sielco Sistemi Winlog Pro stack buffer overflow attempt (snort3-protocol-scada.rules) * 1:21494 <-> DISABLED <-> PROTOCOL-SCADA General Electric D20ME backdoor attempt (snort3-protocol-scada.rules) * 1:21498 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (snort3-file-identify.rules) * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (snort3-file-identify.rules) * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (snort3-file-identify.rules) * 1:21501 <-> DISABLED <-> FILE-JAVA Oracle JavaScript file upload keystroke hijack attempt (snort3-file-java.rules) * 1:21503 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB memory corruption (snort3-file-office.rules) * 1:21509 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit rhino jar request (snort3-exploit-kit.rules) * 1:21510 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit logo transfer (snort3-exploit-kit.rules) * 1:21512 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zegost.B runtime detection (snort3-malware-backdoor.rules) * 1:21513 <-> ENABLED <-> MALWARE-TOOLS HOIC http denial of service attack (snort3-malware-tools.rules) * 1:21515 <-> DISABLED <-> SERVER-APACHE Apache Tomcat Web Application Manager access (snort3-server-apache.rules) * 1:21519 <-> DISABLED <-> INDICATOR-OBFUSCATION Dadongs obfuscated javascript (snort3-indicator-obfuscation.rules) * 1:21524 <-> DISABLED <-> FILE-OFFICE Microsoft Windows object packager dialogue code execution attempt (snort3-file-office.rules) * 1:21530 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action script 3 bitmap malicious rectangle attempt (snort3-file-flash.rules) * 1:21531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action script 3 bitmap malicious rectangle attempt (snort3-file-flash.rules) * 1:21532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action script 3 bitmap malicious rectangle attempt (snort3-file-flash.rules) * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (snort3-file-flash.rules) * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (snort3-file-flash.rules) * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (snort3-file-flash.rules) * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (snort3-file-flash.rules) * 1:21550 <-> ENABLED <-> MALWARE-BACKDOOR ToolsPack PHP Backdoor access (snort3-malware-backdoor.rules) * 1:21555 <-> DISABLED <-> MALWARE-OTHER Horde javascript.php href backdoor (snort3-malware-other.rules) * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (snort3-policy-other.rules) * 1:21557 <-> DISABLED <-> FILE-OTHER Apple OSX ZIP archive shell script execution attempt (snort3-file-other.rules) * 1:21573 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file download request (snort3-file-identify.rules) * 1:21574 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (snort3-file-identify.rules) * 1:21575 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (snort3-file-identify.rules) * 1:21576 <-> DISABLED <-> FILE-OTHER Microsoft Windows Visual Studio .addin file access (snort3-file-other.rules) * 1:21577 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - charcode (snort3-indicator-obfuscation.rules) * 1:21578 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - eval (snort3-indicator-obfuscation.rules) * 1:21579 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - fromCharCode (snort3-indicator-obfuscation.rules) * 1:21580 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - fromCharCode (snort3-indicator-obfuscation.rules) * 1:21582 <-> DISABLED <-> FILE-PDF PDF obfuscation attempt (snort3-file-pdf.rules) * 1:21583 <-> DISABLED <-> FILE-PDF Possible malicious pdf detection - qwe123 (snort3-file-pdf.rules) * 1:21584 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file download request (snort3-file-identify.rules) * 1:21585 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (snort3-file-identify.rules) * 1:21586 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (snort3-file-identify.rules) * 1:21587 <-> DISABLED <-> FILE-OTHER VisiWave VWR file parsing code execution attempt (snort3-file-other.rules) * 1:21595 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D initialization request detection (snort3-os-mobile.rules) * 1:21596 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D initialization response detection (snort3-os-mobile.rules) * 1:21597 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D sms logging request detection (snort3-os-mobile.rules) * 1:21598 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D sms logging response detection (snort3-os-mobile.rules) * 1:21599 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (snort3-server-iis.rules) * 1:21600 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (snort3-server-iis.rules) * 1:21601 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (snort3-server-iis.rules) * 1:21602 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (snort3-server-iis.rules) * 1:21603 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (snort3-server-iis.rules) * 1:21604 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (snort3-server-iis.rules) * 1:21605 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (snort3-server-iis.rules) * 1:21606 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (snort3-server-iis.rules) * 1:21607 <-> DISABLED <-> FILE-OTHER IBM Installation Manager iim uri code execution attempt (snort3-file-other.rules) * 1:21608 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 call number denial of service (snort3-protocol-voip.rules) * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (snort3-file-identify.rules) * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (snort3-file-identify.rules) * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (snort3-file-identify.rules) * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (snort3-file-identify.rules) * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (snort3-file-identify.rules) * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (snort3-file-identify.rules) * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (snort3-file-identify.rules) * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (snort3-file-identify.rules) * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (snort3-file-identify.rules) * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (snort3-file-identify.rules) * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (snort3-file-identify.rules) * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (snort3-file-identify.rules) * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (snort3-file-identify.rules) * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (snort3-file-identify.rules) * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (snort3-file-identify.rules) * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (snort3-file-identify.rules) * 1:21629 <-> DISABLED <-> FILE-OTHER ELF file parsing in different antivirus evasion attempt (snort3-file-other.rules) * 1:21630 <-> DISABLED <-> FILE-OTHER ELF file parsing in different antivirus evasion attempt (snort3-file-other.rules) * 1:21637 <-> DISABLED <-> POLICY-SPAM local user attempted to fill out paypal phishing form (snort3-policy-spam.rules) * 1:21641 <-> DISABLED <-> MALWARE-OTHER Possible banking trojan with known banking strings (snort3-malware-other.rules) * 1:21642 <-> DISABLED <-> MALWARE-OTHER Possible malicious jar file download page (snort3-malware-other.rules) * 1:21644 <-> DISABLED <-> PUA-ADWARE Adware.MediaGetInstaller inbound connection - destination ip infected (snort3-pua-adware.rules) * 1:21645 <-> DISABLED <-> PUA-ADWARE Adware.MediaGetInstaller outbound connection - source ip infected (snort3-pua-adware.rules) * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (snort3-file-identify.rules) * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (snort3-file-identify.rules) * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (snort3-file-identify.rules) * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (snort3-file-identify.rules) * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (snort3-file-identify.rules) * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (snort3-file-flash.rules) * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (snort3-file-flash.rules) * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (snort3-file-flash.rules) * 1:21662 <-> DISABLED <-> SERVER-OTHER Blue Coat Systems WinProxy telnet denial of service attempt (snort3-server-other.rules) * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (snort3-exploit-kit.rules) * 1:21669 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk missing SIP version denial of service attempt (snort3-protocol-voip.rules) * 1:21672 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP capabilities response message capabilities count overflow attempt (snort3-protocol-voip.rules) * 1:21673 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP overly large mem copy attempt (snort3-protocol-voip.rules) * 1:21674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (snort3-file-office.rules) * 1:21675 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (snort3-file-office.rules) * 1:21676 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (snort3-file-office.rules) * 1:21677 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (snort3-file-office.rules) * 1:21678 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (snort3-exploit-kit.rules) * 1:21679 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call attempt (snort3-exploit-kit.rules) * 1:21680 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (snort3-exploit-kit.rules) * 1:21681 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (snort3-exploit-kit.rules) * 1:21682 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (snort3-exploit-kit.rules) * 1:21683 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (snort3-exploit-kit.rules) * 1:21684 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (snort3-exploit-kit.rules) * 1:21685 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (snort3-exploit-kit.rules) * 1:21686 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (snort3-exploit-kit.rules) * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (snort3-file-identify.rules) * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (snort3-file-identify.rules) * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (snort3-file-identify.rules) * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (snort3-file-identify.rules) * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (snort3-file-identify.rules) * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (snort3-file-identify.rules) * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (snort3-file-identify.rules) * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (snort3-file-identify.rules) * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (snort3-file-identify.rules) * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (snort3-file-identify.rules) * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (snort3-file-identify.rules) * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (snort3-file-identify.rules) * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (snort3-file-identify.rules) * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (snort3-file-identify.rules) * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (snort3-file-identify.rules) * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (snort3-file-identify.rules) * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (snort3-file-identify.rules) * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (snort3-file-identify.rules) * 1:21707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (snort3-file-identify.rules) * 1:21708 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (snort3-file-identify.rules) * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (snort3-file-identify.rules) * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (snort3-file-identify.rules) * 1:21711 <-> ENABLED <-> FILE-IDENTIFY PFA file download request (snort3-file-identify.rules) * 1:21712 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (snort3-file-identify.rules) * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (snort3-file-identify.rules) * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (snort3-file-identify.rules) * 1:21715 <-> ENABLED <-> FILE-IDENTIFY PFB file download request (snort3-file-identify.rules) * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (snort3-file-identify.rules) * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (snort3-file-identify.rules) * 1:21718 <-> ENABLED <-> FILE-IDENTIFY PFM file download request (snort3-file-identify.rules) * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (snort3-file-identify.rules) * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (snort3-file-identify.rules) * 1:21721 <-> ENABLED <-> FILE-IDENTIFY AFM file download request (snort3-file-identify.rules) * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (snort3-file-identify.rules) * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (snort3-file-identify.rules) * 1:21724 <-> ENABLED <-> FILE-IDENTIFY ANI file download request (snort3-file-identify.rules) * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (snort3-file-identify.rules) * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (snort3-file-identify.rules) * 1:21727 <-> ENABLED <-> FILE-IDENTIFY ANI file magic detection (snort3-file-identify.rules) * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules) * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules) * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules) * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules) * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules) * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules) * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules) * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules) * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules) * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules) * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules) * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (snort3-file-identify.rules) * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (snort3-file-identify.rules) * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (snort3-file-identify.rules) * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (snort3-file-identify.rules) * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (snort3-file-identify.rules) * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (snort3-file-identify.rules) * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (snort3-file-identify.rules) * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (snort3-file-identify.rules) * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (snort3-file-identify.rules) * 1:21748 <-> ENABLED <-> FILE-IDENTIFY HPJ file download request (snort3-file-identify.rules) * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (snort3-file-identify.rules) * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (snort3-file-identify.rules) * 1:21751 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (snort3-file-identify.rules) * 1:21759 <-> DISABLED <-> FILE-OTHER Ultra Shareware Office HttpUpload buffer overflow attempt (snort3-file-other.rules) * 1:21763 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve Backup denial of service attempt (snort3-server-other.rules) * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (snort3-file-office.rules) * 1:21765 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF subroutine pointer attempt (snort3-file-pdf.rules) * 1:21767 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 Channel Driver DoS attempt (snort3-protocol-voip.rules) * 1:21768 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 Channel Driver DoS attempt (snort3-protocol-voip.rules) * 1:21777 <-> DISABLED <-> SQL waitfor delay function in POST - possible SQL injection attempt (snort3-sql.rules) * 1:21779 <-> DISABLED <-> SQL parameter ending in encoded comment characters - possible sql injection attempt - POST (snort3-sql.rules) * 1:21780 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded waitfor delay function in POST - possible sql injection attempt (snort3-indicator-obfuscation.rules) * 1:21781 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded union select function in POST - possible sql injection attempt (snort3-indicator-obfuscation.rules) * 1:21782 <-> DISABLED <-> INDICATOR-OBFUSCATION script tag in POST parameters - likely cross-site scripting (snort3-indicator-obfuscation.rules) * 1:21783 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded script tag in POST parameters - likely cross-site scripting (snort3-indicator-obfuscation.rules) * 1:21784 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded script tag in POST parameters - likely cross-site scripting (snort3-indicator-obfuscation.rules) * 1:21785 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript escape function in POST parameters - likely javascript injection (snort3-indicator-obfuscation.rules) * 1:21786 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded javascript escape function in POST parameters - likely javascript injection (snort3-indicator-obfuscation.rules) * 1:21787 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded javascript escape function in POST parameters - likely javascript injection (snort3-indicator-obfuscation.rules) * 1:21788 <-> DISABLED <-> SQL or kic = kic - known SQL injection routine (snort3-sql.rules) * 1:21789 <-> DISABLED <-> SQL or kic = kic - known SQL injection routine (snort3-sql.rules) * 1:21802 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file download request (snort3-file-identify.rules) * 1:21803 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (snort3-file-identify.rules) * 1:21804 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (snort3-file-identify.rules) * 1:21805 <-> DISABLED <-> FILE-MULTIMEDIA HT-MP3Player file parsing boundary buffer overflow attempt (snort3-file-multimedia.rules) * 1:21807 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (snort3-file-identify.rules) * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (snort3-file-identify.rules) * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (snort3-file-identify.rules) * 1:21810 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (snort3-file-identify.rules) * 1:21811 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (snort3-file-identify.rules) * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (snort3-file-identify.rules) * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (snort3-file-identify.rules) * 1:21814 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (snort3-file-identify.rules) * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (snort3-file-identify.rules) * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (snort3-file-identify.rules) * 1:21817 <-> DISABLED <-> PROTOCOL-DNS excessive queries of type ANY - potential DoS (snort3-protocol-dns.rules) * 1:21845 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - redirect received (snort3-malware-other.rules) * 1:21848 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - page redirecting to a SutraTDS (snort3-malware-other.rules) * 1:21849 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - HTTP header redirecting to a SutraTDS (snort3-malware-other.rules) * 1:21850 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - request hi.cgi (snort3-malware-other.rules) * 1:21851 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - redirect received (snort3-malware-other.rules) * 1:21853 <-> DISABLED <-> APP-DETECT ptunnel icmp proxy (snort3-app-detect.rules) * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (snort3-file-identify.rules) * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (snort3-file-identify.rules) * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (snort3-file-identify.rules) * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (snort3-file-identify.rules) * 1:21858 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader msiexec.exe file load exploit attempt (snort3-file-pdf.rules) * 1:21859 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader msiexec.exe file load exploit attempt (snort3-file-pdf.rules) * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (snort3-file-identify.rules) * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (snort3-file-identify.rules) * 1:21863 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (snort3-file-identify.rules) * 1:21864 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (snort3-file-identify.rules) * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (snort3-file-identify.rules) * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (snort3-file-identify.rules) * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (snort3-file-identify.rules) * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (snort3-file-identify.rules) * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (snort3-file-identify.rules) * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (snort3-file-identify.rules) * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (snort3-file-identify.rules) * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (snort3-file-identify.rules) * 1:21881 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (snort3-file-pdf.rules) * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (snort3-file-identify.rules) * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (snort3-file-identify.rules) * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (snort3-file-identify.rules) * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (snort3-file-identify.rules) * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (snort3-file-identify.rules) * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (snort3-file-identify.rules) * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (snort3-file-identify.rules) * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (snort3-file-identify.rules) * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (snort3-file-identify.rules) * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (snort3-file-identify.rules) * 1:21907 <-> DISABLED <-> FILE-OFFICE Microsoft Office rtf document generic exploit indicator (snort3-file-office.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (snort3-server-other.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (snort3-server-other.rules) * 1:21920 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In CorelDRAW file parser buffer overflow attempt (snort3-server-oracle.rules) * 1:21921 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In CorelDRAW file parser buffer overflow attempt (snort3-server-oracle.rules) * 1:21923 <-> DISABLED <-> SERVER-APACHE Apache Tomcat PUT request remote file deployment attempt (snort3-server-apache.rules) * 1:21924 <-> DISABLED <-> PUA-ADWARE Adware.Downware variant outbound connection attempt (snort3-pua-adware.rules) * 1:21929 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (snort3-file-office.rules) * 1:21930 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (snort3-file-office.rules) * 1:21934 <-> DISABLED <-> PUA-ADWARE 888Poker install outbound connection attempt (snort3-pua-adware.rules) * 1:21938 <-> DISABLED <-> PROTOCOL-TELNET RuggedCom default backdoor login attempt (snort3-protocol-telnet.rules) * 1:21939 <-> ENABLED <-> PROTOCOL-TELNET RuggedCom telnet initial banner (snort3-protocol-telnet.rules) * 1:21941 <-> DISABLED <-> INDICATOR-COMPROMISE Wordpress Request for php file in fgallery directory (snort3-indicator-compromise.rules) * 1:21949 <-> ENABLED <-> MALWARE-OTHER nikjju script injection (snort3-malware-other.rules) * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (snort3-server-other.rules) * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (snort3-browser-firefox.rules) * 1:21967 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip.A runtime detection (snort3-malware-backdoor.rules) * 1:21968 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Rebhip.A variant outbound connection type A (snort3-malware-backdoor.rules) * 1:21969 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Rebhip.A variant outbound connection type B (snort3-malware-backdoor.rules) * 1:21970 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zlob.P variant outbound connection (snort3-malware-backdoor.rules) * 1:21971 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zlob.P variant inbound connection (snort3-malware-backdoor.rules) * 1:21972 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.ZZSlash variant outbound connection (snort3-malware-backdoor.rules) * 1:21973 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.ZZSlash runtime detection (snort3-malware-backdoor.rules) * 1:21977 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Pinit variant outbound connection (snort3-malware-backdoor.rules) * 1:21978 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nervos variant outbound connection (snort3-malware-backdoor.rules) * 1:21979 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nervos variant inbound connection (snort3-malware-backdoor.rules) * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (snort3-file-identify.rules) * 1:22002 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Basic v6.0 - additional file magic detected (snort3-file-identify.rules) * 1:22013 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file download request (snort3-file-identify.rules) * 1:22014 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (snort3-file-identify.rules) * 1:22015 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (snort3-file-identify.rules) * 1:22016 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (snort3-file-identify.rules) * 1:22017 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file download request (snort3-file-identify.rules) * 1:22018 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (snort3-file-identify.rules) * 1:22019 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (snort3-file-identify.rules) * 1:22020 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (snort3-file-identify.rules) * 1:22021 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file download request (snort3-file-identify.rules) * 1:22022 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (snort3-file-identify.rules) * 1:22023 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (snort3-file-identify.rules) * 1:22024 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (snort3-file-identify.rules) * 1:22025 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file download request (snort3-file-identify.rules) * 1:22026 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (snort3-file-identify.rules) * 1:22027 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (snort3-file-identify.rules) * 1:22028 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (snort3-file-identify.rules) * 1:22029 <-> DISABLED <-> FILE-OTHER Visual Studio DBP file handling buffer overflow attempt (snort3-file-other.rules) * 1:22030 <-> DISABLED <-> FILE-OTHER Visual Studio PKP file handling buffer overflow attempt (snort3-file-other.rules) * 1:22031 <-> DISABLED <-> FILE-OTHER Visual Studio SLN file handling buffer overflow attempt (snort3-file-other.rules) * 1:22032 <-> DISABLED <-> FILE-OTHER Visual Studio VAP file handling buffer overflow attempt (snort3-file-other.rules) * 1:22043 <-> ENABLED <-> FILE-IDENTIFY XM file download request (snort3-file-identify.rules) * 1:22044 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (snort3-file-identify.rules) * 1:22045 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (snort3-file-identify.rules) * 1:22046 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (snort3-file-identify.rules) * 1:22061 <-> ENABLED <-> MALWARE-OTHER Alureon - Malicious IFRAME load attempt (snort3-malware-other.rules) * 1:22071 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - eval (snort3-indicator-obfuscation.rules) * 1:22072 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - fromCharCode (snort3-indicator-obfuscation.rules) * 1:22073 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - unescape (snort3-indicator-obfuscation.rules) * 1:22074 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - charCode (snort3-indicator-obfuscation.rules) * 1:22079 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework EvidenceBase class remote code execution attempt (snort3-os-windows.rules) * 1:22085 <-> DISABLED <-> FILE-OFFICE Microsoft Office GDI+ incorrect index validation of malformed EMF image attempt (snort3-file-office.rules) * 1:22086 <-> DISABLED <-> FILE-OFFICE Microsoft Office GDI+ incorrect index validation of malformed EMF image attempt (snort3-file-office.rules) * 1:22087 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font maxComponentPoints overflow attempt (snort3-file-other.rules) * 1:22090 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework malicious XBAP attempt (snort3-os-windows.rules) * 1:22095 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Agent variant outbound connection (snort3-malware-backdoor.rules) * 1:22098 <-> DISABLED <-> INDICATOR-COMPROMISE hex-encoded create_function detected (snort3-indicator-compromise.rules) * 1:22110 <-> DISABLED <-> SERVER-MAIL Metamail format string exploit attempt (snort3-server-mail.rules) * 1:22111 <-> DISABLED <-> SERVER-MAIL Metamail format string exploit attempt (snort3-server-mail.rules) * 1:22112 <-> DISABLED <-> SERVER-MAIL Metamail format string exploit attempt (snort3-server-mail.rules) * 1:22113 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (snort3-server-mail.rules) * 1:22114 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (snort3-server-mail.rules) * 1:22115 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (snort3-server-mail.rules) * 1:22917 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - cmd (snort3-indicator-compromise.rules) * 1:22918 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - search (snort3-indicator-compromise.rules) * 1:22919 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - upload (snort3-indicator-compromise.rules) * 1:22920 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - about (snort3-indicator-compromise.rules) * 1:22921 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - encoder (snort3-indicator-compromise.rules) * 1:22922 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - bind (snort3-indicator-compromise.rules) * 1:22923 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ps_aux (snort3-indicator-compromise.rules) * 1:22924 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ftpquickbrute (snort3-indicator-compromise.rules) * 1:22925 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - security (snort3-indicator-compromise.rules) * 1:22926 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - sql (snort3-indicator-compromise.rules) * 1:22927 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - eval (snort3-indicator-compromise.rules) * 1:22928 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - feedback (snort3-indicator-compromise.rules) * 1:22929 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - selfremove (snort3-indicator-compromise.rules) * 1:22930 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - fsbuff (snort3-indicator-compromise.rules) * 1:22931 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ls (snort3-indicator-compromise.rules) * 1:22932 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - phpinfo (snort3-indicator-compromise.rules) * 1:22933 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - tools (snort3-indicator-compromise.rules) * 1:22940 <-> DISABLED <-> INDICATOR-COMPROMISE Win32.Virut web propagation detection (snort3-indicator-compromise.rules) * 1:22941 <-> DISABLED <-> FILE-PDF Possible malicious PDF detection - qweqwe= (snort3-file-pdf.rules) * 1:22943 <-> ENABLED <-> FILE-IDENTIFY NAB file download request (snort3-file-identify.rules) * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (snort3-file-identify.rules) * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (snort3-file-identify.rules) * 1:22946 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (snort3-file-identify.rules) * 1:22948 <-> DISABLED <-> PROTOCOL-VOIP Avaya WinPDM header buffer overflow attempt (snort3-protocol-voip.rules) * 1:22953 <-> DISABLED <-> MALWARE-TOOLS Hulk denial of service attempt (snort3-malware-tools.rules) * 1:22955 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (snort3-file-identify.rules) * 1:22956 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (snort3-file-identify.rules) * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (snort3-file-identify.rules) * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (snort3-file-identify.rules) * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (snort3-file-identify.rules) * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (snort3-file-identify.rules) * 1:22967 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (snort3-file-identify.rules) * 1:22968 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (snort3-file-identify.rules) * 1:22969 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (snort3-file-identify.rules) * 1:22970 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (snort3-file-identify.rules) * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (snort3-file-identify.rules) * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (snort3-file-identify.rules) * 1:22973 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (snort3-file-identify.rules) * 1:22974 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (snort3-file-identify.rules) * 1:22975 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (snort3-file-identify.rules) * 1:22976 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (snort3-file-identify.rules) * 1:22977 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (snort3-file-identify.rules) * 1:22978 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (snort3-file-identify.rules) * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (snort3-file-identify.rules) * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (snort3-file-identify.rules) * 1:22981 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (snort3-file-identify.rules) * 1:22982 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (snort3-file-identify.rules) * 1:22983 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (snort3-file-identify.rules) * 1:22984 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (snort3-file-identify.rules) * 1:22985 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (snort3-file-identify.rules) * 1:22986 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (snort3-file-identify.rules) * 1:22987 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (snort3-file-identify.rules) * 1:22988 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (snort3-file-identify.rules) * 1:22989 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (snort3-file-identify.rules) * 1:22990 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (snort3-file-identify.rules) * 1:22991 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (snort3-file-identify.rules) * 1:22992 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (snort3-file-identify.rules) * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (snort3-file-identify.rules) * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (snort3-file-identify.rules) * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (snort3-file-identify.rules) * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (snort3-file-identify.rules) * 1:22997 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (snort3-file-identify.rules) * 1:22998 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (snort3-file-identify.rules) * 1:22999 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (snort3-file-identify.rules) * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (snort3-file-identify.rules) * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (snort3-file-identify.rules) * 1:23002 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (snort3-file-identify.rules) * 1:23003 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (snort3-file-identify.rules) * 1:23004 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (snort3-protocol-scada.rules) * 1:23005 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (snort3-protocol-scada.rules) * 1:23006 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (snort3-protocol-scada.rules) * 1:23007 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (snort3-protocol-scada.rules) * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (snort3-file-java.rules) * 1:23011 <-> ENABLED <-> FILE-IDENTIFY Collada file download request (snort3-file-identify.rules) * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (snort3-file-identify.rules) * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (snort3-file-identify.rules) * 1:23016 <-> DISABLED <-> INDICATOR-COMPROMISE base64-encoded c99shell download (snort3-indicator-compromise.rules) * 1:23017 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell comment (snort3-indicator-compromise.rules) * 1:23043 <-> DISABLED <-> FILE-PDF Unknown malicious PDF - CreationDate (snort3-file-pdf.rules) * 1:23044 <-> DISABLED <-> FILE-PDF Unknown malicious PDF - CreationDate (snort3-file-pdf.rules) * 1:23045 <-> DISABLED <-> FILE-PDF Unknown malicious PDF - Title (snort3-file-pdf.rules) * 1:23054 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nSSVGValue memory corruption attempt (snort3-browser-firefox.rules) * 1:23055 <-> DISABLED <-> PROTOCOL-FTP Multiple Products FTP MKD buffer overflow attempt (snort3-protocol-ftp.rules) * 1:23058 <-> ENABLED <-> MALWARE-OTHER NeoSploit Malvertising - URI Requested (snort3-malware-other.rules) * 1:23085 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - join (snort3-indicator-obfuscation.rules) * 1:23086 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - push (snort3-indicator-obfuscation.rules) * 1:23087 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - xval (snort3-indicator-obfuscation.rules) * 1:23088 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - qweqwe (snort3-indicator-obfuscation.rules) * 1:23089 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript strings - obfuscation pattern (snort3-indicator-obfuscation.rules) * 1:23090 <-> DISABLED <-> SERVER-OTHER known malicious SSL certificate derived from Microsoft CA detected (snort3-server-other.rules) * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (snort3-policy-other.rules) * 1:23106 <-> ENABLED <-> EXPLOIT-KIT SET java applet load attempt (snort3-exploit-kit.rules) * 1:23107 <-> DISABLED <-> INDICATOR-COMPROMISE BeEF javascript hook.js download attempt (snort3-indicator-compromise.rules) * 1:23110 <-> DISABLED <-> FILE-IMAGE Microsoft Windows graphics rendering engine buffer overflow attempt (snort3-file-image.rules) * 1:23113 <-> DISABLED <-> INDICATOR-OBFUSCATION eval gzinflate base64_decode call - likely malicious (snort3-indicator-obfuscation.rules) * 1:23114 <-> DISABLED <-> INDICATOR-OBFUSCATION GIF header with PHP tags - likely malicious (snort3-indicator-obfuscation.rules) * 1:23115 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB client authentication bypass attempt (snort3-server-mysql.rules) * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (snort3-file-flash.rules) * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (snort3-file-flash.rules) * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (snort3-file-flash.rules) * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (snort3-file-flash.rules) * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (snort3-file-flash.rules) * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (snort3-file-flash.rules) * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (snort3-file-flash.rules) * 1:23140 <-> DISABLED <-> FILE-PDF Unknown Malicious PDF - CreationDate (snort3-file-pdf.rules) * 1:23141 <-> ENABLED <-> EXPLOIT-KIT Fake transaction redirect page to exploit kit (snort3-exploit-kit.rules) * 1:23147 <-> ENABLED <-> EXPLOIT-KIT Suspicious taskkill script - StrReverse (snort3-exploit-kit.rules) * 1:23148 <-> ENABLED <-> EXPLOIT-KIT Suspicious StrReverse - Shell (snort3-exploit-kit.rules) * 1:23149 <-> ENABLED <-> EXPLOIT-KIT Suspicious StrReverse - Scripting.FileSystemObject (snort3-exploit-kit.rules) * 1:23160 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - fromCharCode (snort3-indicator-obfuscation.rules) * 1:23161 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - eval (snort3-indicator-obfuscation.rules) * 1:23166 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XDP encoded download attempt (snort3-file-pdf.rules) * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (snort3-file-identify.rules) * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (snort3-file-identify.rules) * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (snort3-file-identify.rules) * 1:23171 <-> DISABLED <-> INDICATOR-COMPROMISE Wordpress Request for html file in fgallery directory (snort3-indicator-compromise.rules) * 1:23173 <-> DISABLED <-> OS-MOBILE Android Zitmo trojan command and control channel traffic (snort3-os-mobile.rules) * 1:23178 <-> DISABLED <-> PROTOCOL-ICMP IPv6 router advertisement flood attempt (snort3-protocol-icmp.rules) * 1:23179 <-> DISABLED <-> INDICATOR-COMPROMISE script before DOCTYPE possible malicious redirect attempt (snort3-indicator-compromise.rules) * 1:23188 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules) * 1:23189 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules) * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (snort3-file-identify.rules) * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules) * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules) * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (snort3-file-identify.rules) * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules) * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules) * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (snort3-file-identify.rules) * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules) * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules) * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (snort3-file-identify.rules) * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules) * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules) * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (snort3-file-identify.rules) * 1:23203 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules) * 1:23204 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules) * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (snort3-file-identify.rules) * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules) * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (snort3-file-identify.rules) * 1:23208 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (snort3-protocol-voip.rules) * 1:23217 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic avoid_utf8_tolower javascript encoder (snort3-indicator-shellcode.rules) * 1:23226 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript error suppression routine (snort3-indicator-obfuscation.rules) * 1:23230 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST client identifier overflow attempt (snort3-os-windows.rules) * 1:23231 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST hostname overflow attempt (snort3-os-windows.rules) * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (snort3-os-windows.rules) * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (snort3-os-windows.rules) * 1:23239 <-> DISABLED <-> SERVER-OTHER Wireshark console.lua file load exploit attempt (snort3-server-other.rules) * 1:23246 <-> DISABLED <-> PUA-ADWARE Wajam Monitizer url outbound connection - post install (snort3-pua-adware.rules) * 1:23247 <-> DISABLED <-> PUA-ADWARE Wajam Monitizer outbound connection - post install (snort3-pua-adware.rules) * 1:23309 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (snort3-file-executable.rules) * 1:23310 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (snort3-file-executable.rules) * 1:23311 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (snort3-file-executable.rules) * 1:23312 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (snort3-file-executable.rules) * 1:23313 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (snort3-file-executable.rules) * 1:23315 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word request for imeshare.dll over SMB attempt (snort3-file-office.rules) * 1:23316 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word imeshare.dll dll-load exploit attempt (snort3-file-office.rules) * 1:23318 <-> DISABLED <-> FILE-OTHER ELF multiple antivirus evasion attempts (snort3-file-other.rules) * 1:23319 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (snort3-file-identify.rules) * 1:23320 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (snort3-file-identify.rules) * 1:23321 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (snort3-file-identify.rules) * 1:23322 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (snort3-file-identify.rules) * 1:23323 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (snort3-file-other.rules) * 1:23324 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (snort3-file-other.rules) * 1:23325 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (snort3-file-other.rules) * 1:23326 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (snort3-file-other.rules) * 1:23327 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (snort3-file-other.rules) * 1:23328 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (snort3-file-other.rules) * 1:23329 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (snort3-file-other.rules) * 1:23330 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (snort3-protocol-scada.rules) * 1:23338 <-> DISABLED <-> MALWARE-BACKDOOR Spindest.A runtime detection - initial connection (snort3-malware-backdoor.rules) * 1:23347 <-> ENABLED <-> FILE-IDENTIFY Lotus file download request (snort3-file-identify.rules) * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (snort3-file-identify.rules) * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (snort3-file-identify.rules) * 1:23350 <-> DISABLED <-> MALWARE-OTHER potential clickjacking via css pointer-events attempt (snort3-malware-other.rules) * 1:23351 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (snort3-file-other.rules) * 1:23356 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office text converters integer underflow attempt (snort3-file-office.rules) * 1:23357 <-> DISABLED <-> FILE-OTHER ELF multiple antivirus evasion attempts (snort3-file-other.rules) * 1:23358 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (snort3-file-other.rules) * 1:23359 <-> DISABLED <-> SERVER-OTHER Multiple Vendors SOAP large array parameter DoS attempt (snort3-server-other.rules) * 1:23360 <-> DISABLED <-> SERVER-IIS tilde character file name discovery attempt (snort3-server-iis.rules) * 1:23361 <-> DISABLED <-> SERVER-IIS tilde character file name discovery attempt (snort3-server-iis.rules) * 1:23362 <-> DISABLED <-> SERVER-IIS tilde character file name discovery attempt (snort3-server-iis.rules) * 1:23369 <-> DISABLED <-> PUA-ADWARE Adware.Phono post infection download attempt (snort3-pua-adware.rules) * 1:23381 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Thoper.C runtime detection (snort3-malware-backdoor.rules) * 1:23393 <-> ENABLED <-> SQL IBM SolidDB initial banner (snort3-sql.rules) * 1:23397 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services stack buffer overflow attempt (snort3-server-other.rules) * 1:23404 <-> DISABLED <-> SERVER-MAIL Mortal Universe POP Peeper date header overflow attempt (snort3-server-mail.rules) * 1:23408 <-> DISABLED <-> OS-WINDOWS Microsoft Windows large image resize denial of service attempt (snort3-os-windows.rules) * 1:23435 <-> DISABLED <-> SERVER-MAIL Alt-N MDaemon file attachment directory traversal attempt (snort3-server-mail.rules) * 1:23436 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX IDirectPlay4 denial of service attempt (snort3-os-windows.rules) * 1:23437 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX IDirectPlay4 denial of service attempt (snort3-os-windows.rules) * 1:23438 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell initialization attempt (snort3-indicator-compromise.rules) * 1:23439 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell upload attempt (snort3-indicator-compromise.rules) * 1:23440 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell upload attempt (snort3-indicator-compromise.rules) * 1:23441 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell upload attempt (snort3-indicator-compromise.rules) * 1:23442 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command injection attempt (snort3-indicator-compromise.rules) * 1:23443 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell failed remote command injection attempt (snort3-indicator-compromise.rules) * 1:23445 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox use-after free remote code execution attempt (snort3-browser-firefox.rules) * 1:23471 <-> DISABLED <-> BROWSER-CHROME Google Chrome net-internals uri fragment identifier XSS attempt (snort3-browser-chrome.rules) * 1:23472 <-> DISABLED <-> PUA-ADWARE FakeAV landing page request (snort3-pua-adware.rules) * 1:23474 <-> ENABLED <-> FILE-IDENTIFY PLP file download request (snort3-file-identify.rules) * 1:23475 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (snort3-file-identify.rules) * 1:23476 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (snort3-file-identify.rules) * 1:23477 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (snort3-file-identify.rules) * 1:23478 <-> DISABLED <-> FILE-OTHER ACDSee FotoSlate PLP file buffer overflow attempt (snort3-file-other.rules) * 1:23479 <-> DISABLED <-> FILE-OTHER ACDSee FotoSlate PLP file buffer overflow attempt (snort3-file-other.rules) * 1:23481 <-> DISABLED <-> INDICATOR-OBFUSCATION hex escaped characters in setTimeout call (snort3-indicator-obfuscation.rules) * 1:23482 <-> DISABLED <-> INDICATOR-OBFUSCATION hex escaped characters in addEventListener call (snort3-indicator-obfuscation.rules) * 1:23483 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Georbot file download (snort3-malware-backdoor.rules) * 1:23484 <-> DISABLED <-> INDICATOR-COMPROMISE Wordpress Invit0r plugin non-image file upload attempt (snort3-indicator-compromise.rules) * 1:23486 <-> ENABLED <-> FILE-IDENTIFY JOB file download request (snort3-file-identify.rules) * 1:23487 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (snort3-file-identify.rules) * 1:23488 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (snort3-file-identify.rules) * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (snort3-file-other.rules) * 1:23490 <-> DISABLED <-> FILE-MULTIMEDIA Oracle Java MixerSequencer RMF MIDI structure handling exploit attempt (snort3-file-multimedia.rules) * 1:23496 <-> ENABLED <-> FILE-IDENTIFY CUR file download request (snort3-file-identify.rules) * 1:23497 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (snort3-file-identify.rules) * 1:23498 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (snort3-file-identify.rules) * 1:23513 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (snort3-file-pdf.rules) * 1:23514 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (snort3-file-pdf.rules) * 1:23515 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (snort3-file-pdf.rules) * 1:23516 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (snort3-file-pdf.rules) * 1:23525 <-> DISABLED <-> FILE-OFFICE Microsoft Office BMP header biClrUsed integer overflow attempt (snort3-file-office.rules) * 1:23531 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (snort3-file-office.rules) * 1:23532 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (snort3-file-office.rules) * 1:23533 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (snort3-file-office.rules) * 1:23540 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word GDI+ Office Art Property Table remote code execution attempt (snort3-file-office.rules) * 1:23541 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel GDI+ Office Art Property Table remote code execution attempt (snort3-file-office.rules) * 1:23542 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel integer field in row record improper validation remote code execution attempt (snort3-file-office.rules) * 1:23543 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SxView record exploit attempt (snort3-file-office.rules) * 1:23557 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office text converters integer underflow attempt (snort3-file-office.rules) * 1:23564 <-> DISABLED <-> FILE-OTHER Adobe Illustrator DSC comment overflow attempt (snort3-file-other.rules) * 1:23578 <-> DISABLED <-> FILE-OTHER Microsoft Windows malformed ASF voice codec memory corruption attempt (snort3-file-other.rules) * 1:23589 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (snort3-file-image.rules) * 1:23590 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (snort3-file-image.rules) * 1:23596 <-> DISABLED <-> INDICATOR-COMPROMISE iframe before DOCTYPE possible malicious redirect attempt (snort3-indicator-compromise.rules) * 1:23601 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan default agent string (snort3-indicator-scan.rules) * 1:23602 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan Firefox agent string (snort3-indicator-scan.rules) * 1:23603 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan MSIE agent string (snort3-indicator-scan.rules) * 1:23604 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan iPhone agent string (snort3-indicator-scan.rules) * 1:23616 <-> ENABLED <-> APP-DETECT Amazon Kindle 3.0 User-Agent string requested (snort3-app-detect.rules) * 1:23617 <-> DISABLED <-> APP-DETECT Amazon Kindle chrome-scriptable-plugin attempt (snort3-app-detect.rules) * 1:23618 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection attempt (snort3-malware-other.rules) * 1:23620 <-> ENABLED <-> MALWARE-OTHER Malvertising network attempted redirect (snort3-malware-other.rules) * 1:23621 <-> DISABLED <-> INDICATOR-OBFUSCATION known packer routine with secondary obfuscation (snort3-indicator-obfuscation.rules) * 1:23624 <-> DISABLED <-> SERVER-OTHER Ubisoft Uplay browser plugin backdoor attempt (snort3-server-other.rules) * 1:23625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox resource URL handling directory traversal attempt (snort3-browser-firefox.rules) * 1:23636 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript built-in function parseInt appears obfuscated - likely packer or encoder (snort3-indicator-obfuscation.rules) * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (snort3-file-identify.rules) * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (snort3-file-identify.rules) * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (snort3-file-identify.rules) * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (snort3-file-identify.rules) * 1:23642 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (snort3-file-identify.rules) * 1:23643 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (snort3-file-identify.rules) * 1:23644 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (snort3-file-identify.rules) * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (snort3-file-identify.rules) * 1:23646 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (snort3-file-identify.rules) * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (snort3-file-identify.rules) * 1:23648 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (snort3-file-identify.rules) * 1:23649 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (snort3-file-identify.rules) * 1:23650 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (snort3-file-identify.rules) * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules) * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules) * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules) * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules) * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules) * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules) * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (snort3-file-identify.rules) * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (snort3-file-identify.rules) * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (snort3-file-identify.rules) * 1:23660 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (snort3-file-identify.rules) * 1:23661 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (snort3-file-identify.rules) * 1:23662 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (snort3-file-identify.rules) * 1:23663 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (snort3-file-identify.rules) * 1:23664 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (snort3-file-identify.rules) * 1:23665 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (snort3-file-identify.rules) * 1:23666 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (snort3-file-identify.rules) * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (snort3-file-identify.rules) * 1:23668 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (snort3-file-identify.rules) * 1:23669 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (snort3-file-identify.rules) * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (snort3-file-identify.rules) * 1:23671 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (snort3-file-identify.rules) * 1:23672 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (snort3-file-identify.rules) * 1:23673 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (snort3-file-identify.rules) * 1:23674 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (snort3-file-identify.rules) * 1:23675 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (snort3-file-identify.rules) * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (snort3-file-identify.rules) * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (snort3-file-identify.rules) * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (snort3-file-identify.rules) * 1:23679 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (snort3-file-identify.rules) * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (snort3-file-identify.rules) * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (snort3-file-identify.rules) * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (snort3-file-identify.rules) * 1:23688 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (snort3-file-identify.rules) * 1:23689 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (snort3-file-identify.rules) * 1:23690 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (snort3-file-identify.rules) * 1:23691 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (snort3-file-identify.rules) * 1:23692 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (snort3-file-identify.rules) * 1:23693 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (snort3-file-identify.rules) * 1:23694 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (snort3-file-identify.rules) * 1:23695 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (snort3-file-identify.rules) * 1:23696 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (snort3-file-identify.rules) * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (snort3-file-identify.rules) * 1:23698 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (snort3-file-identify.rules) * 1:23702 <-> DISABLED <-> FILE-IDENTIFY WordPerfect file magic detected (snort3-file-identify.rules) * 1:23703 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (snort3-file-identify.rules) * 1:23704 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.51-v0.61 packed file magic detected (snort3-file-identify.rules) * 1:23705 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.62-v1.22 packed file magic detected (snort3-file-identify.rules) * 1:23706 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v2.90 v2.93-v3.00 packed file magic detected (snort3-file-identify.rules) * 1:23707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (snort3-file-identify.rules) * 1:23709 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (snort3-file-identify.rules) * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (snort3-file-identify.rules) * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (snort3-file-identify.rules) * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (snort3-file-identify.rules) * 1:23713 <-> DISABLED <-> FILE-IDENTIFY Metastock mwl file magic detected (snort3-file-identify.rules) * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (snort3-file-identify.rules) * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (snort3-file-identify.rules) * 1:23722 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Address Book file magic detected (snort3-file-identify.rules) * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (snort3-file-identify.rules) * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (snort3-file-identify.rules) * 1:23726 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (snort3-file-identify.rules) * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (snort3-file-identify.rules) * 1:23728 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (snort3-file-identify.rules) * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (snort3-file-identify.rules) * 1:23730 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (snort3-file-identify.rules) * 1:23731 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (snort3-file-identify.rules) * 1:23732 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (snort3-file-identify.rules) * 1:23733 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (snort3-file-identify.rules) * 1:23734 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (snort3-file-identify.rules) * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (snort3-file-identify.rules) * 1:23736 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (snort3-file-identify.rules) * 1:23737 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (snort3-file-identify.rules) * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (snort3-file-identify.rules) * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (snort3-file-identify.rules) * 1:23749 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (snort3-file-identify.rules) * 1:23750 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (snort3-file-identify.rules) * 1:23751 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (snort3-file-identify.rules) * 1:23752 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (snort3-file-identify.rules) * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (snort3-file-identify.rules) * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (snort3-file-identify.rules) * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (snort3-file-identify.rules) * 1:23756 <-> DISABLED <-> FILE-IDENTIFY New Executable binary file magic detected (snort3-file-identify.rules) * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (snort3-file-identify.rules) * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (snort3-file-identify.rules) * 1:23760 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (snort3-file-identify.rules) * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (snort3-file-identify.rules) * 1:23762 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (snort3-file-identify.rules) * 1:23763 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (snort3-file-identify.rules) * 1:23764 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (snort3-file-identify.rules) * 1:23765 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (snort3-file-identify.rules) * 1:23768 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Basic v6.0 - additional file magic detected (snort3-file-identify.rules) * 1:23769 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (snort3-file-identify.rules) * 1:23770 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (snort3-file-identify.rules) * 1:23771 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (snort3-file-identify.rules) * 1:23772 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (snort3-file-identify.rules) * 1:23773 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (snort3-file-identify.rules) * 1:23774 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (snort3-file-identify.rules) * 1:23776 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (snort3-file-identify.rules) * 1:23779 <-> DISABLED <-> SERVER-APACHE Apache WebDAV mod_dav nested entity reference DoS attempt (snort3-server-apache.rules) * 1:23798 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection page (snort3-malware-other.rules) * 1:23807 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (snort3-file-identify.rules) * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules) * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules) * 1:23810 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (snort3-file-identify.rules) * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules) * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules) * 1:23813 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (snort3-file-identify.rules) * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules) * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules) * 1:23816 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (snort3-file-identify.rules) * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules) * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules) * 1:23819 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (snort3-file-identify.rules) * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules) * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (snort3-file-identify.rules) * 1:23822 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (snort3-file-identify.rules) * 1:23823 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (snort3-file-identify.rules) * 1:23829 <-> DISABLED <-> INDICATOR-COMPROMISE Loaderz Web Shell (snort3-indicator-compromise.rules) * 1:23830 <-> DISABLED <-> INDICATOR-COMPROMISE Alsa3ek Web Shell (snort3-indicator-compromise.rules) * 1:23831 <-> DISABLED <-> INDICATOR-OBFUSCATION non-alphanumeric javascript detected (snort3-indicator-obfuscation.rules) * 1:23832 <-> DISABLED <-> INDICATOR-OBFUSCATION non-alphanumeric javascript detected (snort3-indicator-obfuscation.rules) * 1:23833 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection campaign - blackmuscat (snort3-malware-other.rules) * 1:23846 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Terminal server RDP freed memory write attempt (snort3-os-windows.rules) * 1:23851 <-> DISABLED <-> FILE-PDF Blackhole exploit kit related malicious file detection (snort3-file-pdf.rules) * 1:23852 <-> DISABLED <-> FILE-PDF Blackhole exploit kit related malicious file detection (snort3-file-pdf.rules) * 1:23863 <-> DISABLED <-> PUA-ADWARE LiveSecurityPlatinum.A outbound connection - initial connection (snort3-pua-adware.rules) * 1:23864 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid font WeightVector attempt (snort3-file-pdf.rules) * 1:23865 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid font WeightVector attempt (snort3-file-pdf.rules) * 1:23866 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (snort3-file-pdf.rules) * 1:23867 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (snort3-file-pdf.rules) * 1:23868 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (snort3-file-pdf.rules) * 1:23869 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (snort3-file-pdf.rules) * 1:23870 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (snort3-file-pdf.rules) * 1:23871 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (snort3-file-pdf.rules) * 1:23874 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader postscript font execution malformed subroutine entries attempt (snort3-file-pdf.rules) * 1:23875 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader postscript font execution malformed subroutine entries attempt (snort3-file-pdf.rules) * 1:23881 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (snort3-file-pdf.rules) * 1:23882 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (snort3-file-pdf.rules) * 1:23883 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 encoding invalid symbol in dictionary segment (snort3-file-pdf.rules) * 1:23884 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 encoding invalid symbol in dictionary segment (snort3-file-pdf.rules) * 1:23891 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (snort3-file-pdf.rules) * 1:23892 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (snort3-file-pdf.rules) * 1:23898 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.collectEmailInfo exploit attempt (snort3-file-pdf.rules) * 1:23899 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (snort3-file-pdf.rules) * 1:23900 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (snort3-file-pdf.rules) * 1:23901 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (snort3-file-pdf.rules) * 1:23902 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (snort3-file-pdf.rules) * 1:23905 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (snort3-indicator-compromise.rules) * 1:23906 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (snort3-indicator-compromise.rules) * 1:23907 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (snort3-indicator-compromise.rules) * 1:23908 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (snort3-indicator-compromise.rules) * 1:23909 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (snort3-indicator-compromise.rules) * 1:23910 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (snort3-indicator-compromise.rules) * 1:23911 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (snort3-indicator-compromise.rules) * 1:23912 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (snort3-indicator-compromise.rules) * 1:23913 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (snort3-indicator-compromise.rules) * 1:23914 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (snort3-indicator-compromise.rules) * 1:23915 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (snort3-indicator-compromise.rules) * 1:23916 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (snort3-indicator-compromise.rules) * 1:23917 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (snort3-indicator-compromise.rules) * 1:23918 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (snort3-indicator-compromise.rules) * 1:23919 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (snort3-indicator-compromise.rules) * 1:23920 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (snort3-indicator-compromise.rules) * 1:23921 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (snort3-indicator-compromise.rules) * 1:23922 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (snort3-indicator-compromise.rules) * 1:23923 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (snort3-indicator-compromise.rules) * 1:23924 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (snort3-indicator-compromise.rules) * 1:23925 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (snort3-indicator-compromise.rules) * 1:23926 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (snort3-indicator-compromise.rules) * 1:23927 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (snort3-indicator-compromise.rules) * 1:23928 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (snort3-indicator-compromise.rules) * 1:23929 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (snort3-indicator-compromise.rules) * 1:23930 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (snort3-indicator-compromise.rules) * 1:23931 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (snort3-indicator-compromise.rules) * 1:23932 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (snort3-indicator-compromise.rules) * 1:23933 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (snort3-indicator-compromise.rules) * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (snort3-server-oracle.rules) * 1:23947 <-> DISABLED <-> SQL IBM System Storage DS storage manager profiler sql injection attempt (snort3-sql.rules) * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (snort3-os-windows.rules) * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (snort3-os-windows.rules) * 1:23952 <-> DISABLED <-> MALWARE-TOOLS Tors Hammer slow post flood attempt (snort3-malware-tools.rules) * 1:23954 <-> DISABLED <-> OS-MOBILE Android SMSZombie APK file download attempt (snort3-os-mobile.rules) * 1:23964 <-> DISABLED <-> PROTOCOL-SCADA BroadWin WebAccess Client format string exploit attempt (snort3-protocol-scada.rules) * 1:23965 <-> DISABLED <-> PROTOCOL-SCADA BroadWin WebAccess Client arbitrary memory corruption attempt (snort3-protocol-scada.rules) * 1:23966 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk invite malformed SDP denial of service attempt (snort3-protocol-voip.rules) * 1:23969 <-> ENABLED <-> OS-MOBILE Android SMSZombie APK file download (snort3-os-mobile.rules) * 1:23979 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (snort3-server-other.rules) * 1:23980 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (snort3-server-other.rules) * 1:23981 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (snort3-server-other.rules) * 1:23982 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (snort3-server-other.rules) * 1:23983 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (snort3-server-other.rules) * 1:23990 <-> DISABLED <-> POLICY-SOCIAL Apple Messages client side certificate request attempt (snort3-policy-social.rules) * 1:23991 <-> DISABLED <-> POLICY-SOCIAL Apple Messages service server request attempt (snort3-policy-social.rules) * 1:23998 <-> DISABLED <-> SERVER-OTHER DHCP discover broadcast flood attempt (snort3-server-other.rules) * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (snort3-file-office.rules) * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (snort3-file-office.rules) * 1:24008 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool (snort3-policy-other.rules) * 1:24017 <-> ENABLED <-> MALWARE-OTHER Possible malicious redirect - rebots.php (snort3-malware-other.rules) * 1:24020 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (snort3-file-java.rules) * 1:24021 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (snort3-file-java.rules) * 1:24022 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (snort3-file-java.rules) * 1:24023 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (snort3-file-java.rules) * 1:24024 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (snort3-file-java.rules) * 1:24025 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (snort3-file-java.rules) * 1:24027 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (snort3-file-java.rules) * 1:24028 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (snort3-file-java.rules) * 1:24036 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (snort3-file-java.rules) * 1:24037 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (snort3-file-java.rules) * 1:24038 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (snort3-file-java.rules) * 1:24045 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file download request (snort3-file-identify.rules) * 1:24046 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (snort3-file-identify.rules) * 1:24047 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (snort3-file-identify.rules) * 1:24048 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file download request (snort3-file-identify.rules) * 1:24049 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (snort3-file-identify.rules) * 1:24050 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (snort3-file-identify.rules) * 1:24051 <-> DISABLED <-> FILE-OTHER Winamp skin file arbitrary code execution attempt (snort3-file-other.rules) * 1:24052 <-> DISABLED <-> FILE-OTHER Winamp skin file arbitrary code execution attempt (snort3-file-other.rules) * 1:24055 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (snort3-file-java.rules) * 1:24056 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (snort3-file-java.rules) * 1:24057 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (snort3-file-java.rules) * 1:24058 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (snort3-file-java.rules) * 1:24064 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (snort3-file-java.rules) * 1:24065 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (snort3-file-java.rules) * 1:24066 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (snort3-file-java.rules) * 1:24067 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 buffer over-read attempt (snort3-file-other.rules) * 1:24068 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 bufer over-read attempt (snort3-file-other.rules) * 1:24069 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 buffer over-read attempt (snort3-file-other.rules) * 1:24070 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 buffer over-read attempt (snort3-file-other.rules) * 1:24074 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (snort3-file-identify.rules) * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (snort3-file-identify.rules) * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (snort3-file-identify.rules) * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (snort3-file-identify.rules) * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (snort3-file-identify.rules) * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (snort3-file-identify.rules) * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (snort3-file-identify.rules) * 1:24084 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (snort3-file-java.rules) * 1:24085 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (snort3-file-java.rules) * 1:24086 <-> DISABLED <-> PUA-ADWARE Adware.AdultAds outbound connection (snort3-pua-adware.rules) * 1:24089 <-> ENABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (snort3-os-windows.rules) * 1:24094 <-> DISABLED <-> APP-DETECT Teamviewer control server ping (snort3-app-detect.rules) * 1:24095 <-> DISABLED <-> APP-DETECT Teamviewer installer download attempt (snort3-app-detect.rules) * 1:24096 <-> DISABLED <-> APP-DETECT Teamviewer remote connection attempt (snort3-app-detect.rules) * 1:24097 <-> DISABLED <-> APP-DETECT Teamviewer remote connection attempt (snort3-app-detect.rules) * 1:24098 <-> DISABLED <-> APP-DETECT Teamviewer remote connection attempt (snort3-app-detect.rules) * 1:24099 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection attempt (snort3-malware-other.rules) * 1:24100 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (snort3-file-identify.rules) * 1:24101 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (snort3-file-identify.rules) * 1:24103 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPG file (snort3-malware-other.rules) * 1:24104 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPEG file (snort3-malware-other.rules) * 1:24105 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a GIF file (snort3-malware-other.rules) * 1:24106 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a PNG file (snort3-malware-other.rules) * 1:24107 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a BMP file (snort3-malware-other.rules) * 1:24108 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a RAR file (snort3-malware-other.rules) * 1:24109 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a ZIP file (snort3-malware-other.rules) * 1:24110 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to an MP3 file (snort3-malware-other.rules) * 1:24114 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic avoid_underscore_tolower encoder (snort3-indicator-shellcode.rules) * 1:24115 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (snort3-malware-backdoor.rules) * 1:24116 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (snort3-malware-backdoor.rules) * 1:24117 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (snort3-malware-backdoor.rules) * 1:24118 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (snort3-malware-backdoor.rules) * 1:24119 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (snort3-malware-backdoor.rules) * 1:24120 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (snort3-malware-backdoor.rules) * 1:24121 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (snort3-malware-backdoor.rules) * 1:24122 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (snort3-malware-backdoor.rules) * 1:24123 <-> DISABLED <-> MALWARE-BACKDOOR Virus.Win32.Xpaj.A variant outbound connection (snort3-malware-backdoor.rules) * 1:24125 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (snort3-file-java.rules) * 1:24126 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (snort3-file-java.rules) * 1:24127 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - QUERY_PATH_INFO csrss.exe (snort3-indicator-compromise.rules) * 1:24128 <-> DISABLED <-> OS-WINDOWS Microsoft SCCM ReportChart xss attempt (snort3-os-windows.rules) * 1:24129 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel catLabel pointer manipulation attempt (snort3-file-office.rules) * 1:24130 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel catLabel pointer manipulation attempt (snort3-file-office.rules) * 1:24131 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (snort3-os-windows.rules) * 1:24132 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (snort3-os-windows.rules) * 1:24133 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (snort3-os-windows.rules) * 1:24134 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (snort3-os-windows.rules) * 1:24135 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (snort3-os-windows.rules) * 1:24136 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (snort3-os-windows.rules) * 1:24137 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (snort3-os-windows.rules) * 1:24143 <-> ENABLED <-> MALWARE-OTHER Dorifel/Quervar/XDocCrypt query for machine name KASPERSKY (snort3-malware-other.rules) * 1:24144 <-> ENABLED <-> MALWARE-OTHER Dorifel/Quervar/XDocCrypt download (snort3-malware-other.rules) * 1:24145 <-> ENABLED <-> MALWARE-OTHER Dorifel/Quervar/XDocCrypt sent over email (snort3-malware-other.rules) * 1:24148 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious charstring stream attempt (snort3-file-pdf.rules) * 1:24149 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious charstring stream attempt (snort3-file-pdf.rules) * 1:24152 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF bytecode memory corruption attempt (snort3-file-pdf.rules) * 1:24153 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF bytecode memory corruption attempt (snort3-file-pdf.rules) * 1:24154 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader free text annotation invalid IT value denial of service attempt (snort3-file-pdf.rules) * 1:24155 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader free text annotation invalid IT value denial of service attempt (snort3-file-pdf.rules) * 1:24159 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (snort3-file-other.rules) * 1:24160 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (snort3-file-other.rules) * 1:24161 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (snort3-file-other.rules) * 1:24162 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (snort3-file-other.rules) * 1:24163 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (snort3-file-other.rules) * 1:24164 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (snort3-file-other.rules) * 1:24165 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (snort3-file-other.rules) * 1:24166 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (snort3-file-other.rules) * 1:24167 <-> DISABLED <-> INDICATOR-OBFUSCATION document write of unescaped value with remote script (snort3-indicator-obfuscation.rules) * 1:24168 <-> DISABLED <-> INDICATOR-OBFUSCATION hidden iframe - potential include of malicious content (snort3-indicator-obfuscation.rules) * 1:24173 <-> DISABLED <-> MALWARE-BACKDOOR Trojan-Downloader.Win32.Doneltart.A runtime detection (snort3-malware-backdoor.rules) * 1:24176 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (snort3-file-other.rules) * 1:24177 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (snort3-file-other.rules) * 1:24178 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (snort3-file-other.rules) * 1:24179 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (snort3-file-other.rules) * 1:24180 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (snort3-file-other.rules) * 1:24181 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (snort3-file-other.rules) * 1:24190 <-> ENABLED <-> FILE-IDENTIFY X PixMap file magic detected (snort3-file-identify.rules) * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (snort3-file-identify.rules) * 1:24209 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow (snort3-file-other.rules) * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (snort3-file-identify.rules) * 1:24218 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (snort3-file-identify.rules) * 1:24219 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (snort3-file-identify.rules) * 1:24221 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (snort3-server-other.rules) * 1:24222 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (snort3-server-other.rules) * 1:24223 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (snort3-server-other.rules) * 1:24225 <-> ENABLED <-> MALWARE-OTHER malicious redirection attempt (snort3-malware-other.rules) * 1:24229 <-> DISABLED <-> FILE-OTHER RealNetworks Netzip Classic zip archive long filename buffer overflow attempt (snort3-file-other.rules) * 1:24230 <-> DISABLED <-> FILE-OTHER RealNetworks Netzip Classic zip archive long filename buffer overflow attempt (snort3-file-other.rules) * 1:24231 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit redirection attempt (snort3-exploit-kit.rules) * 1:24232 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit outbound connection (snort3-exploit-kit.rules) * 1:24233 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit outbound connection (snort3-exploit-kit.rules) * 1:24234 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit outbound connection (snort3-exploit-kit.rules) * 1:24250 <-> DISABLED <-> SERVER-OTHER telephone URI to USSD code for factory reset (snort3-server-other.rules) * 1:24251 <-> DISABLED <-> OS-MOBILE Android/Fakelash.A!tr.spy trojan command and control channel traffic (snort3-os-mobile.rules) * 1:24253 <-> DISABLED <-> INDICATOR-COMPROMISE IP only webpage redirect attempt (snort3-indicator-compromise.rules) * 1:24254 <-> DISABLED <-> INDICATOR-COMPROMISE IP only webpage redirect attempt (snort3-indicator-compromise.rules) * 1:24256 <-> ENABLED <-> MALWARE-BACKDOOR phpMyAdmin server_sync.php backdoor access attempt (snort3-malware-backdoor.rules) * 1:24257 <-> ENABLED <-> MALWARE-OTHER mygeeksmail.dll download (snort3-malware-other.rules) * 1:24258 <-> ENABLED <-> MALWARE-OTHER mygeeksmail.dll download (snort3-malware-other.rules) * 1:24259 <-> ENABLED <-> MALWARE-OTHER PwDump7.exe download (snort3-malware-other.rules) * 1:24260 <-> ENABLED <-> MALWARE-OTHER PwDump7.exe download (snort3-malware-other.rules) * 1:24261 <-> ENABLED <-> MALWARE-OTHER Lanman2.dll download (snort3-malware-other.rules) * 1:24262 <-> ENABLED <-> MALWARE-OTHER Lanman2.dll download (snort3-malware-other.rules) * 1:24264 <-> DISABLED <-> FILE-PDF Overly large CreationDate within a pdf - likely malicious (snort3-file-pdf.rules) * 1:24265 <-> ENABLED <-> MALWARE-OTHER Malicious UA detected on non-standard port (snort3-malware-other.rules) * 1:24266 <-> DISABLED <-> FILE-PDF xpdf ObjectStream integer overflow (snort3-file-pdf.rules) * 1:24270 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk RTP comfort noise denial of service attempt (snort3-protocol-voip.rules) * 1:24283 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC webm memory corruption attempt (snort3-file-multimedia.rules) * 1:24290 <-> DISABLED <-> SERVER-OTHER Fortinet FortiOS appliedTags field cross site scripting attempt (snort3-server-other.rules) * 1:24294 <-> DISABLED <-> PROTOCOL-ICMP IPv6 neighbor advertisement flood attempt (snort3-protocol-icmp.rules) * 1:24295 <-> DISABLED <-> PROTOCOL-ICMP suspicious IPv6 router advertisement attempt (snort3-protocol-icmp.rules) * 1:24296 <-> DISABLED <-> PROTOCOL-ICMP IPv6 router advertisement invalid prefix option attempt (snort3-protocol-icmp.rules) * 1:24297 <-> DISABLED <-> PROTOCOL-ICMP IPv6 oversized ICMP ping attempt (snort3-protocol-icmp.rules) * 1:24298 <-> DISABLED <-> PROTOCOL-ICMP IPv6 0xdeadbeef ICMP ping attempt (snort3-protocol-icmp.rules) * 1:24299 <-> DISABLED <-> PROTOCOL-ICMP IPv6 invalid router advertisement attempt (snort3-protocol-icmp.rules) * 1:24301 <-> DISABLED <-> PROTOCOL-ICMP IPv6 MLD multicast listener query attempt (snort3-protocol-icmp.rules) * 1:24302 <-> DISABLED <-> PROTOCOL-ICMP IPv6 multicast neighbor delete attempt (snort3-protocol-icmp.rules) * 1:24304 <-> DISABLED <-> PROTOCOL-DNS dead alive6 DNS attempt (snort3-protocol-dns.rules) * 1:24305 <-> DISABLED <-> PROTOCOL-ICMP invalid ICMPv6 header attempt (snort3-protocol-icmp.rules) * 1:24306 <-> DISABLED <-> SERVER-APACHE HP Operations Dashboard Apache Tomcat default admin account access attempt (snort3-server-apache.rules) * 1:24311 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Downloader download (snort3-malware-other.rules) * 1:24312 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Downloader inbound email (snort3-malware-other.rules) * 1:24344 <-> ENABLED <-> EXPLOIT-KIT Unknown exploit kit redirection page (snort3-exploit-kit.rules) * 1:24348 <-> DISABLED <-> SERVER-APACHE Apache mod_rpaf X-Forwarded-For header denial of service attempt (snort3-server-apache.rules) * 1:24355 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server Reporting Services cross site scripting attempt (snort3-server-mssql.rules) * 1:24356 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server Reporting Services cross site scripting attempt (snort3-server-mssql.rules) * 1:24359 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (snort3-os-windows.rules) * 1:24360 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Kerberos NULL session denial of service attempt (snort3-os-windows.rules) * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (snort3-file-flash.rules) * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (snort3-file-flash.rules) * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (snort3-file-flash.rules) * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (snort3-file-flash.rules) * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (snort3-file-flash.rules) * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (snort3-file-flash.rules) * 1:24370 <-> DISABLED <-> OS-LINUX Linux kernel IA32 out-of-bounds system call attempt (snort3-os-linux.rules) * 1:24371 <-> DISABLED <-> OS-LINUX Linux kernel IA32 out-of-bounds system call attempt (snort3-os-linux.rules) * 1:24372 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (snort3-server-other.rules) * 1:24376 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.Delf.KDV runtime detection (snort3-malware-backdoor.rules) * 1:24377 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.FakeAV.FakeAlert runtime detection (snort3-malware-backdoor.rules) * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (snort3-policy-other.rules) * 1:24379 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (snort3-server-iis.rules) * 1:24386 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products xdomain object information disclosure attempt (snort3-browser-firefox.rules) * 1:24387 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products xdomain object information disclosure attempt (snort3-browser-firefox.rules) * 1:24388 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro file upload (snort3-indicator-compromise.rules) * 1:24389 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro status check (snort3-indicator-compromise.rules) * 1:24390 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro start perl (snort3-indicator-compromise.rules) * 1:24391 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro start php (snort3-indicator-compromise.rules) * 1:24392 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro write file (snort3-indicator-compromise.rules) * 1:24393 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro stop attack (snort3-indicator-compromise.rules) * 1:24394 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro start attack (snort3-indicator-compromise.rules) * 1:24395 <-> DISABLED <-> MALWARE-OTHER itsoknoproblembro TCP flood (snort3-malware-other.rules) * 1:24396 <-> DISABLED <-> MALWARE-OTHER itsoknoproblembro UDP flood (snort3-malware-other.rules) * 1:24397 <-> DISABLED <-> APP-DETECT Steam game URI handler (snort3-app-detect.rules) * 1:24400 <-> DISABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Protos.A runtime detection (snort3-malware-backdoor.rules) * 1:24401 <-> DISABLED <-> OS-WINDOWS PCT Client_Hello overflow attempt (snort3-os-windows.rules) * 1:24402 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO install time detection (snort3-malware-backdoor.rules) * 1:24403 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (snort3-malware-backdoor.rules) * 1:24404 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (snort3-malware-backdoor.rules) * 1:24408 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Miniflame download attempt (snort3-malware-other.rules) * 1:24409 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Miniflame download attempt (snort3-malware-other.rules) * 1:24410 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gauss download attempt (snort3-malware-other.rules) * 1:24411 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gauss download attempt (snort3-malware-other.rules) * 1:24412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (snort3-file-flash.rules) * 1:24413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (snort3-file-flash.rules) * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (snort3-file-flash.rules) * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (snort3-file-flash.rules) * 1:24421 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL injection attempt (snort3-protocol-scada.rules) * 1:24422 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL injection attempt (snort3-protocol-scada.rules) * 1:24423 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL hard coded user login attempt (snort3-protocol-scada.rules) * 1:24424 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL hard coded user login attempt (snort3-protocol-scada.rules) * 1:24425 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi command injection attempt (snort3-protocol-scada.rules) * 1:24426 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot class download (snort3-malware-other.rules) * 1:24427 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot jar download (snort3-malware-other.rules) * 1:24432 <-> DISABLED <-> BROWSER-OTHER HTML5 canvas element heap spray attempt (snort3-browser-other.rules) * 1:24433 <-> DISABLED <-> BROWSER-OTHER HTML5 canvas element heap spray attempt (snort3-browser-other.rules) * 1:24434 <-> DISABLED <-> INDICATOR-COMPROMISE fx29shell.php connection attempt (snort3-indicator-compromise.rules) * 1:24453 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (snort3-file-identify.rules) * 1:24454 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (snort3-file-identify.rules) * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (snort3-file-identify.rules) * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (snort3-file-identify.rules) * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (snort3-file-identify.rules) * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (snort3-file-identify.rules) * 1:24459 <-> ENABLED <-> FILE-IDENTIFY PSD file download request (snort3-file-identify.rules) * 1:24460 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (snort3-file-identify.rules) * 1:24461 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (snort3-file-identify.rules) * 1:24462 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (snort3-file-identify.rules) * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (snort3-file-identify.rules) * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (snort3-file-identify.rules) * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (snort3-file-identify.rules) * 1:24466 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (snort3-file-identify.rules) * 1:24467 <-> ENABLED <-> FILE-IDENTIFY XCF file download request (snort3-file-identify.rules) * 1:24468 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (snort3-file-identify.rules) * 1:24469 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (snort3-file-identify.rules) * 1:24470 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (snort3-file-identify.rules) * 1:24471 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (snort3-file-identify.rules) * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (snort3-file-identify.rules) * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (snort3-file-identify.rules) * 1:24474 <-> DISABLED <-> BROWSER-OTHER Puffin Browser usage detected (snort3-browser-other.rules) * 1:24476 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (snort3-protocol-scada.rules) * 1:24477 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (snort3-protocol-scada.rules) * 1:24478 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (snort3-protocol-scada.rules) * 1:24479 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (snort3-protocol-scada.rules) * 1:24481 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (snort3-protocol-scada.rules) * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (snort3-file-identify.rules) * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (snort3-file-identify.rules) * 1:24488 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI common name spoofing attempt (snort3-os-windows.rules) * 1:24489 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI common name spoofing attempt (snort3-os-windows.rules) * 1:24490 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI common name spoofing attempt (snort3-os-windows.rules) * 1:24498 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (snort3-file-java.rules) * 1:24499 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (snort3-file-java.rules) * 1:24506 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader null pointer dereference attempt (snort3-file-pdf.rules) * 1:24510 <-> DISABLED <-> FILE-JAVA Oracle Java XGetSamplePtrFromSnd memory corruption attempt (snort3-file-java.rules) * 1:24511 <-> DISABLED <-> FILE-JAVA Oracle Java XGetSamplePtrFromSnd memory corruption attempt (snort3-file-java.rules) * 1:24512 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (snort3-server-other.rules) * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (snort3-server-other.rules) * 1:24515 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Lucuis malware file download (snort3-malware-other.rules) * 1:24516 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Lucuis malware file download (snort3-malware-other.rules) * 1:24522 <-> DISABLED <-> SERVER-OTHER VxWorks RPC request to MGCP service attempt (snort3-server-other.rules) * 1:24524 <-> DISABLED <-> SERVER-MAIL Novell GroupWise internet agent iCalendar parsing denial of service attempt (snort3-server-mail.rules) * 1:24530 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.Ransomlock runtime detection (snort3-malware-backdoor.rules) * 1:24536 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (snort3-server-other.rules) * 1:24537 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (snort3-server-other.rules) * 1:24538 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (snort3-server-other.rules) * 1:24540 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Spy.Heur variant outbound connection attempt (snort3-malware-backdoor.rules) * 1:24545 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client response (snort3-malware-backdoor.rules) * 1:24551 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (snort3-file-image.rules) * 1:24552 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (snort3-file-image.rules) * 1:24553 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (snort3-file-image.rules) * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (snort3-file-identify.rules) * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (snort3-file-identify.rules) * 1:24580 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (snort3-protocol-scada.rules) * 1:24581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (snort3-protocol-scada.rules) * 1:24582 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (snort3-protocol-scada.rules) * 1:24583 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (snort3-protocol-scada.rules) * 1:24584 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (snort3-protocol-scada.rules) * 1:24585 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (snort3-protocol-scada.rules) * 1:24589 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:24590 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:24591 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:24592 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:24594 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.MiniFlame C&C command response attempt (snort3-malware-other.rules) * 1:24598 <-> DISABLED <-> POLICY-SPAM 1.usa.gov URL in email, possible spam redirect (snort3-policy-spam.rules) * 1:24600 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:24601 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:24602 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:24603 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:24604 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:24605 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:24606 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:24607 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:24609 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:24610 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:24611 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:24612 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:24613 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:24614 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:24615 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:24616 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:24617 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:24618 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:24619 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:24620 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:24621 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:24622 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:24625 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (snort3-file-pdf.rules) * 1:24626 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (snort3-file-pdf.rules) * 1:24627 <-> DISABLED <-> SERVER-OTHER Quest NetVault SmartDisk libnvbasics.dll denial of service attempt (snort3-server-other.rules) * 1:24648 <-> DISABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (snort3-malware-other.rules) * 1:24649 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (snort3-file-other.rules) * 1:24650 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (snort3-file-other.rules) * 1:24651 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file download request (snort3-file-identify.rules) * 1:24652 <-> DISABLED <-> FILE-OTHER Microsoft proxy autoconfig script system library import attempt (snort3-file-other.rules) * 1:24655 <-> DISABLED <-> OS-WINDOWS Microsoft .NET fully qualified System.Data.dll assembly name exploit attempt (snort3-os-windows.rules) * 1:24656 <-> DISABLED <-> OS-WINDOWS Microsoft .NET fully qualified System.Data.dll assembly name exploit attempt (snort3-os-windows.rules) * 1:24658 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record code execution attempt (snort3-file-office.rules) * 1:24659 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record code execution attempt (snort3-file-office.rules) * 1:24664 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET blacklisted method reflection sandbox bypass attempt (snort3-file-executable.rules) * 1:24665 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET blacklisted method reflection sandbox bypass attempt (snort3-file-executable.rules) * 1:24673 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SST record invalid length memory corruption attempt (snort3-file-office.rules) * 1:24674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SST record invalid length memory corruption attempt (snort3-file-office.rules) * 1:24708 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file download request (snort3-file-identify.rules) * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (snort3-file-identify.rules) * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (snort3-file-identify.rules) * 1:24721 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader empty object page tree node reference attempt (snort3-file-pdf.rules) * 1:24722 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader empty object page tree node reference attempt (snort3-file-pdf.rules) * 1:24727 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (snort3-malware-other.rules) * 1:24763 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (snort3-file-pdf.rules) * 1:24764 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (snort3-file-pdf.rules) * 1:24770 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (snort3-file-java.rules) * 1:24785 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit possible redirection attempt (snort3-exploit-kit.rules) * 1:24786 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java Exploit request structure (snort3-exploit-kit.rules) * 1:24787 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java Exploit download (snort3-exploit-kit.rules) * 1:24788 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit PDF Exploit request structure (snort3-exploit-kit.rules) * 1:24789 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit PDF Exploit download attempt (snort3-exploit-kit.rules) * 1:24790 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Portable Executable request (snort3-exploit-kit.rules) * 1:24791 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Portable Executable download (snort3-exploit-kit.rules) * 1:24799 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.Imuler suspicious download (snort3-malware-other.rules) * 1:24800 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.Imuler suspicious download (snort3-malware-other.rules) * 1:24805 <-> DISABLED <-> SERVER-OTHER lighthttpd connection header denial of service attempt (snort3-server-other.rules) * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (snort3-file-flash.rules) * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (snort3-file-flash.rules) * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (snort3-file-flash.rules) * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (snort3-file-flash.rules) * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (snort3-file-flash.rules) * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (snort3-file-flash.rules) * 1:24814 <-> DISABLED <-> PROTOCOL-SNMP Samsung printer default community string (snort3-protocol-snmp.rules) * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (snort3-file-identify.rules) * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (snort3-file-identify.rules) * 1:24818 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (snort3-file-identify.rules) * 1:24819 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (snort3-file-identify.rules) * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (snort3-file-identify.rules) * 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (snort3-file-identify.rules) * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (snort3-file-identify.rules) * 1:24824 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file download request (snort3-file-identify.rules) * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (snort3-file-identify.rules) * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (snort3-file-identify.rules) * 1:24866 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (snort3-server-iis.rules) * 1:24867 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (snort3-server-iis.rules) * 1:24868 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint bad text header txttype attempt (snort3-file-office.rules) * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (snort3-file-flash.rules) * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (snort3-file-flash.rules) * 1:24883 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (snort3-malware-other.rules) * 1:24884 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (snort3-malware-other.rules) * 1:24888 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (snort3-exploit-kit.rules) * 1:24889 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (snort3-file-flash.rules) * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (snort3-file-flash.rules) * 1:24891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action InitArray stack overflow attempt (snort3-file-flash.rules) * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (snort3-file-flash.rules) * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (snort3-file-flash.rules) * 1:24894 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (snort3-file-flash.rules) * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (snort3-file-flash.rules) * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (snort3-file-flash.rules) * 1:24897 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL grant file long database name stack overflow attempt (snort3-server-mysql.rules) * 1:24899 <-> ENABLED <-> MALWARE-OTHER Compromised Website response - leads to Exploit Kit (snort3-malware-other.rules) * 1:24900 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (snort3-malware-other.rules) * 1:24901 <-> ENABLED <-> FILE-IDENTIFY JNLP file download request (snort3-file-identify.rules) * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (snort3-file-identify.rules) * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (snort3-file-identify.rules) * 1:24908 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL user enumeration attempt (snort3-server-mysql.rules) * 1:24909 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL select UpdateXML nested xml elements denial of service attempt (snort3-server-mysql.rules) * 1:24910 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL MDL free corrupted pointer heap overflow attempt (snort3-server-mysql.rules) * 1:24912 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In Excel file parsing integer overflow attempt (snort3-server-oracle.rules) * 1:24955 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (snort3-file-multimedia.rules) * 1:24972 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 find file and directory info request (snort3-netbios.rules) * 1:24977 <-> ENABLED <-> EXPLOIT-KIT ProPack exploit kit outbound connection attempt (snort3-exploit-kit.rules) * 1:24978 <-> ENABLED <-> EXPLOIT-KIT ProPack exploit kit outbound payload request (snort3-exploit-kit.rules) * 1:24979 <-> ENABLED <-> EXPLOIT-KIT ProPack exploit kit outbound connection (snort3-exploit-kit.rules) * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (snort3-file-flash.rules) * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (snort3-file-flash.rules) * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (snort3-file-flash.rules) * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (snort3-file-flash.rules) * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (snort3-file-flash.rules) * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (snort3-file-flash.rules) * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (snort3-file-flash.rules) * 1:24988 <-> DISABLED <-> MALWARE-OTHER itsoknoproblembro v2 UDP flood attempt (snort3-malware-other.rules) * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (snort3-file-flash.rules) * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (snort3-file-flash.rules) * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (snort3-file-flash.rules) * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (snort3-file-flash.rules) * 1:25001 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Narilam variant outbound connection (snort3-malware-other.rules) * 1:25002 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Narilam variant inbound attachemtn (snort3-malware-other.rules) * 1:25012 <-> DISABLED <-> FILE-OTHER Sophos CAB CFDATA cbData overflow attempt (snort3-file-other.rules) * 1:25013 <-> DISABLED <-> FILE-OTHER Sophos CAB CFDATA cbData overflow attempt (snort3-file-other.rules) * 1:25014 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file magic detected (snort3-file-identify.rules) * 1:25015 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - NOP command attempt (snort3-malware-backdoor.rules) * 1:25018 <-> ENABLED <-> MALWARE-OTHER connection to malware sinkhole (snort3-malware-other.rules) * 1:25020 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (snort3-os-other.rules) * 1:25031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent variant outbound connection (snort3-malware-other.rules) * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (snort3-file-identify.rules) * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (snort3-file-identify.rules) * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (snort3-file-identify.rules) * 1:25039 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (snort3-browser-webkit.rules) * 1:25040 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (snort3-browser-webkit.rules) * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (snort3-exploit-kit.rules) * 1:25046 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java V6 exploit download (snort3-exploit-kit.rules) * 1:25047 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java V7 exploit download (snort3-exploit-kit.rules) * 1:25048 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit PDF Library exploit download (snort3-exploit-kit.rules) * 1:25057 <-> DISABLED <-> PROTOCOL-SCADA Tridium Niagara directory traversal config.bog access attempt (snort3-protocol-scada.rules) * 1:25058 <-> DISABLED <-> SERVER-OTHER IBM Director CIM server alert indication request dll injection attempt (snort3-server-other.rules) * 1:25059 <-> DISABLED <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt (snort3-server-other.rules) * 1:25060 <-> DISABLED <-> INDICATOR-OBFUSCATION ActiveX multiple adjacent object tags (snort3-indicator-obfuscation.rules) * 1:25080 <-> DISABLED <-> APP-DETECT Apple Messages push.apple.com DNS TXT request attempt (snort3-app-detect.rules) * 1:25081 <-> DISABLED <-> APP-DETECT Apple Messages courier.push.apple.com DNS TXT request attempt (snort3-app-detect.rules) * 1:25082 <-> DISABLED <-> APP-DETECT Apple Messages client side certificate request attempt (snort3-app-detect.rules) * 1:25083 <-> DISABLED <-> APP-DETECT Apple Messages service server request attempt (snort3-app-detect.rules) * 1:25084 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:25085 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:25086 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:25087 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:25088 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:25089 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:25090 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:25091 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (snort3-malware-other.rules) * 1:25092 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool variant outbound connection (snort3-malware-other.rules) * 1:25094 <-> ENABLED <-> MALWARE-OTHER PERL.Exploit.C99 suspicious file download (snort3-malware-other.rules) * 1:25095 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (snort3-malware-other.rules) * 1:25096 <-> ENABLED <-> MALWARE-OTHER PHP.Exploit.C99 suspicious file download (snort3-malware-other.rules) * 1:25097 <-> ENABLED <-> MALWARE-OTHER PHP.Exploit.C99 suspicious file download (snort3-malware-other.rules) * 1:25101 <-> DISABLED <-> SERVER-OTHER Cisco IOS syslog message flood denial of service attempt (snort3-server-other.rules) * 1:25102 <-> DISABLED <-> SERVER-OTHER Zabbix Agent net.tcp.listen command injection attempt (snort3-server-other.rules) * 1:25103 <-> DISABLED <-> SERVER-OTHER Zabbix Server arbitrary command execution attempt (snort3-server-other.rules) * 1:25106 <-> DISABLED <-> MALWARE-BACKDOOR UnrealIRCd backdoor command execution attempt (snort3-malware-backdoor.rules) * 1:25227 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox iframe and xul element reload crash attempt (snort3-browser-firefox.rules) * 1:25228 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox iframe and xul element reload crash attempt (snort3-browser-firefox.rules) * 1:25247 <-> DISABLED <-> FILE-OTHER Lattice PAC Designer symbol value buffer overflow attempt (snort3-file-other.rules) * 1:25248 <-> DISABLED <-> FILE-OTHER Lattice PAC Designer symbol value buffer overflow attempt (snort3-file-other.rules) * 1:25266 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion Admin API arbitrary command execution attempt (snort3-server-other.rules) * 1:25267 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion Admin API arbitrary command execution attempt (snort3-server-other.rules) * 1:25270 <-> ENABLED <-> FILE-OTHER overly large XML file MSXML heap overflow attempt (snort3-file-other.rules) * 1:25274 <-> DISABLED <-> SERVER-IIS Microsoft Windows Server 2012 IIS OData protocol nested replace filter dos attempt (snort3-server-iis.rules) * 1:25275 <-> ENABLED <-> FILE-OTHER MSXML dynamic pointer casting arbitrary code execution attempt (snort3-file-other.rules) * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (snort3-server-other.rules) * 1:25277 <-> ENABLED <-> MALWARE-OTHER Request for a non-legit postal receipt (snort3-malware-other.rules) * 1:25278 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - listen (snort3-malware-backdoor.rules) * 1:25279 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - slave (snort3-malware-backdoor.rules) * 1:25280 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - tran (snort3-malware-backdoor.rules) * 1:25281 <-> DISABLED <-> MALWARE-BACKDOOR Htran banner (snort3-malware-backdoor.rules) * 1:25282 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - listen (snort3-malware-backdoor.rules) * 1:25283 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - slave (snort3-malware-backdoor.rules) * 1:25284 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - tran (snort3-malware-backdoor.rules) * 1:25285 <-> DISABLED <-> SERVER-OTHER Ruby on Rails authlogic session cookie SQL injection attempt (snort3-server-other.rules) * 1:25289 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (snort3-browser-firefox.rules) * 1:25290 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (snort3-browser-firefox.rules) * 1:25291 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (snort3-browser-firefox.rules) * 1:25292 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (snort3-browser-firefox.rules) * 1:25294 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (snort3-file-office.rules) * 1:25295 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (snort3-file-office.rules) * 1:25296 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (snort3-file-office.rules) * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (snort3-file-identify.rules) * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (snort3-file-identify.rules) * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (snort3-file-identify.rules) * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (snort3-file-identify.rules) * 1:25358 <-> ENABLED <-> APP-DETECT Acunetix web vulnerability scan attempt (snort3-app-detect.rules) * 1:25359 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner probe attempt (snort3-app-detect.rules) * 1:25360 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner authentication attempt (snort3-app-detect.rules) * 1:25361 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner RFI attempt (snort3-app-detect.rules) * 1:25362 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner base64 XSS attempt (snort3-app-detect.rules) * 1:25363 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner URI injection attempt (snort3-app-detect.rules) * 1:25364 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner prompt XSS attempt (snort3-app-detect.rules) * 1:25365 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner XSS attempt (snort3-app-detect.rules) * 1:25369 <-> DISABLED <-> OS-WINDOWS NVIDIA graphics driver nvsr named pipe buffer overflow attempt (snort3-os-windows.rules) * 1:25370 <-> DISABLED <-> SERVER-OTHER CakePHP unserialize method vulnerability exploitation attempt (snort3-server-other.rules) * 1:25373 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file download request (snort3-file-identify.rules) * 1:25374 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (snort3-file-identify.rules) * 1:25375 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (snort3-file-identify.rules) * 1:25376 <-> DISABLED <-> FILE-IMAGE Apple QuickTime Targa image file buffer overflow attempt (snort3-file-image.rules) * 1:25378 <-> DISABLED <-> FILE-IMAGE Apple QuickTime Targa image file buffer overflow attempt (snort3-file-image.rules) * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Forefront Threat Management Gateway remote code execution attempt (snort3-server-other.rules) * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (snort3-file-java.rules) * 1:25449 <-> ENABLED <-> FILE-PDF Javascript openDoc UNC network request attempt (snort3-file-pdf.rules) * 1:25450 <-> ENABLED <-> FILE-PDF Javascript openDoc UNC network request attempt (snort3-file-pdf.rules) * 1:25451 <-> ENABLED <-> INDICATOR-OBFUSCATION GIF header followed by PDF header (snort3-indicator-obfuscation.rules) * 1:25452 <-> ENABLED <-> INDICATOR-OBFUSCATION PNG header followed by PDF header (snort3-indicator-obfuscation.rules) * 1:25453 <-> ENABLED <-> INDICATOR-OBFUSCATION JPEG header followed by PDF header (snort3-indicator-obfuscation.rules) * 1:25454 <-> ENABLED <-> INDICATOR-OBFUSCATION DOC header followed by PDF header (snort3-indicator-obfuscation.rules) * 1:25455 <-> ENABLED <-> INDICATOR-OBFUSCATION GIF header followed by PDF header (snort3-indicator-obfuscation.rules) * 1:25456 <-> ENABLED <-> INDICATOR-OBFUSCATION PNG header followed by PDF header (snort3-indicator-obfuscation.rules) * 1:25457 <-> ENABLED <-> INDICATOR-OBFUSCATION JPEG header followed by PDF header (snort3-indicator-obfuscation.rules) * 1:25458 <-> ENABLED <-> INDICATOR-OBFUSCATION DOC header followed by PDF header (snort3-indicator-obfuscation.rules) * 1:25461 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (snort3-file-pdf.rules) * 1:25462 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (snort3-file-pdf.rules) * 1:25463 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (snort3-file-pdf.rules) * 1:25464 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (snort3-file-pdf.rules) * 1:25466 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (snort3-file-pdf.rules) * 1:25467 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (snort3-file-pdf.rules) * 1:25468 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (snort3-file-pdf.rules) * 1:25469 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (snort3-file-pdf.rules) * 1:25474 <-> DISABLED <-> SERVER-OTHER Citrix Access Gateway legacy authentication attempt (snort3-server-other.rules) * 1:25478 <-> DISABLED <-> POLICY-SOCIAL IRC G-line active (snort3-policy-social.rules) * 1:25479 <-> DISABLED <-> POLICY-SOCIAL IRC K-line active (snort3-policy-social.rules) * 1:25512 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSsend variant outbound connection (snort3-os-mobile.rules) * 1:25518 <-> DISABLED <-> OS-MOBILE Apple iPod User-Agent detected (snort3-os-mobile.rules) * 1:25519 <-> DISABLED <-> OS-MOBILE Apple iPad User-Agent detected (snort3-os-mobile.rules) * 1:25520 <-> DISABLED <-> OS-MOBILE Apple iPhone User-Agent detected (snort3-os-mobile.rules) * 1:25521 <-> DISABLED <-> OS-MOBILE Android User-Agent detected (snort3-os-mobile.rules) * 1:25522 <-> DISABLED <-> OS-MOBILE Nokia User-Agent detected (snort3-os-mobile.rules) * 1:25523 <-> DISABLED <-> OS-MOBILE Samsung User-Agent detected (snort3-os-mobile.rules) * 1:25524 <-> DISABLED <-> OS-MOBILE Kindle User-Agent detected (snort3-os-mobile.rules) * 1:25525 <-> DISABLED <-> OS-OTHER Nintendo User-Agent detected (snort3-os-other.rules) * 1:25536 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF parsing bad cmap format attempt (snort3-file-pdf.rules) * 1:25537 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF parsing bad cmap format attempt (snort3-file-pdf.rules) * 1:25552 <-> DISABLED <-> SERVER-OTHER Rails JSON to YAML parsing deserialization attempt (snort3-server-other.rules) * 1:25556 <-> DISABLED <-> SERVER-OTHER RaySharp CCTV derivative user credential retrieval attempt (snort3-server-other.rules) * 1:25557 <-> DISABLED <-> SERVER-OTHER RaySharp CCTV derivative command injection attempt (snort3-server-other.rules) * 1:25558 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit redirection (snort3-exploit-kit.rules) * 1:25559 <-> ENABLED <-> EXPLOIT-KIT JDB exploit kit landing page retrieval (snort3-exploit-kit.rules) * 1:25560 <-> ENABLED <-> EXPLOIT-KIT JDB exploit kit landing page (snort3-exploit-kit.rules) * 1:25561 <-> ENABLED <-> EXPLOIT-KIT JDB exploit kit landing page (snort3-exploit-kit.rules) * 1:25563 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader heap-based buffer overflow attempt (snort3-file-pdf.rules) * 1:25564 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader heap-based buffer overflow attempt (snort3-file-pdf.rules) * 1:25567 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop web access cross site scripting attempt - POST request (snort3-os-windows.rules) * 1:25578 <-> ENABLED <-> MALWARE-OTHER Fake postal receipt HTTP Response phishing attack (snort3-malware-other.rules) * 1:25579 <-> ENABLED <-> MALWARE-OTHER Fake bookinginfo HTTP Response phishing attack (snort3-malware-other.rules) * 1:25580 <-> ENABLED <-> MALWARE-OTHER Fake bookingdetails HTTP Response phishing attack (snort3-malware-other.rules) * 1:25589 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (snort3-server-other.rules) * 1:25601 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (snort3-server-other.rules) * 1:25602 <-> ENABLED <-> SERVER-OTHER Sybase Open Server TDS login request (snort3-server-other.rules) * 1:25604 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file download request (snort3-file-identify.rules) * 1:25605 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (snort3-file-identify.rules) * 1:25606 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (snort3-file-identify.rules) * 1:25607 <-> DISABLED <-> FILE-OTHER cSounds.com Csound hetro audio file buffer overflow attempt (snort3-file-other.rules) * 1:25608 <-> DISABLED <-> FILE-OTHER cSounds.com Csound hetro audio file buffer overflow attempt (snort3-file-other.rules) * 1:25612 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (snort3-server-other.rules) * 1:25615 <-> DISABLED <-> OS-MOBILE Apple iOS 6.x jailbreak download attempt (snort3-os-mobile.rules) * 1:25616 <-> DISABLED <-> OS-MOBILE Apple iOS 6.x jailbreak download attempt (snort3-os-mobile.rules) * 1:25617 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (snort3-server-other.rules) * 1:25618 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (snort3-server-other.rules) * 1:25619 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (snort3-server-other.rules) * 1:25620 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (snort3-server-other.rules) * 1:25621 <-> DISABLED <-> BROWSER-OTHER Opera use after free attempt (snort3-browser-other.rules) * 1:25622 <-> DISABLED <-> BROWSER-OTHER Opera use after free attempt (snort3-browser-other.rules) * 1:25630 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (snort3-file-office.rules) * 1:25631 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (snort3-file-office.rules) * 1:25633 <-> DISABLED <-> FILE-OTHER ELF file parsing in different antivirus evasion attempt (snort3-file-other.rules) * 1:25635 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (snort3-indicator-shellcode.rules) * 1:25637 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (snort3-indicator-shellcode.rules) * 1:25638 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (snort3-indicator-shellcode.rules) * 1:25641 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (snort3-indicator-shellcode.rules) * 1:25642 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (snort3-indicator-shellcode.rules) * 1:25643 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (snort3-indicator-shellcode.rules) * 1:25653 <-> DISABLED <-> BROWSER-OTHER Opera browser window null pointer dereference attempt (snort3-browser-other.rules) * 1:25654 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (snort3-server-other.rules) * 1:25655 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (snort3-server-other.rules) * 1:25656 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (snort3-server-other.rules) * 1:25657 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations directory traversal attempt (snort3-server-other.rules) * 1:25658 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations directory traversal attempt (snort3-server-other.rules) * 1:25664 <-> DISABLED <-> SERVER-OTHER MiniUPnPd SSDP request buffer overflow attempt (snort3-server-other.rules) * 1:25683 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (snort3-file-flash.rules) * 1:25767 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt (snort3-file-pdf.rules) * 1:25768 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unchecked index value remote code execution attempt (snort3-file-office.rules) * 1:25780 <-> ENABLED <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt (snort3-server-other.rules) * 1:25782 <-> DISABLED <-> MALWARE-OTHER WIN.Trojan.Nap Malicious executable file download from webroot (snort3-malware-other.rules) * 1:25783 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to char function - possible sql injection obfuscation (snort3-indicator-obfuscation.rules) * 1:25795 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow MPEG heap overflow attempt (snort3-file-multimedia.rules) * 1:25796 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow MPEG heap overflow attempt (snort3-file-multimedia.rules) * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (snort3-exploit-kit.rules) * 1:25814 <-> DISABLED <-> FILE-FLASH Adobe Flash Player nested SWF cross domain clickjacking attempt (snort3-file-flash.rules) * 1:25815 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (snort3-file-flash.rules) * 1:25816 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (snort3-file-flash.rules) * 1:25821 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit possible plugin detection attempt (snort3-exploit-kit.rules) * 1:25822 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit malicious PDF retrieval (snort3-exploit-kit.rules) * 1:25823 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java V5 exploit download (snort3-exploit-kit.rules) * 1:25824 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit malicious payload retrieval (snort3-exploit-kit.rules) * 1:25825 <-> DISABLED <-> SERVER-OTHER TLSv1.0 plaintext recovery attempt (snort3-server-other.rules) * 1:25826 <-> DISABLED <-> SERVER-OTHER TLSv1.1 plaintext recovery attempt (snort3-server-other.rules) * 1:25827 <-> DISABLED <-> SERVER-OTHER TLSv1.2 plaintext recovery attempt (snort3-server-other.rules) * 1:25828 <-> DISABLED <-> SERVER-OTHER SSLv3 plaintext recovery attempt (snort3-server-other.rules) * 1:25836 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Virtuallythere (snort3-indicator-compromise.rules) * 1:25837 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 IBM (snort3-indicator-compromise.rules) * 1:25838 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Webmail (snort3-indicator-compromise.rules) * 1:25839 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Alpha (snort3-indicator-compromise.rules) * 1:25840 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Email (snort3-indicator-compromise.rules) * 1:25841 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Lame (snort3-indicator-compromise.rules) * 1:25842 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 NS (snort3-indicator-compromise.rules) * 1:25843 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Server (snort3-indicator-compromise.rules) * 1:25844 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Sur (snort3-indicator-compromise.rules) * 1:25845 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 AOL (snort3-indicator-compromise.rules) * 1:25846 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Yahoo (snort3-indicator-compromise.rules) * 1:25847 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Moon-Night (snort3-indicator-compromise.rules) * 1:25848 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 No-Name (snort3-indicator-compromise.rules) * 1:25864 <-> DISABLED <-> OS-MOBILE Android AngryBirdsRioUnlocker initial device info send (snort3-os-mobile.rules) * 1:25868 <-> DISABLED <-> OS-MOBILE Android.Trojan.Rus.SMS outbound communication attempt (snort3-os-mobile.rules) * 1:25869 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25870 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25871 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25872 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25873 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25874 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25875 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25876 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25877 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25878 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25879 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25880 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25881 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25882 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25883 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25884 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25885 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25886 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25887 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25888 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25889 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25890 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25891 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25892 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25893 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25894 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25895 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25896 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25897 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25898 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25899 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25900 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25901 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25902 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25903 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25904 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25905 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25906 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25908 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25909 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25910 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25911 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25912 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25913 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25914 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25915 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25916 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25917 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25918 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25919 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25920 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25921 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25922 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25923 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25924 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25925 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25926 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25927 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (snort3-malware-tools.rules) * 1:25928 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (snort3-file-identify.rules) * 1:25929 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules) * 1:25930 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules) * 1:25931 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (snort3-file-identify.rules) * 1:25932 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules) * 1:25933 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules) * 1:25934 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (snort3-file-identify.rules) * 1:25935 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules) * 1:25936 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules) * 1:25937 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (snort3-file-identify.rules) * 1:25938 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules) * 1:25939 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules) * 1:25940 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (snort3-file-identify.rules) * 1:25941 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules) * 1:25942 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules) * 1:25943 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (snort3-file-identify.rules) * 1:25944 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules) * 1:25945 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (snort3-file-identify.rules) * 1:25947 <-> DISABLED <-> APP-DETECT Ammyy remote access tool (snort3-app-detect.rules) * 1:25948 <-> ENABLED <-> EXPLOIT-KIT redirection to driveby download (snort3-exploit-kit.rules) * 1:25975 <-> ENABLED <-> POLICY-OTHER Adobe ColdFusion admin interface access attempt (snort3-policy-other.rules) * 1:25976 <-> ENABLED <-> POLICY-OTHER Adobe ColdFusion admin API access attempt (snort3-policy-other.rules) * 1:25977 <-> ENABLED <-> POLICY-OTHER Adobe ColdFusion component browser access attempt (snort3-policy-other.rules) * 1:25981 <-> DISABLED <-> APP-DETECT Chocoplayer successful installation (snort3-app-detect.rules) * 1:25983 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS tunneling attempt (snort3-indicator-obfuscation.rules) * 1:25997 <-> DISABLED <-> OS-MOBILE Android jSMSHider initial encrypted device info send (snort3-os-mobile.rules) * 1:25998 <-> DISABLED <-> OS-MOBILE Android ADRD encrypted information leak (snort3-os-mobile.rules) * 1:25999 <-> DISABLED <-> OS-MOBILE Android ADRD encrypted information leak (snort3-os-mobile.rules) * 1:26000 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (snort3-file-flash.rules) * 1:26001 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (snort3-file-flash.rules) * 1:26002 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (snort3-file-flash.rules) * 1:26003 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (snort3-file-flash.rules) * 1:26004 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (snort3-file-flash.rules) * 1:26005 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (snort3-file-flash.rules) * 1:26006 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (snort3-file-flash.rules) * 1:26007 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (snort3-file-flash.rules) * 1:26008 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF-based shellcode download attempt (snort3-file-flash.rules) * 1:26009 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF-based shellcode download attempt (snort3-file-flash.rules) * 1:26015 <-> DISABLED <-> OS-MOBILE Android Lovetrap initial connection (snort3-os-mobile.rules) * 1:26016 <-> DISABLED <-> OS-MOBILE Android GGTracker server communication (snort3-os-mobile.rules) * 1:26017 <-> DISABLED <-> OS-MOBILE Android GGTracker leak of device phone number (snort3-os-mobile.rules) * 1:26018 <-> DISABLED <-> OS-MOBILE Android GGTracker installation call out (snort3-os-mobile.rules) * 1:26020 <-> ENABLED <-> EXPLOIT-KIT Sibhost exploit kit (snort3-exploit-kit.rules) * 1:26026 <-> DISABLED <-> OS-MOBILE Android Gmaster device information send (snort3-os-mobile.rules) * 1:26027 <-> DISABLED <-> FILE-OTHER Adobe Director file file rcsL overflow attempt (snort3-file-other.rules) * 1:26028 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk memory corruption attempt (snort3-file-other.rules) * 1:26029 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (snort3-file-other.rules) * 1:26034 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - stats access (snort3-exploit-kit.rules) * 1:26035 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - java on (snort3-exploit-kit.rules) * 1:26036 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Java Exploit (snort3-exploit-kit.rules) * 1:26040 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Portable Executable download attempt (snort3-exploit-kit.rules) * 1:26041 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Portable Executable download attempt (snort3-exploit-kit.rules) * 1:26042 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - stats loaded (snort3-exploit-kit.rules) * 1:26043 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Portable Executable download attempt (snort3-exploit-kit.rules) * 1:26044 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - redirection attempt (snort3-exploit-kit.rules) * 1:26045 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - setup (snort3-exploit-kit.rules) * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (snort3-file-identify.rules) * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (snort3-file-identify.rules) * 1:26059 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (snort3-file-identify.rules) * 1:26060 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (snort3-file-identify.rules) * 1:26061 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (snort3-file-identify.rules) * 1:26062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (snort3-file-identify.rules) * 1:26070 <-> ENABLED <-> FILE-EXECUTABLE Ichitaro JSMISC32.dll dll-load exploit attempt (snort3-file-executable.rules) * 1:26071 <-> ENABLED <-> FILE-EXECUTABLE Ichitaro JSMISC32.dll dll-load exploit attempt (snort3-file-executable.rules) * 1:26073 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Message Server buffer overflow attempt (snort3-server-other.rules) * 1:26074 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Message Server buffer overflow attempt (snort3-server-other.rules) * 1:26079 <-> DISABLED <-> FILE-PDF PDF file with embedded PDF object (snort3-file-pdf.rules) * 1:26082 <-> DISABLED <-> FILE-PDF Nuance PDF reader launch overflow attempt (snort3-file-pdf.rules) * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (snort3-file-identify.rules) * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (snort3-file-identify.rules) * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (snort3-file-identify.rules) * 1:26087 <-> DISABLED <-> OS-MOBILE Android GoneIn60Seconds data upload (snort3-os-mobile.rules) * 1:26093 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (snort3-malware-other.rules) * 1:26102 <-> DISABLED <-> OS-MOBILE Android GoldDream device registration (snort3-os-mobile.rules) * 1:26104 <-> DISABLED <-> OS-MOBILE Android KMin imei imsi leakage (snort3-os-mobile.rules) * 1:26107 <-> DISABLED <-> SERVER-OTHER HP Linux Imaging and Printing Project hpssd daemon command injection attempt (snort3-server-other.rules) * 1:26108 <-> DISABLED <-> SERVER-OTHER HP Linux Imaging and Printing Project hpssd daemon command injection attempt (snort3-server-other.rules) * 1:26114 <-> DISABLED <-> OS-MOBILE Android Zitmo trojan intercepted sms upload (snort3-os-mobile.rules) * 1:26122 <-> DISABLED <-> FILE-OTHER Lattice Semiconductor ispXCF version attribute overflow attempt (snort3-file-other.rules) * 1:26123 <-> DISABLED <-> FILE-OTHER Lattice Semiconductor ispXCF version attribute overflow attempt (snort3-file-other.rules) * 1:26126 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file download request (snort3-file-identify.rules) * 1:26127 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (snort3-file-identify.rules) * 1:26128 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (snort3-file-identify.rules) * 1:26163 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSheet code execution attempt (snort3-file-office.rules) * 1:26164 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSheet code execution attempt (snort3-file-office.rules) * 1:26170 <-> DISABLED <-> FILE-OFFICE Microsoft Office OneNote 2010 buffer overread info disclosure attempt (snort3-file-office.rules) * 1:26171 <-> DISABLED <-> FILE-OFFICE Microsoft Office OneNote 2010 buffer overread info disclosure attempt (snort3-file-office.rules) * 1:26172 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sortOn heap overflow attempt (snort3-file-flash.rules) * 1:26173 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sortOn heap overflow attempt (snort3-file-flash.rules) * 1:26176 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB memory corruption attempt (snort3-file-office.rules) * 1:26177 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB memory corruption attempt (snort3-file-office.rules) * 1:26180 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt (snort3-server-other.rules) * 1:26188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3.5 unicode stack overflow attempt (snort3-browser-firefox.rules) * 1:26189 <-> DISABLED <-> OS-MOBILE Android YZHC device registration (snort3-os-mobile.rules) * 1:26190 <-> DISABLED <-> OS-MOBILE Android YZHC device registration (snort3-os-mobile.rules) * 1:26192 <-> DISABLED <-> OS-MOBILE Android CruseWind imei leakage (snort3-os-mobile.rules) * 1:26195 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (snort3-file-java.rules) * 1:26196 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib LookupOp integer overflow attempt (snort3-file-java.rules) * 1:26197 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt (snort3-file-java.rules) * 1:26198 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (snort3-file-java.rules) * 1:26199 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib LookupOp integer overflow attempt (snort3-file-java.rules) * 1:26200 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt (snort3-file-java.rules) * 1:26205 <-> DISABLED <-> OS-MOBILE Android Fakenetflix email password upload (snort3-os-mobile.rules) * 1:26206 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file download request (snort3-file-identify.rules) * 1:26207 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (snort3-file-identify.rules) * 1:26208 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (snort3-file-identify.rules) * 1:26209 <-> DISABLED <-> FILE-OTHER CyberLink Power2Go name parameter overflow attempt (snort3-file-other.rules) * 1:26210 <-> DISABLED <-> FILE-OTHER CyberLink Power2Go name parameter overflow attempt (snort3-file-other.rules) * 1:26226 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit redirection attempt (snort3-exploit-kit.rules) * 1:26242 <-> DISABLED <-> FILE-MULTIMEDIA CCMPlayer m3u buffer overflow attempt (snort3-file-multimedia.rules) * 1:26243 <-> DISABLED <-> FILE-MULTIMEDIA CCMPlayer m3u buffer overflow attempt (snort3-file-multimedia.rules) * 1:26246 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.PremiumSMS APK file download attempt (snort3-os-mobile.rules) * 1:26247 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.PremiumSMS APK file download attempt (snort3-os-mobile.rules) * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (snort3-file-identify.rules) * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (snort3-exploit-kit.rules) * 1:26257 <-> DISABLED <-> OS-MOBILE Android ANDR-WIN.MSIL variant PC-USB Malicious executable file download (snort3-os-mobile.rules) * 1:26258 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari SVG Markers Memory Use-After-Free attempt (snort3-browser-webkit.rules) * 1:26259 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari SVG Markers Memory Use-After-Free attempt (snort3-browser-webkit.rules) * 1:26261 <-> ENABLED <-> MALWARE-OTHER Fake postal receipt HTTP Response phishing attack (snort3-malware-other.rules) * 1:26262 <-> DISABLED <-> SERVER-OTHER MongoDB nativeHelper.apply method command injection attempt (snort3-server-other.rules) * 1:26272 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Chuli APK file download attempt (snort3-os-mobile.rules) * 1:26273 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Chuli APK file download attempt (snort3-os-mobile.rules) * 1:26286 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search.dnssearch.org (snort3-app-detect.rules) * 1:26287 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search.namequery.com (snort3-app-detect.rules) * 1:26290 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.RootSmart outbound communication attempt (snort3-os-mobile.rules) * 1:26291 <-> DISABLED <-> OS-MOBILE Android Ksapp device registration (snort3-os-mobile.rules) * 1:26292 <-> ENABLED <-> EXPLOIT-KIT Oracle Java Jar file downloaded when zip is defined (snort3-exploit-kit.rules) * 1:26293 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit request (snort3-exploit-kit.rules) * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (snort3-file-other.rules) * 1:26299 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (snort3-server-mysql.rules) * 1:26300 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (snort3-server-mysql.rules) * 1:26301 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (snort3-server-mysql.rules) * 1:26302 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (snort3-server-mysql.rules) * 1:26303 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (snort3-server-mysql.rules) * 1:26304 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (snort3-server-mysql.rules) * 1:26305 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (snort3-server-mysql.rules) * 1:26306 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (snort3-server-mysql.rules) * 1:26307 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (snort3-server-mysql.rules) * 1:26308 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (snort3-server-mysql.rules) * 1:26309 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (snort3-server-mysql.rules) * 1:26310 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (snort3-server-mysql.rules) * 1:26311 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (snort3-server-mysql.rules) * 1:26312 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (snort3-server-mysql.rules) * 1:26313 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (snort3-server-mysql.rules) * 1:26314 <-> DISABLED <-> SERVER-OTHER Coppermine Photo Gallery picEditor.php command execution attempt (snort3-server-other.rules) * 1:26315 <-> DISABLED <-> SERVER-OTHER Coppermine Photo Gallery picEditor.php command execution attempt (snort3-server-other.rules) * 1:26316 <-> DISABLED <-> SERVER-OTHER Coppermine Photo Gallery picEditor.php command execution attempt (snort3-server-other.rules) * 1:26317 <-> DISABLED <-> FILE-MULTIMEDIA Cool Player Plus M3U buffer overflow attempt (snort3-file-multimedia.rules) * 1:26318 <-> DISABLED <-> FILE-MULTIMEDIA Cool Player Plus M3U buffer overflow attempt (snort3-file-multimedia.rules) * 1:26321 <-> DISABLED <-> NETBIOS SMB named pipe bruteforce attempt (snort3-netbios.rules) * 1:26323 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit redirection page (snort3-exploit-kit.rules) * 1:26324 <-> DISABLED <-> PROTOCOL-DNS ISC BIND NAPTR record regular expression handling denial of service attempt (snort3-protocol-dns.rules) * 1:26326 <-> ENABLED <-> MALWARE-BACKDOOR DarkSeoul related wiper (snort3-malware-backdoor.rules) * 1:26328 <-> ENABLED <-> MALWARE-BACKDOOR Windows vernot download (snort3-malware-backdoor.rules) * 1:26332 <-> ENABLED <-> MALWARE-BACKDOOR Jokra dropper download (snort3-malware-backdoor.rules) * 1:26333 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra diag request buffer overflow attempt (snort3-server-other.rules) * 1:26334 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra diag request buffer overflow attempt (snort3-server-other.rules) * 1:26336 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra snmp request buffer overflow attempt (snort3-server-other.rules) * 1:26340 <-> DISABLED <-> FILE-OTHER Corel WordPerfect document parsing buffer overflow attempt (snort3-file-other.rules) * 1:26353 <-> DISABLED <-> INDICATOR-COMPROMISE IP address check to dyndns.org detected (snort3-indicator-compromise.rules) * 1:26366 <-> DISABLED <-> EXPLOIT-KIT Egypack exploit kit landing page (snort3-exploit-kit.rules) * 1:26367 <-> DISABLED <-> EXPLOIT-KIT Egypack exploit kit outbound connection (snort3-exploit-kit.rules) * 1:26368 <-> DISABLED <-> EXPLOIT-KIT Egypack exploit kit landing page (snort3-exploit-kit.rules) * 1:26369 <-> ENABLED <-> MALWARE-OTHER Double HTTP Server declared (snort3-malware-other.rules) * 1:26379 <-> DISABLED <-> SERVER-OTHER Squid proxy Accept-Language denial of service attempt (snort3-server-other.rules) * 1:26380 <-> DISABLED <-> MALWARE-OTHER UTF-8 BOM in zip file attachment detected (snort3-malware-other.rules) * 1:26381 <-> DISABLED <-> MALWARE-OTHER UTF-8 BOM in zip file attachment detected (snort3-malware-other.rules) * 1:26382 <-> DISABLED <-> MALWARE-OTHER UTF-8 BOM in zip file attachment detected (snort3-malware-other.rules) * 1:26385 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows executable file save onto SMB share attempt (snort3-file-executable.rules) * 1:26386 <-> DISABLED <-> SERVER-OTHER Polycom HDX authorization bypass attempt (snort3-server-other.rules) * 1:26387 <-> DISABLED <-> OS-MOBILE Android Stels initial server contact (snort3-os-mobile.rules) * 1:26388 <-> DISABLED <-> OS-MOBILE Android Stels server response (snort3-os-mobile.rules) * 1:26391 <-> DISABLED <-> PROTOCOL-POP libcurl MD5 digest buffer overflow attempt (snort3-protocol-pop.rules) * 1:26394 <-> DISABLED <-> SERVER-OTHER Bopup Communications server buffer overflow attempt (snort3-server-other.rules) * 1:26395 <-> DISABLED <-> APP-DETECT Ufasoft bitcoin miner possible data upload (snort3-app-detect.rules) * 1:26397 <-> DISABLED <-> INDICATOR-COMPROMISE IP address check to myip.dnsomatic.com detected (snort3-indicator-compromise.rules) * 1:26410 <-> DISABLED <-> INDICATOR-COMPROMISE IP address check to j.maxmind.com detected (snort3-indicator-compromise.rules) * 1:26411 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot folder snkb0ptz creation attempt SMB (snort3-malware-other.rules) * 1:26412 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot executable snkb0ptz.exe creation attempt SMB (snort3-malware-other.rules) * 1:26413 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot Desktop.ini snkb0ptz.exe creation attempt SMB (snort3-malware-other.rules) * 1:26425 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP SDP header parsing stack buffer overflow attempt (snort3-protocol-voip.rules) * 1:26426 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP SDP header parsing stack buffer overflow attempt (snort3-protocol-voip.rules) * 1:26427 <-> DISABLED <-> PROTOCOL-DNS ISC libdns client NAPTR record regular expression handling denial of service attempt (snort3-protocol-dns.rules) * 1:26429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (snort3-file-flash.rules) * 1:26430 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (snort3-file-flash.rules) * 1:26432 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (snort3-file-other.rules) * 1:26433 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (snort3-file-other.rules) * 1:26437 <-> DISABLED <-> PUA-OTHER Bitcoin inbound response attempt (snort3-pua-other.rules) * 1:26438 <-> DISABLED <-> PUA-OTHER Bitcoin outbound request attempt (snort3-pua-other.rules) * 1:26439 <-> DISABLED <-> FILE-JAVA Oracle Java known malicious jar file download - specific structure (snort3-file-java.rules) * 1:26440 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript/html generated by myobfuscate.com detected (snort3-indicator-obfuscation.rules) * 1:26442 <-> DISABLED <-> OS-MOBILE Android MDK encrypted information leak (snort3-os-mobile.rules) * 1:26443 <-> DISABLED <-> OS-MOBILE Android MDK encrypted information leak (snort3-os-mobile.rules) * 1:26451 <-> DISABLED <-> INDICATOR-OBFUSCATION g01pack Javascript substr function wrapper attempt (snort3-indicator-obfuscation.rules) * 1:26454 <-> DISABLED <-> SERVER-OTHER UltraVNC Listening mode stack buffer overflow attempt (snort3-server-other.rules) * 1:26455 <-> DISABLED <-> SERVER-OTHER UltraVNC Listening mode stack buffer overflow attempt (snort3-server-other.rules) * 1:26456 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (snort3-file-identify.rules) * 1:26457 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (snort3-file-identify.rules) * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (snort3-file-identify.rules) * 1:26459 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (snort3-file-other.rules) * 1:26460 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (snort3-file-other.rules) * 1:26461 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (snort3-file-other.rules) * 1:26462 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (snort3-file-other.rules) * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (snort3-file-identify.rules) * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (snort3-file-identify.rules) * 1:26468 <-> DISABLED <-> SERVER-ORACLE Oracle WebCenter FatWire Satellite Server header injection on blobheadername2 attempt (snort3-server-oracle.rules) * 1:26469 <-> DISABLED <-> SERVER-ORACLE Oracle WebCenter FatWire Satellite Server header injection on blobheadername2 attempt (snort3-server-oracle.rules) * 1:26470 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Zeus Spam 2013 dated zip/exe HTTP Response - potential malware download (snort3-malware-other.rules) * 1:26471 <-> DISABLED <-> PROTOCOL-FTP VanDyke AbsoluteFTP LIST command stack buffer overflow attempt (snort3-protocol-ftp.rules) * 1:26489 <-> ENABLED <-> BROWSER-OTHER Novell Messenger Client nim URI handler buffer overflow attempt (snort3-browser-other.rules) * 1:26490 <-> ENABLED <-> BROWSER-OTHER Novell Messenger Client nim URI handler buffer overflow attempt (snort3-browser-other.rules) * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (snort3-file-identify.rules) * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (snort3-file-identify.rules) * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (snort3-file-identify.rules) * 1:26514 <-> ENABLED <-> FILE-IDENTIFY maplet file download attempt (snort3-file-identify.rules) * 1:26515 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (snort3-file-identify.rules) * 1:26516 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (snort3-file-identify.rules) * 1:26517 <-> ENABLED <-> FILE-IDENTIFY maplet bin file download attempt (snort3-file-identify.rules) * 1:26520 <-> DISABLED <-> FILE-OTHER Maple Maplet File Creation and Command Execution attempt (snort3-file-other.rules) * 1:26521 <-> DISABLED <-> FILE-OTHER Maple Maplet File Creation and Command Execution attempt (snort3-file-other.rules) * 1:26527 <-> ENABLED <-> EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt (snort3-exploit-kit.rules) * 1:26528 <-> DISABLED <-> INDICATOR-COMPROMISE Unix.Backdoor.Cdorked redirect attempt (snort3-indicator-compromise.rules) * 1:26529 <-> DISABLED <-> MALWARE-BACKDOOR Unix.Backdoor.Cdorked backdoor command attempt (snort3-malware-backdoor.rules) * 1:26530 <-> DISABLED <-> INDICATOR-COMPROMISE Unix.Backdoor.Cdorked redirected URI attempt (snort3-indicator-compromise.rules) * 1:26531 <-> ENABLED <-> MALWARE-OTHER Unix.Backdoor.Cdorked download attempt (snort3-malware-other.rules) * 1:26532 <-> ENABLED <-> MALWARE-OTHER Unix.Backdoor.Cdorked download attempt (snort3-malware-other.rules) * 1:26542 <-> DISABLED <-> SERVER-OTHER Autonomy Ultraseek cs.html url parameter with url - possible malicious redirection attempt (snort3-server-other.rules) * 1:26553 <-> DISABLED <-> PUA-ADWARE Win.Adware.BProtector browser hijacker dll list download attempt (snort3-pua-adware.rules) * 1:26559 <-> DISABLED <-> OS-OTHER DLink IP camera remote command execution vulnerability - access to vulnerable rtpd.cgi (snort3-os-other.rules) * 1:26562 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit Spoofed Host Header .com- requests (snort3-exploit-kit.rules) * 1:26565 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded nop sled detected (snort3-indicator-obfuscation.rules) * 1:26567 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded nop sled detected (snort3-indicator-obfuscation.rules) * 1:26585 <-> DISABLED <-> INDICATOR-COMPROMISE config.inc.php in iframe (snort3-indicator-compromise.rules) * 1:26586 <-> DISABLED <-> SERVER-OTHER PostgreSQL database name command line injection attempt (snort3-server-other.rules) * 1:26591 <-> ENABLED <-> EXPLOIT-KIT unknown exploit kit script injection attempt (snort3-exploit-kit.rules) * 1:26594 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Management Interface HTTP digest authentication stack buffer overflow attempt (snort3-protocol-voip.rules) * 1:26597 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (snort3-file-office.rules) * 1:26598 <-> DISABLED <-> FILE-OTHER .tar multiple antivirus evasion attempt (snort3-file-other.rules) * 1:26610 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Dulevco.A runtime detection (snort3-malware-backdoor.rules) * 1:26611 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Dulevco.A runtime detection (snort3-malware-backdoor.rules) * 1:26615 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript substr rename attempt (snort3-indicator-obfuscation.rules) * 1:26616 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript indexOf rename attempt (snort3-indicator-obfuscation.rules) * 1:26619 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple comment tags used in embedded RTF object - potentially malicious (snort3-indicator-obfuscation.rules) * 1:26620 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple comment tags used in embedded RTF object - potentially malicious (snort3-indicator-obfuscation.rules) * 1:26621 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion adminapi information disclosure attempt (snort3-server-other.rules) * 1:26626 <-> DISABLED <-> FILE-OFFICE XML parameter entity reference local file disclosure attempt (snort3-file-office.rules) * 1:26627 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio SVG external entity local file disclosure attempt (snort3-file-office.rules) * 1:26628 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio SVG external entity local file disclosure attempt (snort3-file-office.rules) * 1:26644 <-> ENABLED <-> SERVER-OTHER SSL TLS DEFLATE compression detected (snort3-server-other.rules) * 1:26645 <-> DISABLED <-> SERVER-OTHER SSL TLS deflate compression weakness brute force attempt (snort3-server-other.rules) * 1:26650 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript regex embedded sandbox escape attempt (snort3-file-pdf.rules) * 1:26655 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.PCRat data upload (snort3-malware-backdoor.rules) * 1:26658 <-> DISABLED <-> BROWSER-WEBKIT Possible Google Chrome Plugin install from non-trusted source (snort3-browser-webkit.rules) * 1:26659 <-> DISABLED <-> BROWSER-FIREFOX Possible Mozilla Firefox Plugin install from non-Mozilla source (snort3-browser-firefox.rules) * 1:26660 <-> ENABLED <-> MALWARE-OTHER Fake delivery information phishing attack (snort3-malware-other.rules) * 1:26662 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (snort3-file-pdf.rules) * 1:26670 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.KitM file download (snort3-malware-other.rules) * 1:26671 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.KitM file download (snort3-malware-other.rules) * 1:26687 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (snort3-file-flash.rules) * 1:26688 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (snort3-file-flash.rules) * 1:26689 <-> DISABLED <-> OS-MOBILE Android Denofow phone information exfiltration (snort3-os-mobile.rules) * 1:26693 <-> DISABLED <-> OS-MOBILE Android Antammi device information exfiltration (snort3-os-mobile.rules) * 1:26694 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader dll injection sandbox escape (snort3-file-pdf.rules) * 1:26698 <-> ENABLED <-> MALWARE-OTHER Compromised Website response - leads to Exploit Kit (snort3-malware-other.rules) * 1:26699 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (snort3-file-image.rules) * 1:26700 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (snort3-file-image.rules) * 1:26701 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (snort3-file-image.rules) * 1:26705 <-> DISABLED <-> OS-MOBILE Android Ewalls device information exfiltration (snort3-os-mobile.rules) * 1:26716 <-> ENABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (snort3-file-java.rules) * 1:26717 <-> ENABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (snort3-file-java.rules) * 1:26755 <-> DISABLED <-> FILE-PDF Adobe Acrobat file extension overflow attempt (snort3-file-pdf.rules) * 1:26759 <-> DISABLED <-> SERVER-OTHER MIT Kerberos libkdb_ldap principal name handling denial of service attempt (snort3-server-other.rules) * 1:26760 <-> DISABLED <-> OS-MOBILE Android Fakeinst device information leakage (snort3-os-mobile.rules) * 1:26768 <-> DISABLED <-> OS-MOBILE Android Fakedoc device information leakage (snort3-os-mobile.rules) * 1:26769 <-> DISABLED <-> SERVER-OTHER MIT Kerberos kpasswd process_chpw_request denial of service attempt (snort3-server-other.rules) * 1:26772 <-> ENABLED <-> SERVER-OTHER Apache Struts2 skillName remote code execution attempt (snort3-server-other.rules) * 1:26773 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.Midwgif.A runtime detection (snort3-malware-backdoor.rules) * 1:26778 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Kazy download attempt (snort3-malware-other.rules) * 1:26783 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Opfake APK file download (snort3-os-mobile.rules) * 1:26788 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (snort3-indicator-shellcode.rules) * 1:26789 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (snort3-indicator-shellcode.rules) * 1:26795 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.ZertSecurity apk download (snort3-os-mobile.rules) * 1:26796 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.ZertSecurity encrypted information leak (snort3-malware-other.rules) * 1:26802 <-> DISABLED <-> MALWARE-OTHER WIN.Worm.Beagle.AZ SMTP propagation detection (snort3-malware-other.rules) * 1:26803 <-> ENABLED <-> MALWARE-OTHER DNS data exfiltration attempt (snort3-malware-other.rules) * 1:26814 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit Initial Gate from Linked-In Mailing Campaign (snort3-exploit-kit.rules) * 1:26817 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript regex embedded sandbox escape attempt (snort3-file-pdf.rules) * 1:26823 <-> DISABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Neshgai.A runtime detection (snort3-malware-backdoor.rules) * 1:26826 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Opfake credential theft attempt (snort3-os-mobile.rules) * 1:26827 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Opfake device information disclosure attempt (snort3-os-mobile.rules) * 1:26833 <-> DISABLED <-> FILE-OFFICE Microsoft Office MSComctlLib.Toolbar ActiveX control exploit attempt (snort3-file-office.rules) * 1:26838 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit Initial Gate from NatPay Mailing Campaign (snort3-exploit-kit.rules) * 1:26842 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Boda Malware Checkin (snort3-malware-backdoor.rules) * 1:26881 <-> DISABLED <-> MALWARE-OTHER HTML.Dropper.Agent uri scheme detected (snort3-malware-other.rules) * 1:26891 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit executable download (snort3-exploit-kit.rules) * 1:26892 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit jar file download (snort3-exploit-kit.rules) * 1:26893 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit landing page (snort3-exploit-kit.rules) * 1:26894 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit Java V6 exploit download (snort3-exploit-kit.rules) * 1:26895 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit Java V7 exploit download (snort3-exploit-kit.rules) * 1:26896 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit Plugin detection response (snort3-exploit-kit.rules) * 1:26897 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit malware download (snort3-exploit-kit.rules) * 1:26902 <-> ENABLED <-> FILE-IDENTIFY Android APK download request (snort3-file-identify.rules) * 1:26903 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (snort3-file-identify.rules) * 1:26904 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (snort3-file-identify.rules) * 1:26906 <-> DISABLED <-> SERVER-OTHER Foswiki/Twiki MAKETEXT command execution attempt (snort3-server-other.rules) * 1:26909 <-> DISABLED <-> FILE-IMAGE Microsoft Windows WMF denial of service attempt (snort3-file-image.rules) * 1:26921 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Kazy download attempt (snort3-malware-other.rules) * 1:26922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (snort3-os-windows.rules) * 1:26926 <-> DISABLED <-> FILE-OTHER Multiple products ZIP archive virus detection bypass attempt (snort3-file-other.rules) * 1:26933 <-> ENABLED <-> MALWARE-OTHER Clickserver ad harvesting redirection attempt (snort3-malware-other.rules) * 1:26934 <-> ENABLED <-> MALWARE-OTHER Clickserver ad harvesting redirection attempt (snort3-malware-other.rules) * 1:26938 <-> DISABLED <-> OS-MOBILE Android Tetus device information leakage (snort3-os-mobile.rules) * 1:26939 <-> DISABLED <-> OS-MOBILE Android Tetus device information leakage variant (snort3-os-mobile.rules) * 1:26949 <-> ENABLED <-> EXPLOIT-KIT DotkaChef/Rmayana/DotCache exploit kit landing page (snort3-exploit-kit.rules) * 1:26951 <-> ENABLED <-> EXPLOIT-KIT DotkaChef/Rmayana/DotCache exploit kit Malvertising Campaign URI request (snort3-exploit-kit.rules) * 1:26956 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 1 (snort3-exploit-kit.rules) * 1:26957 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 2 (snort3-exploit-kit.rules) * 1:26958 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 3 (snort3-exploit-kit.rules) * 1:26959 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 4 (snort3-exploit-kit.rules) * 1:26960 <-> ENABLED <-> EXPLOIT-KIT Zuponcic exploit kit landing page (snort3-exploit-kit.rules) * 1:26961 <-> ENABLED <-> EXPLOIT-KIT Flim exploit kit landing page (snort3-exploit-kit.rules) * 1:26962 <-> ENABLED <-> EXPLOIT-KIT Flim exploit kit portable executable download (snort3-exploit-kit.rules) * 1:26963 <-> DISABLED <-> EXPLOIT-KIT Flim exploit kit outbound jar request (snort3-exploit-kit.rules) * 1:26964 <-> DISABLED <-> EXPLOIT-KIT Flim exploit kit outbound jnlp request (snort3-exploit-kit.rules) * 1:26982 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (snort3-file-flash.rules) * 1:26983 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (snort3-file-flash.rules) * 1:26985 <-> ENABLED <-> EXPLOIT-KIT Rawin exploit kit outbound java retrieval (snort3-exploit-kit.rules) * 1:26989 <-> DISABLED <-> FILE-OTHER Multiple products ZIP archive virus detection bypass attempt (snort3-file-other.rules) * 1:27005 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Portable Executable downloaded when mp3 is declared (snort3-exploit-kit.rules) * 1:27016 <-> DISABLED <-> OS-MOBILE Android AnserverBot initial contact (snort3-os-mobile.rules) * 1:27024 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Netweird.A file download attempt (snort3-malware-other.rules) * 1:27025 <-> DISABLED <-> MALWARE-OTHER UNIX.Trojan.Netweird.A file download attempt (snort3-malware-other.rules) * 1:27026 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit landing page (snort3-exploit-kit.rules) * 1:27031 <-> DISABLED <-> OS-MOBILE Android Satfi device information leakage (snort3-os-mobile.rules) * 1:27032 <-> DISABLED <-> OS-MOBILE Android Walkinwat / Wandt information leakage generic (snort3-os-mobile.rules) * 1:27034 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.Transhell file download (snort3-malware-other.rules) * 1:27035 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.Transhell file download (snort3-malware-other.rules) * 1:27037 <-> DISABLED <-> OS-MOBILE Android Vidro / EClips sms send instructions (snort3-os-mobile.rules) * 1:27038 <-> DISABLED <-> OS-MOBILE Android Vidro / EClips device information leakage (snort3-os-mobile.rules) * 1:27046 <-> DISABLED <-> APP-DETECT iodine dns tunneling handshake server ACK (snort3-app-detect.rules) * 1:27047 <-> DISABLED <-> INDICATOR-COMPROMISE Unknown ?1 redirect (snort3-indicator-compromise.rules) * 1:27050 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Dokstormac file download (snort3-malware-other.rules) * 1:27051 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Dokstormac file download (snort3-malware-other.rules) * 1:27052 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.JVDrop.A jar file download attempt (snort3-malware-other.rules) * 1:27053 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.JVDrop.A jar file download attempt (snort3-malware-other.rules) * 1:27055 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Yakes download attempt (snort3-malware-other.rules) * 1:27056 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Yakes download attempt (snort3-malware-other.rules) * 1:27059 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.HackBack file download attempt (snort3-malware-other.rules) * 1:27060 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.HackBack file upload attempt (snort3-malware-other.rules) * 1:27064 <-> DISABLED <-> OS-MOBILE Android Spy2Mobile device information leakage (snort3-os-mobile.rules) * 1:27068 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious jar file download (snort3-exploit-kit.rules) * 1:27069 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious portable executable download (snort3-exploit-kit.rules) * 1:27078 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit landing page - specific structure (snort3-exploit-kit.rules) * 1:27079 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit landing page stage 2 (snort3-exploit-kit.rules) * 1:27080 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit Firefox exploit download - autopwn (snort3-exploit-kit.rules) * 1:27084 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit rhino remote code execution exploit download - autopwn (snort3-exploit-kit.rules) * 1:27085 <-> ENABLED <-> EXPLOIT-KIT Unknown Malvertising exploit kit Hostile Jar pipe.class (snort3-exploit-kit.rules) * 1:27086 <-> ENABLED <-> EXPLOIT-KIT Unknown Malvertising exploit kit stage-1 redirect (snort3-exploit-kit.rules) * 1:27089 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (snort3-file-office.rules) * 1:27090 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (snort3-file-office.rules) * 1:27094 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeToken information disclosure attempt (snort3-os-mobile.rules) * 1:27095 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeToken APK file download attempt (snort3-os-mobile.rules) * 1:27096 <-> DISABLED <-> FILE-OTHER XML exponential entity expansion attack attempt (snort3-file-other.rules) * 1:27097 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSSilence APK file download attempt (snort3-os-mobile.rules) * 1:27098 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSSilence unsolicited sms attempt (snort3-os-mobile.rules) * 1:27099 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSSilence device information disclosure attempt (snort3-os-mobile.rules) * 1:27102 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime enof atom parsing heap buffer overflow attempt (snort3-file-multimedia.rules) * 1:27103 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime enof atom parsing heap buffer overflow attempt (snort3-file-multimedia.rules) * 1:27106 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious jar download (snort3-exploit-kit.rules) * 1:27107 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious jar download (snort3-exploit-kit.rules) * 1:27108 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit malicious jar file downloaded when exe is declared (snort3-exploit-kit.rules) * 1:27109 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit malicious jar download (snort3-exploit-kit.rules) * 1:27115 <-> ENABLED <-> MALWARE-OTHER DirtJumper denial of service attack traffic (snort3-malware-other.rules) * 1:27116 <-> DISABLED <-> OS-MOBILE Android Androrat device information leakage (snort3-os-mobile.rules) * 1:27117 <-> DISABLED <-> OS-MOBILE Android Androrat sms message leakage (snort3-os-mobile.rules) * 1:27118 <-> DISABLED <-> OS-MOBILE Android Androrat contact list leakage (snort3-os-mobile.rules) * 1:27119 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple plugin version detection attempt (snort3-indicator-obfuscation.rules) * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (snort3-server-other.rules) * 1:27136 <-> ENABLED <-> OS-WINDOWS Microsoft Windows .NET CLR mutlidimensional array handling remote code execution attempt (snort3-os-windows.rules) * 1:27139 <-> ENABLED <-> OS-WINDOWS Microsoft Windows .NET CLR mutlidimensional array handling remote code execution attempt (snort3-os-windows.rules) * 1:27193 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (snort3-server-other.rules) * 1:27194 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (snort3-server-other.rules) * 1:27195 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (snort3-server-other.rules) * 1:27197 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Pintsized file download attempt (snort3-malware-other.rules) * 1:27198 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Pintsized file download attempt (snort3-malware-other.rules) * 1:27203 <-> DISABLED <-> INDICATOR-COMPROMISE Apache auto_prepend_file a.control.bin C2 traffic (snort3-indicator-compromise.rules) * 1:27210 <-> ENABLED <-> SERVER-OTHER IPMI RAKP cipher zero remote authentication bypass attempt (snort3-server-other.rules) * 1:27224 <-> ENABLED <-> SERVER-OTHER Adobe ColdFusion websocket invoke method access (snort3-server-other.rules) * 1:27225 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion JRun error page getWriter denial of service attempt (snort3-server-other.rules) * 1:27228 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.Janicab file download attempt (snort3-malware-other.rules) * 1:27229 <-> ENABLED <-> MALWARE-OTHER IFRAMEr Tool code injection attack (snort3-malware-other.rules) * 1:27231 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (snort3-os-windows.rules) * 1:27234 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory LDAP search denial of service attempt (snort3-server-other.rules) * 1:27236 <-> DISABLED <-> SERVER-OTHER Citrix XenApp password buffer overflow attempt (snort3-server-other.rules) * 1:27237 <-> DISABLED <-> SERVER-OTHER IPMI default username - root (snort3-server-other.rules) * 1:27238 <-> DISABLED <-> SERVER-OTHER IPMI default username - admin (snort3-server-other.rules) * 1:27239 <-> DISABLED <-> SERVER-OTHER IPMI default username - USERID (snort3-server-other.rules) * 1:27240 <-> DISABLED <-> SERVER-OTHER multiple vendors IPMI RAKP username brute force attempt (snort3-server-other.rules) * 1:27241 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page detected (snort3-exploit-kit.rules) * 1:27242 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (snort3-exploit-kit.rules) * 1:27246 <-> ENABLED <-> MALWARE-OTHER Mac OSX FBI ransomware (snort3-malware-other.rules) * 1:27249 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (snort3-file-office.rules) * 1:27255 <-> DISABLED <-> INDICATOR-COMPROMISE All Numbers .EXE file name from abnormally ordered HTTP headers - Potential Yakes Trojan Download (snort3-indicator-compromise.rules) * 1:27258 <-> DISABLED <-> INDICATOR-OBFUSCATION eval large block of fromCharCode (snort3-indicator-obfuscation.rules) * 1:27259 <-> DISABLED <-> INDICATOR-OBFUSCATION eval large block of fromCharCode (snort3-indicator-obfuscation.rules) * 1:27265 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap buffer overflow attempt (snort3-file-flash.rules) * 1:27266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap buffer overflow attempt (snort3-file-flash.rules) * 1:27267 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript user-supplied PCM resampling integer overflow attempt (snort3-file-flash.rules) * 1:27268 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript user-supplied PCM resampling integer overflow attempt (snort3-file-flash.rules) * 1:27269 <-> DISABLED <-> SERVER-OTHER GuildFTPd CWD command heap overflow attempt (snort3-server-other.rules) * 1:27270 <-> DISABLED <-> SERVER-OTHER GuildFTPd LIST command heap overflow attempt (snort3-server-other.rules) * 1:27273 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit iframe redirection (snort3-exploit-kit.rules) * 1:27274 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java Exploit request structure (snort3-exploit-kit.rules) * 1:27275 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (snort3-file-identify.rules) * 1:27276 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (snort3-file-identify.rules) * 1:27277 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file download request (snort3-file-identify.rules) * 1:27278 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (snort3-file-other.rules) * 1:27279 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (snort3-file-other.rules) * 1:27280 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (snort3-file-other.rules) * 1:27281 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (snort3-file-other.rules) * 1:27525 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (snort3-file-image.rules) * 1:27526 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (snort3-file-image.rules) * 1:27527 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (snort3-file-image.rules) * 1:27528 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (snort3-file-image.rules) * 1:27529 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (snort3-file-image.rules) * 1:27530 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (snort3-file-image.rules) * 1:27532 <-> DISABLED <-> SERVER-MAIL Exim and Dovecot mail from remote command execution attempt (snort3-server-mail.rules) * 1:27536 <-> DISABLED <-> APP-DETECT TCP over DNS response attempt (snort3-app-detect.rules) * 1:27538 <-> DISABLED <-> MALWARE-OTHER self-signed SSL certificate with default MyCompany Ltd organization name (snort3-malware-other.rules) * 1:27540 <-> DISABLED <-> APP-DETECT OzymanDNS dns tunneling up attempt (snort3-app-detect.rules) * 1:27541 <-> DISABLED <-> APP-DETECT OzymanDNS dns tunneling down attempt (snort3-app-detect.rules) * 1:27542 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (snort3-file-identify.rules) * 1:27543 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (snort3-file-identify.rules) * 1:27550 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (snort3-malware-other.rules) * 1:27552 <-> DISABLED <-> OS-MOBILE Android Exploit Extra_Field APK file download attempt (snort3-os-mobile.rules) * 1:27565 <-> ENABLED <-> MALWARE-OTHER HideMeBetter spam injection variant (snort3-malware-other.rules) * 1:27569 <-> DISABLED <-> FILE-IMAGE JPEG parser multipacket heap overflow attempt (snort3-file-image.rules) * 1:27572 <-> ENABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (snort3-server-apache.rules) * 1:27573 <-> ENABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (snort3-server-apache.rules) * 1:27574 <-> ENABLED <-> SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt (snort3-server-apache.rules) * 1:27575 <-> ENABLED <-> SERVER-APACHE Apache Struts arbitrary OGNL remote code execution attempt (snort3-server-apache.rules) * 1:27576 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font maxComponentPoints overflow attempt (snort3-file-other.rules) * 1:27578 <-> DISABLED <-> SERVER-OTHER OpenX POST to known backdoored file (snort3-server-other.rules) * 1:27579 <-> DISABLED <-> SERVER-OTHER Sybase Open Server function pointer array code execution attempt (snort3-server-other.rules) * 1:27593 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split (snort3-indicator-obfuscation.rules) * 1:27594 <-> ENABLED <-> MALWARE-OTHER Fake Adobe Flash Player update warning enticing clicks to malware payload (snort3-malware-other.rules) * 1:27595 <-> ENABLED <-> MALWARE-OTHER Fake Adobe Flash Player malware binary requested (snort3-malware-other.rules) * 1:27602 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (snort3-exploit-kit.rules) * 1:27603 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (snort3-exploit-kit.rules) * 1:27604 <-> DISABLED <-> POLICY-SPAM FedEX spam campaign outbound connection (snort3-policy-spam.rules) * 1:27609 <-> DISABLED <-> POLICY-OTHER Microsoft ADFS endpoint information disclosure attempt (snort3-policy-other.rules) * 1:27610 <-> DISABLED <-> PROTOCOL-ICMP Truncated ICMPv6 denial of service attempt (snort3-protocol-icmp.rules) * 1:27611 <-> DISABLED <-> PROTOCOL-ICMP Truncated ICMPv6 denial of service attempt (snort3-protocol-icmp.rules) * 1:27623 <-> DISABLED <-> SERVER-OTHER Joomla media.php arbitrary file upload attempt (snort3-server-other.rules) * 1:27624 <-> DISABLED <-> OS-WINDOWS Microsoft ICMPv6 mismatched prefix length and length field denial of service attempt (snort3-os-windows.rules) * 1:27668 <-> DISABLED <-> APP-DETECT Heyoka initial outbound connection attempt (snort3-app-detect.rules) * 1:27669 <-> DISABLED <-> APP-DETECT Heyoka outbound communication attempt (snort3-app-detect.rules) * 1:27689 <-> DISABLED <-> FILE-PDF Foxit PDF Reader authentication bypass attempt (snort3-file-pdf.rules) * 1:27690 <-> DISABLED <-> FILE-PDF Foxit PDF Reader authentication bypass attempt (snort3-file-pdf.rules) * 1:27693 <-> DISABLED <-> FILE-JAVA Oracle Java 2D ImagingLib BytePackedRaster signed integer overflow attempt (snort3-file-java.rules) * 1:27694 <-> DISABLED <-> FILE-JAVA Oracle Java 2D ImagingLib BytePackedRaster signed integer overflow attempt (snort3-file-java.rules) * 1:27700 <-> DISABLED <-> APP-DETECT NSTX DNS tunnel outbound connection attempt (snort3-app-detect.rules) * 1:27712 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection injection (snort3-exploit-kit.rules) * 1:27713 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection injection (snort3-exploit-kit.rules) * 1:27715 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page (snort3-exploit-kit.rules) * 1:27721 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .su dns query (snort3-indicator-compromise.rules) * 1:27723 <-> DISABLED <-> SQL McAfee ePolicy Orchestrator timing based SQL injection attempt (snort3-sql.rules) * 1:27724 <-> DISABLED <-> SQL McAfee ePolicy Orchestrator timing based SQL injection attempt (snort3-sql.rules) * 1:27725 <-> DISABLED <-> OS-MOBILE Android SMSAgent.C outbound SMTP communication (snort3-os-mobile.rules) * 1:27729 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /Silic.jsp (snort3-indicator-compromise.rules) * 1:27730 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /css3.jsp (snort3-indicator-compromise.rules) * 1:27731 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /inback.jsp (snort3-indicator-compromise.rules) * 1:27732 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /jspspy.jsp (snort3-indicator-compromise.rules) * 1:27733 <-> DISABLED <-> EXPLOIT-KIT IFRAMEr Tool embedded javascript attack method - generic structure (snort3-exploit-kit.rules) * 1:27734 <-> ENABLED <-> EXPLOIT-KIT IFRAMEr Tool embedded javascript attack method - specific structure (snort3-exploit-kit.rules) * 1:27738 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit landing page (snort3-exploit-kit.rules) * 1:27739 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit redirection page (snort3-exploit-kit.rules) * 1:27754 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (snort3-file-flash.rules) * 1:27755 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (snort3-file-flash.rules) * 1:27764 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (snort3-file-java.rules) * 1:27765 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (snort3-file-java.rules) * 1:27783 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit plugin detection page (snort3-exploit-kit.rules) * 1:27786 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (snort3-file-java.rules) * 1:27787 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (snort3-file-java.rules) * 1:27810 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit redirection (snort3-exploit-kit.rules) * 1:27818 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint denial of service attempt (snort3-server-other.rules) * 1:27819 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint denial of service attempt (snort3-server-other.rules) * 1:27820 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel PtgMemFunc zero-value cce-field read access violation attempt (snort3-file-office.rules) * 1:27821 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel PtgMemFunc zero-value cce-field read access violation attempt (snort3-file-office.rules) * 1:27824 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid external defined names read AV attempt (snort3-file-office.rules) * 1:27825 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid external defined names read AV attempt (snort3-file-office.rules) * 1:27850 <-> ENABLED <-> FILE-OFFICE Microsoft Office SDTI signed integer underflow attempt (snort3-file-office.rules) * 1:27851 <-> ENABLED <-> FILE-OFFICE Microsoft Office SDTI signed integer underflow attempt (snort3-file-office.rules) * 1:27852 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word invalid number of cells memory corruption attempt (snort3-file-office.rules) * 1:27853 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word invalid number of cells memory corruption attempt (snort3-file-office.rules) * 1:27854 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (snort3-file-office.rules) * 1:27855 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (snort3-file-office.rules) * 1:27856 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (snort3-file-office.rules) * 1:27857 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (snort3-file-office.rules) * 1:27858 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word malformed OCXINFO element EoP attempt (snort3-file-office.rules) * 1:27859 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word malformed OCXINFO element EoP attempt (snort3-file-office.rules) * 1:27860 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt (snort3-os-windows.rules) * 1:27861 <-> DISABLED <-> SERVER-ORACLE Oracle Enterprise Manager Database Control directory traversal attempt (snort3-server-oracle.rules) * 1:27879 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Acrobat Reader 8 (snort3-exploit-kit.rules) * 1:27880 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Acrobat Reader 9 (snort3-exploit-kit.rules) * 1:27882 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Flash Player (snort3-exploit-kit.rules) * 1:27887 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (snort3-exploit-kit.rules) * 1:27888 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (snort3-exploit-kit.rules) * 1:27889 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (snort3-exploit-kit.rules) * 1:27890 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit secondary payload (snort3-exploit-kit.rules) * 1:27891 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit secondary payload (snort3-exploit-kit.rules) * 1:27899 <-> DISABLED <-> PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt (snort3-protocol-voip.rules) * 1:27900 <-> DISABLED <-> PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt (snort3-protocol-voip.rules) * 1:27901 <-> DISABLED <-> PROTOCOL-VOIP Ghost call attack attempt (snort3-protocol-voip.rules) * 1:27902 <-> DISABLED <-> PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt (snort3-protocol-voip.rules) * 1:27903 <-> DISABLED <-> PROTOCOL-VOIP Ghost call attack attempt (snort3-protocol-voip.rules) * 1:27904 <-> DISABLED <-> PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt (snort3-protocol-voip.rules) * 1:27907 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit payload download attempt (snort3-exploit-kit.rules) * 1:27911 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit landing page (snort3-exploit-kit.rules) * 1:27912 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit landing page (snort3-exploit-kit.rules) * 1:27913 <-> DISABLED <-> PUA-ADWARE Vittalia adware - get ads (snort3-pua-adware.rules) * 1:27914 <-> DISABLED <-> PUA-ADWARE Vittalia adware - post install (snort3-pua-adware.rules) * 1:27915 <-> DISABLED <-> PUA-ADWARE Vittalia adware outbound connection - pre install (snort3-pua-adware.rules) * 1:27916 <-> DISABLED <-> PUA-TOOLBARS Vittalia adware outbound connection - Eazel toolbar install (snort3-pua-toolbars.rules) * 1:27917 <-> DISABLED <-> PUA-TOOLBARS Vittalia adware outbound connection - offers (snort3-pua-toolbars.rules) * 1:27922 <-> DISABLED <-> APP-DETECT Splashtop outbound connection attempt (snort3-app-detect.rules) * 1:27923 <-> DISABLED <-> APP-DETECT Splashtop connection negotiation attempt (snort3-app-detect.rules) * 1:27924 <-> DISABLED <-> APP-DETECT Splashtop Streamer download attempt (snort3-app-detect.rules) * 1:27925 <-> DISABLED <-> APP-DETECT Splashtop Personal download attempt (snort3-app-detect.rules) * 1:27926 <-> DISABLED <-> APP-DETECT Splashtop Streamer certificate server connect attempt (snort3-app-detect.rules) * 1:27927 <-> DISABLED <-> APP-DETECT Splashtop inbound connection negotiation attempt (snort3-app-detect.rules) * 1:27928 <-> DISABLED <-> APP-DETECT Splashtop connection attempt (snort3-app-detect.rules) * 1:27929 <-> DISABLED <-> APP-DETECT Splashtop communication attempt (snort3-app-detect.rules) * 1:27930 <-> DISABLED <-> APP-DETECT DNS request for Splashtop domain splashtop.com (snort3-app-detect.rules) * 1:27931 <-> DISABLED <-> APP-DETECT DNS request for Splashtop domain splashtop.net (snort3-app-detect.rules) * 1:27932 <-> DISABLED <-> APP-DETECT DNS request for Splashtop domain devicevm.com (snort3-app-detect.rules) * 1:27933 <-> DISABLED <-> APP-DETECT Splashtop streamer download attempt (snort3-app-detect.rules) * 1:27934 <-> DISABLED <-> APP-DETECT Splashtop personal download attempt (snort3-app-detect.rules) * 1:27935 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit landing page (snort3-exploit-kit.rules) * 1:27936 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit portable executable download (snort3-exploit-kit.rules) * 1:27938 <-> DISABLED <-> PROTOCOL-DNS IPv6 host name enumeration (snort3-protocol-dns.rules) * 1:27956 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit download attempt (snort3-malware-other.rules) * 1:27957 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit download attempt (snort3-malware-other.rules) * 1:27958 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit download attempt (snort3-malware-other.rules) * 1:27959 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit upload attempt (snort3-malware-other.rules) * 1:27960 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit upload attempt (snort3-malware-other.rules) * 1:27961 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit upload attempt (snort3-malware-other.rules) * 1:27982 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application executable download attempt (snort3-app-detect.rules) * 1:27983 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application zip download attempt (snort3-app-detect.rules) * 1:27984 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dfgvx.com (snort3-app-detect.rules) * 1:27985 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain hjuyv.com (snort3-app-detect.rules) * 1:27986 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain rfvcd.com (snort3-app-detect.rules) * 1:27987 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain vfrtg.com (snort3-app-detect.rules) * 1:27988 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dongtaiwang.com (snort3-app-detect.rules) * 1:27989 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain mjuyh.com (snort3-app-detect.rules) * 1:27990 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain umikl.com (snort3-app-detect.rules) * 1:27991 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain ziyouforever.com (snort3-app-detect.rules) * 1:27992 <-> DISABLED <-> APP-DETECT DNS response for Dynamic Internet Technology domain ziyouforever.com (snort3-app-detect.rules) * 1:27993 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain xcder.com (snort3-app-detect.rules) * 1:27994 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dit-inc.us (snort3-app-detect.rules) * 1:27995 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain ewsxz.com (snort3-app-detect.rules) * 1:27996 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain nbgtr.com (snort3-app-detect.rules) * 1:27997 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dongtaiwang.net (snort3-app-detect.rules) * 1:27998 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain washingtonchinareview.org (snort3-app-detect.rules) * 1:27999 <-> DISABLED <-> APP-DETECT Possible Dynamic Internet Technology Frontgate application PING (snort3-app-detect.rules) * 1:28000 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application executable download attempt (snort3-app-detect.rules) * 1:28001 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application zip download attempt (snort3-app-detect.rules) * 1:28002 <-> DISABLED <-> INDICATOR-SCAN UPnP WANPPPConnection (snort3-indicator-scan.rules) * 1:28003 <-> DISABLED <-> INDICATOR-SCAN UPnP WANIPConnection (snort3-indicator-scan.rules) * 1:28006 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kuluoz outbound download request (snort3-malware-other.rules) * 1:28015 <-> ENABLED <-> EXPLOIT-KIT g01pack exploit kit redirection attempt (snort3-exploit-kit.rules) * 1:28016 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (snort3-exploit-kit.rules) * 1:28017 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (snort3-exploit-kit.rules) * 1:28018 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (snort3-exploit-kit.rules) * 1:28019 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (snort3-exploit-kit.rules) * 1:28020 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (snort3-exploit-kit.rules) * 1:28021 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (snort3-exploit-kit.rules) * 1:28022 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - IFRAMEr injection tool (snort3-exploit-kit.rules) * 1:28026 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (snort3-exploit-kit.rules) * 1:28028 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit exploit download attempt (snort3-exploit-kit.rules) * 1:28038 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit successful redirection (snort3-exploit-kit.rules) * 1:28043 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (snort3-os-mobile.rules) * 1:28046 <-> DISABLED <-> OS-MOBILE Android fake iMessage app download (snort3-os-mobile.rules) * 1:28054 <-> ENABLED <-> MALWARE-OTHER VBScript potential executable write attempt (snort3-malware-other.rules) * 1:28055 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV outbound communication attempt (snort3-os-mobile.rules) * 1:28056 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV APK file download attempt (snort3-os-mobile.rules) * 1:28057 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV APK file download attempt (snort3-os-mobile.rules) * 1:28068 <-> DISABLED <-> APP-DETECT 360.cn Safeguard runtime outbound communication (snort3-app-detect.rules) * 1:28069 <-> DISABLED <-> APP-DETECT DNS request for potential malware SafeGuard to domain 360.cn (snort3-app-detect.rules) * 1:28070 <-> DISABLED <-> APP-DETECT DNS request for potential malware SafeGuard to domain 360safe.com (snort3-app-detect.rules) * 1:28071 <-> DISABLED <-> APP-DETECT 360.cn SafeGuard local HTTP management console access attempt (snort3-app-detect.rules) * 1:28081 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Malapp APK file download attempt (snort3-os-mobile.rules) * 1:28082 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Malapp APK file download attempt (snort3-os-mobile.rules) * 1:28086 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SmsSpy APK file download attempt (snort3-os-mobile.rules) * 1:28087 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SmsSpy APK file download attempt (snort3-os-mobile.rules) * 1:28088 <-> DISABLED <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt (snort3-policy-social.rules) * 1:28089 <-> DISABLED <-> POLICY-SOCIAL multiple chat protocols link to local file attempt (snort3-policy-social.rules) * 1:28090 <-> DISABLED <-> POLICY-SOCIAL multiple chat protocols link to local file attempt (snort3-policy-social.rules) * 1:28098 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS reGenerateReports/DeleteReports SQL injection attempt (snort3-server-other.rules) * 1:28099 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS reGenerateReports/DeleteReports SQL injection attempt (snort3-server-other.rules) * 1:28100 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS deleteReportFilter SQL injection attempt (snort3-server-other.rules) * 1:28101 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS reGenerateReports/DeleteReports SQL injection attempt (snort3-server-other.rules) * 1:28102 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS ReportFilterID/reportTemplateID SQL injection attempt (snort3-server-other.rules) * 1:28103 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Workspace file FontCount record memory corruption attempt (snort3-file-office.rules) * 1:28137 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ShrFmla record use after free attempt (snort3-file-office.rules) * 1:28138 <-> ENABLED <-> EXPLOIT-KIT DotkaChef/Rmayana exploit kit redirection attempt (snort3-exploit-kit.rules) * 1:28140 <-> DISABLED <-> PUA-ADWARE Win.Adware.Schmidti outbound communication attempt (snort3-pua-adware.rules) * 1:28149 <-> DISABLED <-> SERVER-OTHER Quest Software Big Brother attempted arbitrary file deletion (snort3-server-other.rules) * 1:28150 <-> DISABLED <-> SERVER-OTHER Quest Software Big Brother attempted arbitrary file upload (snort3-server-other.rules) * 1:28156 <-> DISABLED <-> PUA-ADWARE Linkury outbound time check (snort3-pua-adware.rules) * 1:28161 <-> DISABLED <-> FILE-OTHER Microsoft .NET XML digital signature denial of service attempt (snort3-file-other.rules) * 1:28162 <-> DISABLED <-> FILE-OTHER Microsoft .NET XML digital signature denial of service attempt (snort3-file-other.rules) * 1:28165 <-> DISABLED <-> PROTOCOL-VOIP attempted DOS detected (snort3-protocol-voip.rules) * 1:28190 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cc dns query (snort3-indicator-compromise.rules) * 1:28194 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit landing page (snort3-exploit-kit.rules) * 1:28195 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit post java exploit download attempt (snort3-exploit-kit.rules) * 1:28201 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint XSS attempt (snort3-server-other.rules) * 1:28202 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (snort3-file-other.rules) * 1:28203 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (snort3-file-other.rules) * 1:28205 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2003 macro byte opcode large data structure arbitrary code execution attempt (snort3-file-office.rules) * 1:28206 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2003 macro byte opcode large data structure arbitrary code execution attempt (snort3-file-office.rules) * 1:28213 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit redirection received (snort3-exploit-kit.rules) * 1:28233 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit payload download attempt (snort3-exploit-kit.rules) * 1:28238 <-> DISABLED <-> EXPLOIT-KIT Multiple exploit kits malicious pdf download (snort3-exploit-kit.rules) * 1:28245 <-> DISABLED <-> APP-DETECT Bizhi Sogou Wallpaper application outbound connection attempt (snort3-app-detect.rules) * 1:28246 <-> DISABLED <-> APP-DETECT Bizhi Sogou Wallpaper application download schema response (snort3-app-detect.rules) * 1:28264 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit java compromise successful (snort3-exploit-kit.rules) * 1:28265 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page attempt (snort3-exploit-kit.rules) * 1:28279 <-> ENABLED <-> PUA-ADWARE Wajam outbound connection - post install (snort3-pua-adware.rules) * 1:28280 <-> ENABLED <-> PUA-ADWARE Wajam outbound connection - post install (snort3-pua-adware.rules) * 1:28286 <-> ENABLED <-> FILE-OTHER overly large XML file MSXML heap overflow attempt (snort3-file-other.rules) * 1:28291 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit exploit download attempt (snort3-exploit-kit.rules) * 1:28292 <-> DISABLED <-> PROTOCOL-ICMP IPv6 0xfacebabe ICMP ping attempt (snort3-protocol-icmp.rules) * 1:28301 <-> DISABLED <-> INDICATOR-SCAN User-Agent known malicious user-agent Masscan (snort3-indicator-scan.rules) * 1:28308 <-> ENABLED <-> EXPLOIT-KIT Himan exploit kit payload - Adobe Reader compromise (snort3-exploit-kit.rules) * 1:28310 <-> ENABLED <-> EXPLOIT-KIT Himan exploit kit payload - Oracle Java compromise (snort3-exploit-kit.rules) * 1:28324 <-> ENABLED <-> PUA-ADWARE FakeAV runtime detection (snort3-pua-adware.rules) * 1:28344 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to chr function - possible sql injection obfuscation (snort3-indicator-obfuscation.rules) * 1:28347 <-> DISABLED <-> MALWARE-OTHER SimpleTDS - page redirecting to a SimpleTDS (snort3-malware-other.rules) * 1:28348 <-> DISABLED <-> MALWARE-OTHER SimpleTDS - request to go.php (snort3-malware-other.rules) * 1:28365 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Stoberox outbound communication attempt (snort3-malware-other.rules) * 1:28367 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (snort3-file-identify.rules) * 1:28368 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (snort3-file-identify.rules) * 1:28369 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (snort3-file-identify.rules) * 1:28370 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (snort3-file-identify.rules) * 1:28371 <-> ENABLED <-> PUA-ADWARE UpdateStar CIS file retrieval attempt (snort3-pua-adware.rules) * 1:28372 <-> ENABLED <-> PUA-ADWARE UpdateStar encapsulated installer outbound connection (snort3-pua-adware.rules) * 1:28382 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index file download request (snort3-file-identify.rules) * 1:28383 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (snort3-file-identify.rules) * 1:28384 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (snort3-file-identify.rules) * 1:28386 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTML Help security zone bypass attempt (snort3-os-windows.rules) * 1:28387 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTML Help security zone bypass attempt (snort3-os-windows.rules) * 1:28390 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (snort3-file-office.rules) * 1:28391 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (snort3-file-office.rules) * 1:28392 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (snort3-file-multimedia.rules) * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (snort3-server-other.rules) * 1:28423 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit single digit exe detection (snort3-exploit-kit.rules) * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (snort3-os-windows.rules) * 1:28450 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retrieve attempt (snort3-exploit-kit.rules) * 1:28483 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Magitart outbound communication attempt (snort3-malware-other.rules) * 1:28497 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detected (snort3-file-identify.rules) * 1:28498 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (snort3-file-other.rules) * 1:28499 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (snort3-file-other.rules) * 1:28500 <-> DISABLED <-> FILE-OTHER WordPerfect file magic with .doc extension (snort3-file-other.rules) * 1:28501 <-> DISABLED <-> FILE-OTHER WordPerfect file magic with .doc extension (snort3-file-other.rules) * 1:28502 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (snort3-file-other.rules) * 1:28503 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (snort3-file-other.rules) * 1:28521 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (snort3-file-other.rules) * 1:28530 <-> DISABLED <-> PUA-TOOLBARS Babylon toolbar outbound connection (snort3-pua-toolbars.rules) * 1:28531 <-> DISABLED <-> PUA-ADWARE FreePDS installer outbound connection (snort3-pua-adware.rules) * 1:28532 <-> DISABLED <-> MALWARE-TOOLS PyLoris http DoS tool (snort3-malware-tools.rules) * 1:28534 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (snort3-file-other.rules) * 1:28535 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (snort3-file-other.rules) * 1:28536 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (snort3-file-other.rules) * 1:28537 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (snort3-file-other.rules) * 1:28544 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (snort3-file-office.rules) * 1:28545 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (snort3-file-office.rules) * 1:28546 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (snort3-file-office.rules) * 1:28549 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (snort3-file-office.rules) * 1:28550 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (snort3-file-office.rules) * 1:28552 <-> DISABLED <-> INDICATOR-SCAN inbound probing for IPTUX messenger port (snort3-indicator-scan.rules) * 1:28555 <-> DISABLED <-> MALWARE-OTHER SQL Slammer worm propagation attempt inbound (snort3-malware-other.rules) * 1:28567 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free race condition (snort3-file-flash.rules) * 1:28568 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (snort3-file-flash.rules) * 1:28569 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (snort3-file-flash.rules) * 1:28570 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (snort3-file-identify.rules) * 1:28571 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (snort3-file-identify.rules) * 1:28572 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (snort3-file-identify.rules) * 1:28573 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (snort3-file-identify.rules) * 1:28574 <-> ENABLED <-> FILE-IDENTIFY FDF file download request (snort3-file-identify.rules) * 1:28575 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader FDF submitForm cross-site scripting attempt (snort3-file-other.rules) * 1:28576 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader FDF submitForm cross-site scripting attempt (snort3-file-other.rules) * 1:28577 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader memory disclosure attempt (snort3-file-pdf.rules) * 1:28578 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader memory disclosure attempt (snort3-file-pdf.rules) * 1:28587 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GlyphOffset memory disclosure attempt (snort3-file-flash.rules) * 1:28588 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GlyphOffset memory disclosure attempt (snort3-file-flash.rules) * 1:28589 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (snort3-file-flash.rules) * 1:28590 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (snort3-file-flash.rules) * 1:28591 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF remote code execution attempt (snort3-file-pdf.rules) * 1:28592 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF remote code execution attempt (snort3-file-pdf.rules) * 1:28593 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit payload download (snort3-exploit-kit.rules) * 1:28594 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit Microsoft Internet Explorer vulnerability request (snort3-exploit-kit.rules) * 1:28597 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader field dictionary null pointer dereference attempt (snort3-file-pdf.rules) * 1:28598 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader field dictionary null pointer dereference attempt (snort3-file-pdf.rules) * 1:28600 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (snort3-file-pdf.rules) * 1:28601 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (snort3-file-pdf.rules) * 1:28602 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (snort3-file-pdf.rules) * 1:28603 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (snort3-file-pdf.rules) * 1:28608 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit Atomic exploit download - specific-structure (snort3-exploit-kit.rules) * 1:28609 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit obfuscated exploit payload download (snort3-exploit-kit.rules) * 1:28610 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retreive attempt (snort3-exploit-kit.rules) * 1:28617 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDSElementGetPageRangeList recursive call denial of service attempt (snort3-file-pdf.rules) * 1:28618 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDSElementGetPageRangeList recursive call denial of service attempt (snort3-file-pdf.rules) * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (snort3-file-flash.rules) * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (snort3-file-flash.rules) * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (snort3-file-flash.rules) * 1:28796 <-> ENABLED <-> EXPLOIT-KIT iFRAMEr successful cnt.php redirection (snort3-exploit-kit.rules) * 1:28797 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit binkey xored binary download attempt (snort3-exploit-kit.rules) * 1:28798 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit possibly malicious iframe embedded into a webpage (snort3-exploit-kit.rules) * 1:28818 <-> DISABLED <-> FILE-OTHER 7-Zip ARJ archive handling buffer overflow attempt (snort3-file-other.rules) * 1:28819 <-> DISABLED <-> FILE-OTHER 7-Zip ARJ archive handling buffer overflow attempt (snort3-file-other.rules) * 1:28821 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (snort3-server-other.rules) * 1:28822 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (snort3-server-other.rules) * 1:28823 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (snort3-server-other.rules) * 1:28824 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (snort3-server-other.rules) * 1:28825 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (snort3-server-other.rules) * 1:28826 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (snort3-server-other.rules) * 1:28827 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (snort3-server-other.rules) * 1:28831 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro d2d1.dll dll-load exploit attempt (snort3-file-other.rules) * 1:28833 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (snort3-file-other.rules) * 1:28834 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (snort3-file-other.rules) * 1:28835 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (snort3-file-other.rules) * 1:28836 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wintab32.dll dll-load exploit attempt (snort3-file-other.rules) * 1:28837 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro d2d1.dll dll-load exploit attempt (snort3-file-other.rules) * 1:28839 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (snort3-file-other.rules) * 1:28840 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (snort3-file-other.rules) * 1:28841 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (snort3-file-other.rules) * 1:28842 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wintab32.dll dll-load exploit attempt (snort3-file-other.rules) * 1:28847 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Tavdig download attempt (snort3-malware-other.rules) * 1:28848 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Tavdig download attempt (snort3-malware-other.rules) * 1:28867 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (snort3-os-windows.rules) * 1:28868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (snort3-os-windows.rules) * 1:28869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (snort3-os-windows.rules) * 1:28870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (snort3-os-windows.rules) * 1:28871 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (snort3-os-windows.rules) * 1:28872 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (snort3-os-windows.rules) * 1:28883 <-> ENABLED <-> PUA-ADWARE Apponic CIS file retrieval attempt (snort3-pua-adware.rules) * 1:28884 <-> ENABLED <-> PUA-ADWARE Apponic encapsulated installer outbound connection (snort3-pua-adware.rules) * 1:28885 <-> ENABLED <-> PUA-ADWARE Apponic encapsulated installer outbound connection (snort3-pua-adware.rules) * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (snort3-file-identify.rules) * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (snort3-file-identify.rules) * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (snort3-file-identify.rules) * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (snort3-file-identify.rules) * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (snort3-file-identify.rules) * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (snort3-file-identify.rules) * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (snort3-file-identify.rules) * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (snort3-file-identify.rules) * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:28908 <-> DISABLED <-> SERVER-OTHER Nagios core config manager tfpassword sql injection attempt (snort3-server-other.rules) * 1:28913 <-> DISABLED <-> MALWARE-BACKDOOR Zollard variant outbound connection attempt (snort3-malware-backdoor.rules) * 1:28917 <-> DISABLED <-> PROTOCOL-SCADA Microsys Promotic directory traversal attempt (snort3-protocol-scada.rules) * 1:28926 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (snort3-file-java.rules) * 1:28927 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (snort3-file-java.rules) * 1:28929 <-> ENABLED <-> PUA-ADWARE Amonetize installer outbound connection attempt (snort3-pua-adware.rules) * 1:28934 <-> DISABLED <-> PUA-ADWARE InstallBrain software download attempt (snort3-pua-adware.rules) * 1:28935 <-> DISABLED <-> PUA-ADWARE InstallBrain software download attempt (snort3-pua-adware.rules) * 1:28945 <-> DISABLED <-> INDICATOR-COMPROMISE exe.exe download (snort3-indicator-compromise.rules) * 1:28963 <-> ENABLED <-> EXPLOIT-KIT HiMan exploit kit Flash Exploit landing page (snort3-exploit-kit.rules) * 1:28966 <-> ENABLED <-> EXPLOIT-KIT HiMan exploit kit outbound POST connection (snort3-exploit-kit.rules) * 1:28968 <-> ENABLED <-> EXPLOIT-KIT HiMan exploit kit outbound flash exploit retrieval attempt (snort3-exploit-kit.rules) * 1:28978 <-> DISABLED <-> FILE-OTHER CHM LZX compression reset interval anti-virus evasion attempt (snort3-file-other.rules) * 1:28979 <-> DISABLED <-> FILE-OTHER CHM LZX compression reset interval anti-virus evasion attempt (snort3-file-other.rules) * 1:28993 <-> DISABLED <-> PROTOCOL-VOIP Sipvicious User-Agent detected (snort3-protocol-voip.rules) * 1:28998 <-> DISABLED <-> OS-LINUX Linux kernel ARM put_user write outside process address space privilege escalation attempt (snort3-os-linux.rules) * 1:28999 <-> DISABLED <-> OS-LINUX Linux kernel ARM put_user write outside process address space privilege escalation attempt (snort3-os-linux.rules) * 1:29001 <-> ENABLED <-> EXPLOIT-KIT SPL2 exploit kit landing page detection (snort3-exploit-kit.rules) * 1:29002 <-> ENABLED <-> EXPLOIT-KIT SPL2 exploit kit Silverlight plugin outbound connection attempt (snort3-exploit-kit.rules) * 1:29006 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (snort3-file-identify.rules) * 1:29007 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (snort3-file-identify.rules) * 1:29008 <-> ENABLED <-> FILE-IDENTIFY XWD image file download request (snort3-file-identify.rules) * 1:29009 <-> DISABLED <-> FILE-OTHER GIMP XWD file heap buffer overflow attempt (snort3-file-other.rules) * 1:29010 <-> DISABLED <-> FILE-OTHER GIMP XWD file heap buffer overflow attempt (snort3-file-other.rules) * 1:29012 <-> ENABLED <-> MALWARE-OTHER Possible Win.Trojan.Zbot variant outbound connection (snort3-malware-other.rules) * 1:29013 <-> ENABLED <-> MALWARE-OTHER Possible Win.Trojan.Zbot variant outbound connection (snort3-malware-other.rules) * 1:29014 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded OpenType font engine LZX decompression buffer overflow attempt (snort3-os-windows.rules) * 1:29023 <-> ENABLED <-> MALWARE-OTHER multi-hop iframe campaign client-side exploit attempt (snort3-malware-other.rules) * 1:29024 <-> ENABLED <-> MALWARE-OTHER multi-hop iframe campaign client-side exploit attempt (snort3-malware-other.rules) * 1:29025 <-> ENABLED <-> MALWARE-OTHER multi-hop iframe campaign client-side exploit attempt (snort3-malware-other.rules) * 1:29028 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server TDS packet fragment handling remote denial of service attempt (snort3-server-mssql.rules) * 1:29029 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server TDS packet fragment handling remote denial of service attempt (snort3-server-mssql.rules) * 1:29047 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (snort3-file-flash.rules) * 1:29048 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (snort3-file-flash.rules) * 1:29049 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (snort3-file-flash.rules) * 1:29050 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (snort3-file-flash.rules) * 1:29051 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (snort3-file-flash.rules) * 1:29052 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (snort3-file-flash.rules) * 1:29053 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (snort3-file-flash.rules) * 1:29054 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (snort3-file-flash.rules) * 1:29055 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Descrantol variant data exfiltration attempt (snort3-malware-backdoor.rules) * 1:29061 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (snort3-file-multimedia.rules) * 1:29062 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed JBIG2 decode segment null pointer crash attempt (snort3-file-pdf.rules) * 1:29063 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed JBIG2 decode segment null pointer crash attempt (snort3-file-pdf.rules) * 1:29094 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.Shatekrat variant initial outbound connection (snort3-malware-backdoor.rules) * 1:29096 <-> ENABLED <-> MALWARE-TOOLS Browser Password Decryptor - Password List sent via FTP (snort3-malware-tools.rules) * 1:29124 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.InstallMonster variant outbound connection (snort3-malware-other.rules) * 1:29162 <-> ENABLED <-> FILE-IDENTIFY CIS file download request (snort3-file-identify.rules) * 1:29164 <-> DISABLED <-> EXPLOIT-KIT CritX exploit kit outbound flash request (snort3-exploit-kit.rules) * 1:29182 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (snort3-file-other.rules) * 1:29183 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (snort3-file-other.rules) * 1:29184 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (snort3-file-other.rules) * 1:29185 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (snort3-file-other.rules) * 1:29186 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound connection (snort3-exploit-kit.rules) * 1:29188 <-> DISABLED <-> EXPLOIT-KIT Magnitude exploit kit embedded open type font file request (snort3-exploit-kit.rules) * 1:29194 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding registers - too many inputs (snort3-protocol-scada.rules) * 1:29195 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input register - too many inputs (snort3-protocol-scada.rules) * 1:29196 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input status - too many inputs (snort3-protocol-scada.rules) * 1:29197 <-> DISABLED <-> PROTOCOL-SCADA Modbus read write multiple registers - too many writes (snort3-protocol-scada.rules) * 1:29198 <-> DISABLED <-> PROTOCOL-SCADA Modbus read write multiple registers - too many writes (snort3-protocol-scada.rules) * 1:29199 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple registers - too many registers (snort3-protocol-scada.rules) * 1:29200 <-> DISABLED <-> PROTOCOL-SCADA Modbus write single coil - invalid state (snort3-protocol-scada.rules) * 1:29201 <-> DISABLED <-> PROTOCOL-SCADA Modbus read coil status response - too many coils (snort3-protocol-scada.rules) * 1:29202 <-> DISABLED <-> PROTOCOL-SCADA Modbus read coil status response - too many coils (snort3-protocol-scada.rules) * 1:29203 <-> DISABLED <-> PROTOCOL-SCADA Modbus read fifo response invalid byte count (snort3-protocol-scada.rules) * 1:29204 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding register response - invalid byte count (snort3-protocol-scada.rules) * 1:29205 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input registers response invalid byte count (snort3-protocol-scada.rules) * 1:29206 <-> DISABLED <-> PROTOCOL-SCADA Modbus read write register response - invalid byte count (snort3-protocol-scada.rules) * 1:29207 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (snort3-file-other.rules) * 1:29208 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (snort3-file-other.rules) * 1:29209 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (snort3-file-other.rules) * 1:29210 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (snort3-file-other.rules) * 1:29211 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (snort3-file-other.rules) * 1:29212 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (snort3-file-other.rules) * 1:29214 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (snort3-file-java.rules) * 1:29215 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (snort3-file-java.rules) * 1:29218 <-> ENABLED <-> FILE-JAVA Oracle Java and JavaFX JPEGImageReader memory corruption attempt (snort3-file-java.rules) * 1:29219 <-> ENABLED <-> FILE-JAVA Oracle Java and JavaFX JPEGImageReader memory corruption attempt (snort3-file-java.rules) * 1:29266 <-> DISABLED <-> SERVER-OTHER Cisco Prime Data Center Network Manager arbitrary file read attempt (snort3-server-other.rules) * 1:29268 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (snort3-file-java.rules) * 1:29269 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (snort3-file-java.rules) * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (snort3-file-identify.rules) * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (snort3-file-identify.rules) * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (snort3-file-identify.rules) * 1:29282 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (snort3-file-flash.rules) * 1:29283 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (snort3-file-flash.rules) * 1:29284 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (snort3-file-flash.rules) * 1:29285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (snort3-file-flash.rules) * 1:29286 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (snort3-file-flash.rules) * 1:29287 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (snort3-file-flash.rules) * 1:29288 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (snort3-file-flash.rules) * 1:29314 <-> DISABLED <-> PROTOCOL-SCADA Modbus function scan (snort3-protocol-scada.rules) * 1:29315 <-> DISABLED <-> PROTOCOL-SCADA Modbus list scan (snort3-protocol-scada.rules) * 1:29316 <-> DISABLED <-> PROTOCOL-SCADA Modbus value scan (snort3-protocol-scada.rules) * 1:29317 <-> DISABLED <-> PROTOCOL-SCADA Modbus invalid exception message (snort3-protocol-scada.rules) * 1:29318 <-> DISABLED <-> PROTOCOL-SCADA Modbus invalid encapsulated interface response (snort3-protocol-scada.rules) * 1:29319 <-> DISABLED <-> PROTOCOL-SCADA Modbus invalid encapsulated interface request (snort3-protocol-scada.rules) * 1:29320 <-> DISABLED <-> APP-DETECT Baidu IME download attempt (snort3-app-detect.rules) * 1:29321 <-> DISABLED <-> APP-DETECT Baidu IME download attempt (snort3-app-detect.rules) * 1:29322 <-> DISABLED <-> APP-DETECT Baidu IME runtime detection - remote sync (snort3-app-detect.rules) * 1:29354 <-> DISABLED <-> APP-DETECT Foca file scanning attempt (snort3-app-detect.rules) * 1:29357 <-> DISABLED <-> PUA-P2P Vuze BitTorrent client outbound connection (snort3-pua-p2p.rules) * 1:29360 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit encrypted binary download (snort3-exploit-kit.rules) * 1:29361 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (snort3-exploit-kit.rules) * 1:29362 <-> DISABLED <-> SERVER-OTHER Novell NetWare AFP denial of service attempt (snort3-server-other.rules) * 1:29364 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Esjey outbound communication attempt (snort3-malware-other.rules) * 1:29381 <-> DISABLED <-> APP-DETECT VPN Over DNS outbound traffic attempt (snort3-app-detect.rules) * 1:29382 <-> DISABLED <-> APP-DETECT VPN Over DNS application download attempt (snort3-app-detect.rules) * 1:29383 <-> DISABLED <-> APP-DETECT VPN Over DNS application download attempt (snort3-app-detect.rules) * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (snort3-file-identify.rules) * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (snort3-file-identify.rules) * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (snort3-file-identify.rules) * 1:29393 <-> DISABLED <-> SERVER-OTHER ntp monlist denial of service attempt (snort3-server-other.rules) * 1:29396 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same (snort3-policy-spam.rules) * 1:29397 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same (snort3-policy-spam.rules) * 1:29398 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same (snort3-policy-spam.rules) * 1:29399 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same (snort3-policy-spam.rules) * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (snort3-file-identify.rules) * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (snort3-file-identify.rules) * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (snort3-file-identify.rules) * 1:29411 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page (snort3-exploit-kit.rules) * 1:29412 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Java download attempt (snort3-exploit-kit.rules) * 1:29413 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (snort3-exploit-kit.rules) * 1:29414 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (snort3-exploit-kit.rules) * 1:29418 <-> DISABLED <-> OS-MOBILE Android signature validation bypass APK file download attempt (snort3-os-mobile.rules) * 1:29419 <-> DISABLED <-> OS-MOBILE Android signature validation bypass APK file download attempt (snort3-os-mobile.rules) * 1:29433 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (snort3-file-image.rules) * 1:29437 <-> DISABLED <-> OS-MOBILE Android Goodix gt915 touchscreen driver improper bounds-check privileged access attempt (snort3-os-mobile.rules) * 1:29438 <-> DISABLED <-> OS-MOBILE Android Goodix gt915 touchscreen driver improper bounds-check privileged access attempt (snort3-os-mobile.rules) * 1:29444 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit flashplayer11 payload download (snort3-exploit-kit.rules) * 1:29447 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit payload download - scandsk.exe (snort3-exploit-kit.rules) * 1:29454 <-> DISABLED <-> PROTOCOL-ICMP Unusual L3retriever Ping detected (snort3-protocol-icmp.rules) * 1:29455 <-> DISABLED <-> PROTOCOL-ICMP Unusual Microsoft Windows Ping detected (snort3-protocol-icmp.rules) * 1:29456 <-> DISABLED <-> PROTOCOL-ICMP Unusual PING detected (snort3-protocol-icmp.rules) * 1:29457 <-> DISABLED <-> PROTOCOL-ICMP Unusual Microsoft Windows 7 Ping detected (snort3-protocol-icmp.rules) * 1:29490 <-> ENABLED <-> FILE-JAVA Oracle Java ShortComponentRaster integer overflow attempt (snort3-file-java.rules) * 1:29491 <-> ENABLED <-> FILE-JAVA Oracle Java ShortComponentRaster integer overflow attempt (snort3-file-java.rules) * 1:29500 <-> DISABLED <-> PUA-ADWARE 4Shared Downloader outbound connection attempt (snort3-pua-adware.rules) * 1:29501 <-> DISABLED <-> PUA-ADWARE 4Shared Downloader executable file download attempt (snort3-pua-adware.rules) * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (snort3-os-windows.rules) * 1:29515 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (snort3-protocol-scada.rules) * 1:29516 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (snort3-server-other.rules) * 1:29517 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (snort3-server-other.rules) * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (snort3-file-multimedia.rules) * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (snort3-file-multimedia.rules) * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (snort3-file-flash.rules) * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (snort3-file-flash.rules) * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:29534 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (snort3-protocol-scada.rules) * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (snort3-file-java.rules) * 1:29539 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (snort3-file-multimedia.rules) * 1:29540 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (snort3-file-multimedia.rules) * 1:29541 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (snort3-file-multimedia.rules) * 1:29542 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (snort3-file-multimedia.rules) * 1:29543 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (snort3-file-multimedia.rules) * 1:29544 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (snort3-file-multimedia.rules) * 1:29545 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (snort3-file-multimedia.rules) * 1:29546 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (snort3-file-multimedia.rules) * 1:29551 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (snort3-file-flash.rules) * 1:29552 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (snort3-file-flash.rules) * 1:29553 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (snort3-file-flash.rules) * 1:29554 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (snort3-file-flash.rules) * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (snort3-browser-firefox.rules) * 1:29582 <-> DISABLED <-> SERVER-OTHER Mediawiki DjVu and PDF handling code execution attempt (snort3-server-other.rules) * 1:29585 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt (snort3-server-other.rules) * 1:29586 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (snort3-server-other.rules) * 1:29587 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (snort3-server-other.rules) * 1:29588 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (snort3-server-other.rules) * 1:29589 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (snort3-server-other.rules) * 1:29590 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (snort3-server-other.rules) * 1:29591 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (snort3-server-other.rules) * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (snort3-server-apache.rules) * 1:29604 <-> DISABLED <-> OS-OTHER CoDeSys Gateway Server Denial of Service attempt detected (snort3-os-other.rules) * 1:29605 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (snort3-file-java.rules) * 1:29606 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (snort3-file-java.rules) * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (snort3-server-other.rules) * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (snort3-server-other.rules) * 1:29611 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (snort3-server-other.rules) * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (snort3-file-identify.rules) * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (snort3-file-identify.rules) * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (snort3-file-identify.rules) * 1:29626 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (snort3-server-other.rules) * 1:29628 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (snort3-server-other.rules) * 1:29629 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (snort3-server-other.rules) * 1:29640 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (snort3-malware-other.rules) * 1:29641 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (snort3-malware-other.rules) * 1:29642 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (snort3-malware-other.rules) * 1:29643 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (snort3-malware-other.rules) * 1:29660 <-> DISABLED <-> FILE-OTHER Norton Anti-Virus decompression bomb denial of service attempt (snort3-file-other.rules) * 1:29661 <-> DISABLED <-> FILE-OTHER Norton Anti-Virus decompression bomb denial of service attempt (snort3-file-other.rules) * 1:29669 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader pattern object memory corruption attempt (snort3-file-pdf.rules) * 1:29715 <-> DISABLED <-> SERVER-IIS Microsoft Windows ASP .NET denial of service attempt (snort3-server-iis.rules) * 1:29723 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (snort3-file-office.rules) * 1:29724 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (snort3-file-office.rules) * 1:29725 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (snort3-file-office.rules) * 1:29726 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (snort3-file-office.rules) * 1:29745 <-> DISABLED <-> INDICATOR-OBFUSCATION Alternating character encodings - JS variable (snort3-indicator-obfuscation.rules) * 1:29755 <-> DISABLED <-> BROWSER-CHROME Google Chrome and Apple Safari Ruby before and after memory corruption (snort3-browser-chrome.rules) * 1:29792 <-> DISABLED <-> SERVER-OTHER Novell iPrint Server remote code execution attempt (snort3-server-other.rules) * 1:29793 <-> DISABLED <-> SERVER-OTHER D-Link IP Cameras execution of commands from administration web interface (snort3-server-other.rules) * 1:29794 <-> DISABLED <-> SERVER-OTHER D-Link IP Cameras access to the video stream via HTTP (snort3-server-other.rules) * 1:29795 <-> DISABLED <-> SERVER-OTHER D-Link IP Cameras access the ASCII video stream via image luminance (snort3-server-other.rules) * 1:29800 <-> DISABLED <-> FILE-OTHER XML exponential entity expansion attack attempt (snort3-file-other.rules) * 1:29807 <-> DISABLED <-> INDICATOR-OBFUSCATION Alternating character encodings - JS array (snort3-indicator-obfuscation.rules) * 1:29809 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (snort3-browser-webkit.rules) * 1:29810 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (snort3-browser-webkit.rules) * 1:29811 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (snort3-browser-webkit.rules) * 1:29812 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (snort3-browser-webkit.rules) * 1:29823 <-> DISABLED <-> OS-WINDOWS Microsoft Windows secure channel malformed certificate request memory corruption attempt (snort3-os-windows.rules) * 1:29835 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode object type confusion information disclosure attempt (snort3-file-flash.rules) * 1:29836 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode object type confusion information disclosure attempt (snort3-file-flash.rules) * 1:29864 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit payload request (snort3-exploit-kit.rules) * 1:29866 <-> DISABLED <-> SERVER-IIS Microsoft Windows Server 2012 IIS OData protocol nested replace filter dos attempt (snort3-server-iis.rules) * 1:29871 <-> DISABLED <-> SERVER-ORACLE Oracle Reports server remote code execution attempt (snort3-server-oracle.rules) * 1:29874 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Dremseko outbound username enumeration (snort3-malware-backdoor.rules) * 1:29888 <-> DISABLED <-> FILE-OTHER Clam Anti-Virus TNEF file handling denial of service attempt (snort3-file-other.rules) * 1:29889 <-> DISABLED <-> FILE-OTHER Clam Anti-Virus TNEF file handling denial of service attempt (snort3-file-other.rules) * 1:29896 <-> DISABLED <-> SERVER-APACHE Apache Tomcat infinite loop denial of service attempt (snort3-server-apache.rules) * 1:29902 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (snort3-file-pdf.rules) * 1:29903 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (snort3-file-pdf.rules) * 1:29904 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (snort3-file-pdf.rules) * 1:29905 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (snort3-file-pdf.rules) * 1:29918 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Vacky system information disclosure (snort3-malware-other.rules) * 1:29926 <-> ENABLED <-> FILE-FLASH Adobe Flash Player buffer overflow attempt (snort3-file-flash.rules) * 1:29927 <-> ENABLED <-> FILE-FLASH Adobe Flash Player buffer overflow attempt (snort3-file-flash.rules) * 1:29932 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE regexp out of bounds memory leak ASLR bypass attempt (snort3-file-flash.rules) * 1:29933 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE regexp out of bounds memory leak ASLR bypass attempt (snort3-file-flash.rules) * 1:29934 <-> DISABLED <-> FILE-FLASH Adobe Flash regular expression grouping depth buffer overflow attempt (snort3-file-flash.rules) * 1:29935 <-> DISABLED <-> PROTOCOL-DNS ISC libdns client NAPTR record regular expression handling denial of service attempt (snort3-protocol-dns.rules) * 1:29938 <-> DISABLED <-> SERVER-OTHER InduSoft Web Studio Remote Agent buffer overflow attempt (snort3-server-other.rules) * 1:29939 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (snort3-server-other.rules) * 1:29940 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (snort3-server-other.rules) * 1:29941 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (snort3-server-other.rules) * 1:29942 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (snort3-server-other.rules) * 1:29950 <-> DISABLED <-> SERVER-OTHER TP-Link TL-WR740N wireless router remote denial of service attempt (snort3-server-other.rules) * 1:29951 <-> DISABLED <-> SERVER-OTHER HylaFAX plus LDAP authentication username buffer overflow attempt (snort3-server-other.rules) * 1:29952 <-> DISABLED <-> SERVER-OTHER HP LoadRunner XDR handling heap buffer overflow (snort3-server-other.rules) * 1:29953 <-> DISABLED <-> SERVER-OTHER Ubiquiti airCam RTSP service buffer overflow attempt (snort3-server-other.rules) * 1:29954 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server heap buffer overflow attempt (snort3-protocol-scada.rules) * 1:29958 <-> DISABLED <-> SERVER-OTHER multiple products HTTP HEAD request buffer overflow attempt (snort3-server-other.rules) * 1:29959 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (snort3-protocol-scada.rules) * 1:29960 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (snort3-protocol-scada.rules) * 1:29961 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (snort3-protocol-scada.rules) * 1:29962 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (snort3-protocol-scada.rules) * 1:29963 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (snort3-protocol-scada.rules) * 1:29964 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime directory traversal attempt (snort3-protocol-scada.rules) * 1:29965 <-> DISABLED <-> PROTOCOL-SCADA Tri PLC Nano 10 PLC denial of service attempt (snort3-protocol-scada.rules) * 1:29966 <-> DISABLED <-> SERVER-OTHER Ubiquiti airCam RTSP service buffer overflow attempt (snort3-server-other.rules) * 1:29967 <-> DISABLED <-> SERVER-OTHER Python socket.recvfrom_into remote buffer overflow attempt (snort3-server-other.rules) * 1:29968 <-> DISABLED <-> SERVER-OTHER Python socket.recvfrom_into remote buffer overflow attempt (snort3-server-other.rules) * 1:29969 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (snort3-file-java.rules) * 1:29970 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (snort3-file-java.rules) * 1:29971 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (snort3-file-java.rules) * 1:29972 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (snort3-file-java.rules) * 1:29991 <-> DISABLED <-> PUA-ADWARE The Best All Codecs App runtime detection (snort3-pua-adware.rules) * 1:30000 <-> DISABLED <-> MALWARE-BACKDOOR FireCrotch exploit kit backdoor attempt (snort3-malware-backdoor.rules) * 1:30010 <-> DISABLED <-> SERVER-APACHE Apache Solr SolrResourceLoader directory traversal attempt (snort3-server-apache.rules) * 1:30014 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (snort3-file-identify.rules) * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (snort3-file-identify.rules) * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (snort3-file-identify.rules) * 1:30017 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (snort3-file-identify.rules) * 1:30018 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (snort3-file-identify.rules) * 1:30032 <-> DISABLED <-> SERVER-OTHER Borland VisiBroker Smart Agent heap overflow attempt (snort3-server-other.rules) * 1:30038 <-> DISABLED <-> PUA-TOOLBARS Babylon toolbar outbound connection (snort3-pua-toolbars.rules) * 1:30070 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.iBanking outbound connection attempt (snort3-malware-other.rules) * 1:30071 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.iBanking outbound connection attempt (snort3-malware-other.rules) * 1:30072 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.iBanking outbound connection attempt (snort3-malware-other.rules) * 1:30133 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit landing page (snort3-exploit-kit.rules) * 1:30134 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit malicious payload delivery - specific string (snort3-exploit-kit.rules) * 1:30137 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - RULEZ cookie set (snort3-malware-other.rules) * 1:30138 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - RULEZ cookie (snort3-malware-other.rules) * 1:30146 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (snort3-file-flash.rules) * 1:30147 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (snort3-file-flash.rules) * 1:30148 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (snort3-file-flash.rules) * 1:30149 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (snort3-file-flash.rules) * 1:30150 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (snort3-file-multimedia.rules) * 1:30151 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (snort3-file-multimedia.rules) * 1:30152 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (snort3-file-multimedia.rules) * 1:30195 <-> DISABLED <-> APP-DETECT Paros proxy outbound connection attempt (snort3-app-detect.rules) * 1:30202 <-> DISABLED <-> SERVER-MAIL Mortal Universe POP Peeper uidl header overflow attempt (snort3-server-mail.rules) * 1:30205 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (snort3-server-other.rules) * 1:30206 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (snort3-server-other.rules) * 1:30207 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (snort3-server-other.rules) * 1:30212 <-> DISABLED <-> FILE-IMAGE GIMP heap buffer overflow vulnerability attempt (snort3-file-image.rules) * 1:30213 <-> DISABLED <-> FILE-IMAGE GIMP heap buffer overflow vulnerability attempt (snort3-file-image.rules) * 1:30215 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow attempt (snort3-file-multimedia.rules) * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (snort3-file-java.rules) * 1:30218 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (snort3-file-java.rules) * 1:30221 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit linux/x86 reverse_tcp stager transfer attempt (snort3-indicator-shellcode.rules) * 1:30222 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit shellcode linux/x86/meterpreter stage transfer attempt (snort3-indicator-shellcode.rules) * 1:30223 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit shellcode linux/x86/shell stage transfer attempt (snort3-indicator-shellcode.rules) * 1:30224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit shellcode linux/x86/shell_reverse_tcp single stage transfer attempt (snort3-indicator-shellcode.rules) * 1:30225 <-> DISABLED <-> INDICATOR-SHELLCODE possible /bin/sh shellcode transfer attempt (snort3-indicator-shellcode.rules) * 1:30226 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/meterpreter stage transfer attempt (snort3-indicator-shellcode.rules) * 1:30227 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/reverse_tcp stager transfer attempt (snort3-indicator-shellcode.rules) * 1:30228 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/shell stage transfer attempt (snort3-indicator-shellcode.rules) * 1:30229 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/shell stage transfer attempt (snort3-indicator-shellcode.rules) * 1:30236 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader field flags exploit attempt (snort3-file-pdf.rules) * 1:30237 <-> DISABLED <-> PUA-ADWARE InstallMonster initial runtime outbound connection (snort3-pua-adware.rules) * 1:30238 <-> DISABLED <-> PUA-ADWARE InstallMonster follow-up outbound connection (snort3-pua-adware.rules) * 1:30240 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (snort3-file-other.rules) * 1:30241 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (snort3-file-other.rules) * 1:30242 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (snort3-file-office.rules) * 1:30243 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (snort3-file-office.rules) * 1:30244 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fOdbcConn parsing remote code execution attempt (snort3-file-office.rules) * 1:30245 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (snort3-file-office.rules) * 1:30246 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (snort3-file-office.rules) * 1:30247 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (snort3-file-office.rules) * 1:30248 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (snort3-file-office.rules) * 1:30252 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor filter security policy bypass attempt (snort3-browser-chrome.rules) * 1:30253 <-> DISABLED <-> APP-DETECT Anyplace proxy header detected (snort3-app-detect.rules) * 1:30254 <-> DISABLED <-> APP-DETECT Anyplace usage attempt (snort3-app-detect.rules) * 1:30260 <-> ENABLED <-> PUA-ADWARE Lucky Leap Adware outbound connection (snort3-pua-adware.rules) * 1:30261 <-> ENABLED <-> PUA-ADWARE Lucky Leap Adware outbound connection (snort3-pua-adware.rules) * 1:30272 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Onimiki redirected client DNS request (snort3-malware-other.rules) * 1:30273 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Onimiki DNS compromised server response (snort3-malware-other.rules) * 1:30281 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool SMBv2 (snort3-policy-other.rules) * 1:30306 <-> ENABLED <-> EXPLOIT-KIT SofosFO/Stamp exploit kit plugin detection page (snort3-exploit-kit.rules) * 1:30312 <-> ENABLED <-> EXPLOIT-KIT WhiteLotus exploit kit plugin outbound detection (snort3-exploit-kit.rules) * 1:30316 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (snort3-exploit-kit.rules) * 1:30317 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (snort3-exploit-kit.rules) * 1:30320 <-> ENABLED <-> MALWARE-OTHER connection to malware sinkhole (snort3-malware-other.rules) * 1:30325 <-> ENABLED <-> MALWARE-OTHER malicious iframe injection redirect attempt (snort3-malware-other.rules) * 1:30326 <-> DISABLED <-> OS-LINUX Linux kernel SCTP duplicate cookie denial of service attempt (snort3-os-linux.rules) * 1:30329 <-> DISABLED <-> SERVER-OTHER McAfee Asset Manager downloadReport information disclosure attempt (snort3-server-other.rules) * 1:30330 <-> DISABLED <-> SERVER-OTHER McAfee Asset Manager downloadReport information disclosure attempt (snort3-server-other.rules) * 1:30337 <-> DISABLED <-> SERVER-OTHER Cisco Catalyst SSH protocol mismatch denial of service attempt (snort3-server-other.rules) * 1:30338 <-> DISABLED <-> SERVER-OTHER Cisco 677-678 telnet buffer overflow attempt (snort3-server-other.rules) * 1:30339 <-> DISABLED <-> SERVER-OTHER Cisco Catalyst telnet memory leak denial of service attempt (snort3-server-other.rules) * 1:30347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (snort3-file-flash.rules) * 1:30348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (snort3-file-flash.rules) * 1:30349 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (snort3-file-flash.rules) * 1:30350 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_bind_tcp (snort3-indicator-shellcode.rules) * 1:30351 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_find_port (snort3-indicator-shellcode.rules) * 1:30352 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_interact (snort3-indicator-shellcode.rules) * 1:30353 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_reverse_tcp (snort3-indicator-shellcode.rules) * 1:30354 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload android_shell_reverse_tcp (snort3-indicator-shellcode.rules) * 1:30355 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_sparc_shell_bind_tcp (snort3-indicator-shellcode.rules) * 1:30356 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_sparc_shell_reverse_tcp (snort3-indicator-shellcode.rules) * 1:30357 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_exec (snort3-indicator-shellcode.rules) * 1:30358 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_bind_ipv6_tcp (snort3-indicator-shellcode.rules) * 1:30359 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_bind_tcp (snort3-indicator-shellcode.rules) * 1:30360 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_find_port (snort3-indicator-shellcode.rules) * 1:30361 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_reverse_ipv6_tcp (snort3-indicator-shellcode.rules) * 1:30362 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_reverse_tcp (snort3-indicator-shellcode.rules) * 1:30363 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsdi_x86_shell_find_port (snort3-indicator-shellcode.rules) * 1:30364 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_awk (snort3-indicator-shellcode.rules) * 1:30365 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_inetd (snort3-indicator-shellcode.rules) * 1:30366 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_lua (snort3-indicator-shellcode.rules) * 1:30367 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_netcat (snort3-indicator-shellcode.rules) * 1:30368 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_netcat_gaping (snort3-indicator-shellcode.rules) * 1:30369 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_netcat_gaping_ipv6 (snort3-indicator-shellcode.rules) * 1:30370 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_nodejs (snort3-indicator-shellcode.rules) * 1:30371 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_perl (snort3-indicator-shellcode.rules) * 1:30372 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_perl_ipv6 (snort3-indicator-shellcode.rules) * 1:30373 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_ruby (snort3-indicator-shellcode.rules) * 1:30374 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_zsh (snort3-indicator-shellcode.rules) * 1:30375 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse (snort3-indicator-shellcode.rules) * 1:30376 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_awk (snort3-indicator-shellcode.rules) * 1:30377 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_lua (snort3-indicator-shellcode.rules) * 1:30378 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_openssl (snort3-indicator-shellcode.rules) * 1:30379 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (snort3-indicator-shellcode.rules) * 1:30380 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl_ssl (snort3-indicator-shellcode.rules) * 1:30381 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_php_ssl (snort3-indicator-shellcode.rules) * 1:30382 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_python (snort3-indicator-shellcode.rules) * 1:30383 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_ruby (snort3-indicator-shellcode.rules) * 1:30384 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_ruby_ssl (snort3-indicator-shellcode.rules) * 1:30385 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_zsh (snort3-indicator-shellcode.rules) * 1:30386 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_adduser (snort3-indicator-shellcode.rules) * 1:30387 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_bind_perl (snort3-indicator-shellcode.rules) * 1:30388 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_bind_perl_ipv6 (snort3-indicator-shellcode.rules) * 1:30389 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_bind_ruby (snort3-indicator-shellcode.rules) * 1:30390 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_download_exec_vbs (snort3-indicator-shellcode.rules) * 1:30391 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_reverse_perl (snort3-indicator-shellcode.rules) * 1:30392 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_reverse_powershell (snort3-indicator-shellcode.rules) * 1:30393 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_reverse_ruby (snort3-indicator-shellcode.rules) * 1:30394 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload firefox_exec (snort3-indicator-shellcode.rules) * 1:30395 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload firefox_shell_bind_tcp (snort3-indicator-shellcode.rules) * 1:30396 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload java_jsp_shell_bind_tcp (snort3-indicator-shellcode.rules) * 1:30397 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload java_shell_reverse_tcp (snort3-indicator-shellcode.rules) * 1:30398 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_adduser (snort3-indicator-shellcode.rules) * 1:30399 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_exec (snort3-indicator-shellcode.rules) * 1:30400 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_shell_bind_tcp (snort3-indicator-shellcode.rules) * 1:30401 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_shell_reverse_tcp (snort3-indicator-shellcode.rules) * 1:30402 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsbe_shell_bind_tcp (snort3-indicator-shellcode.rules) * 1:30403 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsbe_shell_reverse_tcp (snort3-indicator-shellcode.rules) * 1:30404 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsle_reboot (snort3-indicator-shellcode.rules) * 1:30405 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsle_shell_bind_tcp (snort3-indicator-shellcode.rules) * 1:30406 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsle_shell_reverse_tcp (snort3-indicator-shellcode.rules) * 1:30407 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc64_shell_bind_tcp (snort3-indicator-shellcode.rules) * 1:30408 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc64_shell_find_port (snort3-indicator-shellcode.rules) * 1:30409 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc_shell_bind_tcp (snort3-indicator-shellcode.rules) * 1:30410 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc_shell_find_port (snort3-indicator-shellcode.rules) * 1:30411 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_exec (snort3-indicator-shellcode.rules) * 1:30412 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_bind_tcp (snort3-indicator-shellcode.rules) * 1:30413 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_bind_tcp_random_port (snort3-indicator-shellcode.rules) * 1:30414 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_find_port (snort3-indicator-shellcode.rules) * 1:30415 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_reverse_tcp (snort3-indicator-shellcode.rules) * 1:30416 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_adduser (snort3-indicator-shellcode.rules) * 1:30417 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_chmod (snort3-indicator-shellcode.rules) * 1:30418 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_exec (snort3-indicator-shellcode.rules) * 1:30419 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_bind_ipv6_tcp (snort3-indicator-shellcode.rules) * 1:30420 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_bind_nonx_tcp (snort3-indicator-shellcode.rules) * 1:30421 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_bind_tcp (snort3-indicator-shellcode.rules) * 1:30422 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_find_tag (snort3-indicator-shellcode.rules) * 1:30423 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_reverse_ipv6_tcp (snort3-indicator-shellcode.rules) * 1:30424 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_reverse_nonx_tcp (snort3-indicator-shellcode.rules) * 1:30425 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_reverse_tcp (snort3-indicator-shellcode.rules) * 1:30426 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_bind_ipv6_tcp (snort3-indicator-shellcode.rules) * 1:30427 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_bind_tcp (snort3-indicator-shellcode.rules) * 1:30428 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_bind_tcp_random_port (snort3-indicator-shellcode.rules) * 1:30429 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_find_port (snort3-indicator-shellcode.rules) * 1:30430 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_reverse_tcp (snort3-indicator-shellcode.rules) * 1:30431 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_reverse_tcp2 (snort3-indicator-shellcode.rules) * 1:30432 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload netware_shell_reverse_tcp (snort3-indicator-shellcode.rules) * 1:30433 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload nodejs_shell_bind_tcp (snort3-indicator-shellcode.rules) * 1:30434 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_armle_shell_bind_tcp (snort3-indicator-shellcode.rules) * 1:30435 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_armle_shell_reverse_tcp (snort3-indicator-shellcode.rules) * 1:30436 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_armle_vibrate (snort3-indicator-shellcode.rules) * 1:30437 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_ppc_shell_bind_tcp (snort3-indicator-shellcode.rules) * 1:30438 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_ppc_shell_find_tag (snort3-indicator-shellcode.rules) * 1:30439 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_ppc_shell_reverse_tcp (snort3-indicator-shellcode.rules) * 1:30440 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_dupandexecve_bind_tcp (snort3-indicator-shellcode.rules) * 1:30441 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_dupandexecve_reverse_tcp (snort3-indicator-shellcode.rules) * 1:30442 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_exec (snort3-indicator-shellcode.rules) * 1:30443 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_say (snort3-indicator-shellcode.rules) * 1:30444 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_shell_find_tag (snort3-indicator-shellcode.rules) * 1:30445 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_shell_reverse_tcp (snort3-indicator-shellcode.rules) * 1:30446 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_exec (snort3-indicator-shellcode.rules) * 1:30447 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_isight_bind_tcp (snort3-indicator-shellcode.rules) * 1:30448 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_isight_reverse_tcp (snort3-indicator-shellcode.rules) * 1:30449 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_shell_find_port (snort3-indicator-shellcode.rules) * 1:30450 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_vforkshell_bind_tcp (snort3-indicator-shellcode.rules) * 1:30451 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_vforkshell_reverse_tcp (snort3-indicator-shellcode.rules) * 1:30452 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_bind_perl (snort3-indicator-shellcode.rules) * 1:30453 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_download_exec (snort3-indicator-shellcode.rules) * 1:30454 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_exec (snort3-indicator-shellcode.rules) * 1:30455 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_meterpreter_bind_tcp (snort3-indicator-shellcode.rules) * 1:30456 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_meterpreter_reverse_tcp (snort3-indicator-shellcode.rules) * 1:30457 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_reverse_perl (snort3-indicator-shellcode.rules) * 1:30458 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_reverse_php (snort3-indicator-shellcode.rules) * 1:30459 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_shell_findsock (snort3-indicator-shellcode.rules) * 1:30460 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload python_meterpreter_bind_tcp (snort3-indicator-shellcode.rules) * 1:30461 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload python_shell_reverse_tcp_ssl (snort3-indicator-shellcode.rules) * 1:30462 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload ruby_shell_bind_tcp (snort3-indicator-shellcode.rules) * 1:30463 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload ruby_shell_reverse_tcp (snort3-indicator-shellcode.rules) * 1:30464 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload ruby_shell_reverse_tcp_ssl (snort3-indicator-shellcode.rules) * 1:30465 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_sparc_shell_bind_tcp (snort3-indicator-shellcode.rules) * 1:30466 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_sparc_shell_find_port (snort3-indicator-shellcode.rules) * 1:30467 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_sparc_shell_reverse_tcp (snort3-indicator-shellcode.rules) * 1:30468 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_x86_shell_bind_tcp (snort3-indicator-shellcode.rules) * 1:30469 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_x86_shell_find_port (snort3-indicator-shellcode.rules) * 1:30470 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_x86_shell_reverse_tcp (snort3-indicator-shellcode.rules) * 1:30471 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_adduser (snort3-indicator-shellcode.rules) * 1:30472 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_messagebox (snort3-indicator-shellcode.rules) * 1:30473 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_bind_nonx_tcp (snort3-indicator-shellcode.rules) * 1:30474 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_bind_tcp (snort3-indicator-shellcode.rules) * 1:30475 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_find_tag (snort3-indicator-shellcode.rules) * 1:30476 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_reverse_ord_tcp (snort3-indicator-shellcode.rules) * 1:30477 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_shell_bind_tcp_xpfw (snort3-indicator-shellcode.rules) * 1:30478 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_speak_pwned (snort3-indicator-shellcode.rules) * 1:30479 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_x64_exec (snort3-indicator-shellcode.rules) * 1:30480 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_x64_meterpreter_reverse_https (snort3-indicator-shellcode.rules) * 1:30485 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (snort3-browser-firefox.rules) * 1:30486 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (snort3-browser-firefox.rules) * 1:30487 <-> DISABLED <-> SERVER-OTHER Zilab Chat and Instant Messaging server heap overflow attempt (snort3-server-other.rules) * 1:30488 <-> DISABLED <-> SERVER-OTHER Zilab Chat and Instant Messaging server channel join heap overflow attempt (snort3-server-other.rules) * 1:30489 <-> DISABLED <-> SERVER-OTHER Zilab Chat and Instant Messaging server connection heap overflow attempt (snort3-server-other.rules) * 1:30492 <-> DISABLED <-> PUA-ADWARE Win.Adware.Boaxxe suspicious advert traffic related to click fraud (snort3-pua-adware.rules) * 1:30493 <-> DISABLED <-> PUA-ADWARE Win.Adware.Boaxxe suspicious advert traffic related to click fraud (snort3-pua-adware.rules) * 1:30496 <-> DISABLED <-> PUA-ADWARE Win.Adware.Boaxxe suspicious advert traffic related to click fraud (snort3-pua-adware.rules) * 1:30507 <-> DISABLED <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt (snort3-server-other.rules) * 1:30510 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 heartbeat read overrun attempt (snort3-server-other.rules) * 1:30511 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 heartbeat read overrun attempt (snort3-server-other.rules) * 1:30512 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt (snort3-server-other.rules) * 1:30513 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt (snort3-server-other.rules) * 1:30514 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30515 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30516 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30517 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30520 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 heartbeat read overrun attempt - vulnerable client response (snort3-server-other.rules) * 1:30521 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 heartbeat read overrun attempt - vulnerable client response (snort3-server-other.rules) * 1:30522 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - vulnerable client response (snort3-server-other.rules) * 1:30523 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt - vulnerable client response (snort3-server-other.rules) * 1:30524 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt (snort3-server-other.rules) * 1:30525 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt (snort3-server-other.rules) * 1:30530 <-> DISABLED <-> FILE-MULTIMEDIA CoCSoft Stream Down SEH based buffer overflow attempt (snort3-file-multimedia.rules) * 1:30531 <-> DISABLED <-> FILE-MULTIMEDIA CoCSoft Stream Down SEH based buffer overflow attempt (snort3-file-multimedia.rules) * 1:30532 <-> ENABLED <-> FILE-MULTIMEDIA CoCSoft Stream Download session (snort3-file-multimedia.rules) * 1:30535 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (snort3-file-flash.rules) * 1:30536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (snort3-file-flash.rules) * 1:30537 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (snort3-file-flash.rules) * 1:30538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (snort3-file-flash.rules) * 1:30539 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigateToUrl hidden channel to file creation (snort3-file-flash.rules) * 1:30540 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigateToUrl hidden channel to file creation (snort3-file-flash.rules) * 1:30549 <-> ENABLED <-> SERVER-OTHER OpenSSL Heartbleed masscan access exploitation attempt (snort3-server-other.rules) * 1:30562 <-> ENABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 stack buffer overflow attempt (snort3-protocol-scada.rules) * 1:30564 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime long rnet atom size buffer overflow attempt (snort3-file-multimedia.rules) * 1:30565 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime long rnet atom size buffer overflow attempt (snort3-file-multimedia.rules) * 1:30567 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent E-FAX phishing attempt (snort3-malware-other.rules) * 1:30568 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent E-FAX phishing attempt (snort3-malware-other.rules) * 1:30569 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent Funeral ceremony phishing attempt (snort3-malware-other.rules) * 1:30711 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (snort3-server-other.rules) * 1:30712 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (snort3-server-other.rules) * 1:30713 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (snort3-server-other.rules) * 1:30714 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (snort3-server-other.rules) * 1:30715 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (snort3-server-other.rules) * 1:30716 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (snort3-server-other.rules) * 1:30717 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (snort3-server-other.rules) * 1:30718 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (snort3-server-other.rules) * 1:30719 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30720 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30721 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30722 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30723 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30724 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30725 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30726 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30727 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (snort3-server-other.rules) * 1:30728 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (snort3-server-other.rules) * 1:30729 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (snort3-server-other.rules) * 1:30730 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (snort3-server-other.rules) * 1:30731 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (snort3-server-other.rules) * 1:30732 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (snort3-server-other.rules) * 1:30733 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (snort3-server-other.rules) * 1:30734 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (snort3-server-other.rules) * 1:30735 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30736 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30737 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30738 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30739 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30740 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30741 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30742 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30756 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (snort3-file-identify.rules) * 1:30757 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (snort3-file-identify.rules) * 1:30758 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (snort3-file-identify.rules) * 1:30759 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (snort3-file-identify.rules) * 1:30760 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file download request (snort3-file-identify.rules) * 1:30761 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (snort3-file-multimedia.rules) * 1:30762 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (snort3-file-multimedia.rules) * 1:30763 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (snort3-file-multimedia.rules) * 1:30764 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (snort3-file-multimedia.rules) * 1:30765 <-> DISABLED <-> PUA-TOOLBARS Inbox Public Transport Toolbar outbound connection (snort3-pua-toolbars.rules) * 1:30766 <-> ENABLED <-> EXPLOIT-KIT Magnitude exploit kit landing page (snort3-exploit-kit.rules) * 1:30770 <-> DISABLED <-> FILE-PDF Foxit Reader CFF CharStrings buffer overflow attempt (snort3-file-pdf.rules) * 1:30771 <-> DISABLED <-> FILE-PDF Foxit Reader CFF CharStrings buffer overflow attempt (snort3-file-pdf.rules) * 1:30777 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30778 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30779 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30780 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30781 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30782 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30783 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30784 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30785 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30786 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30787 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30788 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (snort3-server-other.rules) * 1:30790 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (snort3-server-apache.rules) * 1:30791 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (snort3-server-apache.rules) * 1:30792 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (snort3-server-apache.rules) * 1:30793 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (snort3-server-apache.rules) * 1:30797 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 RETR bkbcopyd buffer overflow attempt (snort3-protocol-scada.rules) * 1:30798 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 STOR bkbcopyd buffer overflow attempt (snort3-protocol-scada.rules) * 1:30799 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 ATTR bkbcopyd buffer overflow attempt (snort3-protocol-scada.rules) * 1:30800 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 XATR bkbcopyd buffer overflow attempt (snort3-protocol-scada.rules) * 1:30801 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 PMODE bkbcopyd buffer overflow attempt (snort3-protocol-scada.rules) * 1:30802 <-> ENABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 bkclogserv buffer overflow attempt (snort3-protocol-scada.rules) * 1:30816 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - invalid reference type (snort3-protocol-scada.rules) * 1:30817 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large byte count (snort3-protocol-scada.rules) * 1:30818 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large reference value (snort3-protocol-scada.rules) * 1:30819 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - small byte count (snort3-protocol-scada.rules) * 1:30820 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - invalid reference type (snort3-protocol-scada.rules) * 1:30821 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large byte count (snort3-protocol-scada.rules) * 1:30822 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large reference value (snort3-protocol-scada.rules) * 1:30823 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - small byte count (snort3-protocol-scada.rules) * 1:30843 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Reader cross-site scripting attempt (snort3-file-flash.rules) * 1:30844 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Reader cross-site scripting attempt (snort3-file-flash.rules) * 1:30845 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF ActionScript exploit attempt (snort3-file-flash.rules) * 1:30846 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF ActionScript exploit attempt (snort3-file-flash.rules) * 1:30852 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page - base64 encoded xml/jnlp statement (snort3-exploit-kit.rules) * 1:30853 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain bitseed.xf2.org (snort3-app-detect.rules) * 1:30854 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.btcltcftc.com (snort3-app-detect.rules) * 1:30855 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.fc.altcointech.net (snort3-app-detect.rules) * 1:30856 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.feathercoin.com (snort3-app-detect.rules) * 1:30857 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.koin-project.com (snort3-app-detect.rules) * 1:30858 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.litecoinpool.org (snort3-app-detect.rules) * 1:30859 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.litecointools.com (snort3-app-detect.rules) * 1:30860 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.ltc.xurious.com (snort3-app-detect.rules) * 1:30861 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.ppc.altcointech.net (snort3-app-detect.rules) * 1:30862 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.xpm.altcointech.net (snort3-app-detect.rules) * 1:30863 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dvcstable01.dvcnode.org (snort3-app-detect.rules) * 1:30864 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dvcstable02.dvcnode.org (snort3-app-detect.rules) * 1:30865 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.bitcoinstats.com (snort3-app-detect.rules) * 1:30866 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.dglibrary.org (snort3-app-detect.rules) * 1:30867 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.dogechain.info (snort3-app-detect.rules) * 1:30868 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.dogecoin.com (snort3-app-detect.rules) * 1:30869 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.mophides.com (snort3-app-detect.rules) * 1:30870 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.ppcoin.net (snort3-app-detect.rules) * 1:30871 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed1.metiscoininvest.info (snort3-app-detect.rules) * 1:30872 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed1.net.terracoin.org (snort3-app-detect.rules) * 1:30873 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed1.qrkcoin.org (snort3-app-detect.rules) * 1:30874 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed2.net.terracoin.org (snort3-app-detect.rules) * 1:30875 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain tnseed.ppcoin.net (snort3-app-detect.rules) * 1:30878 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit mp3 requested by Java (snort3-exploit-kit.rules) * 1:30898 <-> DISABLED <-> FILE-OTHER Microsoft Windows Briefcase integer underflow (snort3-file-other.rules) * 1:30904 <-> DISABLED <-> FILE-OTHER RARLAB WinRAR ZIP format filename spoof attempt (snort3-file-other.rules) * 1:30907 <-> DISABLED <-> FILE-OTHER RARLAB WinRAR ZIP format filename spoof attempt (snort3-file-other.rules) * 1:30920 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit redirection gate (snort3-exploit-kit.rules) * 1:30927 <-> DISABLED <-> PUA-ADWARE Win.Adware.Linkular variant outbound connection (snort3-pua-adware.rules) * 1:30930 <-> DISABLED <-> PUA-ADWARE Win.Adware.FakeAV variant outbound connection (snort3-pua-adware.rules) * 1:30934 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity/Rig exploit kit encrypted binary download (snort3-exploit-kit.rules) * 1:30935 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity/Rig exploit kit landing page - specific structure (snort3-exploit-kit.rules) * 1:30939 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows NtUserMessageCall implementation exploitation attempt (snort3-file-executable.rules) * 1:30940 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows NtUserMessageCall implementation exploitation attempt (snort3-file-executable.rules) * 1:30946 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Wysotot variant download attempt (snort3-malware-other.rules) * 1:30948 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Hikit outbound banner response (snort3-malware-backdoor.rules) * 1:30950 <-> DISABLED <-> SERVER-MAIL BitDefender Antivirus logging function format string remote code execution attempt (snort3-server-mail.rules) * 1:30960 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit outbound jnlp request (snort3-exploit-kit.rules) * 1:30965 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Oracle Java exploit (snort3-exploit-kit.rules) * 1:30966 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Microsoft Internet Explorer exploit (snort3-exploit-kit.rules) * 1:30967 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Adobe Flash exploit (snort3-exploit-kit.rules) * 1:30968 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to font exploit (snort3-exploit-kit.rules) * 1:30969 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Internet Explorer landing page (snort3-exploit-kit.rules) * 1:30970 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Adobe Flash landing page (snort3-exploit-kit.rules) * 1:30971 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Oracle Java landing page (snort3-exploit-kit.rules) * 1:30972 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Silverlight landing page (snort3-exploit-kit.rules) * 1:30975 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Oracle Java exploit (snort3-exploit-kit.rules) * 1:30976 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Adobe Flash exploit (snort3-exploit-kit.rules) * 1:30992 <-> DISABLED <-> FILE-OTHER invalid ELF padding field value attempt (snort3-file-other.rules) * 1:30993 <-> DISABLED <-> FILE-OTHER invalid ELF padding field value attempt (snort3-file-other.rules) * 1:30994 <-> DISABLED <-> INDICATOR-COMPROMISE possible TAR file oversize length field (snort3-indicator-compromise.rules) * 1:30995 <-> DISABLED <-> INDICATOR-COMPROMISE possible TAR file oversize length field (snort3-indicator-compromise.rules) * 1:31008 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader length-compute UTF-16 string buffer overflow attempt (snort3-file-pdf.rules) * 1:31009 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader length-compute UTF-16 string buffer overflow attempt (snort3-file-pdf.rules) * 1:31011 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader DCT encoded stream null pointer dereference attempt (snort3-file-pdf.rules) * 1:31012 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader DCT encoded stream null pointer dereference attempt (snort3-file-pdf.rules) * 1:31013 <-> DISABLED <-> SERVER-OTHER UNIX platform forwardslash directory traversal (snort3-server-other.rules) * 1:31015 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (snort3-file-pdf.rules) * 1:31016 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (snort3-file-pdf.rules) * 1:31019 <-> DISABLED <-> PUA-ADWARE Win.Adware.OptimumInstaller variant outbound connection (snort3-pua-adware.rules) * 1:31021 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader api call handling arbitrary execution attempt (snort3-file-pdf.rules) * 1:31022 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader api call handling arbitrary execution attempt (snort3-file-pdf.rules) * 1:31023 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (snort3-file-flash.rules) * 1:31024 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (snort3-file-flash.rules) * 1:31025 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (snort3-file-flash.rules) * 1:31026 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (snort3-file-flash.rules) * 1:31037 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CS3000 BKESimmgr.exe buffer overflow attempt (snort3-protocol-scada.rules) * 1:31038 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (snort3-file-image.rules) * 1:31039 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (snort3-file-image.rules) * 1:31040 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (snort3-file-image.rules) * 1:31041 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (snort3-file-image.rules) * 1:31042 <-> DISABLED <-> PUA-ADWARE Win.Adware.Outbrowse installation attempt (snort3-pua-adware.rules) * 1:31045 <-> DISABLED <-> SERVER-OTHER Oracle Demantra arbitrary file retrieval with authentication bypass attempt (snort3-server-other.rules) * 1:31048 <-> DISABLED <-> PUA-ADWARE Win.Adware.PCSpeedUp variant outbound connection (snort3-pua-adware.rules) * 1:31052 <-> DISABLED <-> PUA-ADWARE Win.Adware.Kdupd variant outbound connection (snort3-pua-adware.rules) * 1:31056 <-> DISABLED <-> PROTOCOL-SNMP Motorola Netopia 3347 series WEP key enumeration attempt (snort3-protocol-snmp.rules) * 1:31057 <-> DISABLED <-> PROTOCOL-SNMP Motorola Netopia 3347 series WPA key enumeration attempt (snort3-protocol-snmp.rules) * 1:31058 <-> DISABLED <-> PROTOCOL-SNMP Brocade snAgentUserAccntName enumeration attempt (snort3-protocol-snmp.rules) * 1:31059 <-> DISABLED <-> PROTOCOL-SNMP Brocade snAgentUserAccntPassword enumeration attempt (snort3-protocol-snmp.rules) * 1:31074 <-> DISABLED <-> PUA-TOOLBARS AVG anti-virus toolbar download attempt - download-toolbar.avg.com (snort3-pua-toolbars.rules) * 1:31075 <-> DISABLED <-> PUA-TOOLBARS AVG anti-virus toolbar download attempt - mmi.explabs.net (snort3-pua-toolbars.rules) * 1:31076 <-> DISABLED <-> PUA-TOOLBARS Babylon toolbar download attempt - stat.info-stream.net (snort3-pua-toolbars.rules) * 1:31082 <-> DISABLED <-> SERVER-OTHER Vino VNC multiple client authentication denial of service attempt (snort3-server-other.rules) * 1:31085 <-> DISABLED <-> FILE-OTHER Autodesk AutoCAD insecure acad.fas file load attempt (snort3-file-other.rules) * 1:31086 <-> DISABLED <-> FILE-OTHER Autodesk AutoCAD insecure acad.fas file load attempt (snort3-file-other.rules) * 1:31087 <-> DISABLED <-> FILE-OTHER Sophos RAR virtual machine filters memory corruption attempt (snort3-file-other.rules) * 1:31088 <-> DISABLED <-> FILE-OTHER Sophos RAR virtual machine filters memory corruption attempt (snort3-file-other.rules) * 1:31089 <-> ENABLED <-> PUA-ADWARE Win.Adware.CloseApp variant outbound connection (snort3-pua-adware.rules) * 1:31091 <-> ENABLED <-> PUA-ADWARE Win.Adware.Inbox/PCFixSpeed/RebateInformer variant outbound connection (snort3-pua-adware.rules) * 1:31095 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series WEP key enumeration attempt (snort3-protocol-snmp.rules) * 1:31096 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series WPA key enumeration attempt (snort3-protocol-snmp.rules) * 1:31097 <-> DISABLED <-> PROTOCOL-SNMP CableHome Devices cabhPsDevUIPassword enumeration attempt (snort3-protocol-snmp.rules) * 1:31098 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series WEP key enumeration attempt (snort3-protocol-snmp.rules) * 1:31099 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series WPA key enumeration attempt (snort3-protocol-snmp.rules) * 1:31100 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series password enumeration attempt (snort3-protocol-snmp.rules) * 1:31101 <-> DISABLED <-> SERVER-OTHER Sharetronix cross site request forgery attempt (snort3-server-other.rules) * 1:31102 <-> DISABLED <-> SERVER-OTHER TrendMicro InterScan Viruswall directory traversal attempt (snort3-server-other.rules) * 1:31125 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (snort3-file-office.rules) * 1:31126 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (snort3-file-office.rules) * 1:31127 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (snort3-file-office.rules) * 1:31128 <-> DISABLED <-> PROTOCOL-FTP CoreFTP FTP Server TYPE command denial of service attempt (snort3-protocol-ftp.rules) * 1:31130 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (snort3-exploit-kit.rules) * 1:31146 <-> DISABLED <-> PUA-ADWARE Win.Adware.iBryte variant outbound connection (snort3-pua-adware.rules) * 1:31162 <-> DISABLED <-> SERVER-OTHER Beetel 450TC2 CSRF attempt (snort3-server-other.rules) * 1:31166 <-> DISABLED <-> PUA-ADWARE InstallRex bundled installer outbound activity (snort3-pua-adware.rules) * 1:31167 <-> DISABLED <-> PUA-ADWARE InstallRex bundled installer outbound activity (snort3-pua-adware.rules) * 1:31176 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (snort3-server-other.rules) * 1:31177 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (snort3-server-other.rules) * 1:31178 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (snort3-server-other.rules) * 1:31179 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (snort3-server-other.rules) * 1:31180 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (snort3-server-other.rules) * 1:31181 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (snort3-server-other.rules) * 1:31184 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ZBerp variant download attempt (snort3-malware-other.rules) * 1:31185 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ZBerp variant download attempt (snort3-malware-other.rules) * 1:31212 <-> DISABLED <-> INDICATOR-COMPROMISE http GET request smuggling attempt (snort3-indicator-compromise.rules) * 1:31213 <-> DISABLED <-> INDICATOR-COMPROMISE http POST request smuggling attempt (snort3-indicator-compromise.rules) * 1:31217 <-> DISABLED <-> OS-WINDOWS Microsoft Lync Server meeting URL XSS attempt (snort3-os-windows.rules) * 1:31229 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit outbound Adobe Flash exploit request (snort3-exploit-kit.rules) * 1:31230 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit outbound connection (snort3-exploit-kit.rules) * 1:31231 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit outbound connection (snort3-exploit-kit.rules) * 1:31237 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound swf request (snort3-exploit-kit.rules) * 1:31245 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (snort3-file-flash.rules) * 1:31246 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (snort3-file-flash.rules) * 1:31274 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit encrypted binary download (snort3-exploit-kit.rules) * 1:31275 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit landing page (snort3-exploit-kit.rules) * 1:31281 <-> DISABLED <-> FILE-FLASH Adobe Flash Player redirect attempt (snort3-file-flash.rules) * 1:31282 <-> DISABLED <-> FILE-FLASH Adobe Flash Player redirect attempt (snort3-file-flash.rules) * 1:31283 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (snort3-file-flash.rules) * 1:31285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (snort3-file-flash.rules) * 1:31291 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DynamicAnnotStore exploit attempt (snort3-file-pdf.rules) * 1:31292 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DynamicAnnotStore exploit attempt (snort3-file-pdf.rules) * 1:31298 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (snort3-exploit-kit.rules) * 1:31313 <-> DISABLED <-> PUA-ADWARE Ticno Multibar installation attempt (snort3-pua-adware.rules) * 1:31329 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Zbot variant download attempt (snort3-malware-other.rules) * 1:31331 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (snort3-exploit-kit.rules) * 1:31337 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (snort3-server-other.rules) * 1:31338 <-> DISABLED <-> SERVER-OTHER OpenAFS GetStatistics buffer overflow attempt (snort3-server-other.rules) * 1:31347 <-> ENABLED <-> FILE-FLASH Adobe AS3 pcre assertion out of bounds corruption attempt (snort3-file-flash.rules) * 1:31348 <-> ENABLED <-> FILE-FLASH Adobe AS3 pcre assertion out of bounds corruption attempt (snort3-file-flash.rules) * 1:31349 <-> ENABLED <-> FILE-FLASH Adobe AS3 simplified pcre assertion out of bounds corruption attempt (snort3-file-flash.rules) * 1:31350 <-> ENABLED <-> FILE-FLASH Adobe AS3 simplified pcre assertion out of bounds corruption attempt (snort3-file-flash.rules) * 1:31351 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (snort3-file-flash.rules) * 1:31352 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (snort3-file-flash.rules) * 1:31353 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (snort3-file-flash.rules) * 1:31354 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (snort3-file-flash.rules) * 1:31370 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit redirection page (snort3-exploit-kit.rules) * 1:31376 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer mpeg width integer memory underflow attempt (snort3-file-multimedia.rules) * 1:31378 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (snort3-file-office.rules) * 1:31379 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTTextFflow overflow attempt (snort3-file-office.rules) * 1:31392 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (snort3-file-flash.rules) * 1:31393 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (snort3-file-flash.rules) * 1:31394 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (snort3-file-flash.rules) * 1:31395 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (snort3-file-flash.rules) * 1:31396 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (snort3-file-flash.rules) * 1:31397 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (snort3-file-flash.rules) * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (snort3-policy-other.rules) * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (snort3-policy-other.rules) * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (snort3-policy-other.rules) * 1:31405 <-> DISABLED <-> SERVER-APACHE Apache Chunked-Encoding worm attempt (snort3-server-apache.rules) * 1:31411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorDAN.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:31412 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietDAN.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:31413 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorDAN.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:31414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorDAN.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:31415 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietDAN.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:31416 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorDAN.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:31435 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB record memory corruption attempt (snort3-file-office.rules) * 1:31436 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB record memory corruption attempt (snort3-file-office.rules) * 1:31455 <-> DISABLED <-> EXPLOIT-KIT Rig Exploit Kit Outbound DGA Request (snort3-exploit-kit.rules) * 1:31477 <-> DISABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (snort3-server-other.rules) * 1:31478 <-> DISABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (snort3-server-other.rules) * 1:31479 <-> DISABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (snort3-server-other.rules) * 1:31480 <-> DISABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (snort3-server-other.rules) * 1:31481 <-> ENABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (snort3-server-other.rules) * 1:31482 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (snort3-server-other.rules) * 1:31483 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (snort3-server-other.rules) * 1:31484 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (snort3-server-other.rules) * 1:31487 <-> ENABLED <-> MALWARE-OTHER Game Over Zeus executable download detected (snort3-malware-other.rules) * 1:31488 <-> ENABLED <-> MALWARE-OTHER Game Over Zeus executable download detected (snort3-malware-other.rules) * 1:31489 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (snort3-file-flash.rules) * 1:31490 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (snort3-file-flash.rules) * 1:31491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (snort3-file-flash.rules) * 1:31492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (snort3-file-flash.rules) * 1:31493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (snort3-file-flash.rules) * 1:31494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (snort3-file-flash.rules) * 1:31495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (snort3-file-flash.rules) * 1:31496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (snort3-file-flash.rules) * 1:31510 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Injector outbound traffic (snort3-malware-other.rules) * 1:31511 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (snort3-file-java.rules) * 1:31512 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (snort3-file-java.rules) * 1:31513 <-> DISABLED <-> BROWSER-FIREFOX Multiple browser pressure function denial of service attempt (snort3-browser-firefox.rules) * 1:31532 <-> DISABLED <-> APP-DETECT Xolominer outbound connection attempt (snort3-app-detect.rules) * 1:31534 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (snort3-file-office.rules) * 1:31535 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (snort3-file-office.rules) * 1:31536 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (snort3-file-office.rules) * 1:31537 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (snort3-file-office.rules) * 1:31549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (snort3-file-flash.rules) * 1:31550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (snort3-file-flash.rules) * 1:31551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (snort3-file-flash.rules) * 1:31552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (snort3-file-flash.rules) * 1:31553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (snort3-file-flash.rules) * 1:31554 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (snort3-file-flash.rules) * 1:31555 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt (snort3-file-pdf.rules) * 1:31558 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Andromeda variant outbound connection (snort3-malware-backdoor.rules) * 1:31559 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Andromeda variant outbound connection (snort3-malware-backdoor.rules) * 1:31570 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB mysql.cc buffer overflow attempt (snort3-server-mysql.rules) * 1:31571 <-> DISABLED <-> FILE-IMAGE GIMP XWD BlueMask file-handling stack buffer overflow attempt (snort3-file-image.rules) * 1:31572 <-> DISABLED <-> FILE-IMAGE GIMP XWD GreenMask file-handling stack buffer overflow attempt (snort3-file-image.rules) * 1:31573 <-> DISABLED <-> FILE-IMAGE GIMP XWD RedMask file-handling stack buffer overflow attempt (snort3-file-image.rules) * 1:31574 <-> DISABLED <-> FILE-IMAGE GIMP XWD BlueMask file-handling stack buffer overflow attempt (snort3-file-image.rules) * 1:31575 <-> DISABLED <-> FILE-IMAGE GIMP XWD GreenMask file-handling stack buffer overflow attempt (snort3-file-image.rules) * 1:31576 <-> DISABLED <-> FILE-IMAGE GIMP XWD RedMask file-handling stack buffer overflow attempt (snort3-file-image.rules) * 1:31577 <-> DISABLED <-> PROTOCOL-SNMP HP Huawei password disclosure attempt (snort3-protocol-snmp.rules) * 1:31578 <-> DISABLED <-> PROTOCOL-SNMP HP Huawei password disclosure attempt (snort3-protocol-snmp.rules) * 1:31579 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record attempt (snort3-file-office.rules) * 1:31587 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XDP encoded download attempt (snort3-file-pdf.rules) * 1:31589 <-> DISABLED <-> PROTOCOL-SERVICES Linux iscsi_add_notunderstood_response request buffer overflow attempt (snort3-protocol-services.rules) * 1:31590 <-> DISABLED <-> PROTOCOL-SERVICES Linux iscsi_add_notunderstood_response request buffer overflow attempt (snort3-protocol-services.rules) * 1:31594 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (snort3-browser-chrome.rules) * 1:31595 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (snort3-browser-chrome.rules) * 1:31596 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (snort3-browser-chrome.rules) * 1:31597 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (snort3-browser-chrome.rules) * 1:31598 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (snort3-browser-chrome.rules) * 1:31599 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (snort3-browser-chrome.rules) * 1:31612 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded PRC stream NULL dereference denial of service attempt (snort3-file-pdf.rules) * 1:31613 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded PRC stream NULL dereference denial of service attempt (snort3-file-pdf.rules) * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player possible cross-domain bypass attempt (snort3-policy-other.rules) * 1:31670 <-> DISABLED <-> FILE-OTHER Symantec Endpoint Protection Sysplant kernel pool overflow exploit attempt (snort3-file-other.rules) * 1:31671 <-> DISABLED <-> FILE-OTHER Symantec Endpoint Protection Sysplant kernel pool overflow exploit attempt (snort3-file-other.rules) * 1:31673 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URL handling remote code execution attempt (snort3-file-flash.rules) * 1:31674 <-> DISABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (snort3-file-flash.rules) * 1:31675 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (snort3-file-flash.rules) * 1:31676 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (snort3-file-flash.rules) * 1:31677 <-> DISABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (snort3-file-flash.rules) * 1:31678 <-> ENABLED <-> FILE-FLASH Adobe Flash valueOf memory leak attempt (snort3-file-flash.rules) * 1:31679 <-> ENABLED <-> FILE-FLASH Adobe Flash valueOf memory leak attempt (snort3-file-flash.rules) * 1:31684 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-origin security policy bypass attempt (snort3-file-flash.rules) * 1:31685 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-origin security policy bypass attempt (snort3-file-flash.rules) * 1:31692 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page detected (snort3-exploit-kit.rules) * 1:31695 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (snort3-exploit-kit.rules) * 1:31699 <-> ENABLED <-> EXPLOIT-KIT Hanjuan exploit kit encrypted binary download (snort3-exploit-kit.rules) * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (snort3-file-identify.rules) * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (snort3-file-identify.rules) * 1:31704 <-> DISABLED <-> SERVER-OTHER FCKeditor textinputs cross site scripting attempt (snort3-server-other.rules) * 1:31708 <-> DISABLED <-> SERVER-OTHER Cougar-LG SSH key path access attempt (snort3-server-other.rules) * 1:31709 <-> DISABLED <-> SERVER-OTHER Cougar-LG configuration file access attempt (snort3-server-other.rules) * 1:31719 <-> DISABLED <-> FILE-IMAGE Microsoft Multiple Products JPEG parser heap overflow attempt (snort3-file-image.rules) * 1:31723 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (snort3-file-flash.rules) * 1:31724 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (snort3-file-flash.rules) * 1:31725 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (snort3-file-flash.rules) * 1:31726 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (snort3-file-flash.rules) * 1:31727 <-> DISABLED <-> SERVER-OTHER Cistron-LG configuration file access attempt (snort3-server-other.rules) * 1:31732 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MMgc use-after-free attempt (snort3-file-flash.rules) * 1:31733 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MMgc use-after-free attempt (snort3-file-flash.rules) * 1:31734 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detection (snort3-exploit-kit.rules) * 1:31739 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (snort3-file-flash.rules) * 1:31740 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (snort3-file-flash.rules) * 1:31741 <-> ENABLED <-> SERVER-OTHER Multi-Router Looking Glass remote command injection attempt (snort3-server-other.rules) * 1:31746 <-> ENABLED <-> MALWARE-BACKDOOR Backdoor.Perl.Shellbot outbound communication attempt (snort3-malware-backdoor.rules) * 1:31749 <-> DISABLED <-> FILE-FLASH Adobe Flash Player marshallException through JavaScript XSS attempt (snort3-file-flash.rules) * 1:31750 <-> DISABLED <-> FILE-FLASH Adobe Flash Player marshallException through JavaScript XSS attempt (snort3-file-flash.rules) * 1:31764 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC TGS request cross-realm referral null pointer dereference denial of service attempt (snort3-server-other.rules) * 1:31765 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC TGS request cross-realm referral null pointer dereference denial of service attempt (snort3-server-other.rules) * 1:31766 <-> DISABLED <-> SERVER-OTHER Cougar-LG addr parameter XSS attempt (snort3-server-other.rules) * 1:31767 <-> DISABLED <-> SERVER-OTHER MRLG fastping echo reply memory corruption attempt (snort3-server-other.rules) * 1:31769 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit outbound connection on non-standard port (snort3-exploit-kit.rules) * 1:31770 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit jquery_datepicker domain decode attempt (snort3-exploit-kit.rules) * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (snort3-file-identify.rules) * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (snort3-file-identify.rules) * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (snort3-file-identify.rules) * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (snort3-file-identify.rules) * 1:31817 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Graftor variant retrieval of a DLL hosted as a JPG (snort3-malware-other.rules) * 1:31821 <-> DISABLED <-> FILE-OTHER Mozilla products clipPath element stroke-width buffer overflow attempt (snort3-file-other.rules) * 1:31822 <-> DISABLED <-> FILE-OTHER Mozilla products clipPath element stroke-width buffer overflow attempt (snort3-file-other.rules) * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (snort3-policy-other.rules) * 1:31839 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (snort3-file-flash.rules) * 1:31840 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (snort3-file-flash.rules) * 1:31841 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (snort3-file-flash.rules) * 1:31842 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (snort3-file-flash.rules) * 1:31847 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (snort3-file-flash.rules) * 1:31848 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (snort3-file-flash.rules) * 1:31849 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (snort3-file-flash.rules) * 1:31850 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (snort3-file-flash.rules) * 1:31851 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A 128 bit WEP key enumeration attempt (snort3-protocol-snmp.rules) * 1:31852 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A 64 bit WEP key enumeration attempt (snort3-protocol-snmp.rules) * 1:31853 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A WPA key enumeration attempt (snort3-protocol-snmp.rules) * 1:31854 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 128 bit WEP key enumeration attempt (snort3-protocol-snmp.rules) * 1:31855 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 64 bit WEP key enumeration attempt (snort3-protocol-snmp.rules) * 1:31856 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products WPA key enumeration attempt (snort3-protocol-snmp.rules) * 1:31857 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit enumeration code detected (snort3-exploit-kit.rules) * 1:31858 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit enumeration code detected (snort3-exploit-kit.rules) * 1:31859 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit exfiltration attempt (snort3-exploit-kit.rules) * 1:31860 <-> DISABLED <-> SERVER-OTHER Apple CUPS web interface cross site scripting attempt (snort3-server-other.rules) * 1:31861 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (snort3-file-flash.rules) * 1:31862 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (snort3-file-flash.rules) * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (snort3-file-identify.rules) * 1:31898 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (snort3-exploit-kit.rules) * 1:31899 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash encoded shellcode detected (snort3-exploit-kit.rules) * 1:31900 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Internet Explorer encoded shellcode detected (snort3-exploit-kit.rules) * 1:31902 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit flash file download (snort3-exploit-kit.rules) * 1:31903 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit flash file download (snort3-exploit-kit.rules) * 1:31966 <-> DISABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (snort3-exploit-kit.rules) * 1:31967 <-> DISABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (snort3-exploit-kit.rules) * 1:31972 <-> DISABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (snort3-exploit-kit.rules) * 1:31986 <-> ENABLED <-> FILE-OTHER Wireshark MPEG dissector stack buffer overflow attempt (snort3-file-other.rules) * 1:31987 <-> ENABLED <-> FILE-OTHER Wireshark MPEG dissector stack buffer overflow attempt (snort3-file-other.rules) * 1:31988 <-> ENABLED <-> EXPLOIT-KIT Gong Da exploit kit landing page (snort3-exploit-kit.rules) * 1:32005 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (snort3-malware-backdoor.rules) * 1:32006 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (snort3-malware-backdoor.rules) * 1:32008 <-> ENABLED <-> MALWARE-OTHER Fake Delta Ticket HTTP Response phishing attack (snort3-malware-other.rules) * 1:32021 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D format Line Set Continuation out-of-bounds memory access attempt (snort3-file-pdf.rules) * 1:32022 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D format Line Set Continuation out-of-bounds memory access attempt (snort3-file-pdf.rules) * 1:32024 <-> ENABLED <-> FILE-FLASH Adobe Flash Player unsupported bitmapFormat value memory disclosure attempt (snort3-file-flash.rules) * 1:32025 <-> ENABLED <-> FILE-FLASH Adobe Flash Player unsupported bitmapFormat value memory disclosure attempt (snort3-file-flash.rules) * 1:32026 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (snort3-file-flash.rules) * 1:32027 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (snort3-file-flash.rules) * 1:32029 <-> DISABLED <-> BROWSER-OTHER Android WebView same origin policy bypass attempt (snort3-browser-other.rules) * 1:32045 <-> ENABLED <-> OS-OTHER Bash redir_stack here document handling denial of service attempt (snort3-os-other.rules) * 1:32046 <-> ENABLED <-> OS-OTHER Bash redir_stack here document handling denial of service attempt (snort3-os-other.rules) * 1:32047 <-> ENABLED <-> OS-OTHER Bash CGI nested loops word_lineno denial of service attempt (snort3-os-other.rules) * 1:32049 <-> ENABLED <-> OS-OTHER Bash CGI nested loops word_lineno denial of service attempt (snort3-os-other.rules) * 1:32055 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Blohi variant outbound connection (snort3-malware-backdoor.rules) * 1:32059 <-> ENABLED <-> PROTOCOL-SCADA KingSCADA Alarm Server stack buffer overflow attempt (snort3-protocol-scada.rules) * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (snort3-policy-other.rules) * 1:32076 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 directory traversal attempt (snort3-server-other.rules) * 1:32077 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP ping abort message double free attempt (snort3-file-flash.rules) * 1:32080 <-> ENABLED <-> MALWARE-BACKDOOR Linux.Backdoor.Starysu variant inbound connection (snort3-malware-backdoor.rules) * 1:32081 <-> ENABLED <-> MALWARE-BACKDOOR Linux.Backdoor.Starysu variant inbound connection (snort3-malware-backdoor.rules) * 1:32084 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (snort3-server-other.rules) * 1:32085 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (snort3-server-other.rules) * 1:32087 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (snort3-file-other.rules) * 1:32088 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (snort3-file-other.rules) * 1:32089 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (snort3-file-other.rules) * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (snort3-policy-other.rules) * 1:32099 <-> DISABLED <-> FILE-OTHER Adobe Flash Player integer overflow out-of-bounds read attempt (snort3-file-other.rules) * 1:32100 <-> DISABLED <-> FILE-OTHER Adobe Flash Player integer overflow out-of-bounds read attempt (snort3-file-other.rules) * 1:32117 <-> DISABLED <-> PUA-ADWARE MplayerX malvertising browser hijacker (snort3-pua-adware.rules) * 1:32118 <-> DISABLED <-> PUA-ADWARE MplayerX malvertising connectivity check (snort3-pua-adware.rules) * 1:32119 <-> DISABLED <-> PUA-ADWARE Vsearch installer User-Agent (snort3-pua-adware.rules) * 1:32120 <-> DISABLED <-> PUA-ADWARE Vsearch installer request (snort3-pua-adware.rules) * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (snort3-file-identify.rules) * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (snort3-file-identify.rules) * 1:32141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (snort3-os-windows.rules) * 1:32142 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (snort3-os-windows.rules) * 1:32143 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (snort3-os-windows.rules) * 1:32144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (snort3-os-windows.rules) * 1:32145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (snort3-os-windows.rules) * 1:32146 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (snort3-os-windows.rules) * 1:32147 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word styleWithEffects use-after-free attempt (snort3-file-office.rules) * 1:32148 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word styleWithEffects use-after-free attempt (snort3-file-office.rules) * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (snort3-file-other.rules) * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (snort3-file-other.rules) * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (snort3-file-other.rules) * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (snort3-file-other.rules) * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (snort3-file-identify.rules) * 1:32166 <-> ENABLED <-> FILE-OTHER Microsoft Internet Explorer SVG heap corruption attempt (snort3-file-other.rules) * 1:32167 <-> ENABLED <-> FILE-OTHER Microsoft Internet Explorer SVG heap corruption attempt (snort3-file-other.rules) * 1:32170 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader string replacement heap overflow attempt (snort3-file-pdf.rules) * 1:32171 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader string replacement heap overflow attempt (snort3-file-pdf.rules) * 1:32190 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font parsing remote code execution attempt (snort3-os-windows.rules) * 1:32191 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font parsing remote code execution attempt (snort3-os-windows.rules) * 1:32199 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 305 directory traversal attempt (snort3-server-other.rules) * 1:32204 <-> DISABLED <-> SERVER-OTHER SSLv3 POODLE CBC padding brute force attempt (snort3-server-other.rules) * 1:32205 <-> DISABLED <-> SERVER-OTHER SSLv3 POODLE CBC padding brute force attempt (snort3-server-other.rules) * 1:32236 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (snort3-file-flash.rules) * 1:32237 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (snort3-file-flash.rules) * 1:32238 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (snort3-file-flash.rules) * 1:32239 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (snort3-file-flash.rules) * 1:32240 <-> DISABLED <-> SERVER-OTHER rsyslog remote PRI out of bounds attempt (snort3-server-other.rules) * 1:32244 <-> DISABLED <-> BROWSER-FIREFOX Mozilla 1.0 Javascript arbitrary cookie access attempt (snort3-browser-firefox.rules) * 1:32247 <-> ENABLED <-> MALWARE-BACKDOOR PHP IRCBot command execution attempt (snort3-malware-backdoor.rules) * 1:32248 <-> ENABLED <-> MALWARE-BACKDOOR PHP IRCBot file edit attempt (snort3-malware-backdoor.rules) * 1:32249 <-> ENABLED <-> MALWARE-BACKDOOR PHP IRCBot port bind attempt (snort3-malware-backdoor.rules) * 1:32251 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (snort3-file-identify.rules) * 1:32252 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (snort3-file-identify.rules) * 1:32253 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file download request (snort3-file-identify.rules) * 1:32260 <-> ENABLED <-> MALWARE-OTHER Sinkhole reply - irc-sinkhole.cert.pl (snort3-malware-other.rules) * 1:32274 <-> DISABLED <-> OS-MOBILE Apple iOS 8.x jailbreak download attempt (snort3-os-mobile.rules) * 1:32275 <-> DISABLED <-> OS-MOBILE Apple iOS 8.x jailbreak download attempt (snort3-os-mobile.rules) * 1:32277 <-> DISABLED <-> SERVER-OTHER Novell ZENworks PreBoot directory traversal attempt (snort3-server-other.rules) * 1:32301 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (snort3-file-flash.rules) * 1:32302 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (snort3-file-flash.rules) * 1:32303 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (snort3-file-flash.rules) * 1:32304 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (snort3-file-flash.rules) * 1:32305 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (snort3-file-flash.rules) * 1:32306 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (snort3-file-flash.rules) * 1:32307 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (snort3-file-flash.rules) * 1:32308 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (snort3-file-flash.rules) * 1:32319 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink locationAttributeSetter use after free attempt (snort3-browser-chrome.rules) * 1:32320 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink locationAttributeSetter use after free attempt (snort3-browser-chrome.rules) * 1:32321 <-> DISABLED <-> SERVER-OTHER Generic JPEG stored cross site scripting attempt (snort3-server-other.rules) * 1:32322 <-> DISABLED <-> SERVER-OTHER Generic JPEG stored cross site scripting attempt (snort3-server-other.rules) * 1:32337 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader pattern object memory corruption attempt (snort3-file-pdf.rules) * 1:32339 <-> DISABLED <-> PUA-ADWARE Nosibay Bubble Dock freeware auto update outbound connection (snort3-pua-adware.rules) * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (snort3-server-other.rules) * 1:32346 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 directory traversal attempt (snort3-server-other.rules) * 1:32358 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JpxDecode invalid crgn memory corruption attempt (snort3-file-pdf.rules) * 1:32361 <-> DISABLED <-> FILE-OTHER Microsoft Windows Briefcase integer overflow (snort3-file-other.rules) * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (snort3-protocol-icmp.rules) * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (snort3-server-other.rules) * 1:32371 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (snort3-server-other.rules) * 1:32376 <-> DISABLED <-> SERVER-OTHER Citrix NetScaler stack buffer overflow attempt (snort3-server-other.rules) * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (snort3-file-identify.rules) * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (snort3-file-identify.rules) * 1:32381 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (snort3-server-other.rules) * 1:32382 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (snort3-server-other.rules) * 1:32387 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit jar file download (snort3-exploit-kit.rules) * 1:32388 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (snort3-exploit-kit.rules) * 1:32390 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (snort3-exploit-kit.rules) * 1:32399 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound Oracle Java request (snort3-exploit-kit.rules) * 1:32403 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (snort3-server-other.rules) * 1:32404 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (snort3-os-windows.rules) * 1:32405 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (snort3-os-windows.rules) * 1:32406 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (snort3-os-windows.rules) * 1:32407 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (snort3-os-windows.rules) * 1:32408 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (snort3-os-windows.rules) * 1:32409 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (snort3-os-windows.rules) * 1:32410 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (snort3-os-windows.rules) * 1:32411 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (snort3-os-windows.rules) * 1:32412 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (snort3-os-windows.rules) * 1:32413 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (snort3-os-windows.rules) * 1:32414 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (snort3-os-windows.rules) * 1:32415 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (snort3-os-windows.rules) * 1:32416 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (snort3-os-windows.rules) * 1:32417 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (snort3-os-windows.rules) * 1:32419 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel ECDH key exchange heap overflow attempt (snort3-os-windows.rules) * 1:32420 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel ECDH key exchange heap overflow attempt (snort3-os-windows.rules) * 1:32421 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel ECDH key exchange heap overflow attempt (snort3-os-windows.rules) * 1:32422 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DTLSv1.0 handshake cookie buffer overflow attempt (snort3-os-windows.rules) * 1:32423 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DTLSv1.0 hello verify request out of bounds read attempt (snort3-os-windows.rules) * 1:32428 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document malicious lcbSttbfBkmkArto value attempt (snort3-file-office.rules) * 1:32429 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document malicious lcbSttbfBkmkArto value attempt (snort3-file-office.rules) * 1:32432 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word lcbPlcffndTxt out-of-bounds attempt (snort3-file-office.rules) * 1:32433 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word fcPlfguidUim out-of-bounds attempt (snort3-file-office.rules) * 1:32434 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word lcbPlcffndTxt out-of-bounds attempt (snort3-file-office.rules) * 1:32435 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word fcPlfguidUim out-of-bounds attempt (snort3-file-office.rules) * 1:32465 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (snort3-server-other.rules) * 1:32466 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (snort3-server-other.rules) * 1:32467 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (snort3-server-other.rules) * 1:32468 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (snort3-server-other.rules) * 1:32474 <-> ENABLED <-> OS-WINDOWS .NET Framework BinaryServerFormatterSink-ProcessMessage IMessage corruption attempt (snort3-os-windows.rules) * 1:32475 <-> ENABLED <-> OS-WINDOWS .NET Framework BinaryServerFormatterSink-ProcessMessage IMessage corruption attempt (snort3-os-windows.rules) * 1:32476 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word bOffset value overflow attempt (snort3-file-office.rules) * 1:32477 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word bOffset value overflow attempt (snort3-file-office.rules) * 1:32489 <-> DISABLED <-> OS-WINDOWS Microsoft Windows tcpip.sys null pointer dereference attempt (snort3-os-windows.rules) * 1:32490 <-> DISABLED <-> OS-WINDOWS Microsoft Windows tcpip.sys null pointer dereference attempt (snort3-os-windows.rules) * 1:32499 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer EPM sandbox escape attempt (snort3-file-other.rules) * 1:32500 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer EPM sandbox escape attempt (snort3-file-other.rules) * 1:32501 <-> ENABLED <-> FILE-OTHER Microsoft XML invalid priority in xsl template (snort3-file-other.rules) * 1:32502 <-> ENABLED <-> FILE-OTHER Microsoft XML invalid priority in xsl template (snort3-file-other.rules) * 1:32514 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (snort3-file-office.rules) * 1:32515 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (snort3-file-office.rules) * 1:32516 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (snort3-file-office.rules) * 1:32517 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (snort3-file-office.rules) * 1:32518 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer registry symbolic link attack attempt (snort3-file-other.rules) * 1:32519 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer registry symbolic link attack attempt (snort3-file-other.rules) * 1:32525 <-> ENABLED <-> BROWSER-OTHER FreeBSD tnftp client detected (snort3-browser-other.rules) * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (snort3-policy-other.rules) * 1:32530 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (snort3-server-other.rules) * 1:32533 <-> ENABLED <-> SERVER-MYSQL Oracle MySQL Server XPath memory Corruption attempt (snort3-server-mysql.rules) * 1:32534 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (snort3-file-flash.rules) * 1:32535 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (snort3-file-flash.rules) * 1:32536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (snort3-file-flash.rules) * 1:32537 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (snort3-file-flash.rules) * 1:32538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (snort3-file-flash.rules) * 1:32539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (snort3-file-flash.rules) * 1:32540 <-> ENABLED <-> FILE-FLASH Adobe Flash Player decompressed microphone object codec denial of service attempt (snort3-file-flash.rules) * 1:32541 <-> ENABLED <-> FILE-FLASH Adobe Flash Player decompressed microphone object codec denial of service attempt (snort3-file-flash.rules) * 1:32542 <-> ENABLED <-> FILE-FLASH Adobe Flash Player compressed microphone object codec denial of service attempt (snort3-file-flash.rules) * 1:32543 <-> ENABLED <-> FILE-FLASH Adobe Flash Player compressed microphone object codec denial of service attempt (snort3-file-flash.rules) * 1:32544 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML focus with no data denial of service attempt (snort3-file-flash.rules) * 1:32545 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML focus with no data denial of service attempt (snort3-file-flash.rules) * 1:32552 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect codec denial of service attempt (snort3-file-flash.rules) * 1:32553 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect codec denial of service attempt (snort3-file-flash.rules) * 1:32554 <-> ENABLED <-> EXPLOIT-KIT Hellspawn exploit kit landing page detected (snort3-exploit-kit.rules) * 1:32558 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (snort3-file-flash.rules) * 1:32559 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (snort3-file-flash.rules) * 1:32560 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (snort3-file-flash.rules) * 1:32561 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (snort3-file-flash.rules) * 1:32566 <-> DISABLED <-> POLICY-OTHER SSLv3 CBC client connection attempt (snort3-policy-other.rules) * 1:32567 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (snort3-file-flash.rules) * 1:32568 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (snort3-file-flash.rules) * 1:32569 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (snort3-file-flash.rules) * 1:32570 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (snort3-file-flash.rules) * 1:32571 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (snort3-file-flash.rules) * 1:32572 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (snort3-file-flash.rules) * 1:32573 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (snort3-file-flash.rules) * 1:32574 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (snort3-file-flash.rules) * 1:32575 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (snort3-file-flash.rules) * 1:32576 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (snort3-file-flash.rules) * 1:32578 <-> ENABLED <-> PUA-OTHER Request for known malware domain pierrejb.agora.eu.org (snort3-pua-other.rules) * 1:32587 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Series record exploit attempt (snort3-file-office.rules) * 1:32588 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (snort3-file-office.rules) * 1:32589 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (snort3-file-office.rules) * 1:32592 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed JPEG information leak attempt (snort3-file-flash.rules) * 1:32593 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed JPEG information leak attempt (snort3-file-flash.rules) * 1:32601 <-> DISABLED <-> SERVER-OTHER Hikvision DVR RTSP request buffer overflow attempt (snort3-server-other.rules) * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (snort3-policy-other.rules) * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (snort3-policy-other.rules) * 1:32616 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (snort3-file-identify.rules) * 1:32617 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (snort3-file-identify.rules) * 1:32618 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file download request (snort3-file-identify.rules) * 1:32619 <-> DISABLED <-> FILE-OTHER MostGear EasyLanFolderShare serial key overflow attempt (snort3-file-other.rules) * 1:32620 <-> DISABLED <-> FILE-OTHER MostGear EasyLanFolderShare serial key overflow attempt (snort3-file-other.rules) * 1:32628 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (snort3-server-other.rules) * 1:32636 <-> DISABLED <-> FILE-OTHER fCreateShellLink function use - potential attack (snort3-file-other.rules) * 1:32637 <-> DISABLED <-> PROTOCOL-TFTP UDP large packet use after free attempt (snort3-protocol-tftp.rules) * 1:32638 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit Adobe Flash exploit on defined port (snort3-exploit-kit.rules) * 1:32640 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit outbound payload detection (snort3-exploit-kit.rules) * 1:32641 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit Oracle Java jnlp file requested on defined port (snort3-exploit-kit.rules) * 1:32647 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (snort3-server-mysql.rules) * 1:32648 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (snort3-server-mysql.rules) * 1:32649 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (snort3-server-mysql.rules) * 1:32650 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (snort3-server-mysql.rules) * 1:32651 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (snort3-server-mysql.rules) * 1:32668 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray.uncompress use after free attempt (snort3-file-flash.rules) * 1:32669 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray.uncompress use after free attempt (snort3-file-flash.rules) * 1:32671 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (snort3-file-other.rules) * 1:32672 <-> DISABLED <-> SERVER-OTHER Cisco ios ftp proxy overflow attempt (snort3-server-other.rules) * 1:32673 <-> DISABLED <-> SERVER-OTHER Web Service on Devices API WSDAPI URL processing buffer corruption attempt (snort3-server-other.rules) * 1:32683 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel blip image use after free attempt (snort3-file-office.rules) * 1:32684 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel blip image use after free attempt (snort3-file-office.rules) * 1:32687 <-> DISABLED <-> FILE-OFFICE Microsoft Office use after free (snort3-file-office.rules) * 1:32688 <-> DISABLED <-> FILE-OFFICE Microsoft Office use after free (snort3-file-office.rules) * 1:32705 <-> DISABLED <-> SERVER-MAIL Microsoft Exchange OWA meeting invite XSS attempt (snort3-server-mail.rules) * 1:32707 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object use after free attempt (snort3-file-office.rules) * 1:32708 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object use after free attempt (snort3-file-office.rules) * 1:32711 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word array index out-of-bounds attempt (snort3-file-office.rules) * 1:32712 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word array index out-of-bounds attempt (snort3-file-office.rules) * 1:32713 <-> DISABLED <-> BROWSER-OTHER Microsoft Internet Explorer cross site scripting filter bypass attempt (snort3-browser-other.rules) * 1:32718 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel remote code execution attempt (snort3-file-office.rules) * 1:32719 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel remote code execution attempt (snort3-file-office.rules) * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (snort3-policy-other.rules) * 1:32731 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (snort3-os-windows.rules) * 1:32732 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (snort3-os-windows.rules) * 1:32737 <-> DISABLED <-> SERVER-OTHER Lianja SQL Server db_netserver Buffer Overflow attempt (snort3-server-other.rules) * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (snort3-policy-other.rules) * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (snort3-policy-other.rules) * 1:32748 <-> DISABLED <-> SERVER-OTHER Ecava IntegraXor HMI /res buffer overflow attempt (snort3-server-other.rules) * 1:32749 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (snort3-file-flash.rules) * 1:32750 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (snort3-file-flash.rules) * 1:32751 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (snort3-file-flash.rules) * 1:32752 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (snort3-file-flash.rules) * 1:32755 <-> DISABLED <-> SERVER-OTHER TLSv1.0 POODLE CBC padding brute force attempt (snort3-server-other.rules) * 1:32756 <-> DISABLED <-> SERVER-OTHER TLSv1.1 POODLE CBC padding brute force attempt (snort3-server-other.rules) * 1:32757 <-> DISABLED <-> SERVER-OTHER TLSv1.2 POODLE CBC padding brute force attempt (snort3-server-other.rules) * 1:32758 <-> DISABLED <-> SERVER-OTHER TLSv1.0 POODLE CBC padding brute force attempt (snort3-server-other.rules) * 1:32759 <-> DISABLED <-> SERVER-OTHER TLSv1.1 POODLE CBC padding brute force attempt (snort3-server-other.rules) * 1:32760 <-> DISABLED <-> SERVER-OTHER TLSv1.2 POODLE CBC padding brute force attempt (snort3-server-other.rules) * 1:32764 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (snort3-file-flash.rules) * 1:32765 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (snort3-file-flash.rules) * 1:32766 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (snort3-file-flash.rules) * 1:32767 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (snort3-file-flash.rules) * 1:32768 <-> DISABLED <-> SQL PK-CMS SQL injection attempt (snort3-sql.rules) * 1:32771 <-> DISABLED <-> MALWARE-OTHER Adobe Invoice email scam phishing attempt (snort3-malware-other.rules) * 1:32772 <-> DISABLED <-> MALWARE-OTHER Adobe License Key email scam phishing attempt (snort3-malware-other.rules) * 1:32787 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (snort3-file-pdf.rules) * 1:32788 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (snort3-file-pdf.rules) * 1:32789 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (snort3-file-pdf.rules) * 1:32790 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (snort3-file-pdf.rules) * 1:32793 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (snort3-file-pdf.rules) * 1:32794 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (snort3-file-pdf.rules) * 1:32795 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D light resource orphaned array use after free attempt (snort3-file-pdf.rules) * 1:32796 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D light resource orphaned array use after free attempt (snort3-file-pdf.rules) * 1:32797 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (snort3-file-pdf.rules) * 1:32798 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (snort3-file-pdf.rules) * 1:32799 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (snort3-file-pdf.rules) * 1:32800 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (snort3-file-pdf.rules) * 1:32801 <-> DISABLED <-> FILE-FLASH Adobe Flash Player orphaning MP3 crash attempt (snort3-file-flash.rules) * 1:32802 <-> DISABLED <-> FILE-FLASH Adobe Flash Player orphaning MP3 crash attempt (snort3-file-flash.rules) * 1:32805 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (snort3-file-flash.rules) * 1:32806 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (snort3-file-flash.rules) * 1:32807 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (snort3-file-flash.rules) * 1:32808 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (snort3-file-flash.rules) * 1:32809 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (snort3-file-flash.rules) * 1:32810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (snort3-file-flash.rules) * 1:32811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (snort3-file-flash.rules) * 1:32812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (snort3-file-flash.rules) * 1:32813 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D object use after free attempt (snort3-file-pdf.rules) * 1:32814 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D object use after free attempt (snort3-file-pdf.rules) * 1:32815 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (snort3-file-pdf.rules) * 1:32816 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (snort3-file-pdf.rules) * 1:32817 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (snort3-file-flash.rules) * 1:32818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (snort3-file-flash.rules) * 1:32819 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 row out of bounds memory corruption attempt (snort3-file-pdf.rules) * 1:32820 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 row out of bounds memory corruption attempt (snort3-file-pdf.rules) * 1:32821 <-> DISABLED <-> FILE-PDF Cross Domain potentially malicious redirection attempt (snort3-file-pdf.rules) * 1:32822 <-> DISABLED <-> FILE-PDF Cross Domain potentially malicious redirection attempt (snort3-file-pdf.rules) * 1:32828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (snort3-file-image.rules) * 1:32829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (snort3-file-image.rules) * 1:32830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (snort3-file-image.rules) * 1:32831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (snort3-file-image.rules) * 1:32832 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (snort3-file-image.rules) * 1:32833 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (snort3-file-image.rules) * 1:32834 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (snort3-file-pdf.rules) * 1:32835 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (snort3-file-pdf.rules) * 1:32836 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (snort3-file-pdf.rules) * 1:32837 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (snort3-file-pdf.rules) * 1:32838 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ANTrustPropgateAll privilege propagation attempt (snort3-file-pdf.rules) * 1:32839 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ANTrustPropgateAll privilege propagation attempt (snort3-file-pdf.rules) * 1:32845 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - 209.53.113.223 (snort3-app-detect.rules) * 1:32846 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - absolute.com (snort3-app-detect.rules) * 1:32847 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - bh.namequery.com (snort3-app-detect.rules) * 1:32848 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - namequery.nettrace.co.za (snort3-app-detect.rules) * 1:32849 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search.us.namequery.com (snort3-app-detect.rules) * 1:32850 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search2.namequery.com (snort3-app-detect.rules) * 1:32851 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search64.namequery.com (snort3-app-detect.rules) * 1:32864 <-> DISABLED <-> APP-DETECT I2P NetBIOS name resolution request attempt (snort3-app-detect.rules) * 1:32865 <-> DISABLED <-> APP-DETECT I2P DNS request attempt (snort3-app-detect.rules) * 1:32866 <-> DISABLED <-> APP-DETECT I2P UPNP query attempt (snort3-app-detect.rules) * 1:32867 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader resampling invalid graphic matrix value attempt (snort3-file-pdf.rules) * 1:32868 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader resampling invalid graphic matrix value attempt (snort3-file-pdf.rules) * 1:32872 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff exploit attempt (snort3-file-office.rules) * 1:32873 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray crash attempt (snort3-file-flash.rules) * 1:32874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray crash attempt (snort3-file-flash.rules) * 1:32875 <-> DISABLED <-> MALWARE-TOOLS BlackSpider Tool ali.txt file upload attempt (snort3-malware-tools.rules) * 1:32877 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (snort3-exploit-kit.rules) * 1:32878 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (snort3-exploit-kit.rules) * 1:32879 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit payload delivery (snort3-exploit-kit.rules) * 1:32880 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (snort3-exploit-kit.rules) * 1:32883 <-> DISABLED <-> FILE-OTHER Adobe Reader MoveFileEx arbitrary file write attempt (snort3-file-other.rules) * 1:32884 <-> DISABLED <-> FILE-OTHER Adobe Reader MoveFileEx arbitrary file write attempt (snort3-file-other.rules) * 1:32889 <-> DISABLED <-> FILE-IMAGE Microsoft and libpng multiple products PNG large image width overflow attempt (snort3-file-image.rules) * 1:32890 <-> DISABLED <-> SERVER-OTHER ntpd configure buffer overflow attempt (snort3-server-other.rules) * 1:32898 <-> DISABLED <-> FILE-MULTIMEDIA Quicktime MJPEG Frame stsd Atom Heap Overflow attempt (snort3-file-multimedia.rules) * 1:32899 <-> DISABLED <-> FILE-MULTIMEDIA Quicktime MJPEG Frame stsd Atom Heap Overflow attempt (snort3-file-multimedia.rules) * 1:32900 <-> DISABLED <-> FILE-FLASH Adobe Flash pepper player 307 redirect custom header cross domain policy evasion attempt (snort3-file-flash.rules) * 1:32903 <-> DISABLED <-> FILE-OTHER Oracle Database Server XML stack buffer overflow attempt (snort3-file-other.rules) * 1:32904 <-> DISABLED <-> FILE-OTHER Oracle Database Server XML stack buffer overflow attempt (snort3-file-other.rules) * 1:32907 <-> DISABLED <-> POLICY-OTHER PirateBrowser User-Agent detected (snort3-policy-other.rules) * 1:32911 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper inbound communication attempt (snort3-malware-backdoor.rules) * 1:32912 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper outbound communication attempt (snort3-malware-backdoor.rules) * 1:32913 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper download attempt (snort3-malware-backdoor.rules) * 1:32914 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper download attempt (snort3-malware-backdoor.rules) * 1:32915 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper inbound communication attempt (snort3-malware-backdoor.rules) * 1:32916 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper outbound communication attempt (snort3-malware-backdoor.rules) * 1:32917 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper inbound communication attempt (snort3-malware-backdoor.rules) * 1:32918 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper download attempt (snort3-malware-backdoor.rules) * 1:32919 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (snort3-malware-other.rules) * 1:32920 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (snort3-malware-other.rules) * 1:32921 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (snort3-malware-other.rules) * 1:32922 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (snort3-malware-other.rules) * 1:32923 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (snort3-malware-other.rules) * 1:32924 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (snort3-malware-other.rules) * 1:32925 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (snort3-malware-other.rules) * 1:32926 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (snort3-malware-other.rules) * 1:32927 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (snort3-malware-other.rules) * 1:32928 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (snort3-malware-other.rules) * 1:32929 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (snort3-malware-other.rules) * 1:32930 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (snort3-malware-other.rules) * 1:32931 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (snort3-malware-other.rules) * 1:32932 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (snort3-malware-other.rules) * 1:32933 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (snort3-malware-other.rules) * 1:32934 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (snort3-malware-other.rules) * 1:32935 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (snort3-malware-other.rules) * 1:32936 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Wiper proxy tools download attempt (snort3-malware-tools.rules) * 1:32937 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Wiper proxy communication attempt (snort3-malware-tools.rules) * 1:32938 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Wiper proxy tool download attempt (snort3-malware-tools.rules) * 1:32940 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed Label record exploit attempt (snort3-file-office.rules) * 1:32941 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (snort3-file-office.rules) * 1:32942 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (snort3-file-office.rules) * 1:32943 <-> DISABLED <-> FILE-OTHER Microsoft SYmbolic LinK stack overflow attempt (snort3-file-other.rules) * 1:32945 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (snort3-file-identify.rules) * 1:32946 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (snort3-file-identify.rules) * 1:32947 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file download request (snort3-file-identify.rules) * 1:32948 <-> DISABLED <-> INDICATOR-COMPROMISE Download of executable screensaver file (snort3-indicator-compromise.rules) * 1:32949 <-> DISABLED <-> MALWARE-OTHER Download of executable screensaver file (snort3-malware-other.rules) * 1:32951 <-> DISABLED <-> POLICY-OTHER base64 encoded executable file download (snort3-policy-other.rules) * 1:32953 <-> DISABLED <-> SERVER-OTHER XCat Blind XPath Injection attempt (snort3-server-other.rules) * 1:32954 <-> DISABLED <-> SERVER-OTHER XCat Blind XPath Injection attempt (snort3-server-other.rules) * 1:32955 <-> DISABLED <-> SERVER-OTHER XCat Blind XPath Injection attempt (snort3-server-other.rules) * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (snort3-protocol-dns.rules) * 1:32960 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (snort3-file-office.rules) * 1:32961 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (snort3-file-office.rules) * 1:32965 <-> DISABLED <-> OS-WINDOWS Microsoft Windows identity token authorization bypass attempt (snort3-os-windows.rules) * 1:32966 <-> DISABLED <-> OS-WINDOWS Microsoft Windows identity token authorization bypass attempt (snort3-os-windows.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (snort3-policy-other.rules) * 1:32974 <-> DISABLED <-> OS-MOBILE Android ObjectInputStream privilege escalation attempt (snort3-os-mobile.rules) * 1:32975 <-> DISABLED <-> OS-MOBILE Android ObjectInputStream privilege escalation attempt (snort3-os-mobile.rules) * 1:32995 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit Adobe Flash download (snort3-exploit-kit.rules) * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (snort3-os-windows.rules) * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (snort3-os-windows.rules) * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (snort3-file-identify.rules) * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (snort3-file-identify.rules) * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (snort3-file-identify.rules) * 1:33048 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebdavRedirector privilege escalation attempt (snort3-os-windows.rules) * 1:33049 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebdavRedirector privilege escalation attempt (snort3-os-windows.rules) * 1:33062 <-> DISABLED <-> FILE-OTHER BulletProof FTP Client BPS file buffer overflow attempt (snort3-file-other.rules) * 1:33063 <-> DISABLED <-> FILE-OTHER BulletProof FTP Client BPS file buffer overflow attempt (snort3-file-other.rules) * 1:33155 <-> DISABLED <-> OS-WINDOWS CryptProtectMemory Impersonation Check Bypass attempt (snort3-os-windows.rules) * 1:33156 <-> DISABLED <-> OS-WINDOWS CryptProtectMemory Impersonation Check Bypass attempt (snort3-os-windows.rules) * 1:33159 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM2 opcode type confusion denial of service attempt (snort3-file-flash.rules) * 1:33160 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM2 opcode type confusion denial of service attempt (snort3-file-flash.rules) * 1:33162 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (snort3-file-flash.rules) * 1:33163 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (snort3-file-flash.rules) * 1:33164 <-> DISABLED <-> FILE-FLASH Adobe Flash Player RTMP out-of-bounds read attempt (snort3-file-flash.rules) * 1:33176 <-> ENABLED <-> FILE-FLASH Adobe Flash AWM2 out of bounds corruption attempt (snort3-file-flash.rules) * 1:33177 <-> ENABLED <-> FILE-FLASH Adobe Flash AWM2 out of bounds corruption attempt (snort3-file-flash.rules) * 1:33183 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (snort3-exploit-kit.rules) * 1:33185 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (snort3-exploit-kit.rules) * 1:33186 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (snort3-exploit-kit.rules) * 1:33187 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (snort3-exploit-kit.rules) * 1:33197 <-> DISABLED <-> SERVER-OTHER BMC Track-It FileStorageService directory traversal attempt (snort3-server-other.rules) * 1:33205 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC 2.1.5 Media Player libavcodex memory corruption attempt (snort3-file-multimedia.rules) * 1:33206 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC 2.1.5 Media Player libavcodex memory corruption attempt (snort3-file-multimedia.rules) * 1:33208 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bladbindi obfuscated with Yano Obfuscator download attempt (snort3-malware-other.rules) * 1:33212 <-> ENABLED <-> PUA-ADWARE SoftPulse variant HTTP response attempt (snort3-pua-adware.rules) * 1:33213 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader newfunction memory corruption attempt (snort3-file-pdf.rules) * 1:33214 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader newfunction memory corruption attempt (snort3-file-pdf.rules) * 1:33215 <-> DISABLED <-> INDICATOR-COMPROMISE DNS request for known malware domain icanhazip.com (snort3-indicator-compromise.rules) * 1:33216 <-> DISABLED <-> INDICATOR-COMPROMISE DNS request for known malware domain tor2web.org (snort3-indicator-compromise.rules) * 1:33224 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.Blocker variant outbound connection attempt (snort3-indicator-compromise.rules) * 1:33280 <-> DISABLED <-> PUA-ADWARE Win.Adware.iBryte variant outbound connection (snort3-pua-adware.rules) * 1:33286 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (snort3-exploit-kit.rules) * 1:33292 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (snort3-exploit-kit.rules) * 1:33295 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (snort3-file-flash.rules) * 1:33296 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (snort3-file-flash.rules) * 1:33297 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (snort3-file-flash.rules) * 1:33298 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (snort3-file-flash.rules) * 1:33304 <-> ENABLED <-> PUA-ADWARE Win.Adware.Gamevance variant outbound connection (snort3-pua-adware.rules) * 1:33306 <-> ENABLED <-> MALWARE-OTHER connection to malware sinkhole (snort3-malware-other.rules) * 1:33307 <-> DISABLED <-> FILE-OTHER Microsoft Visio packed object parsing memory corruption attempt (snort3-file-other.rules) * 1:33308 <-> DISABLED <-> FILE-OTHER Microsoft Visio packed object parsing memory corruption attempt (snort3-file-other.rules) * 1:33309 <-> DISABLED <-> FILE-OTHER libxml2 entity reference name heap buffer overflow attempt (snort3-file-other.rules) * 1:33310 <-> DISABLED <-> FILE-OTHER libxml2 entity reference name heap buffer overflow attempt (snort3-file-other.rules) * 1:33311 <-> ENABLED <-> PUA-ADWARE Win.Adware.OptimizerPro variant outbound connection (snort3-pua-adware.rules) * 1:33343 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 x64 linked cursor double free attempt (snort3-os-windows.rules) * 1:33344 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 x64 linked cursor double free attempt (snort3-os-windows.rules) * 1:33355 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys use-after-free attempt (snort3-os-windows.rules) * 1:33363 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (snort3-os-windows.rules) * 1:33364 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (snort3-os-windows.rules) * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (snort3-policy-other.rules) * 1:33430 <-> DISABLED <-> APP-DETECT I2P traffic transmission attempt (snort3-app-detect.rules) * 1:33436 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font integer overflow attempt (snort3-file-other.rules) * 1:33437 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font integer overflow attempt (snort3-file-other.rules) * 1:33441 <-> DISABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (snort3-file-office.rules) * 1:33442 <-> DISABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (snort3-file-office.rules) * 1:33445 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP channel driver denial of service attempt (snort3-protocol-voip.rules) * 1:33452 <-> ENABLED <-> PUA-TOOLBARS Win.Toolbar.Crossrider variant outbound connection (snort3-pua-toolbars.rules) * 1:33454 <-> ENABLED <-> FILE-OTHER Adobe Reader CoolType.DLL out-of-bounds memory access attempt (snort3-file-other.rules) * 1:33455 <-> ENABLED <-> FILE-OTHER Adobe Reader CoolType.DLL out-of-bounds memory access attempt (snort3-file-other.rules) * 1:33475 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (snort3-file-flash.rules) * 1:33476 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (snort3-file-flash.rules) * 1:33477 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (snort3-file-flash.rules) * 1:33478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (snort3-file-flash.rules) * 1:33480 <-> DISABLED <-> PUA-ADWARE Win.Adware.DownloadGuide variant outbound connection (snort3-pua-adware.rules) * 1:33483 <-> ENABLED <-> PUA-ADWARE Win.Adware.InstallMonster variant outbound connection (snort3-pua-adware.rules) * 1:33515 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (snort3-file-image.rules) * 1:33516 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (snort3-file-image.rules) * 1:33517 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (snort3-file-image.rules) * 1:33518 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (snort3-file-image.rules) * 1:33525 <-> DISABLED <-> FILE-OTHER Apple OSX Safari format string validation corruption attempt (snort3-file-other.rules) * 1:33526 <-> DISABLED <-> FILE-OTHER Apple OSX Safari format string validation corruption attempt (snort3-file-other.rules) * 1:33527 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (snort3-file-flash.rules) * 1:33528 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (snort3-file-flash.rules) * 1:33529 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (snort3-file-flash.rules) * 1:33530 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (snort3-file-flash.rules) * 1:33531 <-> DISABLED <-> PUA-ADWARE MediaBuzz malvertising browser redirect attempt (snort3-pua-adware.rules) * 1:33532 <-> DISABLED <-> PUA-ADWARE MediaBuzz malvertising browser redirect attempt (snort3-pua-adware.rules) * 1:33549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (snort3-file-flash.rules) * 1:33550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (snort3-file-flash.rules) * 1:33551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (snort3-file-flash.rules) * 1:33552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (snort3-file-flash.rules) * 1:33553 <-> DISABLED <-> PUA-ADWARE Win.Adware.iBryte variant outbound connection (snort3-pua-adware.rules) * 1:33561 <-> DISABLED <-> SERVER-OTHER OpenSSL fragmented protocol downgrade attempt (snort3-server-other.rules) * 1:33562 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document with embedded networking script (snort3-file-office.rules) * 1:33563 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document with embedded networking script (snort3-file-office.rules) * 1:33564 <-> DISABLED <-> SERVER-MAIL GNU Mailman date field buffer overflow attempt (snort3-server-mail.rules) * 1:33565 <-> DISABLED <-> SERVER-OTHER McAfee E-Business Server remote preauth code execution attempt (snort3-server-other.rules) * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (snort3-file-other.rules) * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (snort3-file-other.rules) * 1:33580 <-> DISABLED <-> PUA-ADWARE SuperFish adware outbound connection attempt (snort3-pua-adware.rules) * 1:33583 <-> DISABLED <-> PROTOCOL-DNS ISC BIND recursive resolver resource consumption denial of service attempt (snort3-protocol-dns.rules) * 1:33588 <-> DISABLED <-> FILE-OTHER Oracle Java WebStart JNLP stack buffer overflow attempt (snort3-file-other.rules) * 1:33592 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player SwDir.dll PlayerVersion Buffer Overflow attempt (snort3-file-other.rules) * 1:33593 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player SwDir.dll PlayerVersion Buffer Overflow attempt (snort3-file-other.rules) * 1:33595 <-> DISABLED <-> SERVER-OTHER GnuTLS TLSA record heap buffer overflow attempt (snort3-server-other.rules) * 1:33596 <-> DISABLED <-> SERVER-OTHER GnuTLS TLSA record heap buffer overflow attempt (snort3-server-other.rules) * 1:33603 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption attempt (snort3-file-other.rules) * 1:33604 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption attempt (snort3-file-other.rules) * 1:33615 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (snort3-file-image.rules) * 1:33618 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.lubot download (snort3-malware-backdoor.rules) * 1:33619 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.lubot download (snort3-malware-backdoor.rules) * 1:33622 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (snort3-browser-webkit.rules) * 1:33623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (snort3-browser-webkit.rules) * 1:33624 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (snort3-browser-webkit.rules) * 1:33625 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (snort3-browser-webkit.rules) * 1:33626 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (snort3-browser-webkit.rules) * 1:33627 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (snort3-browser-webkit.rules) * 1:33628 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (snort3-browser-webkit.rules) * 1:33629 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (snort3-browser-webkit.rules) * 1:33630 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (snort3-browser-webkit.rules) * 1:33631 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (snort3-browser-webkit.rules) * 1:33634 <-> DISABLED <-> FILE-FLASH Adobe Flash Player decompressing denial of service attempt (snort3-file-flash.rules) * 1:33635 <-> DISABLED <-> FILE-FLASH Adobe Flash Player decompressing denial of service attempt (snort3-file-flash.rules) * 1:33636 <-> DISABLED <-> SERVER-OTHER SAP Sybase ESP xmlrpc unsafe pointer dereference attempt (snort3-server-other.rules) * 1:33637 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query object integer overflow attempt (snort3-server-mysql.rules) * 1:33640 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file download request (snort3-file-identify.rules) * 1:33641 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (snort3-file-identify.rules) * 1:33642 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (snort3-file-identify.rules) * 1:33643 <-> DISABLED <-> FILE-OTHER Apple Motion OZDocumentparseElement Integer Overflow attempt (snort3-file-other.rules) * 1:33644 <-> DISABLED <-> FILE-OTHER Apple Motion OZDocumentparseElement Integer Overflow attempt (snort3-file-other.rules) * 1:33645 <-> DISABLED <-> PUA-ADWARE SuperFish adware outbound connection attempt (snort3-pua-adware.rules) * 1:33654 <-> DISABLED <-> SERVER-OTHER OpenSSH maxstartup threshold connection exhaustion denial of service attempt (snort3-server-other.rules) * 1:33661 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (snort3-browser-chrome.rules) * 1:33662 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (snort3-browser-chrome.rules) * 1:33663 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound uri structure (snort3-exploit-kit.rules) * 1:33664 <-> DISABLED <-> BROWSER-OTHER Network Security Services NSS library RSA signature forgery attempt (snort3-browser-other.rules) * 1:33666 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file download request (snort3-file-identify.rules) * 1:33667 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (snort3-file-identify.rules) * 1:33668 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (snort3-file-identify.rules) * 1:33669 <-> DISABLED <-> FILE-OTHER Executable disguised as PIF file (snort3-file-other.rules) * 1:33679 <-> DISABLED <-> SERVER-OTHER Cisco CNS Network Registrar denial of service attempt (snort3-server-other.rules) * 1:33680 <-> DISABLED <-> SERVER-OTHER Cisco CNS Network Registrar denial of service attempt (snort3-server-other.rules) * 1:33682 <-> DISABLED <-> SERVER-OTHER PHP unserialize use after free attempt (snort3-server-other.rules) * 1:33683 <-> DISABLED <-> SERVER-OTHER PHP unserialize use after free attempt (snort3-server-other.rules) * 1:33685 <-> DISABLED <-> SERVER-OTHER PHPMoAdmin remote code execution attempt (snort3-server-other.rules) * 1:33713 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (snort3-os-windows.rules) * 1:33714 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (snort3-os-windows.rules) * 1:33717 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Task Scheduler access control bypass attempt (snort3-os-windows.rules) * 1:33728 <-> DISABLED <-> OS-WINDOWS ATLMFD.DLL improperly terminated encrypted charstrings in type 1 font attempt (snort3-os-windows.rules) * 1:33729 <-> DISABLED <-> OS-WINDOWS ATLMFD.DLL improperly terminated encrypted charstrings in type 1 font attempt (snort3-os-windows.rules) * 1:33732 <-> DISABLED <-> FILE-OTHER Microsoft OpenType font atlmfd.dll uninitialized memory read attempt (snort3-file-other.rules) * 1:33733 <-> DISABLED <-> FILE-OTHER Microsoft OpenType font atlmfd.dll uninitialized memory read attempt (snort3-file-other.rules) * 1:33734 <-> DISABLED <-> FILE-OFFICE Microsoft Office ADODB.RecordSet code execution attempt (snort3-file-office.rules) * 1:33735 <-> DISABLED <-> FILE-OFFICE Microsoft Office ADODB.RecordSet code execution attempt (snort3-file-office.rules) * 1:33758 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.CTB-Locker download attempt (snort3-malware-other.rules) * 1:33759 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.CTB-Locker download attempt (snort3-malware-other.rules) * 1:33760 <-> DISABLED <-> FILE-IMAGE Microsoft Internet Explorer PNG tRNS chuck size 1 information disclosure attempt (snort3-file-image.rules) * 1:33761 <-> DISABLED <-> FILE-IMAGE Microsoft Internet Explorer PNG tRNS chuck size 1 information disclosure attempt (snort3-file-image.rules) * 1:33765 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetClipboardAccessToken privilege escalation attempt (snort3-os-windows.rules) * 1:33766 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetClipboardAccessToken privilege escalation attempt (snort3-os-windows.rules) * 1:33767 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserFnINOUTNCCALCSIZE kernel memory leak attempt (snort3-os-windows.rules) * 1:33768 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserFnINOUTNCCALCSIZE kernel memory leak attempt (snort3-os-windows.rules) * 1:33769 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserfnINSTRINGNULL memory leak kernel ASLR bypass attempt (snort3-os-windows.rules) * 1:33770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserfnINSTRINGNULL memory leak kernel ASLR bypass attempt (snort3-os-windows.rules) * 1:33771 <-> DISABLED <-> FILE-OTHER Microsoft Windows jxr information disclosure attempt (snort3-file-other.rules) * 1:33772 <-> DISABLED <-> FILE-OTHER Microsoft Windows jxr information disclosure attempt (snort3-file-other.rules) * 1:33773 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CmpGetVirtualizationID race condition user impersonation attempt (snort3-os-windows.rules) * 1:33774 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CmpGetVirtualizationID race condition user impersonation attempt (snort3-os-windows.rules) * 1:33777 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (snort3-server-other.rules) * 1:33778 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (snort3-server-other.rules) * 1:33779 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (snort3-server-other.rules) * 1:33780 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (snort3-server-other.rules) * 1:33781 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (snort3-server-other.rules) * 1:33782 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (snort3-server-other.rules) * 1:33783 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (snort3-server-other.rules) * 1:33784 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (snort3-server-other.rules) * 1:33785 <-> DISABLED <-> SERVER-OTHER SSL request for export grade cipher suite attempt (snort3-server-other.rules) * 1:33786 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (snort3-server-other.rules) * 1:33787 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (snort3-server-other.rules) * 1:33788 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (snort3-server-other.rules) * 1:33789 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (snort3-server-other.rules) * 1:33790 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (snort3-server-other.rules) * 1:33791 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (snort3-server-other.rules) * 1:33792 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (snort3-server-other.rules) * 1:33793 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (snort3-server-other.rules) * 1:33794 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (snort3-server-other.rules) * 1:33795 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (snort3-server-other.rules) * 1:33796 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (snort3-server-other.rules) * 1:33797 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (snort3-server-other.rules) * 1:33798 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (snort3-server-other.rules) * 1:33799 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (snort3-server-other.rules) * 1:33800 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (snort3-server-other.rules) * 1:33801 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (snort3-server-other.rules) * 1:33802 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (snort3-server-other.rules) * 1:33803 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (snort3-server-other.rules) * 1:33804 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (snort3-server-other.rules) * 1:33805 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (snort3-server-other.rules) * 1:33806 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (snort3-server-other.rules) * 1:33807 <-> DISABLED <-> SERVER-MAIL Microsoft Exchange OWA X-OWA-CANARY command injection attempt (snort3-server-mail.rules) * 1:33808 <-> DISABLED <-> SERVER-OTHER Microsoft Sharepoint Server Newsfeed XSS attempt (snort3-server-other.rules) * 1:33809 <-> DISABLED <-> SERVER-OTHER Microsoft Sharepoint user display name XSS attempt (snort3-server-other.rules) * 1:33810 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server custom DLP policy name cross-site scripting attempt (snort3-server-other.rules) * 1:33811 <-> DISABLED <-> SERVER-MAIL Microsoft Exchange UM Management user stored XSS attempt (snort3-server-mail.rules) * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (snort3-server-other.rules) * 1:33815 <-> DISABLED <-> PUA-ADWARE Adware Goobzo/CrossRider variant outbound connection (snort3-pua-adware.rules) * 1:33816 <-> DISABLED <-> PUA-ADWARE Adware Goobzo/CrossRider variant outbound connection (snort3-pua-adware.rules) * 1:33823 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Speccom variant outbound connection (snort3-malware-backdoor.rules) * 1:33825 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (snort3-os-windows.rules) * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (snort3-server-samba.rules) * 1:33830 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (snort3-server-other.rules) * 1:33833 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (snort3-pua-adware.rules) * 1:33834 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (snort3-pua-adware.rules) * 1:33835 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (snort3-pua-adware.rules) * 1:33858 <-> DISABLED <-> SERVER-OTHER rsyslog remote PRI out of bounds attempt (snort3-server-other.rules) * 1:33874 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Latekonsul Runtime Detection (snort3-malware-other.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (snort3-policy-other.rules) * 1:33908 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll out-of-bounds memory write access attempt (snort3-file-pdf.rules) * 1:33909 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll out-of-bounds memory write access attempt (snort3-file-pdf.rules) * 1:33910 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit rowspan denial of service attempt (snort3-browser-webkit.rules) * 1:33911 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit rowspan denial of service attempt (snort3-browser-webkit.rules) * 1:33939 <-> DISABLED <-> MALWARE-OTHER Executable control panel file attachment detected (snort3-malware-other.rules) * 1:33940 <-> DISABLED <-> MALWARE-OTHER Executable control panel file attachment detected (snort3-malware-other.rules) * 1:33941 <-> DISABLED <-> MALWARE-OTHER Executable control panel file download request (snort3-malware-other.rules) * 1:33942 <-> DISABLED <-> MALWARE-OTHER Executable control panel file download request (snort3-malware-other.rules) * 1:33943 <-> ENABLED <-> MALWARE-OTHER Executable control panel file download request (snort3-malware-other.rules) * 1:33944 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (snort3-file-other.rules) * 1:33945 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (snort3-file-other.rules) * 1:33946 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (snort3-file-other.rules) * 1:33947 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (snort3-file-other.rules) * 1:33948 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (snort3-file-other.rules) * 1:33949 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (snort3-file-other.rules) * 1:33950 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (snort3-file-other.rules) * 1:33951 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (snort3-file-other.rules) * 1:33952 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (snort3-file-other.rules) * 1:33953 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (snort3-file-other.rules) * 1:33954 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (snort3-file-other.rules) * 1:33955 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (snort3-file-other.rules) * 1:33956 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (snort3-file-other.rules) * 1:33957 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (snort3-file-other.rules) * 1:33958 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (snort3-file-other.rules) * 1:33959 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (snort3-file-other.rules) * 1:33960 <-> DISABLED <-> SERVER-OTHER PHP unserialize code execution attempt (snort3-server-other.rules) * 1:33961 <-> DISABLED <-> SERVER-OTHER PHP unserialize code execution attempt (snort3-server-other.rules) * 1:33962 <-> DISABLED <-> BROWSER-CHROME Google Chrome Pepper Flash same-origin-policy bypass attempt (snort3-browser-chrome.rules) * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (snort3-policy-other.rules) * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (snort3-policy-other.rules) * 1:33971 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross domain policy bypass attempt (snort3-file-flash.rules) * 1:33972 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross domain policy bypass attempt (snort3-file-flash.rules) * 1:33973 <-> DISABLED <-> FILE-FLASH Adobe Flash Player compressed file cross domain policy bypass attempt (snort3-file-flash.rules) * 1:33974 <-> DISABLED <-> FILE-FLASH Adobe Flash Player compressed file cross domain policy bypass attempt (snort3-file-flash.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (snort3-policy-other.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (snort3-policy-other.rules) * 1:34027 <-> DISABLED <-> SERVER-OTHER PHP 4 unserialize ZVAL Reference Counter Overflow attempt (snort3-server-other.rules) * 1:34053 <-> DISABLED <-> SERVER-OTHER PHP unserialize and __wakeup use after free attempt (snort3-server-other.rules) * 1:34054 <-> DISABLED <-> SERVER-OTHER PHP unserialize and __wakeup use after free attempt (snort3-server-other.rules) * 1:34057 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (snort3-os-windows.rules) * 1:34058 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (snort3-os-windows.rules) * 1:34078 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (snort3-file-executable.rules) * 1:34079 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (snort3-file-executable.rules) * 1:34080 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (snort3-file-executable.rules) * 1:34081 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (snort3-file-executable.rules) * 1:34082 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (snort3-file-other.rules) * 1:34083 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (snort3-file-other.rules) * 1:34088 <-> DISABLED <-> SERVER-IIS Web.config information disclosure attempt (snort3-server-iis.rules) * 1:34091 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender misconfiguration MpCmdRun.exe system execution attempt (snort3-os-windows.rules) * 1:34092 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender misconfiguration MpCmdRun.exe system execution attempt (snort3-os-windows.rules) * 1:34095 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtCreateTransactionManager type confusion attempt (snort3-os-windows.rules) * 1:34096 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtCreateTransactionManager type confusion attempt (snort3-os-windows.rules) * 1:34097 <-> DISABLED <-> FILE-OTHER Multiple products external entity injection attempt (snort3-file-other.rules) * 1:34098 <-> DISABLED <-> FILE-OTHER Multiple products external entity injection attempt (snort3-file-other.rules) * 1:34099 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint projectdetails.aspx ret parameter XSS attempt (snort3-server-other.rules) * 1:34112 <-> DISABLED <-> SERVER-OTHER NTP mode 6 REQ_NONCE denial of service attempt (snort3-server-other.rules) * 1:34114 <-> DISABLED <-> SERVER-OTHER NTP mode 6 UNSETTRAP denial of service attempt (snort3-server-other.rules) * 1:34118 <-> DISABLED <-> INDICATOR-OBFUSCATION known malicious javascript packer detected (snort3-indicator-obfuscation.rules) * 1:34119 <-> DISABLED <-> PUA-ADWARE InstallMetrix precheck stage outbound connection (snort3-pua-adware.rules) * 1:34120 <-> DISABLED <-> PUA-ADWARE InstallMetrix fetch offers stage outbound connection (snort3-pua-adware.rules) * 1:34121 <-> DISABLED <-> PUA-ADWARE InstallMetrix reporting binary installation stage status (snort3-pua-adware.rules) * 1:34122 <-> DISABLED <-> PUA-ADWARE InstallMetrix reporting fetch offers stage status (snort3-pua-adware.rules) * 1:34125 <-> DISABLED <-> PUA-ADWARE User-Agent Vitruvian (snort3-pua-adware.rules) * 1:34126 <-> DISABLED <-> PUA-ADWARE Vitruvian outbound connection (snort3-pua-adware.rules) * 1:34127 <-> DISABLED <-> PUA-ADWARE Vitruvian outbound connection (snort3-pua-adware.rules) * 1:34131 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (snort3-file-office.rules) * 1:34137 <-> DISABLED <-> PUA-ADWARE SearchProtect user-agent detection (snort3-pua-adware.rules) * 1:34141 <-> DISABLED <-> SERVER-OTHER Oracle CorelDRAW file parser heap buffer overflow attempt (snort3-server-other.rules) * 1:34142 <-> DISABLED <-> SERVER-OTHER Oracle CorelDRAW file parser heap buffer overflow attempt (snort3-server-other.rules) * 1:34144 <-> DISABLED <-> PUA-ADWARE SuperOptimizer installation status (snort3-pua-adware.rules) * 1:34145 <-> DISABLED <-> PUA-ADWARE SuperOptimizer encrypted data transmission (snort3-pua-adware.rules) * 1:34146 <-> DISABLED <-> PUA-ADWARE SuperOptimizer geolocation request (snort3-pua-adware.rules) * 1:34147 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (snort3-file-flash.rules) * 1:34148 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (snort3-file-flash.rules) * 1:34149 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (snort3-file-flash.rules) * 1:34150 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (snort3-file-flash.rules) * 1:34160 <-> DISABLED <-> SERVER-OTHER Oracle Outside In Paradox database denial of service attempt (snort3-server-other.rules) * 1:34170 <-> DISABLED <-> BROWSER-OTHER Opera SVG use after free memory corruption attempt (snort3-browser-other.rules) * 1:34171 <-> DISABLED <-> BROWSER-OTHER Opera SVG use after free memory corruption attempt (snort3-browser-other.rules) * 1:34176 <-> DISABLED <-> FILE-FLASH Adobe Flash Player domain security bypass attempt (snort3-file-flash.rules) * 1:34177 <-> DISABLED <-> FILE-FLASH Adobe Flash Player domain security bypass attempt (snort3-file-flash.rules) * 1:34224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (snort3-indicator-shellcode.rules) * 1:34226 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple AV products evasion attempt (snort3-indicator-obfuscation.rules) * 1:34227 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple AV products evasion attempt (snort3-indicator-obfuscation.rules) * 1:34232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (snort3-file-flash.rules) * 1:34233 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (snort3-file-flash.rules) * 1:34234 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (snort3-file-flash.rules) * 1:34235 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (snort3-file-flash.rules) * 1:34236 <-> DISABLED <-> PUA-ADWARE Eorezo outbound connection (snort3-pua-adware.rules) * 1:34237 <-> DISABLED <-> PUA-ADWARE Eorezo get advertisement (snort3-pua-adware.rules) * 1:34238 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file upload attempt (snort3-server-other.rules) * 1:34239 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file upload attempt (snort3-server-other.rules) * 1:34253 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (snort3-file-flash.rules) * 1:34254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (snort3-file-flash.rules) * 1:34288 <-> DISABLED <-> SERVER-OTHER Windows iSCSI target login request Denial of Service attempt (snort3-server-other.rules) * 1:34295 <-> DISABLED <-> SQL Lblog possible sql injection attempt - GET parameter (snort3-sql.rules) * 1:34301 <-> DISABLED <-> SERVER-OTHER GNU Mailman listname directory traversal attempt (snort3-server-other.rules) * 1:34336 <-> ENABLED <-> MALWARE-OTHER Html.Phishing.Crea outbound connection attempt (snort3-malware-other.rules) * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (snort3-policy-other.rules) * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (snort3-policy-other.rules) * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (snort3-policy-other.rules) * 1:34343 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (snort3-file-multimedia.rules) * 1:34344 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (snort3-file-multimedia.rules) * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (snort3-policy-other.rules) * 1:34348 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit payload download (snort3-exploit-kit.rules) * 1:34373 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (snort3-server-other.rules) * 1:34374 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (snort3-server-other.rules) * 1:34375 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (snort3-server-other.rules) * 1:34376 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (snort3-server-other.rules) * 1:34377 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetComboBoxInfo information disclosure attempt (snort3-os-windows.rules) * 1:34378 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetComboBoxInfo information disclosure attempt (snort3-os-windows.rules) * 1:34395 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (snort3-file-identify.rules) * 1:34396 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (snort3-file-identify.rules) * 1:34397 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download request (snort3-file-identify.rules) * 1:34398 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download attempt (snort3-file-identify.rules) * 1:34413 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetScrollBarInfo information disclosure attempt (snort3-os-windows.rules) * 1:34414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetScrollBarInfo information disclosure attempt (snort3-os-windows.rules) * 1:34426 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (snort3-os-windows.rules) * 1:34427 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (snort3-os-windows.rules) * 1:34434 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET XML recursive call denial of service attempt (snort3-os-windows.rules) * 1:34435 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET XML recursive call denial of service attempt (snort3-os-windows.rules) * 1:34438 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .msc file stack overflow attempt (snort3-os-windows.rules) * 1:34439 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .msc file stack overflow attempt (snort3-os-windows.rules) * 1:34442 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTUserGetTitleBarInfo information disclosure attempt (snort3-os-windows.rules) * 1:34443 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTUserGetTitleBarInfo information disclosure attempt (snort3-os-windows.rules) * 1:34463 <-> DISABLED <-> APP-DETECT TeamViewer remote administration tool outbound connection attempt (snort3-app-detect.rules) * 1:34464 <-> DISABLED <-> SERVER-OTHER AsusWRT infosvr remote command execution attempt (snort3-server-other.rules) * 1:34465 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT28 Lisuife (snort3-indicator-compromise.rules) * 1:34479 <-> DISABLED <-> FILE-EXECUTABLE Adobe Flash Player Internet Explorer broker process directory traversal attempt (snort3-file-executable.rules) * 1:34480 <-> DISABLED <-> FILE-EXECUTABLE Adobe Flash Player Internet Explorer broker process directory traversal attempt (snort3-file-executable.rules) * 1:34481 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (snort3-os-other.rules) * 1:34482 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (snort3-os-other.rules) * 1:34483 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (snort3-os-other.rules) * 1:34484 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (snort3-os-other.rules) * 1:34485 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (snort3-os-other.rules) * 1:34486 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (snort3-os-other.rules) * 1:34487 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (snort3-os-other.rules) * 1:34488 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (snort3-os-other.rules) * 1:34492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (snort3-file-flash.rules) * 1:34493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (snort3-file-flash.rules) * 1:34494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (snort3-file-flash.rules) * 1:34495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (snort3-file-flash.rules) * 1:34496 <-> DISABLED <-> APP-DETECT Your-Freedom DNS tunneling query attempt (snort3-app-detect.rules) * 1:34497 <-> DISABLED <-> APP-DETECT Your-Freedom DNS tunneling query response attempt (snort3-app-detect.rules) * 1:34498 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys kernel-mode driver privilege escalation attempt (snort3-os-windows.rules) * 1:34499 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys kernel-mode driver privilege escalation attempt (snort3-os-windows.rules) * 1:34500 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Wekby Torn variant outbound connection (snort3-malware-backdoor.rules) * 1:34528 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader AVDoc use-after-free attempt (snort3-file-pdf.rules) * 1:34529 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader AVDoc use-after-free attempt (snort3-file-pdf.rules) * 1:34530 <-> DISABLED <-> FILE-OTHER Microsoft CAB incorrect version multiple antivirus evasion attempt (snort3-file-other.rules) * 1:34531 <-> DISABLED <-> FILE-OTHER Microsoft CAB incorrect version multiple antivirus evasion attempt (snort3-file-other.rules) * 1:34532 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader customDictionaryExport information disclosure attempt (snort3-file-pdf.rules) * 1:34533 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader customDictionaryExport information disclosure attempt (snort3-file-pdf.rules) * 1:34534 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PRC invalid index attempt (snort3-file-pdf.rules) * 1:34535 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PRC invalid index attempt (snort3-file-pdf.rules) * 1:34536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (snort3-file-flash.rules) * 1:34537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (snort3-file-flash.rules) * 1:34566 <-> DISABLED <-> FILE-OTHER Microsoft Windows Font Library file buffer overflow attempt (snort3-file-other.rules) * 1:34573 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (snort3-file-flash.rules) * 1:34574 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (snort3-file-flash.rules) * 1:34575 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (snort3-file-flash.rules) * 1:34576 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (snort3-file-flash.rules) * 1:34577 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (snort3-file-flash.rules) * 1:34578 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (snort3-file-flash.rules) * 1:34579 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (snort3-file-flash.rules) * 1:34580 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (snort3-file-flash.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (snort3-policy-other.rules) * 1:34585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (snort3-file-flash.rules) * 1:34586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (snort3-file-flash.rules) * 1:34587 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (snort3-file-flash.rules) * 1:34588 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (snort3-file-flash.rules) * 1:34595 <-> DISABLED <-> SERVER-OTHER OpenSSL handshake with potentially unseeded PRNG information disclosure attempt (snort3-server-other.rules) * 1:34629 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (snort3-file-identify.rules) * 1:34630 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (snort3-file-identify.rules) * 1:34631 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file download request (snort3-file-identify.rules) * 1:34649 <-> DISABLED <-> SERVER-OTHER OpenSSL zero-length ClientKeyExchange message denial of service attempt (snort3-server-other.rules) * 1:34709 <-> DISABLED <-> SERVER-OTHER MIT Kerberos MIT Kerberos 5 krb5_read_message denial of service attempt (snort3-server-other.rules) * 1:34710 <-> DISABLED <-> SERVER-OTHER PHP unserialize datetimezone object code execution attempt (snort3-server-other.rules) * 1:34714 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (snort3-os-windows.rules) * 1:34715 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (snort3-os-windows.rules) * 1:34761 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference privilege escalation attempt (snort3-os-windows.rules) * 1:34762 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference privilege escalation attempt (snort3-os-windows.rules) * 1:34769 <-> DISABLED <-> SERVER-IIS Microsoft Active Directory Federation Services wct parameter cross site scripting attempt (snort3-server-iis.rules) * 1:34770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows bitmap menu item use after free attempt (snort3-os-windows.rules) * 1:34771 <-> DISABLED <-> OS-WINDOWS Microsoft Windows bitmap menu item use after free attempt (snort3-os-windows.rules) * 1:34774 <-> DISABLED <-> OS-WINDOWS Microsoft Windows multiple linked fonts memory corruption attempt (snort3-os-windows.rules) * 1:34775 <-> DISABLED <-> OS-WINDOWS Microsoft Windows multiple linked fonts memory corruption attempt (snort3-os-windows.rules) * 1:34776 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserMessageCall information disclosure attempt (snort3-os-windows.rules) * 1:34777 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserMessageCall information disclosure attempt (snort3-os-windows.rules) * 1:34780 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context visible region memory corruption attempt (snort3-file-other.rules) * 1:34781 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context visible region memory corruption attempt (snort3-file-other.rules) * 1:34782 <-> DISABLED <-> OS-WINDOWS Microsoft Windows BrushAttributes use-after-free attempt (snort3-os-windows.rules) * 1:34783 <-> DISABLED <-> OS-WINDOWS Microsoft Windows BrushAttributes use-after-free attempt (snort3-os-windows.rules) * 1:34784 <-> DISABLED <-> OS-WINDOWS Microsoft Windows window placement invalid memory write attempt (snort3-os-windows.rules) * 1:34785 <-> DISABLED <-> OS-WINDOWS Microsoft Windows window placement invalid memory write attempt (snort3-os-windows.rules) * 1:34786 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context memory corruption attempt (snort3-file-other.rules) * 1:34787 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context memory corruption attempt (snort3-file-other.rules) * 1:34788 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 CreateWindowEx privilege escalation attempt (snort3-os-windows.rules) * 1:34789 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 CreateWindowEx privilege escalation attempt (snort3-os-windows.rules) * 1:34792 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (snort3-os-windows.rules) * 1:34793 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (snort3-os-windows.rules) * 1:34800 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (snort3-server-oracle.rules) * 1:34801 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (snort3-server-oracle.rules) * 1:34802 <-> DISABLED <-> OS-LINUX Linux kernel SCTP Unknown Chunk Types denial of service attempt (snort3-os-linux.rules) * 1:34811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player assumed trust URI reference to child file attempt (snort3-file-flash.rules) * 1:34812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (snort3-file-flash.rules) * 1:34813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (snort3-file-flash.rules) * 1:34814 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (snort3-file-flash.rules) * 1:34815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (snort3-file-flash.rules) * 1:34836 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (snort3-file-flash.rules) * 1:34837 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (snort3-file-flash.rules) * 1:34838 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (snort3-file-flash.rules) * 1:34839 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (snort3-file-flash.rules) * 1:34858 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (snort3-file-flash.rules) * 1:34859 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (snort3-file-flash.rules) * 1:34860 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (snort3-file-flash.rules) * 1:34861 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (snort3-file-flash.rules) * 1:34864 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (snort3-indicator-compromise.rules) * 1:34889 <-> DISABLED <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt (snort3-server-other.rules) * 1:34927 <-> DISABLED <-> PUA-ADWARE PullUpdate installer outbound connection (snort3-pua-adware.rules) * 1:34930 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy outbound traffic attempt (snort3-malware-other.rules) * 1:34933 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HSC DVD driver upgrade code execution attempt (snort3-os-windows.rules) * 1:34945 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.Dridex dropper message (snort3-malware-tools.rules) * 1:34946 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox automatic user click event attempt (snort3-browser-firefox.rules) * 1:34947 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox automatic user click event attempt (snort3-browser-firefox.rules) * 1:34951 <-> DISABLED <-> SERVER-OTHER PHP DateTimeZone object timezone unserialize type confusion attempt (snort3-server-other.rules) * 1:34952 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (snort3-server-other.rules) * 1:34953 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (snort3-server-other.rules) * 1:34954 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (snort3-server-other.rules) * 1:34955 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (snort3-server-other.rules) * 1:34956 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (snort3-server-other.rules) * 1:34964 <-> DISABLED <-> PUA-ADWARE Win.Adware.Sendori user-agent detection (snort3-pua-adware.rules) * 1:34969 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (snort3-exploit-kit.rules) * 1:34970 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (snort3-exploit-kit.rules) * 1:34973 <-> DISABLED <-> SERVER-OTHER Apache mod_include buffer overflow attempt (snort3-server-other.rules) * 1:34974 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio UML string object heap buffer overflow attempt (snort3-file-office.rules) * 1:34975 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio UML string object heap buffer overflow attempt (snort3-file-office.rules) * 1:34984 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (snort3-file-other.rules) * 1:34985 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (snort3-file-other.rules) * 1:34986 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (snort3-file-other.rules) * 1:34987 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (snort3-file-other.rules) * 1:35003 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Malumpos malware download attempt (snort3-malware-other.rules) * 1:35004 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Malumpos malware download attempt (snort3-malware-other.rules) * 1:35018 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (snort3-file-office.rules) * 1:35019 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (snort3-file-office.rules) * 1:35020 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (snort3-file-office.rules) * 1:35021 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (snort3-file-office.rules) * 1:35022 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime corrupt stbl atom out of bounds read attempt (snort3-file-multimedia.rules) * 1:35023 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime corrupt stbl atom out of bounds read attempt (snort3-file-multimedia.rules) * 1:35038 <-> DISABLED <-> SERVER-OTHER Trustwave ModSecurity chunked transfer encoding policy bypass attempt (snort3-server-other.rules) * 1:35042 <-> DISABLED <-> POLICY-OTHER Apple Cups cupsd.conf change attempt (snort3-policy-other.rules) * 1:35044 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari URI spoofing attempt (snort3-browser-webkit.rules) * 1:35045 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari URI spoofing attempt (snort3-browser-webkit.rules) * 1:35070 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (snort3-browser-firefox.rules) * 1:35071 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use after free attempt (snort3-browser-firefox.rules) * 1:35072 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (snort3-browser-firefox.rules) * 1:35073 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (snort3-browser-firefox.rules) * 1:35074 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use after free attempt (snort3-browser-firefox.rules) * 1:35075 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (snort3-browser-firefox.rules) * 1:35084 <-> DISABLED <-> EXPLOIT-KIT Null Hole exploit kit binary download request (snort3-exploit-kit.rules) * 1:35085 <-> DISABLED <-> EXPLOIT-KIT Null Hole exploit kit malicious swf request (snort3-exploit-kit.rules) * 1:35092 <-> DISABLED <-> SERVER-OTHER PHP core compressed file temp_len buffer overflow attempt (snort3-server-other.rules) * 1:35093 <-> DISABLED <-> SERVER-OTHER PHP core compressed file temp_len buffer overflow attempt (snort3-server-other.rules) * 1:35094 <-> DISABLED <-> FILE-OTHER Microsoft proxy autoconfig script system library import attempt (snort3-file-other.rules) * 1:35097 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (snort3-policy-other.rules) * 1:35098 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (snort3-policy-other.rules) * 1:35105 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (snort3-os-windows.rules) * 1:35106 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (snort3-os-windows.rules) * 1:35107 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (snort3-os-windows.rules) * 1:35108 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (snort3-os-windows.rules) * 1:35109 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit obfuscated Flash actionscript classname detected (snort3-exploit-kit.rules) * 1:35110 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit obfuscated Flash actionscript classname detected (snort3-exploit-kit.rules) * 1:35111 <-> DISABLED <-> SERVER-OTHER OpenSSL anomalous x509 certificate with default org name and certificate chain detected (snort3-server-other.rules) * 1:35112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference attempt (snort3-os-windows.rules) * 1:35113 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference attempt (snort3-os-windows.rules) * 1:35118 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos privilege escalation attempt (snort3-os-windows.rules) * 1:35129 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid table information disclosure attempt (snort3-file-office.rules) * 1:35130 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid table information disclosure attempt (snort3-file-office.rules) * 1:35131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserDisableProcessWindowFiltering information disclosure attempt (snort3-os-windows.rules) * 1:35132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserDisableProcessWindowFiltering information disclosure attempt (snort3-os-windows.rules) * 1:35135 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DeferWindowPos access after release code injection attempt (snort3-os-windows.rules) * 1:35136 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DeferWindowPos access after release code injection attempt (snort3-os-windows.rules) * 1:35143 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Viewer msostyle.dll dll-load exploit attempt (snort3-file-office.rules) * 1:35144 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Viewer request for msostyle.dll over SMB attempt (snort3-file-office.rules) * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (snort3-policy-other.rules) * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (snort3-policy-other.rules) * 1:35149 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop reference use after free attempt (snort3-os-windows.rules) * 1:35150 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop reference use after free attempt (snort3-os-windows.rules) * 1:35160 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (snort3-file-flash.rules) * 1:35161 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (snort3-file-flash.rules) * 1:35162 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (snort3-file-flash.rules) * 1:35163 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (snort3-file-flash.rules) * 1:35166 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object remote code execution attempt (snort3-file-office.rules) * 1:35167 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object remote code execution attempt (snort3-file-office.rules) * 1:35168 <-> DISABLED <-> FILE-OFFICE Microsoft Office rapi.dll dll-load exploit attempt (snort3-file-office.rules) * 1:35169 <-> DISABLED <-> FILE-OFFICE Microsoft Office request for rapi.dll over SMB attempt (snort3-file-office.rules) * 1:35174 <-> DISABLED <-> OS-WINDOWS DCOM DCE/RPC NTLM reflection elevation of privilege attempt (snort3-os-windows.rules) * 1:35175 <-> DISABLED <-> OS-WINDOWS DCOM DCE/RPC NTLM reflection elevation of privilege attempt (snort3-os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:49940 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules) * 1:49943 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:49941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant outbound connection attempt (malware-cnc.rules) * 1:49942 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 3:49939 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed RecolorInfoAtom out of bounds read attempt (file-office.rules)
* 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:47378 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (file-pdf.rules) * 1:48988 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Inputs ASCII request (protocol-scada.rules) * 1:39264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (file-flash.rules) * 1:41524 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy server method negotiation on non-standard port (indicator-compromise.rules) * 1:45499 <-> DISABLED <-> SERVER-OTHER ISC DHCPD remote denial of service attempt (server-other.rules) * 1:42284 <-> DISABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server DOS attempt (protocol-scada.rules) * 1:43798 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (file-other.rules) * 1:37338 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:40211 <-> DISABLED <-> PUA-ADWARE Win.Adware.EoRezo outbound connection (pua-adware.rules) * 1:47943 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules) * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:44680 <-> DISABLED <-> SERVER-OTHER Beetel Connection Manager username buffer overflow attempt (server-other.rules) * 1:40913 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Flokibot variant download attempt (malware-other.rules) * 1:41445 <-> DISABLED <-> SERVER-OTHER QNAP remote buffer overflow attempt (server-other.rules) * 1:39668 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:38692 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:44785 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (file-identify.rules) * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules) * 1:39059 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:47331 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:43975 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Hermit variant malicious dropper download attempt (malware-other.rules) * 1:37058 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:49008 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Operands binary request (protocol-scada.rules) * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:44914 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PrintParams out of bounds array index attempt (file-pdf.rules) * 1:41048 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STARTDT CON (protocol-scada.rules) * 1:35858 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:36016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows use after free kernel privilege escalation attempt (os-windows.rules) * 1:43122 <-> DISABLED <-> PROTOCOL-SCADA Advantech WebAccess webvrpcs denial of service attempt (protocol-scada.rules) * 1:38660 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:43128 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration overwrite attempt (policy-other.rules) * 1:39416 <-> DISABLED <-> PUA-OTHER RMS rmansys remote management tool cnc communication (pua-other.rules) * 1:44720 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (server-other.rules) * 1:41059 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Last section (protocol-scada.rules) * 1:38445 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:48330 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:47043 <-> DISABLED <-> INDICATOR-COMPROMISE Atvise SCADA user enumeration attempt (indicator-compromise.rules) * 1:39755 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Retefe variant malicious certificate installation page (malware-other.rules) * 1:37288 <-> DISABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules) * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:40891 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file download request (file-identify.rules) * 1:47351 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:45934 <-> DISABLED <-> FILE-EXECUTABLE Binutils objdump integer overflow attempt (file-executable.rules) * 1:47024 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (indicator-compromise.rules) * 1:44906 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javscript use after free attempt (file-pdf.rules) * 1:46418 <-> DISABLED <-> SERVER-OTHER X.509 IPAddressFamily extension buffer overread attempt (server-other.rules) * 1:38569 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (file-other.rules) * 1:42308 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF out of bounds memory access attempt (file-pdf.rules) * 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:46122 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:48916 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:45429 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ResponsePDU (protocol-scada.rules) * 1:42272 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:38867 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_chunk_parse_get_avatar out of bounds read attempt (server-other.rules) * 1:45307 <-> DISABLED <-> SERVER-APACHE Apache SSI error page cross-site scripting attempt (server-apache.rules) * 1:42919 <-> DISABLED <-> FILE-IDENTIFY ISO file attachment with executable detected (file-identify.rules) * 1:48401 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds read attempt (file-flash.rules) * 1:35561 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules) * 1:36825 <-> DISABLED <-> PUA-ADWARE DealPly Adware variant outbound connection (pua-adware.rules) * 1:40190 <-> DISABLED <-> POLICY-OTHER SSH weak blowfish cipher suite use attempt (policy-other.rules) * 1:40174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:48912 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:46712 <-> DISABLED <-> FILE-OTHER Adobe Professional BMP embedded image heap overflow attempt (file-other.rules) * 1:43844 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:38655 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:36420 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:45165 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 2 dump request attempt (policy-other.rules) * 1:35335 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:39901 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (pua-adware.rules) * 1:36241 <-> ENABLED <-> MALWARE-OTHER self-signed SSL certificate transfer for EXEPROXY attempt (malware-other.rules) * 1:35629 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime tkhd atom matrix integer overflow attempt (file-multimedia.rules) * 1:41946 <-> DISABLED <-> FILE-IMAGE Microsoft GDI+ malformed EMF description out of bounds read attempt (file-image.rules) * 1:43753 <-> DISABLED <-> SERVER-OTHER Sami FTP RETR denial of service attempt (server-other.rules) * 1:44947 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:45425 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ErrorPDU (protocol-scada.rules) * 1:36338 <-> ENABLED <-> MALWARE-OTHER Apple iTunes Connect HTTP response phishing attempt (malware-other.rules) * 1:39922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:35461 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallWrapper error handling code execution attempt (browser-firefox.rules) * 1:42825 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (malware-other.rules) * 1:38707 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:44418 <-> DISABLED <-> SERVER-OTHER Tipping Point IPS reverse DNS lookup format string exploit attempt (server-other.rules) * 1:43763 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree node removal memory corruption attempt (browser-firefox.rules) * 1:45350 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules) * 1:38767 <-> DISABLED <-> INDICATOR-COMPROMISE potential abuse of originating page privileges by new tab (indicator-compromise.rules) * 1:47908 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules) * 1:47314 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (file-image.rules) * 1:39929 <-> ENABLED <-> MALWARE-OTHER pisloader DNS sinfo command response attempt (malware-other.rules) * 1:36012 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel SettingsSyncDiagnostics privilege escalation attempt (os-windows.rules) * 1:43219 <-> DISABLED <-> PUA-ADWARE Win.Adware.Hotbar variant outbound connection (pua-adware.rules) * 1:39993 <-> DISABLED <-> SERVER-OTHER Netcore router backdoor access attempt (server-other.rules) * 1:36025 <-> DISABLED <-> SERVER-OTHER Digium Asterisk TLS Certificate Common Name null byte validation bypass attempt (server-other.rules) * 1:42270 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:38361 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (malware-other.rules) * 1:44395 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab variant outbound connection detected (pua-adware.rules) * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules) * 1:45174 <-> DISABLED <-> BROWSER-FIREFOX Mozilla download directory file deletion attempt (browser-firefox.rules) * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:44808 <-> DISABLED <-> INDICATOR-COMPROMISE Apache HTTP Server possible mod_dav.c remote denial of service vulnerability attempt (indicator-compromise.rules) * 1:42264 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:40492 <-> DISABLED <-> PUA-ADWARE Win.Adware.DownloadManager outbound connection (pua-adware.rules) * 1:46916 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:41537 <-> DISABLED <-> SERVER-OTHER Siemens WinCC TIA Portal DOS attempt (server-other.rules) * 1:42995 <-> DISABLED <-> PROTOCOL-SCADA Weintek EB Pro denial of service attempt (protocol-scada.rules) * 1:46326 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed PageManagementService persistent XSS attempt (server-apache.rules) * 1:43389 <-> DISABLED <-> INDICATOR-COMPROMISE Symantec Endpoint Protection potential binary planting RCE attempt (indicator-compromise.rules) * 1:39449 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server sp_addsrvrolemember privilege escalation attempt (server-mssql.rules) * 1:40839 <-> DISABLED <-> PUA-ADWARE Sokuxuan outbound connection attempt (pua-adware.rules) * 1:49022 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Bits ASCII reply (protocol-scada.rules) * 1:43543 <-> DISABLED <-> FILE-OTHER multiple vulnerabilities malformed .m3u file buffer overflow attempt (file-other.rules) * 1:38450 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:48925 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:45587 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:42935 <-> DISABLED <-> FILE-OTHER Everest Software PeakHMI malicious .bsu file buffer overflow attempt (file-other.rules) * 1:46767 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:44980 <-> DISABLED <-> FILE-PDF Foxit Reader util printf information disclosure attempt (file-pdf.rules) * 1:35289 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (file-flash.rules) * 1:45583 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP SIP servers discovery attempt (protocol-voip.rules) * 1:46115 <-> DISABLED <-> SERVER-APACHE FrontPage privilege escalation attempt (server-apache.rules) * 1:45630 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS privilege escalation attempt (file-other.rules) * 1:43772 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:45588 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:36611 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (indicator-compromise.rules) * 1:46398 <-> DISABLED <-> BROWSER-OTHER Mozilla Firefox table object integer underflow (browser-other.rules) * 1:43761 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox wyciwgy domain forgery attempt (browser-firefox.rules) * 1:46495 <-> DISABLED <-> SERVER-OTHER HTTP request smuggling attempt (server-other.rules) * 1:45247 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox DOM event handler privilege escalation attempt (browser-firefox.rules) * 1:41647 <-> DISABLED <-> POLICY-OTHER Piwik Analytics Platform PHP plugin installation detected (policy-other.rules) * 1:41064 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Query Log (protocol-scada.rules) * 1:36375 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework Endpoint default HTTP password authentication attempt (server-other.rules) * 1:39926 <-> ENABLED <-> MALWARE-OTHER pisloader DNS drive command response attempt (malware-other.rules) * 1:48029 <-> DISABLED <-> SERVER-MAIL PHPMailer information disclosure attempt (server-mail.rules) * 1:48327 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48919 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:43915 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode type confusion exploitation attempt (file-pdf.rules) * 1:39463 <-> DISABLED <-> FILE-EXECUTABLE McAfee LiveSafe malformed executable denial of service attempt (file-executable.rules) * 1:41649 <-> DISABLED <-> POLICY-OTHER Wordpress Press-This page access detected (policy-other.rules) * 1:43603 <-> DISABLED <-> FILE-OTHER Schneider Electric ClearSCADA malicious OPF file (file-other.rules) * 1:40387 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules) * 1:44942 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader FDF file security bypass attempt (file-other.rules) * 1:43370 <-> DISABLED <-> NETBIOS DCERPC possible wmi remote process launch (netbios.rules) * 1:37306 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:43669 <-> DISABLED <-> FILE-OTHER Node.js JS-YAML js function tag code execution attempt (file-other.rules) * 1:39595 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:42305 <-> DISABLED <-> FILE-OTHER fwpuclnt dll-load exploit attempt (file-other.rules) * 1:44201 <-> DISABLED <-> SERVER-OTHER Verso NetPerformer frame relay access device telnet buffer overflow attempt (server-other.rules) * 1:42918 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:37062 <-> DISABLED <-> APP-DETECT 12P DNS request attempt (app-detect.rules) * 1:40326 <-> DISABLED <-> SERVER-OTHER JBoss directory traversal attempt (server-other.rules) * 1:35307 <-> DISABLED <-> SERVER-OTHER OpenSSL alternative chains certificate forgery attempt (server-other.rules) * 1:48923 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:35286 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (file-flash.rules) * 1:36767 <-> DISABLED <-> FILE-OTHER Microsoft Outlook for Mac EML file http-equiv refresh url attempt (file-other.rules) * 1:44958 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed XObject use after free attempt (file-pdf.rules) * 1:47343 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:48352 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:39807 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Lethic outbound connection detected (malware-other.rules) * 1:47379 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (file-pdf.rules) * 1:43769 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:47252 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:37500 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Basefont string overflow attempt (file-pdf.rules) * 1:44324 <-> DISABLED <-> POLICY-OTHER vsFTPd denial of service attempt (policy-other.rules) * 1:47115 <-> DISABLED <-> SERVER-MAIL Zerofont phishing attempt (server-mail.rules) * 1:37892 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS tunneling attempt (indicator-obfuscation.rules) * 1:44941 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader FDF file security bypass attempt (file-other.rules) * 1:38375 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:48334 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:47330 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:43145 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:46960 <-> DISABLED <-> FILE-OTHER Adobe Flash Player AMF0 Shared Object integer overflow attempt (file-other.rules) * 1:44971 <-> DISABLED <-> SERVER-OTHER QNAP transcode server command injection attempt (server-other.rules) * 1:37325 <-> DISABLED <-> BROWSER-CHROME Google Chrome same origin policy bypass attempt (browser-chrome.rules) * 1:48924 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:36252 <-> DISABLED <-> SERVER-OTHER ntpd remote configuration denial of service attempt (server-other.rules) * 1:38690 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:41526 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:49028 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Integers ASCII reply (protocol-scada.rules) * 1:41058 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Interrogation command (protocol-scada.rules) * 1:40313 <-> DISABLED <-> SQL PostgreSQL potential remote code execution attempt (sql.rules) * 1:35904 <-> DISABLED <-> SERVER-OTHER SCADA InduSoft Web Studio buffer overflow attempt (server-other.rules) * 1:49009 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set UnitID ASCII reply (protocol-scada.rules) * 1:46670 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:42258 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:42015 <-> DISABLED <-> SERVER-OTHER Randombit Botan Library X509 DistinguishedName out of bounds read attempt (server-other.rules) * 1:41304 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:36546 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (server-other.rules) * 1:37498 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter encrypted stream code execution attempt (file-pdf.rules) * 1:48224 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox sandbox escape attempt (browser-firefox.rules) * 1:40593 <-> DISABLED <-> PUA-ADWARE Win.Adware.CoolMirage outbound ad download attempt (pua-adware.rules) * 1:44115 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:39756 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Retefe variant malicious certificate installation page (malware-other.rules) * 1:35553 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (server-mail.rules) * 1:38898 <-> DISABLED <-> FILE-OTHER Adobe Illustrator CS4 aires.dll dll-load exploit attempt (file-other.rules) * 1:35979 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file download request (file-identify.rules) * 1:40538 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:44576 <-> DISABLED <-> SERVER-OTHER Samsung Security Manager ActiveMQ arbitrary file upload attempt (server-other.rules) * 1:47626 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (file-other.rules) * 1:39586 <-> DISABLED <-> PUA-ADWARE Win.Adware.Antivirus Container.exe referral link attempt (pua-adware.rules) * 1:35256 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:35250 <-> ENABLED <-> FILE-IDENTIFY GNI file magic detected (file-identify.rules) * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:39110 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office HCell HncChart out of bounds write attempt (file-office.rules) * 1:41924 <-> DISABLED <-> FILE-OTHER Notepad++ request for scilexer.dll over SMB attempt (file-other.rules) * 1:43956 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine integer overflow attempt (browser-chrome.rules) * 1:36281 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:40377 <-> DISABLED <-> OS-WINDOWS Microsoft GDI local privilege escalation attempt (os-windows.rules) * 1:35631 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules) * 1:41075 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 counter interrogation command (protocol-scada.rules) * 1:41463 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (file-executable.rules) * 1:36562 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:36803 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt (server-other.rules) * 1:41118 <-> DISABLED <-> SERVER-OTHER OpenSSL ChaCha20 Poly1305 heap-buffer overflow attempt (server-other.rules) * 1:43368 <-> DISABLED <-> FILE-OTHER Compface xbm long declaration buffer overflow attempt (file-other.rules) * 1:40517 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Network Policy Change attempt (protocol-scada.rules) * 1:41417 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader image cache use after free attempt (file-pdf.rules) * 1:48114 <-> DISABLED <-> SERVER-OTHER Delta Industrial Automation Robot DRAStudio Arbitrary File Disclosure attempt (server-other.rules) * 1:48911 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:47639 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling (indicator-obfuscation.rules) * 1:43880 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF polygon heap buffer overflow attempt (file-other.rules) * 1:37867 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf arbitrary pointer access attempt (file-pdf.rules) * 1:43873 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (file-image.rules) * 1:43988 <-> DISABLED <-> SERVER-OTHER Konqueror KDE ftp iframe denial of service attempt (server-other.rules) * 1:47344 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules) * 1:45157 <-> DISABLED <-> SERVER-OTHER SSDP M-SEARCH ssdp-all potential amplified distributed denial-of-service attempt (server-other.rules) * 1:42940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules) * 1:41738 <-> DISABLED <-> PROTOCOL-SCADA Sunway DOS attempt (protocol-scada.rules) * 1:47685 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules) * 1:44104 <-> DISABLED <-> FILE-PDF Multiple products PDF JavaScript saveAs arbitrary file write attempt (file-pdf.rules) * 1:42307 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF out of bounds memory access attempt (file-pdf.rules) * 1:41440 <-> DISABLED <-> MALWARE-OTHER Dos.Tool.LOIC TCP default U dun goofed attack (malware-other.rules) * 1:43130 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:44172 <-> DISABLED <-> INDICATOR-OBFUSCATION suspicious dynamic http link creation attempt (indicator-obfuscation.rules) * 1:43611 <-> DISABLED <-> SERVER-OTHER Piwigo LocalFiles editor cross-site request forgery attempt (server-other.rules) * 1:43141 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large data allocation denial of service attempt (protocol-scada.rules) * 1:39746 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Apocalypse download attempt (malware-other.rules) * 1:39035 <-> DISABLED <-> FILE-OTHER libarchive mtree parse_device stack buffer overflow attempt (file-other.rules) * 1:46904 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows SYSTEM token stealing attempt (indicator-compromise.rules) * 1:37319 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word request for rpawinet.dll over SMB attempt (file-office.rules) * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (policy-other.rules) * 1:38664 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:43125 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Password read or write attempt (indicator-compromise.rules) * 1:42353 <-> DISABLED <-> FILE-PDF Poppler readProgressiveSOF out of bounds write attempt (file-pdf.rules) * 1:45784 <-> DISABLED <-> FILE-PDF Adobe Reader annotation object out of bounds read attempt (file-pdf.rules) * 1:36457 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:44382 <-> DISABLED <-> SERVER-OTHER D-Link router remote reboot attempt (server-other.rules) * 1:38708 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:35543 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:43705 <-> DISABLED <-> SERVER-OTHER HPE LoadRunner buffer overflow exploitation attempt (server-other.rules) * 1:43596 <-> DISABLED <-> SERVER-OTHER Oracle Demantra information disclosure attempt (server-other.rules) * 1:46613 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46668 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:44665 <-> DISABLED <-> SERVER-OTHER Easy Chat Server buffer overflow attempt (server-other.rules) * 1:44649 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB2 transfer attempt (malware-other.rules) * 1:35630 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules) * 1:35806 <-> DISABLED <-> FILE-EXECUTABLE Adobe Reader NtSetInformationFile privilege escalation attempt (file-executable.rules) * 1:43751 <-> DISABLED <-> FILE-OTHER Sorensoft Media Player asz file buffer overflow attempt (file-other.rules) * 1:37154 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid RSASSA-PSS certificate denial of service attempt (server-other.rules) * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (server-other.rules) * 1:45491 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word PlfLfo use after free attempt (file-office.rules) * 1:42873 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:36972 <-> DISABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules) * 1:44416 <-> DISABLED <-> INDICATOR-COMPROMISE png file attachment without matching file magic (indicator-compromise.rules) * 1:35916 <-> DISABLED <-> SERVER-OTHER Websense Triton Web Security untrusted remote file creation attempt (server-other.rules) * 1:38892 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:46715 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader use after free attempt (file-pdf.rules) * 1:35414 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules) * 1:43547 <-> DISABLED <-> SERVER-APACHE httpd mod_mime content-type buffer overflow attempt (server-apache.rules) * 1:47274 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:38851 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file download request (file-identify.rules) * 1:43002 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:43643 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox design mode deleted style memory corruption attempt (browser-firefox.rules) * 1:45428 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-RequestPDU (protocol-scada.rules) * 1:44078 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod file download (malware-other.rules) * 1:43752 <-> DISABLED <-> SERVER-OTHER Sun Solaris dhcpd malformed bootp denial of service attempt (server-other.rules) * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:39776 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules) * 1:38893 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:41641 <-> DISABLED <-> FILE-EXECUTABLE QuickHeal Internet Security malformed Mach-O file buffer overflow attempt (file-executable.rules) * 1:44648 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB transfer attempt (malware-other.rules) * 1:44204 <-> DISABLED <-> FILE-OTHER VideoLAN VLC Media Player Ogg/Vorbis denial of service attempt (file-other.rules) * 1:42875 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35785 <-> DISABLED <-> FILE-PDF Adobe Reader AcroForm null pointer dereference attempt (file-pdf.rules) * 1:47883 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (file-other.rules) * 1:41074 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 clock sync command (protocol-scada.rules) * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (policy-other.rules) * 1:38694 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:48335 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:43582 <-> DISABLED <-> FILE-OTHER multiple vulnerabilities malformed .wav file buffer overflow attempt (file-other.rules) * 1:43601 <-> DISABLED <-> FILE-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (file-other.rules) * 1:37441 <-> ENABLED <-> FILE-OTHER Adobe Flash Player javascript parsing cross site scripting attempt (file-other.rules) * 1:42265 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:37329 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:46484 <-> DISABLED <-> SERVER-MAIL Multiple IMAP servers DELETE command buffer overflow attempt (server-mail.rules) * 1:47422 <-> DISABLED <-> FILE-OTHER SAP GUI ABAP code arbitrary dll-load attempt (file-other.rules) * 1:35829 <-> DISABLED <-> FILE-OTHER OpenOffice Starview metafile arbitrary read write attempt (file-other.rules) * 1:39709 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:48168 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:38545 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_update_contact out of bounds read attempt (server-other.rules) * 1:43600 <-> DISABLED <-> FILE-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (file-other.rules) * 1:38594 <-> DISABLED <-> APP-DETECT Bloomberg web crawler outbound connection (app-detect.rules) * 1:35769 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Cobrike inbound connection (malware-backdoor.rules) * 1:47319 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds write attempt (file-pdf.rules) * 1:46412 <-> DISABLED <-> PUA-OTHER Javascript obfuscated by obfuscator.io download attempt (pua-other.rules) * 1:43845 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:49007 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Integers ASCII request (protocol-scada.rules) * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (policy-other.rules) * 1:38687 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:37421 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT download (malware-backdoor.rules) * 1:41051 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 TESTFR ACT (protocol-scada.rules) * 1:44904 <-> DISABLED <-> FILE-PDF Adobe Acrobat untrusted pointer dereference attempt (file-pdf.rules) * 1:36455 <-> DISABLED <-> SERVER-OTHER Schneider Electric InduSoft Web Studio Remote Agent remote code execution attempt (server-other.rules) * 1:43388 <-> DISABLED <-> OS-OTHER Apple OSX CFNetwork HTTP response denial of service attempt (os-other.rules) * 1:40354 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Runtime malformed ASF codec memory corruption attempt (os-windows.rules) * 1:37365 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST client identifier overflow attempt (os-windows.rules) * 1:45671 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:35552 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (server-mail.rules) * 1:48295 <-> DISABLED <-> FILE-OTHER out-of-bounds write attempt with malicious MAR file detected (file-other.rules) * 1:41534 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy server method negotiation on non-standard port (indicator-compromise.rules) * 1:40526 <-> DISABLED <-> FILE-IMAGE LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt (file-image.rules) * 1:45776 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:40087 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineThrough property use (indicator-compromise.rules) * 1:39046 <-> DISABLED <-> FILE-OTHER libarchive RAR RestartModel out of bounds write attempt (file-other.rules) * 1:47154 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:44936 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:44715 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate Collector process remote start attempt (server-other.rules) * 1:48127 <-> DISABLED <-> SERVER-OTHER Reliance SCADA Control Server Denial of Service attempt (server-other.rules) * 1:42871 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:46289 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell transfer attempt (malware-backdoor.rules) * 1:39444 <-> DISABLED <-> INDICATOR-COMPROMISE Netgear D6000 or D3600 password recovery page access attempt (indicator-compromise.rules) * 1:36240 <-> ENABLED <-> FILE-JAVA Oracle Java System.arraycopy race condition attempt (file-java.rules) * 1:46976 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (browser-chrome.rules) * 1:42268 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:47333 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (file-other.rules) * 1:43700 <-> DISABLED <-> SERVER-OTHER Monkey HTTPD null request denial of service attempt (server-other.rules) * 1:44838 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF memory corruption attempt (file-office.rules) * 1:41563 <-> DISABLED <-> FILE-OFFICE Microsoft Office request for imjp12k.dll over SMB attempt (file-office.rules) * 1:35805 <-> DISABLED <-> FILE-EXECUTABLE Adobe Reader NtSetInformationFile privilege escalation attempt (file-executable.rules) * 1:38933 <-> DISABLED <-> INDICATOR-COMPROMISE IRC nick change on non-standard port (indicator-compromise.rules) * 1:43610 <-> DISABLED <-> SERVER-OTHER Piwigo LocalFiles editor cross-site request forgery attempt (server-other.rules) * 1:48584 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript resolveNode use-after-free attempt (file-pdf.rules) * 1:39263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (file-flash.rules) * 1:40980 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:37301 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:45777 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:41070 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Single point information (protocol-scada.rules) * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:43815 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (os-windows.rules) * 1:37621 <-> DISABLED <-> PUA-ADWARE Genieo Adware framework User-Agent (pua-adware.rules) * 1:35547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:45550 <-> ENABLED <-> PUA-OTHER CPUMiner-Multi cryptocurrency mining pool connection attempt (pua-other.rules) * 1:43116 <-> DISABLED <-> SERVER-OTHER Moore Industries NCS denial of service attempt (server-other.rules) * 1:48994 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Integers ASCII request (protocol-scada.rules) * 1:42260 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:44124 <-> DISABLED <-> FILE-OTHER EMF EMR_EXTTEXTOUTW record memory corruption attempt (file-other.rules) * 1:39768 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Alfa download attempt (malware-other.rules) * 1:47383 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (file-image.rules) * 1:42055 <-> DISABLED <-> PROTOCOL-SCADA Moxa password retrieval attempt (protocol-scada.rules) * 1:36499 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:37318 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rpawinet.dll dll-load exploit attempt (file-office.rules) * 1:42269 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:48400 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds read attempt (file-flash.rules) * 1:44468 <-> DISABLED <-> SERVER-OTHER SAP Netweaver Dynpro Engine denial of service attempt (server-other.rules) * 1:41688 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_http2 denial of service attempt (server-apache.rules) * 1:40597 <-> DISABLED <-> INDICATOR-COMPROMISE shell script download with wget from external source (indicator-compromise.rules) * 1:44574 <-> DISABLED <-> SERVER-OTHER Ipass Client control pipe remote code execution attempt (server-other.rules) * 1:38172 <-> DISABLED <-> FILE-OTHER Adobe Acrobat updaternotifications.dll dll-load exploit attempt (file-other.rules) * 1:42054 <-> DISABLED <-> PROTOCOL-SCADA Moxa get SNMP read string attempt (protocol-scada.rules) * 1:36477 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:49016 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set RTC ASCII reply (protocol-scada.rules) * 1:41529 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:35763 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules) * 1:42256 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB anonymous user session setup request detected (os-windows.rules) * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:38499 <-> DISABLED <-> MALWARE-OTHER samsam sqlsrvtmg1.exe file load attempt (malware-other.rules) * 1:45433 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ErrorPDU (protocol-scada.rules) * 1:40092 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineThrough property use (indicator-compromise.rules) * 1:47369 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (file-other.rules) * 1:44795 <-> DISABLED <-> FILE-OFFICE Hewlett-Packard Autonomy KeyView library stack-based buffer overflow attempt (file-office.rules) * 1:39744 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:37416 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT download (malware-backdoor.rules) * 1:49025 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Integers ASCII reply (protocol-scada.rules) * 1:45983 <-> DISABLED <-> POLICY-OTHER Sandvine PacketLogic http redirection attempt (policy-other.rules) * 1:39672 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:47188 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules) * 1:45534 <-> DISABLED <-> FILE-OTHER Ghostscript rsdparams type confusion attempt (file-other.rules) * 1:47362 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:45427 <-> DISABLED <-> PROTOCOL-SCADA MMS RejectPDU (protocol-scada.rules) * 1:39045 <-> DISABLED <-> FILE-OTHER libarchive RAR RestartModel out of bounds write attempt (file-other.rules) * 1:47961 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules) * 1:44783 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (file-identify.rules) * 1:36445 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 10 low integrity level NTFS mount reparse point bypass attempt (os-windows.rules) * 1:42133 <-> DISABLED <-> SERVER-APACHE Apache mod_session_crypto padding oracle brute force attempt (server-apache.rules) * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (app-detect.rules) * 1:43987 <-> DISABLED <-> SERVER-OTHER Konqueror KDE ftp iframe denial of service attempt (server-other.rules) * 1:48296 <-> DISABLED <-> FILE-OTHER out-of-bounds write attempt with malicious MAR file detected (file-other.rules) * 1:41794 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:47279 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:43300 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:46336 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed User Manager service unauthorized API access attempt (server-apache.rules) * 1:36280 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:40197 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:43955 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine integer overflow attempt (browser-chrome.rules) * 1:36912 <-> DISABLED <-> SERVER-OTHER Novell eDirectory dhost buffer overflow attempt (server-other.rules) * 1:39923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:43075 <-> DISABLED <-> INDICATOR-COMPROMISE SysAid mssql potentially malicious user permissions creation (indicator-compromise.rules) * 1:41747 <-> DISABLED <-> PROTOCOL-SCADA Moxa SoftCMS webserver DOS attempt (protocol-scada.rules) * 1:39773 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:39984 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules) * 1:37302 <-> DISABLED <-> APP-DETECT Hola VPN X-Hola-Version header nonstandard port attempt (app-detect.rules) * 1:48144 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules) * 1:42289 <-> DISABLED <-> INDICATOR-SCAN PHP info leak attempt (indicator-scan.rules) * 1:41052 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 TESTFR CON (protocol-scada.rules) * 1:48909 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:38294 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:46074 <-> DISABLED <-> FILE-OTHER Microsoft Windows Remote Assistance external entity remote file download attempt (file-other.rules) * 1:44323 <-> DISABLED <-> FILE-OTHER RAR file malformed header antivirus evasion attempt (file-other.rules) * 1:48349 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:38372 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:39976 <-> DISABLED <-> SERVER-OTHER BGP bad marker strings (server-other.rules) * 1:41028 <-> DISABLED <-> OS-LINUX Linux net af_packet.c tpacket version race condition use after free attempt (os-linux.rules) * 1:36247 <-> DISABLED <-> SERVER-OTHER IRC w3wt0rk pitbull perl bot remote command execution attempt (server-other.rules) * 1:45581 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules) * 1:49001 <-> DISABLED <-> PROTOCOL-SCADA PCOM Start Device ASCII request (protocol-scada.rules) * 1:38688 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules) * 1:38136 <-> DISABLED <-> SERVER-MAIL excessive email recipients - potential spam attempt (server-mail.rules) * 1:44717 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate Collector process remote start attempt (server-other.rules) * 1:40845 <-> DISABLED <-> SERVER-OTHER OpenSSL Invalid CMS structure null pointer dereference attempt (server-other.rules) * 1:37546 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules) * 1:43621 <-> DISABLED <-> SERVER-OTHER Real Networks Helix Server RTSP denial of service attempt (server-other.rules) * 1:37918 <-> ENABLED <-> EXPLOIT-KIT Magnitude exploit kit Internet Explorer exploit attempt (exploit-kit.rules) * 1:44757 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (file-other.rules) * 1:42459 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Reader PDF embedded null JPEG image (indicator-compromise.rules) * 1:46903 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows SYSTEM token stealing attempt (indicator-compromise.rules) * 1:38717 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:42418 <-> DISABLED <-> FILE-EXECUTABLE Win.Trojan.DoubleAgent download attempt (file-executable.rules) * 1:49023 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Integers ASCII reply (protocol-scada.rules) * 1:43126 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Username read or write attempt (indicator-compromise.rules) * 1:44743 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:43797 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (file-other.rules) * 1:44441 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules) * 1:44202 <-> DISABLED <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt (server-other.rules) * 1:46978 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (browser-chrome.rules) * 1:39472 <-> DISABLED <-> SERVER-OTHER Jenkins server auto-discovery attempt (server-other.rules) * 1:44158 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media Player malformed au denial of service attempt (file-other.rules) * 1:47612 <-> DISABLED <-> FILE-OTHER Easy MPEG to DVD Burner buffer overflow attempt (file-other.rules) * 1:39669 <-> DISABLED <-> FILE-PDF Adobe Reader submitForm SOP bypass attempt (file-pdf.rules) * 1:39675 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:41659 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.MagicHound dropper document file detected (malware-other.rules) * 1:43683 <-> DISABLED <-> FILE-OTHER Xion Media Player AIFF denial of service attempt (file-other.rules) * 1:46614 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:43891 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules) * 1:38344 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT is operation null pointer dereference attempt (server-other.rules) * 1:40301 <-> DISABLED <-> SERVER-OTHER Redis CONFIG SET array index out of bounds attempt (server-other.rules) * 1:37305 <-> DISABLED <-> APP-DETECT Hola VPN tunnel keep alive (app-detect.rules) * 1:43642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox multiple vulnerabilities memory corruption attempt (browser-firefox.rules) * 1:45745 <-> DISABLED <-> SERVER-OTHER CloudMe Sync Client stack buffer overflow attempt (server-other.rules) * 1:36309 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (file-image.rules) * 1:38695 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:43672 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products obfuscated cross site scripting attempt (browser-firefox.rules) * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco WebEx explicit use of web plugin (policy-other.rules) * 1:38693 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:36446 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 10 low integrity level NTFS mount reparse point bypass attempt (os-windows.rules) * 1:40201 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:37545 <-> DISABLED <-> POLICY-OTHER Netcore/Netis firmware hard-coded backdoor account access attempt (policy-other.rules) * 1:41795 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:45590 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:38291 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules) * 1:47611 <-> DISABLED <-> FILE-OTHER Easy MPEG to DVD Burner buffer overflow attempt (file-other.rules) * 1:42870 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:47625 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (file-other.rules) * 1:38270 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt (server-other.rules) * 1:44931 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file embedded JPEG invalid SOS data memory corruption attempt (file-other.rules) * 1:36435 <-> DISABLED <-> SERVER-OTHER Xerox Administrator Console password extraction attempt (server-other.rules) * 1:42847 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF heap overflow attempt (file-image.rules) * 1:44051 <-> DISABLED <-> BROWSER-OTHER Apple Safari document.write buffer overflow attempt (browser-other.rules) * 1:48910 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:45871 <-> DISABLED <-> PROTOCOL-SCADA IntegraXor 6x denial of service attempt (protocol-scada.rules) * 1:36306 <-> DISABLED <-> FILE-PDF Foxit Reader PNG to PDF conversion heap buffer overflow attempt (file-pdf.rules) * 1:38651 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:37501 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt (file-pdf.rules) * 1:39766 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Ogimant outbound connection detected (malware-other.rules) * 1:41533 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:45233 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon Quantum modbus stop command attempt (protocol-scada.rules) * 1:40610 <-> DISABLED <-> INDICATOR-COMPROMISE DNS response points to sinkholed domain (indicator-compromise.rules) * 1:40192 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:39708 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules) * 1:41915 <-> DISABLED <-> POLICY-OTHER Carel PlantVisorPRO insecure SQL query transmission (policy-other.rules) * 1:36253 <-> DISABLED <-> SERVER-OTHER ntpd saveconfig directory traversal attempt (server-other.rules) * 1:45028 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules) * 1:49026 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Bits ASCII reply (protocol-scada.rules) * 1:45043 <-> DISABLED <-> BROWSER-OTHER Adobe Acrobat Pro WebCapture information disclosure attempt (browser-other.rules) * 1:42396 <-> DISABLED <-> EXPLOIT-KIT Blacole inbound malformed pdf download attempt (exploit-kit.rules) * 1:35757 <-> DISABLED <-> FILE-PDF Adobe Reader exclGroup element null pointer dereference attempt (file-pdf.rules) * 1:40529 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (pua-adware.rules) * 1:43827 <-> DISABLED <-> BROWSER-OTHER Opera animation element denial of service attempt (browser-other.rules) * 1:43806 <-> DISABLED <-> MALWARE-BACKDOOR HVL Rat inbound command (malware-backdoor.rules) * 1:43385 <-> DISABLED <-> INDICATOR-COMPROMISE Wing FTP Server potentially malicious admin user creation attempt (indicator-compromise.rules) * 1:37651 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.Downloader outbound connection attempt (malware-tools.rules) * 1:43770 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:45153 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft MsMpEng shrink compressed zip code execution attempt (indicator-compromise.rules) * 1:37648 <-> DISABLED <-> SQL Oracle e-Business Suite JTF_BISUTILITY_PUB SQL injection attempt (sql.rules) * 1:41990 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Com Session Moniker pivilege escalation attempt (file-executable.rules) * 1:39780 <-> DISABLED <-> FILE-OTHER Ubisoft Heroes of Might and Magic III .h3m map file buffer overflow attempt (file-other.rules) * 1:43146 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:40921 <-> DISABLED <-> FILE-PDF Iceni Argus loadLZWBuffer out of bounds write attempt (file-pdf.rules) * 1:40056 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:47187 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules) * 1:40184 <-> DISABLED <-> EXPLOIT-KIT Phoenix Exploit Kit inbound geoip.php bdr exploit attempt (exploit-kit.rules) * 1:36251 <-> DISABLED <-> SERVER-OTHER ntpq atoascii memory corruption attempt (server-other.rules) * 1:46671 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46679 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (indicator-compromise.rules) * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:37291 <-> DISABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules) * 1:46399 <-> DISABLED <-> BROWSER-OTHER Mozilla Firefox table object integer underflow (browser-other.rules) * 1:42223 <-> ENABLED <-> FILE-IDENTIFY AOP file download request (file-identify.rules) * 1:42164 <-> DISABLED <-> FILE-OTHER Microsoft Office OneNote 2007 dll-load exploit attempt (file-other.rules) * 1:44286 <-> DISABLED <-> FILE-IMAGE Real-DRAW PRO malformed PNG denial of service attempt (file-image.rules) * 1:45686 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded JPEG out of bounds read attempt (file-other.rules) * 1:35282 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (file-flash.rules) * 1:40333 <-> DISABLED <-> PROTOCOL-SCADA Rockwell firmware upload attempt (protocol-scada.rules) * 1:43124 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Username read or write attempt (indicator-compromise.rules) * 1:47890 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:43914 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode type confusion exploitation attempt (file-pdf.rules) * 1:48225 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox sandbox escape attempt (browser-firefox.rules) * 1:36888 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:35241 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (file-pdf.rules) * 1:41077 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 unknown ASDU type detected (protocol-scada.rules) * 1:39762 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt (file-office.rules) * 1:43563 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user credentials request detected (policy-other.rules) * 1:43229 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:38865 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:43784 <-> DISABLED <-> POLICY-OTHER D-Link DIR-645 router external authentication attempt (policy-other.rules) * 1:37842 <-> DISABLED <-> SERVER-OTHER ntpd reference clock impersonation attempt (server-other.rules) * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:39452 <-> DISABLED <-> PROTOCOL-TFTP Comtrol RocketLinx factory reset request (protocol-tftp.rules) * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37419 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (malware-backdoor.rules) * 1:36279 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:37367 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST hostname overflow attempt (os-windows.rules) * 1:38443 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:45224 <-> DISABLED <-> FILE-FLASH Adobe Flash memory corruption exploit attempt (file-flash.rules) * 1:43278 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:44067 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:35285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (file-flash.rules) * 1:41302 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:37583 <-> DISABLED <-> INDICATOR-SHELLCODE Javascript 0xCCCC unicode unescape (indicator-shellcode.rules) * 1:43673 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products obfuscated cross site scripting attempt (browser-firefox.rules) * 1:37642 <-> ENABLED <-> PUA-ADWARE Win.Adware.Dealply outbound POST attempt (pua-adware.rules) * 1:35433 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:38657 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:36609 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (file-flash.rules) * 1:39501 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:48918 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:41308 <-> DISABLED <-> FILE-OTHER Dell Precision Optimizer dll-load exploit attempt (file-other.rules) * 1:40330 <-> DISABLED <-> SERVER-OTHER JBoss directory traversal attempt (server-other.rules) * 1:49019 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Longs ASCII reply (protocol-scada.rules) * 1:40772 <-> DISABLED <-> PUA-ADWARE Win.Trojan.Miuref variant outbound connection (pua-adware.rules) * 1:45758 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View guest login attempt (policy-other.rules) * 1:44481 <-> DISABLED <-> SERVER-OTHER dnsmasq IPv6 heap overflow attempt (server-other.rules) * 1:45187 <-> DISABLED <-> SERVER-OTHER WinRadius long password denial of service attempt (server-other.rules) * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:40188 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:36404 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SepReferenceLowBoxObjects privilege escalation attempt (os-windows.rules) * 1:48145 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules) * 1:38498 <-> DISABLED <-> MALWARE-OTHER samsam samsam.exe file load attempt (malware-other.rules) * 1:46980 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office Discovery User-Agent to a potential URL shortener service (indicator-compromise.rules) * 1:36612 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (indicator-compromise.rules) * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:36498 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:43003 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (policy-other.rules) * 1:35563 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime esds atom buffer overread attempt (file-multimedia.rules) * 1:44826 <-> DISABLED <-> OS-WINDOWS Microsoft Edge out of bounds write attempt (os-windows.rules) * 1:45536 <-> DISABLED <-> FILE-OTHER Ghostscript eqproc type confusion attempt (file-other.rules) * 1:45206 <-> DISABLED <-> BROWSER-FIREFOX Multiple browser pressure function denial of service attempt (browser-firefox.rules) * 1:45640 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:43234 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:46324 <-> ENABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:36543 <-> ENABLED <-> EXPLOIT-KIT Hunter exploit kit landing page detected (exploit-kit.rules) * 1:45234 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon Quantum modbus start command attempt (protocol-scada.rules) * 1:47232 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:49032 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Data Table binary reply (protocol-scada.rules) * 1:43764 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree node removal memory corruption attempt (browser-firefox.rules) * 1:42972 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (file-pdf.rules) * 1:44878 <-> DISABLED <-> SERVER-OTHER Mako Web Server arbitrary file upload attempt (server-other.rules) * 1:43942 <-> DISABLED <-> FILE-OTHER Abbs Media Player LST buffer overflow attempt (file-other.rules) * 1:38858 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules) * 1:39673 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:43773 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:47268 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:43640 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (file-office.rules) * 1:39907 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 SMTP upload attempt (malware-other.rules) * 1:45423 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU (protocol-scada.rules) * 1:39707 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:36406 <-> DISABLED <-> OS-WINDOWS Microsoft Windows sandbox policy bypass attempt (os-windows.rules) * 1:41298 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:43140 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large size value denial of service attempt (protocol-scada.rules) * 1:47359 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:42267 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:37336 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:42341 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:39987 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules) * 1:40811 <-> DISABLED <-> SERVER-OTHER NTP origin timestamp denial of service attempt (server-other.rules) * 1:47688 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules) * 1:48990 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Ouputs ASCII request (protocol-scada.rules) * 1:40457 <-> DISABLED <-> PUA-ADWARE Win.Downloader.OpenCandy variant outbound connection (pua-adware.rules) * 1:44695 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules) * 1:44703 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:48895 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - Web Open Font Format evasion attempt (policy-spam.rules) * 1:43225 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework CLI loader denial of service attempt (os-windows.rules) * 1:39111 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office HCell HncChart out of bounds write attempt (file-office.rules) * 1:40162 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:44442 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules) * 1:42419 <-> DISABLED <-> FILE-EXECUTABLE Win.Trojan.DoubleAgent download attempt (file-executable.rules) * 1:40052 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40297 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (file-image.rules) * 1:43627 <-> DISABLED <-> FILE-OTHER Schneider Electric MaxStream Configuration X-CTU code execution attempt (file-other.rules) * 1:39899 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (pua-adware.rules) * 1:44577 <-> DISABLED <-> SERVER-OTHER Samsung Security Manager ActiveMQ cross site scripting attempt (server-other.rules) * 1:35974 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SURFACE objects kernel privilege escalation attempt (os-windows.rules) * 1:47019 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 __defineGetter__ memory corruption attempt (browser-chrome.rules) * 1:37732 <-> DISABLED <-> POLICY-OTHER eicar test string download attempt (policy-other.rules) * 1:45070 <-> DISABLED <-> SERVER-SAMBA Samba write and close command memory leak attempt (server-samba.rules) * 1:42970 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (file-pdf.rules) * 1:41053 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Ack file (protocol-scada.rules) * 1:35781 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (file-pdf.rules) * 1:46116 <-> DISABLED <-> SERVER-APACHE FrontPage privilege escalation attempt (server-apache.rules) * 1:40088 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineUnderline property use (indicator-compromise.rules) * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:36256 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:36410 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (os-windows.rules) * 1:40533 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:47116 <-> DISABLED <-> SERVER-MAIL Zerofont phishing attempt (server-mail.rules) * 1:43221 <-> ENABLED <-> MALWARE-OTHER Win.Trojan-Downloader.Jadtree GET request of RAR file to server (malware-other.rules) * 1:46072 <-> DISABLED <-> FILE-OTHER Python lib wave.py wav zero channel denial of service attempt (file-other.rules) * 1:35242 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (file-pdf.rules) * 1:35739 <-> DISABLED <-> FILE-PDF Adobe Reader GoToE javascript execution attempt (file-pdf.rules) * 1:37841 <-> DISABLED <-> SERVER-OTHER ntpd reference clock impersonation attempt (server-other.rules) * 1:39599 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image tile size heap buffer overflow attempt (file-image.rules) * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules) * 1:45933 <-> DISABLED <-> FILE-EXECUTABLE Binutils objdump integer overflow attempt (file-executable.rules) * 1:48439 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address/location detected (indicator-compromise.rules) * 1:35530 <-> DISABLED <-> FILE-OTHER Microsoft Windows malformed TTF table hmtx remote code execution attempt (file-other.rules) * 1:38447 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:35989 <-> DISABLED <-> FILE-EXECUTABLE NtGdiStretchBlt buffer overflow privilege escalation attempt (file-executable.rules) * 1:35828 <-> DISABLED <-> FILE-OTHER OpenOffice Starview metafile arbitrary read write attempt (file-other.rules) * 1:48927 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:40325 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion default credential login attempt (server-other.rules) * 1:44303 <-> DISABLED <-> FILE-OFFICE Microsoft PowerPoint CString atom overflow attempt (file-office.rules) * 1:43748 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox BOM character cross site scripting attempt (browser-firefox.rules) * 1:46382 <-> DISABLED <-> SERVER-OTHER Micro Focus Operations Orchestration denial of service attempt (server-other.rules) * 1:40376 <-> DISABLED <-> OS-WINDOWS Microsoft GDI local privilege escalation attempt (os-windows.rules) * 1:40194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:38702 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:48984 <-> DISABLED <-> PROTOCOL-SCADA PCOM Identification ASCII request (protocol-scada.rules) * 1:46848 <-> DISABLED <-> INDICATOR-COMPROMISE Possible Samba internal DNS forged response (indicator-compromise.rules) * 1:35973 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SURFACE objects kernel privilege escalation attempt (os-windows.rules) * 1:44152 <-> DISABLED <-> SERVER-OTHER Multmedia Builder MEF buffer overflow attempt (server-other.rules) * 1:46367 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file download detected (file-identify.rules) * 1:42865 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS MIBEntryGet buffer overflow attempt (os-windows.rules) * 1:47033 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:45059 <-> DISABLED <-> FILE-OTHER Microsoft Windows UAC bypass attempt (file-other.rules) * 1:41640 <-> DISABLED <-> FILE-EXECUTABLE QuickHeal Internet Security malformed Mach-O file buffer overflow attempt (file-executable.rules) * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:35189 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:35831 <-> DISABLED <-> SERVER-OTHER multiple vendors NTP daemon integer overflow attempt (server-other.rules) * 1:49024 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Bits ASCII reply (protocol-scada.rules) * 1:44686 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules) * 1:39713 <-> ENABLED <-> MALWARE-OTHER MKVIS outbound communication attempt (malware-other.rules) * 1:45638 <-> DISABLED <-> SERVER-MAIL SqWebMail print_header_ua cross site scripting attempt (server-mail.rules) * 1:36823 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack Server buffer overflow attempt (server-other.rules) * 1:36361 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:39048 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Internet Security kl1.sys out of bounds read attempt (file-executable.rules) * 1:38390 <-> DISABLED <-> SERVER-OTHER HP JetDirect PJL path traversal attempt (server-other.rules) * 1:40328 <-> DISABLED <-> SERVER-OTHER Railo directory traversal attempt (server-other.rules) * 1:40193 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:42377 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader dll injection sandbox escape (file-pdf.rules) * 1:48917 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:43921 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:40486 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:42084 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:47158 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (file-image.rules) * 1:46667 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:40329 <-> DISABLED <-> SERVER-OTHER Axis2 directory traversal attempt (server-other.rules) * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules) * 1:46879 <-> DISABLED <-> SERVER-OTHER BMC Server Automation RSCD Agent remote code execution attempt (server-other.rules) * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules) * 1:38718 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:46318 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules) * 1:48333 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:43303 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:48321 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:42773 <-> DISABLED <-> OS-WINDOWS Microsoft Windows COM privilege escalation attempt (os-windows.rules) * 1:45436 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ErrorPDU (protocol-scada.rules) * 1:49013 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get UnitID ASCII reply (protocol-scada.rules) * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:37868 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:43384 <-> DISABLED <-> INDICATOR-COMPROMISE Wing FTP Server potentially malicious admin user creation attempt (indicator-compromise.rules) * 1:38823 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:43774 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:47070 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:48211 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out-of-bounds write attempt (file-pdf.rules) * 1:45879 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF listoverride memory corruption attempt (file-office.rules) * 1:38345 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT is operation null pointer dereference attempt (server-other.rules) * 1:49002 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Longs ASCII request (protocol-scada.rules) * 1:40318 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:40046 <-> DISABLED <-> SERVER-OTHER PHP locale_accept_from_http out of bounds read attempt (server-other.rules) * 1:46957 <-> DISABLED <-> OS-WINDOWS Microsoft Windows hidparse.sys privilege escalation attempt (os-windows.rules) * 1:43663 <-> DISABLED <-> SERVER-OTHER WSFTP IpSwitch custom SITE command execution attempt (server-other.rules) * 1:44019 <-> DISABLED <-> FILE-IMAGE malformed png missing IHDR (file-image.rules) * 1:44690 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:42057 <-> DISABLED <-> PROTOCOL-SCADA Moxa unlock function code attempt (protocol-scada.rules) * 1:35411 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor Policy ByPass command injection attempt (browser-chrome.rules) * 1:48585 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript resolveNode use-after-free attempt (file-pdf.rules) * 1:35555 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (server-mail.rules) * 1:38870 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_chunk_parse_cr out of bounds read attempt (server-other.rules) * 1:48556 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:40484 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:48553 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file download request (file-identify.rules) * 1:38452 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:45385 <-> DISABLED <-> OS-OTHER Mac OS X setuid privilege esclatation exploit attempt (os-other.rules) * 1:45618 <-> DISABLED <-> PROTOCOL-SNMP Cambium ePMP SNMP request with read-only community string attempt (protocol-snmp.rules) * 1:36535 <-> DISABLED <-> EXPLOIT-KIT Neutrino exploit kit landing page detected (exploit-kit.rules) * 1:46073 <-> DISABLED <-> FILE-OTHER Python lib wave.py wav zero channel denial of service attempt (file-other.rules) * 1:44985 <-> DISABLED <-> SERVER-OTHER Galil RIO-47100 denial of service attempt (server-other.rules) * 1:44721 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate Manager process arbitrary file execution attempt (server-other.rules) * 1:43986 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electroc ModbusDrv.exe buffer overflow attempt (protocol-scada.rules) * 1:48121 <-> DISABLED <-> SERVER-OTHER LSIS wXP Denial of Service attempt (server-other.rules) * 1:44704 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:45430 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ErrorPDU (protocol-scada.rules) * 1:48316 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48342 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:36855 <-> ENABLED <-> FILE-OTHER Wireshark DECT packet dissector overflow attempt (file-other.rules) * 1:48314 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:43253 <-> DISABLED <-> PROTOCOL-SCADA IEC 61850 virtual manufacturing device domain variable enumeration attempt (protocol-scada.rules) * 1:46878 <-> DISABLED <-> SERVER-OTHER BMC Server Automation RSCD Agent remote code execution attempt (server-other.rules) * 1:42101 <-> DISABLED <-> FILE-EXECUTABLE AnC MMU side channel ASLR bypass attack (file-executable.rules) * 1:39265 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (file-flash.rules) * 1:45348 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules) * 1:42774 <-> DISABLED <-> OS-WINDOWS Microsoft Windows COM privilege escalation attempt (os-windows.rules) * 1:39356 <-> ENABLED <-> MALWARE-OTHER Lamer outbound communication attempt (malware-other.rules) * 1:40564 <-> DISABLED <-> OS-LINUX Linux kernel madvise race condition attempt (os-linux.rules) * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:42786 <-> DISABLED <-> PROTOCOL-SCADA Moxa unlock function code attempt (protocol-scada.rules) * 1:40961 <-> DISABLED <-> FILE-OTHER Microsoft Office OLE DLL side load attempt (file-other.rules) * 1:45591 <-> DISABLED <-> PROTOCOL-FTP LabF nfsAxe FTP Client buffer overflow attempt (protocol-ftp.rules) * 1:39741 <-> DISABLED <-> PUA-ADWARE Win.Adware.StartPage variant outbound connection (pua-adware.rules) * 1:35827 <-> DISABLED <-> FILE-OTHER TAR archive with absolute path detected (file-other.rules) * 1:40873 <-> DISABLED <-> FILE-PDF Iceni Argus loadTrailer heap corruption attempt (file-pdf.rules) * 1:44674 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query integer overflow attempt (server-mysql.rules) * 1:39670 <-> DISABLED <-> FILE-PDF Adobe Reader submitForm SOP bypass attempt (file-pdf.rules) * 1:43516 <-> DISABLED <-> BROWSER-OTHER Apple Safari nested xml tag denial of service attempt (browser-other.rules) * 1:37368 <-> DISABLED <-> SERVER-OTHER Multiple Vendors SOAP large array information disclosure attempt (server-other.rules) * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules) * 1:40202 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:44055 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules) * 1:37311 <-> DISABLED <-> BROWSER-CHROME Google Chrome MOTW pageSerializer HTML injection attempt (browser-chrome.rules) * 1:42971 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (file-pdf.rules) * 1:48862 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:43263 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:44208 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules) * 1:43871 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (file-image.rules) * 1:38711 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:43239 <-> DISABLED <-> PROTOCOL-FTP WS-FTP REST command overly large file creation attempt (protocol-ftp.rules) * 1:42350 <-> DISABLED <-> PROTOCOL-SCADA InduSoft Web Studio CEServer buffer overflow attempt (protocol-scada.rules) * 1:48577 <-> DISABLED <-> PROTOCOL-SCADA PNIO-CM Connect Operation (protocol-scada.rules) * 1:45126 <-> DISABLED <-> FILE-OTHER Adobe Shockwave newModel memory disclosure attempt (file-other.rules) * 1:47357 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:40055 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40536 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40199 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:48989 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set RTC ASCII request (protocol-scada.rules) * 1:40355 <-> DISABLED <-> PROTOCOL-FTP z/OS FTP Job Entry Subsystem JCL execution attempt (protocol-ftp.rules) * 1:45030 <-> DISABLED <-> FILE-PDF JPEG2000 image coding style default information disclosure attempt (file-pdf.rules) * 1:40294 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (file-image.rules) * 1:42936 <-> DISABLED <-> FILE-OTHER Everest Software PeakHMI malicious .bsu file buffer overflow attempt (file-other.rules) * 1:41219 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric denial of service attempt (server-other.rules) * 1:38444 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:35548 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35775 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:38663 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38719 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:35568 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid mvhd atom size out of bounds read attempt (file-multimedia.rules) * 1:38365 <-> DISABLED <-> SERVER-OTHER TCPDUMP ISAKMP payload handling denial of service attempt (server-other.rules) * 1:38441 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:42320 <-> DISABLED <-> FILE-PDF Poppler PDF library embedded jp2 COD levels integer overflow attempt (file-pdf.rules) * 1:36528 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:38307 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules) * 1:35782 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (file-pdf.rules) * 1:40760 <-> DISABLED <-> SERVER-OTHER OpenLDAP deref control denial of service attempt (server-other.rules) * 1:44982 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Kristina encryption over SMB attempt (malware-other.rules) * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:40015 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox about field spoofing attempt (browser-firefox.rules) * 1:39600 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image tile size heap buffer overflow attempt (file-image.rules) * 1:49029 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Longs ASCII reply (protocol-scada.rules) * 1:48336 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:47060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-image.rules) * 1:40319 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:38857 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:43943 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.DonaldDick variant outbound connection detection (malware-backdoor.rules) * 1:43874 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (file-image.rules) * 1:49006 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Longs ASCII request (protocol-scada.rules) * 1:45394 <-> DISABLED <-> SERVER-OTHER Quest Privilege Manager pmmasterd denial of service attempt (server-other.rules) * 1:39189 <-> ENABLED <-> PUA-TOOLBARS Win.Toolbar.Crossrider variant outbound connection (pua-toolbars.rules) * 1:47335 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out of bounds write attempt (file-pdf.rules) * 1:44159 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media Player malformed au denial of service attempt (file-other.rules) * 1:42397 <-> DISABLED <-> EXPLOIT-KIT Blacole inbound malformed pdf download attempt (exploit-kit.rules) * 1:43259 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:40186 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:41208 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed PlaceObject3 memory corruption attempt (file-flash.rules) * 1:39674 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:39778 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file download request (file-identify.rules) * 1:45631 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS privilege escalation attempt (file-other.rules) * 1:36766 <-> DISABLED <-> FILE-OTHER Microsoft Outlook for Mac EML file http-equiv refresh url attempt (file-other.rules) * 1:45571 <-> DISABLED <-> SERVER-OTHER Commvault Communications Service command injection attempt (server-other.rules) * 1:44585 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx object type confusion attempt (file-office.rules) * 1:35639 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:43685 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod variant outbound connection (malware-other.rules) * 1:37402 <-> DISABLED <-> FILE-OTHER librtmp invalid pointer dereference attempt (file-other.rules) * 1:41744 <-> DISABLED <-> POLICY-OTHER Cisco IOS configuration transfer via TFTP detected (policy-other.rules) * 1:39597 <-> DISABLED <-> FILE-MULTIMEDIA Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt (file-multimedia.rules) * 1:46077 <-> DISABLED <-> FILE-IMAGE Gifsicle gifread double-free attempt (file-image.rules) * 1:48345 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:46098 <-> DISABLED <-> PROTOCOL-OTHER Routing Information Protocol version 1 potential amplified distributed denial of service attempt (protocol-other.rules) * 1:47989 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:48999 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Ouputs ASCII request (protocol-scada.rules) * 1:44581 <-> DISABLED <-> SERVER-OTHER TrendMicro OfficeScan LogonUser buffer overflow attempt (server-other.rules) * 1:40095 <-> DISABLED <-> INDICATOR-SCAN Microsoft Internet Explorer AnchorElement information disclosure attempt (indicator-scan.rules) * 1:35886 <-> DISABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules) * 1:39034 <-> DISABLED <-> FILE-OTHER libarchive mtree parse_device stack buffer overflow attempt (file-other.rules) * 1:45611 <-> DISABLED <-> PROTOCOL-SNMP Cambium cnPilot SNMP request with read-only community string attempt (protocol-snmp.rules) * 1:37364 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST client identifier overflow attempt (os-windows.rules) * 1:40085 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineNone property use (indicator-compromise.rules) * 1:38319 <-> DISABLED <-> NETBIOS SMB winreg named pipe creation attempt (netbios.rules) * 1:43562 <-> DISABLED <-> POLICY-OTHER Teleopti WFM database information request detected (policy-other.rules) * 1:42861 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon TM221CE16R password retrieval attempt (protocol-scada.rules) * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules) * 1:38321 <-> DISABLED <-> NETBIOS SMB svcctl named pipe creation attempt (netbios.rules) * 1:35786 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader trusted function privilege escalation attempt (file-pdf.rules) * 1:44705 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:35405 <-> DISABLED <-> SERVER-OTHER HP Release Control authenticated privilege escalation attempt (server-other.rules) * 1:46124 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:39771 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:43235 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:38280 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (malware-other.rules) * 1:41739 <-> DISABLED <-> PROTOCOL-SCADA Moxa Mass Config Tool DOS attempt (protocol-scada.rules) * 1:45024 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules) * 1:46726 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (file-image.rules) * 1:35239 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (file-pdf.rules) * 1:44663 <-> DISABLED <-> SERVER-OTHER Mikrotik RouterOS SNMP security bypass attempt (server-other.rules) * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:35288 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (file-flash.rules) * 1:39905 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 SMTP upload attempt (malware-other.rules) * 1:45770 <-> DISABLED <-> POLICY-OTHER Polycom VoIP config download attempt (policy-other.rules) * 1:40594 <-> DISABLED <-> PUA-ADWARE Win.Adware.CoolMirage outbound ad download attempt (pua-adware.rules) * 1:47334 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out of bounds write attempt (file-pdf.rules) * 1:36409 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (os-windows.rules) * 1:42939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules) * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:40827 <-> DISABLED <-> PUA-ADWARE MindSpark framework installer attempt (pua-adware.rules) * 1:45228 <-> DISABLED <-> SERVER-OTHER Medal Of Honor Allied Assault getinfo buffer overflow attempt (server-other.rules) * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44706 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:42343 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:44096 <-> DISABLED <-> MALWARE-TOOLS Request to service that provices external IP address detected (malware-tools.rules) * 1:43301 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:37619 <-> DISABLED <-> SERVER-OTHER InterSystems Cache UtilConfigHome.csp buffer overflow attempt (server-other.rules) * 1:36277 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:44041 <-> DISABLED <-> SERVER-OTHER LCDproc test_func buffer overflow attempt (server-other.rules) * 1:44666 <-> DISABLED <-> SERVER-OTHER Easy Chat Server buffer overflow attempt (server-other.rules) * 1:43970 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIER16 out of bounds access attempt (file-multimedia.rules) * 1:37891 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS tunneling attempt (indicator-obfuscation.rules) * 1:43684 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod variant file download (malware-other.rules) * 1:44304 <-> DISABLED <-> FILE-OFFICE Microsoft PowerPoint CString atom overflow attempt (file-office.rules) * 1:35807 <-> DISABLED <-> FILE-PDF Adobe Reader validation bypass privilege escalation attempt (file-pdf.rules) * 1:44756 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK denial of service attempt (server-other.rules) * 1:41736 <-> DISABLED <-> SERVER-OTHER Beck IPC CHIP DoS attempt (server-other.rules) * 1:41784 <-> DISABLED <-> INDICATOR-COMPROMISE clorius controls information gathering attempt (indicator-compromise.rules) * 1:43920 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:41061 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Measured value (protocol-scada.rules) * 1:48926 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:47329 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:48915 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:42087 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:38952 <-> ENABLED <-> PUA-ADWARE Win.Adware.OpenSoftwareUpdater variant outbound connection attempt (pua-adware.rules) * 1:44026 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:35808 <-> DISABLED <-> FILE-PDF Adobe Reader validation bypass privilege escalation attempt (file-pdf.rules) * 1:40562 <-> DISABLED <-> OS-LINUX Linux kernel madvise race condition attempt (os-linux.rules) * 1:37333 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:44358 <-> DISABLED <-> PUA-ADWARE DealPly Adware variant outbound connection (pua-adware.rules) * 1:40892 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules) * 1:36061 <-> DISABLED <-> SERVER-OTHER SAP SQL Anywhere .NET malformed integer buffer overflow attempt (server-other.rules) * 1:38295 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:37222 <-> ENABLED <-> MALWARE-OTHER Win.Worm.Pixipos Outbound Connection Attempt (malware-other.rules) * 1:38897 <-> DISABLED <-> FILE-OTHER Adobe Illustrator CS4 request for aires.dll over SMB attempt (file-other.rules) * 1:47686 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules) * 1:40518 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Stop CPU attempt (protocol-scada.rules) * 1:43639 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (file-office.rules) * 1:44368 <-> DISABLED <-> PROTOCOL-SCADA CoDeSys GatewayService heap overrun attempt (protocol-scada.rules) * 1:38135 <-> DISABLED <-> BROWSER-OTHER Apple iOS CoreGraphics library PDF embedded image handling information leak attempt (browser-other.rules) * 1:43264 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:37054 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:35284 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (file-flash.rules) * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules) * 1:45619 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules) * 1:40064 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (os-windows.rules) * 1:40171 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player use after free attempt (file-flash.rules) * 1:43044 <-> DISABLED <-> SERVER-OTHER RaySharp DVR administrative interface access attempt (server-other.rules) * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:46730 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS out of bounds read attempt (file-other.rules) * 1:43177 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIPROTEC V4.24 crafted packet denial of service attempt (protocol-scada.rules) * 1:44475 <-> DISABLED <-> MALWARE-OTHER GHBkdr TLS Handshake spoof runtime detection (malware-other.rules) * 1:44015 <-> DISABLED <-> PROTOCOL-OTHER STCP heartbeat chunk denial of service attempt (protocol-other.rules) * 1:46798 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:43919 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:44108 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:35740 <-> DISABLED <-> FILE-PDF Adobe Reader GoToE javascript execution attempt (file-pdf.rules) * 1:43302 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:42229 <-> DISABLED <-> INDICATOR-COMPROMISE RTF url moniker COM file download attempt (indicator-compromise.rules) * 1:35406 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_status heap buffer overflow attempt (server-apache.rules) * 1:38856 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:44020 <-> DISABLED <-> FILE-IMAGE malformed png missing IHDR (file-image.rules) * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:39804 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:39805 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:45641 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:44040 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Launch action buffer overflow attempt (file-pdf.rules) * 1:44155 <-> DISABLED <-> SERVER-APACHE Apache Qpid AMQP denial of service attempt (server-apache.rules) * 1:39888 <-> DISABLED <-> PUA-ADWARE Dorv Adware variant outbound connection (pua-adware.rules) * 1:41853 <-> DISABLED <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt (os-linux.rules) * 1:45173 <-> DISABLED <-> BROWSER-FIREFOX Mozilla download directory file deletion attempt (browser-firefox.rules) * 1:41049 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STOPDT ACT (protocol-scada.rules) * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:35488 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Notepad remote printer file access attempt (os-windows.rules) * 1:41299 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:43728 <-> DISABLED <-> SERVER-OTHER XChat heap buffer overflow attempt (server-other.rules) * 1:35688 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml file request (protocol-other.rules) * 1:42226 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:38704 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:48221 <-> DISABLED <-> SERVER-OTHER Oracle MySQL uninitialized variable remote code execution attempt (server-other.rules) * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:38691 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:39927 <-> ENABLED <-> MALWARE-OTHER pisloader DNS list command response attempt (malware-other.rules) * 1:43928 <-> DISABLED <-> PROTOCOL-OTHER NETBIOS Session Service header length field denial of service attempt (protocol-other.rules) * 1:44194 <-> DISABLED <-> FILE-MULTIMEDIA multiple audio players playlist file handling heap overflow attempt (file-multimedia.rules) * 1:46905 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows malicious CONTEXT structure creation attempt (indicator-compromise.rules) * 1:39378 <-> DISABLED <-> PROTOCOL-FTP PUT overflow attempt (protocol-ftp.rules) * 1:35921 <-> DISABLED <-> SERVER-OTHER General Electric Proficy malicious log forwarding request attempt (server-other.rules) * 1:48570 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell commands sent in X-JEX headers (malware-tools.rules) * 1:46766 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:41081 <-> ENABLED <-> SERVER-OTHER Tarantool initial connection banner detected (server-other.rules) * 1:39761 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt (file-office.rules) * 1:43386 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:35413 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules) * 1:43247 <-> DISABLED <-> SERVER-APACHE Apache Rave information disclosure attempt (server-apache.rules) * 1:38731 <-> DISABLED <-> SERVER-OTHER Squid Proxy range header denial of service attempt (server-other.rules) * 1:41078 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 traffic to/from EXTERNAL_NET (protocol-scada.rules) * 1:39747 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Apocalypse download attempt (malware-other.rules) * 1:40525 <-> DISABLED <-> FILE-IMAGE LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt (file-image.rules) * 1:44205 <-> DISABLED <-> FILE-OTHER VideoLAN VLC Media Player Ogg/Vorbis denial of service attempt (file-other.rules) * 1:43879 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF polygon heap buffer overflow attempt (file-other.rules) * 1:38329 <-> ENABLED <-> MALWARE-BACKDOOR ReGeorg socks proxy initial connection attempt (malware-backdoor.rules) * 1:42969 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (file-pdf.rules) * 1:35248 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules) * 1:43604 <-> DISABLED <-> FILE-OTHER Schneider Electric ClearSCADA malicious OPF file (file-other.rules) * 1:36422 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:39974 <-> ENABLED <-> MALWARE-OTHER Andr.Trojan.KungFu variant download (malware-other.rules) * 1:47940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules) * 1:36307 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (file-image.rules) * 1:43661 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Servlet information disclosure attempt (server-oracle.rules) * 1:39759 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:35513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtGdiGetTextMetricsW TEXTMETRICW kernel mode ASLR bypass attempt (os-windows.rules) * 1:38570 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (file-other.rules) * 1:47385 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:45426 <-> DISABLED <-> PROTOCOL-SCADA MMS UnconfirmedPDU (protocol-scada.rules) * 1:46907 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows processor modification return to user-mode attempt (indicator-compromise.rules) * 1:35417 <-> DISABLED <-> SERVER-OTHER Fortinet Single Sign On hello message denial of service attempt (server-other.rules) * 1:41067 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Rest process command (protocol-scada.rules) * 1:41365 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RtlQueryRegistryValues buffer overflow attempt (os-windows.rules) * 1:41758 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (indicator-compromise.rules) * 1:35889 <-> DISABLED <-> PROTOCOL-SCADA Kaskad SCADA arbitrary command execution attempt (protocol-scada.rules) * 1:40487 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:41062 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Packed start events (protocol-scada.rules) * 1:46335 <-> DISABLED <-> SERVER-OTHER QNAP QTS hard coded credential access attempt (server-other.rules) * 1:44864 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer OLE auto-open attempt (indicator-compromise.rules) * 1:42263 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:43074 <-> DISABLED <-> INDICATOR-COMPROMISE SysAid mssql potentially malicious new user creation attempt (indicator-compromise.rules) * 1:47884 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (file-other.rules) * 1:48315 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:41507 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString denial of service attempt (server-other.rules) * 1:43965 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .doc file denial of service attempt (os-windows.rules) * 1:36492 <-> DISABLED <-> EXPLOIT-KIT Neutrino exploit kit gate detected (exploit-kit.rules) * 1:46615 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:36408 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (os-windows.rules) * 1:39593 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:37654 <-> DISABLED <-> OS-LINUX Linux kernel SCTP handshake COOKIE ECHO Chunks denial of service attempt (os-linux.rules) * 1:47944 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules) * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (policy-other.rules) * 1:36315 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit relay traffic detected (exploit-kit.rules) * 1:44974 <-> DISABLED <-> SERVER-OTHER Cisco IOS Smart Install identification attempt (server-other.rules) * 1:48934 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:40295 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (file-image.rules) * 1:45246 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox DOM event handler privilege escalation attempt (browser-firefox.rules) * 1:36377 <-> DISABLED <-> BROWSER-OTHER Google Chrome invalid URI denial of service attempt (browser-other.rules) * 1:35542 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit flash exploit download attempt (exploit-kit.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules) * 1:45746 <-> DISABLED <-> SERVER-OTHER CloudMe Sync Client stack buffer overflow attempt (server-other.rules) * 1:48554 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:40195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:36239 <-> ENABLED <-> FILE-JAVA Oracle Java System.arraycopy race condition attempt (file-java.rules) * 1:37620 <-> DISABLED <-> PUA-ADWARE Genieo Adware framework variant outbound connection (pua-adware.rules) * 1:45253 <-> DISABLED <-> SERVER-OTHER Dahua DVR hard-coded root login attempt (server-other.rules) * 1:48337 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:37331 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:40531 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (pua-adware.rules) * 1:40200 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:44111 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:42316 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream tile height out of bounds read attempt (file-pdf.rules) * 1:43623 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file HostList processing stack buffer overflow attempt (file-other.rules) * 1:35766 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules) * 1:48929 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:47130 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules) * 1:44326 <-> DISABLED <-> SERVER-OTHER Novell iPrint Client buffer overflow attempt (server-other.rules) * 1:40840 <-> DISABLED <-> PUA-OTHER Bitcoin Mining subscribe Stratum protocol client request attempt (pua-other.rules) * 1:35981 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules) * 1:37337 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:47360 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (policy-other.rules) * 1:36606 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (file-flash.rules) * 1:38322 <-> DISABLED <-> NETBIOS SMB samr named pipe creation attempt (netbios.rules) * 1:36525 <-> DISABLED <-> FILE-JAVA Oracle Java TrueType font parsing mort table ligature subtable buffer overflow attempt (file-java.rules) * 1:47146 <-> DISABLED <-> POLICY-OTHER Siemens SICAM PAS hard coded factory account usage attempt (policy-other.rules) * 1:42262 <-> ENABLED <-> FILE-IDENTIFY ISO file download request (file-identify.rules) * 1:46673 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:44009 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox empty lookupGetter dangling pointer attempt (browser-firefox.rules) * 1:41997 <-> DISABLED <-> OS-WINDOWS Microsoft GDI+ privilege escalation attempt (os-windows.rules) * 1:47353 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:38859 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (policy-other.rules) * 1:43566 <-> DISABLED <-> SERVER-OTHER LAN Messenger initiation request buffer overflow attempt (server-other.rules) * 1:42064 <-> DISABLED <-> SERVER-OTHER kaskad SCADA daserver heap overflow exploitation attempt (server-other.rules) * 1:41056 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 File ready (protocol-scada.rules) * 1:47356 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:40841 <-> DISABLED <-> PUA-OTHER Bitcoin Mining authorize Stratum protocol client request attempt (pua-other.rules) * 1:40894 <-> DISABLED <-> FILE-OTHER R Project PDF encoding buffer overflow attempt (file-other.rules) * 1:47821 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid Diffie-Hellman parameter NULL pointer dereference attempt (server-other.rules) * 1:49003 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get RTC ASCII request (protocol-scada.rules) * 1:37865 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf xref offset out of bounds read attempt (file-pdf.rules) * 1:45672 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:43840 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP response format string exploit attempt (file-other.rules) * 1:37866 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf arbitrary pointer access attempt (file-pdf.rules) * 1:35487 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Notepad remote printer file access attempt (os-windows.rules) * 1:40356 <-> DISABLED <-> PUA-ADWARE Win.Trojan.InstantAccess variant outbound connection (pua-adware.rules) * 1:37403 <-> DISABLED <-> SERVER-OTHER Easy Chat server authentication request password parameter overflow attempt (server-other.rules) * 1:41664 <-> DISABLED <-> PUA-ADWARE Win.Adware.Xiazai variant outbound connection (pua-adware.rules) * 1:43816 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (os-windows.rules) * 1:36530 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:48341 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:40979 <-> ENABLED <-> FILE-IDENTIFY ico file download request (file-identify.rules) * 1:47384 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:42279 <-> DISABLED <-> FILE-OTHER Adobe Acrobat request for RARfsClientNP.dll over SMB attempt (file-other.rules) * 1:38343 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf Root xref stack exhaustion attempt (file-pdf.rules) * 1:38442 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:41771 <-> ENABLED <-> MALWARE-TOOLS slowhttptest DoS tool (malware-tools.rules) * 1:48169 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:41484 <-> DISABLED <-> FILE-OTHER LexMark Perceptive Document Filters BZIP2 convert out of bounds write attempt (file-other.rules) * 1:36563 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:37362 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 conversion library code execution attempt (file-office.rules) * 1:43927 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA javascript use after free exploitation attempt (file-pdf.rules) * 1:43564 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user creation detected (policy-other.rules) * 1:48348 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:36310 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (file-image.rules) * 1:48329 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:45577 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules) * 1:38454 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:44981 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Kristina encryption over SMB attempt (malware-other.rules) * 1:41530 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:45431 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-RequestPDU (protocol-scada.rules) * 1:37335 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:41812 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ fileserver broker service file move attempt (server-other.rules) * 1:35980 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules) * 1:46906 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows malicious CONTEXT structure creation attempt (indicator-compromise.rules) * 1:45068 <-> DISABLED <-> SERVER-OTHER Oracle Identity Manager default login attempt (server-other.rules) * 1:36376 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework lcfd endpoint daemon buffer overflow attempt (server-other.rules) * 1:36814 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO acceptor acc_ctx_cont denial of service attempt (server-other.rules) * 1:47251 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:45072 <-> DISABLED <-> SERVER-SAMBA Samba write command memory leak attempt (server-samba.rules) * 1:40093 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineUnderline property use (indicator-compromise.rules) * 1:44203 <-> DISABLED <-> SERVER-OTHER HP Data Protector memory corruption attempt (server-other.rules) * 1:42874 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:43262 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (policy-other.rules) * 1:38324 <-> DISABLED <-> FILE-OTHER 7zip HFS+ handling heap buffer overflow attempt (file-other.rules) * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:48340 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:38662 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:41755 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (indicator-compromise.rules) * 1:39502 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:36194 <-> DISABLED <-> POLICY-OTHER BitTorrent distributed reflected denial-of-service attempt (policy-other.rules) * 1:44038 <-> DISABLED <-> SERVER-OTHER LCDproc parse_all_client_messages buffer overflow attempt (server-other.rules) * 1:43369 <-> DISABLED <-> FILE-OTHER Compface xbm long declaration buffer overflow attempt (file-other.rules) * 1:45578 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules) * 1:48322 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:49020 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Integers ASCII reply (protocol-scada.rules) * 1:47585 <-> DISABLED <-> SERVER-OTHER ntpq decode array buffer overflow attempt (server-other.rules) * 1:39919 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt (file-executable.rules) * 1:42463 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:36063 <-> DISABLED <-> FILE-PDF Adobe Reader makeMeasurement information disclosure attempt (file-pdf.rules) * 1:36596 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos privilege escalation attempt (os-windows.rules) * 1:49031 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get PLC Name binary reply (protocol-scada.rules) * 1:42100 <-> DISABLED <-> FILE-EXECUTABLE AnC MMU side channel ASLR bypass attack (file-executable.rules) * 1:35562 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules) * 1:44633 <-> DISABLED <-> SERVER-OTHER Colorado FTP Server directory traversal attempt (server-other.rules) * 1:36010 <-> DISABLED <-> OS-WINDOWS Microsoft Windows task scheduler race condition attempt (os-windows.rules) * 1:39975 <-> ENABLED <-> MALWARE-OTHER Andr.Trojan.KungFu variant download (malware-other.rules) * 1:43922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:36456 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (file-multimedia.rules) * 1:43136 <-> DISABLED <-> SERVER-MAIL SysGauge SMTP response buffer overflow (server-mail.rules) * 1:40191 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:38855 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules) * 1:47910 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules) * 1:43960 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products element style change memory corruption code execution attempt (browser-firefox.rules) * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (policy-other.rules) * 1:40175 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:36545 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (server-other.rules) * 1:36476 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:42466 <-> DISABLED <-> SERVER-OTHER WinRadius long password denial of service attempt (server-other.rules) * 1:38327 <-> ENABLED <-> MALWARE-BACKDOOR ReGeorg proxy read attempt (malware-backdoor.rules) * 1:45069 <-> DISABLED <-> SERVER-SAMBA Samba write andx command memory leak attempt (server-samba.rules) * 1:38391 <-> DISABLED <-> SERVER-OTHER HP JetDirect PJL path traversal attempt (server-other.rules) * 1:44156 <-> DISABLED <-> SERVER-APACHE Apache Qpid AMQP denial of service attempt (server-apache.rules) * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:40053 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:43953 <-> DISABLED <-> FILE-OTHER VLC Media Player malformed AMR buffer overflow attempt (file-other.rules) * 1:42823 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (malware-other.rules) * 1:44209 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules) * 1:41073 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 bitstring of 32 bits (protocol-scada.rules) * 1:39830 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrypMIC outbound connection detected (malware-other.rules) * 1:39049 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office NXDeleteLineObj memory corruption attempt (file-office.rules) * 1:42282 <-> DISABLED <-> OS-SOLARIS Solaris catflap telnet remote code execution attempt (os-solaris.rules) * 1:38682 <-> ENABLED <-> EXPLOIT-KIT Angler Exploit Kit email gate (exploit-kit.rules) * 1:41204 <-> DISABLED <-> FILE-PDF Adobe Reader XSL type confusion attempt (file-pdf.rules) * 1:42460 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Reader PDF embedded null JPEG image (indicator-compromise.rules) * 1:38547 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT table markup command out of bounds read attempt (server-other.rules) * 1:41416 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader image cache use after free attempt (file-pdf.rules) * 1:48332 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:39735 <-> DISABLED <-> FILE-OTHER VideoCharge buffer overflow SEH attempt (file-other.rules) * 1:48317 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:35636 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid swf tag parsing buffer overflow attempt (file-flash.rules) * 1:43660 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Server information disclosure attempt (server-oracle.rules) * 1:44103 <-> DISABLED <-> FILE-PDF Multiple products PDF JavaScript saveAs arbitrary file write attempt (file-pdf.rules) * 1:36650 <-> DISABLED <-> PROTOCOL-ICMP Squid Pinger IPv6 denial of service attempt (protocol-icmp.rules) * 1:37862 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:38338 <-> DISABLED <-> FILE-JAVA Oracle Java Class Loader namespace sandbox bypass attempt (file-java.rules) * 1:47266 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:45639 <-> DISABLED <-> SERVER-MAIL SqWebMail print_header_ua cross site scripting attempt (server-mail.rules) * 1:45515 <-> ENABLED <-> NETBIOS SMB SESSION_SETUP subcommand detected (netbios.rules) * 1:45027 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules) * 1:41207 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed PlaceObject3 memory corruption attempt (file-flash.rules) * 1:45669 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:43218 <-> DISABLED <-> PUA-ADWARE Win.Adware.Hotbar variant outbound connection (pua-adware.rules) * 1:38709 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:36651 <-> DISABLED <-> PROTOCOL-ICMP Squid Pinger IPv6 denial of service attempt (protocol-icmp.rules) * 1:48344 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:43230 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:47328 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:45780 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:45397 <-> DISABLED <-> PUA-ADWARE Osx.Adware.SurfBuyer adware outbound connection detected (pua-adware.rules) * 1:48995 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Bits ASCII request (protocol-scada.rules) * 1:40125 <-> DISABLED <-> FILE-OTHER Ichitaro Office Excel TxO record heap overflow attempt (file-other.rules) * 1:44643 <-> DISABLED <-> SERVER-OTHER Mikrotik RouterOS denial of service attempt (server-other.rules) * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:45543 <-> DISABLED <-> FILE-OTHER WinAce RAR file directory traversal attempt (file-other.rules) * 1:39151 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT message length overflow attempt (server-other.rules) * 1:47361 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:38551 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling splash_remove directory traversal attempt (server-other.rules) * 1:35978 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateObjectTask privilege escalation attempt (os-windows.rules) * 1:36415 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel ALPC synchronous requests memory corruption attempt (os-windows.rules) * 1:39863 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:47018 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 __defineGetter__ memory corruption attempt (browser-chrome.rules) * 1:45386 <-> DISABLED <-> OS-OTHER Mac OS X setuid privilege esclatation exploit attempt (os-other.rules) * 1:42927 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office with embedded EPS download attempt (indicator-compromise.rules) * 1:49004 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Bits ASCII request (protocol-scada.rules) * 1:46258 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip out of bounds write attempt (file-flash.rules) * 1:46259 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip out of bounds write attempt (file-flash.rules) * 1:43818 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (os-windows.rules) * 1:44919 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusRectF out of bounds read attempt (file-other.rules) * 1:39587 <-> DISABLED <-> PUA-ADWARE Win.Adware.Antivirus Container.exe referral link attempt (pua-adware.rules) * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:49010 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get RTC ASCII reply (protocol-scada.rules) * 1:36454 <-> DISABLED <-> SERVER-OTHER multiple products WinExec function remote code execution attempt (server-other.rules) * 1:37401 <-> DISABLED <-> FILE-OTHER librtmp invalid pointer dereference attempt (file-other.rules) * 1:45685 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro BMP out of bounds read attempt (file-image.rules) * 1:36029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys use after free attempt (os-windows.rules) * 1:49000 <-> DISABLED <-> PROTOCOL-SCADA PCOM Stop Device ASCII request (protocol-scada.rules) * 1:39798 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:41205 <-> DISABLED <-> FILE-PDF Adobe Reader XSL type confusion attempt (file-pdf.rules) * 1:40057 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:35546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:44839 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF memory corruption attempt (file-office.rules) * 1:38296 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:44759 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (file-other.rules) * 1:35371 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Bimteni variant initial outbound connection (malware-backdoor.rules) * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:44716 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (server-other.rules) * 1:44718 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (server-other.rules) * 1:35778 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:43947 <-> DISABLED <-> FILE-OTHER Guitar Pro malformed GPX buffer overflow attempt (file-other.rules) * 1:43971 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIER16 out of bounds access attempt (file-multimedia.rules) * 1:45580 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules) * 1:37055 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:45411 <-> DISABLED <-> POLICY-OTHER TrendMicro ServerProtect server configuration file download detected (policy-other.rules) * 1:36789 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript large regex memory corruption attempt (browser-firefox.rules) * 1:45432 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ResponsePDU (protocol-scada.rules) * 1:38451 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:35758 <-> DISABLED <-> FILE-PDF Adobe Reader exclGroup element null pointer dereference attempt (file-pdf.rules) * 1:41757 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (indicator-compromise.rules) * 1:36548 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (server-other.rules) * 1:38706 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:40050 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:47233 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:48864 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:41701 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DSGetNCChanges attempt (policy-other.rules) * 1:37056 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (policy-other.rules) * 1:42367 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:38705 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:44905 <-> DISABLED <-> FILE-PDF Adobe Acrobat untrusted pointer dereference attempt (file-pdf.rules) * 1:37843 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK possible DoS attempt (server-other.rules) * 1:44066 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:40773 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules) * 1:47280 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:43624 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file InformixServerList processing stack buffer overflow attempt (file-other.rules) * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:47839 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules) * 1:38822 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:39451 <-> DISABLED <-> PROTOCOL-TFTP Comtrol RocketLinx switch reboot request (protocol-tftp.rules) * 1:38360 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (malware-other.rules) * 1:43652 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox large window null pointer dereference attempt (browser-firefox.rules) * 1:43133 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:48921 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:38864 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:44004 <-> DISABLED <-> POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected (policy-other.rules) * 1:39758 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44661 <-> DISABLED <-> SERVER-OTHER D-Link DIR-300 and DIR-600 information disclosure attempt (server-other.rules) * 1:41042 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Dump Boot Code attempt (protocol-scada.rules) * 1:40198 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:45403 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word memory corruption exploit attempt (file-office.rules) * 1:39760 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:44660 <-> DISABLED <-> SERVER-OTHER D-Link DIR-300 and DIR-600 command execution attempt (server-other.rules) * 1:36718 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel memory information disclosure attempt (os-windows.rules) * 1:48313 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:41055 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 End of initialization (protocol-scada.rules) * 1:36786 <-> DISABLED <-> FILE-OTHER Apple SceneKit qlmanage setelementname buffer overflow attempt (file-other.rules) * 1:40922 <-> DISABLED <-> FILE-PDF Iceni Argus loadLZWBuffer out of bounds write attempt (file-pdf.rules) * 1:40164 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:43297 <-> DISABLED <-> SERVER-OTHER Cisco ASA 5500 series denial of service attempt (server-other.rules) * 1:48325 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:41464 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (file-executable.rules) * 1:43677 <-> DISABLED <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt (file-pdf.rules) * 1:43954 <-> DISABLED <-> BROWSER-FIREFOX Mozilla PLUGINSPAGE javascript execution attempt (browser-firefox.rules) * 1:36017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows use after free kernel privilege escalation attempt (os-windows.rules) * 1:38572 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (file-other.rules) * 1:38710 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38571 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (file-other.rules) * 1:40317 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (file-identify.rules) * 1:45545 <-> DISABLED <-> PUA-ADWARE Osx.Adware.Mughthesec outbound connection attempt (pua-adware.rules) * 1:48311 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:43142 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large size value denial of service attempt (protocol-scada.rules) * 1:39777 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules) * 1:39464 <-> DISABLED <-> FILE-EXECUTABLE McAfee LiveSafe malformed executable denial of service attempt (file-executable.rules) * 1:43760 <-> DISABLED <-> PROTOCOL-NNTP Control overflow attempt (protocol-nntp.rules) * 1:45351 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules) * 1:43817 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (os-windows.rules) * 1:37059 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:36383 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:38654 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:47687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules) * 1:39779 <-> DISABLED <-> FILE-OTHER Ubisoft Heroes of Might and Magic III .h3m map file buffer overflow attempt (file-other.rules) * 1:46616 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:43670 <-> DISABLED <-> FILE-OTHER Node.js JS-YAML js function tag code execution attempt (file-other.rules) * 1:39664 <-> DISABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt (file-other.rules) * 1:38685 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:44915 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PrintParams out of bounds array index attempt (file-pdf.rules) * 1:45257 <-> DISABLED <-> BROWSER-OTHER IBM Notes denial of service attempt (browser-other.rules) * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules) * 1:36062 <-> DISABLED <-> FILE-PDF Adobe Reader makeMeasurement information disclosure attempt (file-pdf.rules) * 1:44474 <-> DISABLED <-> MALWARE-OTHER GHBkdr TLS Change Cipher spoof runtime detection (malware-other.rules) * 1:36316 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URI loaded MP4 potential information leak attempt (file-flash.rules) * 1:35917 <-> DISABLED <-> SERVER-OTHER Websense Triton Web Security untrusted remote file creation attempt (server-other.rules) * 1:42342 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:41132 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules) * 1:44207 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules) * 1:36362 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:41947 <-> DISABLED <-> FILE-IMAGE GDI+ malformed EMF description out of bounds read attempt (file-image.rules) * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:41044 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Crash CPU attempt (protocol-scada.rules) * 1:41301 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:35795 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules) * 1:41300 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:45492 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word PlfLfo use after free attempt (file-office.rules) * 1:45440 <-> DISABLED <-> SERVER-OTHER HP LoadRunner remote command execution attempt (server-other.rules) * 1:41528 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:43749 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox BOM character cross site scripting attempt (browser-firefox.rules) * 1:39787 <-> DISABLED <-> PUA-ADWARE Win.Dowadmin.Adware outbound connection detected (pua-adware.rules) * 1:44796 <-> DISABLED <-> FILE-OFFICE Hewlett-Packard Autonomy KeyView library stack-based buffer overflow attempt (file-office.rules) * 1:36608 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (file-flash.rules) * 1:48319 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:46373 <-> DISABLED <-> PROTOCOL-OTHER CLDAP potential reflected distributed denial of service attempt (protocol-other.rules) * 1:45125 <-> DISABLED <-> FILE-OTHER Adobe Shockwave newModel memory disclosure attempt (file-other.rules) * 1:47094 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules) * 1:35765 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules) * 1:48326 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:47032 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:43450 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file double free attempt (file-office.rules) * 1:40912 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Flokibot variant download attempt (malware-other.rules) * 1:42938 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules) * 1:35638 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:36332 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit relay traffic detected (exploit-kit.rules) * 1:37303 <-> DISABLED <-> APP-DETECT Hola VPN X-Hola-Version header attempt (app-detect.rules) * 1:36735 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:38549 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_parse_cmd_extprofile out of bounds read attempt (server-other.rules) * 1:35253 <-> DISABLED <-> SERVER-OTHER LibreOffice Impress socket manager Use After Free attempt (server-other.rules) * 1:40316 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:41737 <-> DISABLED <-> PROTOCOL-SCADA Sunway DOS attempt (protocol-scada.rules) * 1:44948 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:45785 <-> DISABLED <-> FILE-PDF Adobe Reader annotation object out of bounds read attempt (file-pdf.rules) * 1:41027 <-> DISABLED <-> OS-LINUX Linux net af_packet.c tpacket version race condition use after free attempt (os-linux.rules) * 1:47350 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:48894 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - Web Open Font Format evasion attempt (policy-spam.rules) * 1:36067 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:48318 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:40324 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion default credential login attempt (server-other.rules) * 1:41091 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Crash Ethernet attempt (protocol-scada.rules) * 1:38683 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:44122 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (file-other.rules) * 1:38658 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:43946 <-> DISABLED <-> FILE-OTHER Guitar Pro malformed GPX buffer overflow attempt (file-other.rules) * 1:38656 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:43676 <-> DISABLED <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt (file-pdf.rules) * 1:38293 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:40357 <-> DISABLED <-> PUA-ADWARE Win.Trojan.InstantAccess variant outbound connection (pua-adware.rules) * 1:46915 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:45349 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules) * 1:42056 <-> DISABLED <-> PROTOCOL-SCADA Moxa password retrieval attempt (protocol-scada.rules) * 1:45311 <-> DISABLED <-> POLICY-OTHER Vicon Security and Infinova IP cameras IP filer state change (policy-other.rules) * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules) * 1:40532 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (pua-adware.rules) * 1:38500 <-> DISABLED <-> MALWARE-OTHER samsam delfiletype.exe file load attempt (malware-other.rules) * 1:44105 <-> DISABLED <-> SERVER-OTHER WebPageTests upload feature remote file upload attempt (server-other.rules) * 1:43620 <-> DISABLED <-> SERVER-OTHER Real Networks Helix Server RTSP denial of service attempt (server-other.rules) * 1:38697 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38713 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:35564 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime esds atom buffer overread attempt (file-multimedia.rules) * 1:40908 <-> ENABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules) * 1:36384 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:41467 <-> DISABLED <-> SERVER-OTHER InsideSecure MatrixSSL x509 IssuerDomainPolicy remote code execution attempt (server-other.rules) * 1:36733 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:40875 <-> DISABLED <-> FILE-PDF Iceni Argus icnChainAlloc heap corruption attempt (file-pdf.rules) * 1:39806 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:38446 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:40844 <-> DISABLED <-> SERVER-OTHER OpenSSL Invalid CMS structure null pointer dereference attempt (server-other.rules) * 1:44719 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (server-other.rules) * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:43137 <-> DISABLED <-> FILE-OTHER INSAT MasterSCADA malicious project command execution attempt (file-other.rules) * 1:40170 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player use after free attempt (file-flash.rules) * 1:35764 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules) * 1:40321 <-> DISABLED <-> SERVER-APACHE Apache Tomcat credential disclosure attempt (server-apache.rules) * 1:40535 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules) * 1:39596 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:43771 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:41079 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 traffic to/from EXTERNAL_NET (protocol-scada.rules) * 1:43275 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:41065 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Read command (protocol-scada.rules) * 1:48985 <-> DISABLED <-> PROTOCOL-SCADA PCOM Init Device ASCII request (protocol-scada.rules) * 1:41564 <-> DISABLED <-> FILE-OFFICE Microsoft Office imjp12k.dll dll-load exploit attempt (file-office.rules) * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:36403 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SepReferenceLowBoxObjects privilege escalation attempt (os-windows.rules) * 1:45670 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:41762 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:44065 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:41054 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Double point information (protocol-scada.rules) * 1:35544 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:43105 <-> DISABLED <-> SERVER-OTHER Novus WS10 Data Server buffer overflow attempt (server-other.rules) * 1:46910 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows Interrupt Service Routine stack rollback attempt (indicator-compromise.rules) * 1:45687 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded JPEG out of bounds read attempt (file-other.rules) * 1:35640 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object after free attempt (file-flash.rules) * 1:39995 <-> DISABLED <-> POLICY-SOCIAL IRC server connection (policy-social.rules) * 1:44394 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab variant outbound connection detected (pua-adware.rules) * 1:36250 <-> DISABLED <-> SERVER-OTHER ntpd keyfile buffer overflow attempt (server-other.rules) * 1:46711 <-> DISABLED <-> FILE-OTHER Adobe Professional BMP embedded image heap overflow attempt (file-other.rules) * 1:44206 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules) * 1:46958 <-> DISABLED <-> OS-WINDOWS Microsoft Windows hidparse.sys privilege escalation attempt (os-windows.rules) * 1:43348 <-> DISABLED <-> PROTOCOL-SCADA Advantech Studio DOS attempt (protocol-scada.rules) * 1:40090 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineNone property use (indicator-compromise.rules) * 1:40595 <-> DISABLED <-> PUA-ADWARE Win.Adware.CoolMirage outbound ad download attempt (pua-adware.rules) * 1:42085 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:44325 <-> DISABLED <-> FILE-OTHER ZIP file malformed header antivirus evasion attempt (file-other.rules) * 1:41050 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STOPDT CON (protocol-scada.rules) * 1:38714 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:44151 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:36416 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel ALPC synchronous requests memory corruption attempt (os-windows.rules) * 1:36734 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:47095 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules) * 1:35637 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid swf tag parsing buffer overflow attempt (file-flash.rules) * 1:38701 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:44434 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server possible OPTIONS method memory leak attempt (server-apache.rules) * 1:38457 <-> DISABLED <-> POLICY-OTHER Suspicious typo squatting DNS query to .om TLD attempt (policy-other.rules) * 1:43236 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:40054 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40534 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:37299 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules) * 1:38453 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:47332 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (file-other.rules) * 1:37864 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf xref offset out of bounds read attempt (file-pdf.rules) * 1:45042 <-> DISABLED <-> BROWSER-OTHER Adobe Acrobat Pro WebCapture information disclosure attempt (browser-other.rules) * 1:37375 <-> DISABLED <-> SERVER-MAIL Multiple IMAP servers EXAMINE command buffer overflow attempt (server-mail.rules) * 1:38712 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:48922 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:40872 <-> DISABLED <-> FILE-PDF Iceni Argus loadTrailer heap corruption attempt (file-pdf.rules) * 1:41637 <-> DISABLED <-> INDICATOR-COMPROMISE Writable SQL directories discovery attempt (indicator-compromise.rules) * 1:46781 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:41483 <-> DISABLED <-> FILE-OTHER LexMark Perceptive Document Filters BZIP2 convert out of bounds write attempt (file-other.rules) * 1:37643 <-> DISABLED <-> SQL Oracle e-Business Suite ORACLESSWA SQL injection attempt (sql.rules) * 1:43686 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.NemucodAES variant outbound connection (malware-other.rules) * 1:44615 <-> DISABLED <-> INDICATOR-OBFUSCATION suspicious javascript deobfuscation calls attempt (indicator-obfuscation.rules) * 1:40893 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules) * 1:38461 <-> ENABLED <-> OS-WINDOWS DCERPC Bind auth level packet privacy connection detected (os-windows.rules) * 1:37087 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Metafile invalid header size integer overflow (os-windows.rules) * 1:37446 <-> DISABLED <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt (server-other.rules) * 1:44935 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:45434 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-RequestPDU (protocol-scada.rules) * 1:41063 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Parameter value (protocol-scada.rules) * 1:39058 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:46765 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:44110 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:36523 <-> DISABLED <-> EXPLOIT-KIT Sundown exploit kit landing page detected (exploit-kit.rules) * 1:36034 <-> DISABLED <-> FILE-FLASH Infinity popup toolkit detected (file-flash.rules) * 1:45582 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules) * 1:43662 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Servlet information disclosure attempt (server-oracle.rules) * 1:47885 <-> DISABLED <-> FILE-OTHER Microsoft Windows JET Database Engine out-of-bounds write attempt (file-other.rules) * 1:39262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (file-flash.rules) * 1:39902 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (pua-adware.rules) * 1:41462 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (file-executable.rules) * 1:43651 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox large window null pointer dereference attempt (browser-firefox.rules) * 1:36201 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit exfiltration attempt (exploit-kit.rules) * 1:42280 <-> DISABLED <-> FILE-OTHER Adobe Acrobat RARfsClientNP.dll dll-load exploit attempt (file-other.rules) * 1:37340 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:46342 <-> DISABLED <-> SERVER-OTHER QNAP QTS cross site request forgery attempt (server-other.rules) * 1:43094 <-> DISABLED <-> SERVER-OTHER Ecava IntegraXor SCADA information leak attempt (server-other.rules) * 1:36787 <-> DISABLED <-> FILE-OTHER Apple SceneKit qlmanage setelementname buffer overflow attempt (file-other.rules) * 1:45612 <-> DISABLED <-> PROTOCOL-TFTP WRITE long filename attempt (protocol-tftp.rules) * 1:38715 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:42822 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (malware-other.rules) * 1:41658 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.MagicHound dropper document file detected (malware-other.rules) * 1:42352 <-> DISABLED <-> FILE-PDF Poppler readProgressiveSOF out of bounds write attempt (file-pdf.rules) * 1:49030 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Operands binary reply (protocol-scada.rules) * 1:37300 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:43602 <-> DISABLED <-> SERVER-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (server-other.rules) * 1:43106 <-> DISABLED <-> PROTOCOL-SCADA Optima PLC APIFTP denial of service attempt (protocol-scada.rules) * 1:43959 <-> DISABLED <-> SERVER-OTHER Sybase Open Server function pointer array code execution attempt (server-other.rules) * 1:45256 <-> DISABLED <-> BROWSER-OTHER IBM Notes denial of service attempt (browser-other.rules) * 1:48040 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules) * 1:36479 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:45435 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ResponsePDU (protocol-scada.rules) * 1:44369 <-> DISABLED <-> FILE-PDF Nitro Pro malformed object index buffer overflow attempt (file-pdf.rules) * 1:45919 <-> DISABLED <-> EXPLOIT-KIT Sundown/Terror EK landing page attempt (exploit-kit.rules) * 1:41068 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Set point command (protocol-scada.rules) * 1:48966 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:47230 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules) * 1:43252 <-> DISABLED <-> PROTOCOL-SCADA IEC 61850 device connection enumeration attempt (protocol-scada.rules) * 1:43525 <-> DISABLED <-> SERVER-OTHER Cisco ASA malformed SCCP packet denial of service attempt (server-other.rules) * 1:43750 <-> DISABLED <-> FILE-OTHER Sorensoft Media Player asz file buffer overflow attempt (file-other.rules) * 1:45781 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:49014 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Data Table binary request (protocol-scada.rules) * 1:41925 <-> DISABLED <-> FILE-OTHER Notepad++ scilexer.dll dll-load exploit attempt (file-other.rules) * 1:35545 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:37499 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Basefont string overflow attempt (file-pdf.rules) * 1:44623 <-> DISABLED <-> POLICY-OTHER EMC Autostart default domain login attempt (policy-other.rules) * 1:47990 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules) * 1:43540 <-> DISABLED <-> FILE-OTHER Aktiv Player wma file buffer overflow attempt (file-other.rules) * 1:41303 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:48935 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:46387 <-> DISABLED <-> SERVER-OTHER Multiple Vendors NTP zero-origin timestamp denial of service attempt (server-other.rules) * 1:38583 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_parse_cmd_suggestcontacts out of bounds read attempt (server-other.rules) * 1:36317 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URI loaded FLV potential information leak attempt (file-flash.rules) * 1:37417 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT server file download (malware-backdoor.rules) * 1:39150 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT negative message length underflow attempt (server-other.rules) * 1:48992 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Integers ASCII request (protocol-scada.rules) * 1:39660 <-> DISABLED <-> FILE-OTHER Oracle OIT gem metafile n_integers heap buffer overflow attempt (file-other.rules) * 1:46123 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:48347 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:46075 <-> DISABLED <-> FILE-OTHER Microsoft Windows Remote Assistance external entity remote file download attempt (file-other.rules) * 1:41076 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 double command issued (protocol-scada.rules) * 1:37422 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT server file download (malware-backdoor.rules) * 1:40187 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:43139 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large data allocation denial of service attempt (protocol-scada.rules) * 1:37281 <-> DISABLED <-> FILE-OTHER Microsoft Office MScomctl.ocx memory leak attempt (file-other.rules) * 1:43541 <-> DISABLED <-> FILE-OTHER Aktiv Player wma file buffer overflow attempt (file-other.rules) * 1:38290 <-> DISABLED <-> FILE-PDF Oracle IOT IX SDK libvs_pdf null pointer dereference attempt (file-pdf.rules) * 1:36854 <-> DISABLED <-> FILE-OTHER IDEAL Administration IPJ file handling stack overflow attempt (file-other.rules) * 1:43092 <-> DISABLED <-> INDICATOR-COMPROMISE OLE attachment with embedded PICT attempt (indicator-compromise.rules) * 1:43261 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:37524 <-> DISABLED <-> FILE-OTHER ReGet Deluxe wjr file buffer overflow attempt (file-other.rules) * 1:46394 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file attachment detected (file-identify.rules) * 1:37649 <-> DISABLED <-> FILE-OTHER Sophos Anti-Virus reserved device name handling vulnerability attempt (file-other.rules) * 1:42281 <-> DISABLED <-> OS-SOLARIS Solaris catflap telnet remote code execution attempt (os-solaris.rules) * 1:35567 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid mvhd atom size out of bounds read attempt (file-multimedia.rules) * 1:37339 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:44123 <-> DISABLED <-> FILE-OTHER EMF EMR_EXTTEXTOUTW record memory corruption attempt (file-other.rules) * 1:36887 <-> DISABLED <-> POLICY-OTHER self-signed SSL certificate eDellRoot use attempt (policy-other.rules) * 1:35849 <-> DISABLED <-> POLICY-OTHER EMC Documentum Content Server remote access attempt (policy-other.rules) * 1:38700 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:46420 <-> DISABLED <-> OS-WINDOWS Microsoft Windows XXE information disclosure attempt (os-windows.rules) * 1:43387 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:42230 <-> DISABLED <-> INDICATOR-COMPROMISE RTF url moniker COM file download attempt (indicator-compromise.rules) * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (file-identify.rules) * 1:37442 <-> ENABLED <-> FILE-OTHER Adobe Flash Player javascript parsing cross site scripting attempt (file-other.rules) * 1:48039 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules) * 1:41531 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41072 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Test command with time tag (protocol-scada.rules) * 1:46674 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:36529 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:45535 <-> DISABLED <-> FILE-OTHER Ghostscript eqproc type confusion attempt (file-other.rules) * 1:43144 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX arbitrary memory disclosure attempt (protocol-scada.rules) * 1:47820 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid Diffie-Hellman parameter NULL pointer dereference attempt (server-other.rules) * 1:39362 <-> DISABLED <-> INDICATOR-COMPROMISE User-Agent blank user-agent string (indicator-compromise.rules) * 1:38328 <-> ENABLED <-> MALWARE-BACKDOOR ReGeorg socks proxy connection attempt (malware-backdoor.rules) * 1:39900 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (pua-adware.rules) * 1:40163 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:41305 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:39071 <-> DISABLED <-> SERVER-OTHER Aruba Networks IAP PAPI authentication bypass attempt (server-other.rules) * 1:44651 <-> DISABLED <-> NETBIOS SMB NTLMSSP authentication brute force attempt (netbios.rules) * 1:39729 <-> DISABLED <-> INDICATOR-COMPROMISE Content-Type image containing Portable Executable data (indicator-compromise.rules) * 1:35469 <-> ENABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35283 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (file-flash.rules) * 1:38653 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:48986 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set UnitID ASCII request (protocol-scada.rules) * 1:38686 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:41097 <-> DISABLED <-> SERVER-OTHER Moxa AWK-3131A serviceAgent information disclosure attempt (server-other.rules) * 1:47962 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules) * 1:36407 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (os-windows.rules) * 1:47889 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:37407 <-> DISABLED <-> FILE-OTHER librtmp invalid pointer dereference attempt (file-other.rules) * 1:37869 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:47269 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:37342 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:48861 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:36378 <-> DISABLED <-> BROWSER-OTHER Google Chrome invalid URI denial of service attempt (browser-other.rules) * 1:43730 <-> DISABLED <-> SERVER-OTHER multiple vulnerabilities malformed mp3 buffer overflow attempt (server-other.rules) * 1:43633 <-> DISABLED <-> FILE-EXECUTABLE SandboxEscaper WER download attempt (file-executable.rules) * 1:41778 <-> ENABLED <-> PROTOCOL-SCADA Yokogawa CS3000 BKFSim_vhfd buffer overflow attempt (protocol-scada.rules) * 1:35334 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:40296 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (file-image.rules) * 1:47275 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:46909 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows Interrupt Service Routine stack rollback attempt (indicator-compromise.rules) * 1:48967 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:43260 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:48212 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out-of-bounds write attempt (file-pdf.rules) * 1:40065 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (os-windows.rules) * 1:47093 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules) * 1:35787 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader trusted function privilege escalation attempt (file-pdf.rules) * 1:35995 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop window privilege escalation attempt (os-windows.rules) * 1:43795 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (file-other.rules) * 1:36096 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake oversized fragment length denial of service attempt (server-other.rules) * 1:40084 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationBlink property use (indicator-compromise.rules) * 1:42231 <-> DISABLED <-> FILE-OFFICE RTF url moniker COM file download attempt (file-office.rules) * 1:38862 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file download request (file-identify.rules) * 1:48312 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:42876 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:35797 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file download request (file-identify.rules) * 1:36248 <-> DISABLED <-> SERVER-OTHER IRC w3wt0rk pitbull perl bot remote command execution attempt (server-other.rules) * 1:38271 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt (server-other.rules) * 1:38548 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling null pointer dereference attempt (server-other.rules) * 1:47267 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:44647 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB2 transfer attempt (malware-other.rules) * 1:41527 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:43397 <-> DISABLED <-> SERVER-OTHER Proface GP-Pro EX EX-ED BeginPreRead stack buffer overflow attempt (server-other.rules) * 1:44024 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:43442 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Sorebrect download attempt (malware-other.rules) * 1:35774 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:45152 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft MsMpEng shrink compressed zip code execution attempt (indicator-compromise.rules) * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:37354 <-> DISABLED <-> APP-DETECT Jenkins Groovy script access through script console attempt (app-detect.rules) * 1:44064 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:38060 <-> DISABLED <-> POLICY-OTHER SSLv2 Client Hello attempt (policy-other.rules) * 1:35249 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules) * 1:46672 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:41604 <-> DISABLED <-> FILE-FLASH Adobe Flash player BitmapData class use after free attempt (file-flash.rules) * 1:47318 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds write attempt (file-pdf.rules) * 1:37404 <-> DISABLED <-> SERVER-OTHER Easy Chat server authentication request username parameter overflow attempt (server-other.rules) * 1:40458 <-> DISABLED <-> BROWSER-OTHER Android browser file exfiltration attempt (browser-other.rules) * 1:44320 <-> DISABLED <-> SERVER-OTHER Symantec Firewalls DNS response denial of service attempt (server-other.rules) * 1:40460 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:46327 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed PageManagementService persistent XSS attempt (server-apache.rules) * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:46797 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:38866 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:48222 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantomPDF use after free exploitation attempt (file-pdf.rules) * 1:42271 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:39661 <-> DISABLED <-> FILE-OTHER Oracle OIT gem metafile n_integers heap buffer overflow attempt (file-other.rules) * 1:41648 <-> DISABLED <-> PROTOCOL-SCADA SCADA Trace Mode DoS attempt (protocol-scada.rules) * 1:37432 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ExtGState use after free attempt (file-pdf.rules) * 1:45164 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 3 dump request attempt (policy-other.rules) * 1:48932 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:38130 <-> DISABLED <-> POLICY-OTHER HTTP Request missing user-agent (policy-other.rules) * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:44586 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx object type confusion attempt (file-office.rules) * 1:38323 <-> DISABLED <-> FILE-OTHER 7zip HFS+ handling heap buffer overflow attempt (file-other.rules) * 1:41309 <-> DISABLED <-> FILE-OTHER Dell Precision Optimizer dll-load exploit attempt (file-other.rules) * 1:48323 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:40842 <-> DISABLED <-> PUA-OTHER Bitcoin Mining extranonce Stratum protocol subscribe client request attempt (pua-other.rules) * 1:36278 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36461 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost sadminpwd buffer overflow attempt (server-other.rules) * 1:49021 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Ouputs ASCII reply (protocol-scada.rules) * 1:46931 <-> DISABLED <-> INDICATOR-COMPROMISE dynamic Excel web query file download attempt (indicator-compromise.rules) * 1:35432 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:45166 <-> DISABLED <-> POLICY-OTHER RPC Portmapper getstat request attempt (policy-other.rules) * 1:41796 <-> DISABLED <-> POLICY-OTHER Cisco IOS privileged user configuration transfer via TFTP detected (policy-other.rules) * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:48571 <-> DISABLED <-> MALWARE-TOOLS JexBoss User-Agent detected (malware-tools.rules) * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:45584 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP SIP servers discovery attempt (protocol-voip.rules) * 1:38853 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules) * 1:43233 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:48863 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:38922 <-> DISABLED <-> INDICATOR-OBFUSCATION Brotli encoding evasion attempt (indicator-obfuscation.rules) * 1:45719 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader OCG heap overflow attempt (file-pdf.rules) * 1:40323 <-> ENABLED <-> SERVER-OTHER Adobe ColdFusion RDS admin bypass attempt (server-other.rules) * 1:44374 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid hash algorithm (server-other.rules) * 1:42000 <-> DISABLED <-> SERVER-OTHER WolfSSL X509 parsing off-by-one code execution attempt (server-other.rules) * 1:36462 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost verifypwd buffer overflow attempt (server-other.rules) * 1:43065 <-> DISABLED <-> INDICATOR-COMPROMISE Trend Micro Control Manager WFINFOR cookie authentication bypass attempt (indicator-compromise.rules) * 1:39977 <-> DISABLED <-> SERVER-OTHER BGP invalid length (server-other.rules) * 1:44050 <-> DISABLED <-> BROWSER-OTHER Apple Safari document.write buffer overflow attempt (browser-other.rules) * 1:36035 <-> DISABLED <-> FILE-FLASH Infinity popup toolkit detected (file-flash.rules) * 1:48576 <-> DISABLED <-> PROTOCOL-SCADA PNIO-CM Connect Operation (protocol-scada.rules) * 1:39772 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:43131 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:42304 <-> DISABLED <-> FILE-OTHER fwpuclnt dll-load exploit attempt (file-other.rules) * 1:47907 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules) * 1:41057 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Integrated totals (protocol-scada.rules) * 1:48351 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:40094 <-> DISABLED <-> INDICATOR-SCAN Microsoft Internet Explorer AnchorElement information disclosure attempt (indicator-scan.rules) * 1:39706 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:48968 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:46725 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (file-image.rules) * 1:43945 <-> DISABLED <-> FILE-OTHER Magic Music Editor malformed CDA buffer overflow attempt (file-other.rules) * 1:45880 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF listoverride memory corruption attempt (file-office.rules) * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:47196 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:46729 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS out of bounds read attempt (file-other.rules) * 1:44056 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules) * 1:43573 <-> DISABLED <-> SERVER-OTHER Cisco IOS DHCP denial of service attempt (server-other.rules) * 1:43514 <-> DISABLED <-> SERVER-OTHER Cisco IOS authentication proxy authentication request attempt (server-other.rules) * 1:38377 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:37334 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:44039 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Launch action buffer overflow attempt (file-pdf.rules) * 1:42846 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF heap overflow attempt (file-image.rules) * 1:37431 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ExtGState use after free attempt (file-pdf.rules) * 1:43682 <-> DISABLED <-> FILE-OTHER Xion Media Player AIFF denial of service attempt (file-other.rules) * 1:44979 <-> DISABLED <-> FILE-PDF Foxit Reader util printf information disclosure attempt (file-pdf.rules) * 1:49018 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Bits ASCII reply (protocol-scada.rules) * 1:48320 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:43641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (file-office.rules) * 1:42937 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules) * 1:46304 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ JMS ObjectMessage deserialization attempt (server-other.rules) * 1:41047 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STARTDT ACT (protocol-scada.rules) * 1:37028 <-> DISABLED <-> PROTOCOL-OTHER Websocket upgrade request without a client key detected (protocol-other.rules) * 1:47315 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (file-image.rules) * 1:40485 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:37496 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter compressed stream length code execution attempt (file-pdf.rules) * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules) * 1:38852 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules) * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:39443 <-> DISABLED <-> PUA-ADWARE Win.Adware.InstallFaster variant outbound connection attempt (pua-adware.rules) * 1:43333 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules) * 1:35460 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallWrapper error handling code execution attempt (browser-firefox.rules) * 1:44114 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:45023 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules) * 1:39108 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:46448 <-> DISABLED <-> POLICY-OTHER TP-Link device enable remote management attempt (policy-other.rules) * 1:43976 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Hermit variant malicious dropper download attempt (malware-other.rules) * 1:41756 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (indicator-compromise.rules) * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:42109 <-> DISABLED <-> PROTOCOL-SCADA invalid modbus protocol identifier (protocol-scada.rules) * 1:48309 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:39594 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:43926 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA javascript use after free exploitation attempt (file-pdf.rules) * 1:40530 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (pua-adware.rules) * 1:47874 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (file-image.rules) * 1:46669 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:36305 <-> DISABLED <-> FILE-PDF Foxit Reader PNG to PDF conversion heap buffer overflow attempt (file-pdf.rules) * 1:35777 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:49005 <-> DISABLED <-> PROTOCOL-SCADA PCOM Reset Device ASCII request (protocol-scada.rules) * 1:35384 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nicabown variant outbound connection (malware-backdoor.rules) * 1:43132 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:44109 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:37420 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT initial connection (malware-backdoor.rules) * 1:39781 <-> DISABLED <-> FILE-OTHER Ubisoft Heroes of Might and Magic III .h3m map file buffer overflow attempt (file-other.rules) * 1:47838 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules) * 1:48324 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:44355 <-> DISABLED <-> FILE-IMAGE Free Opener malformed JPEG file buffer overflow attempt (file-image.rules) * 1:44784 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (file-identify.rules) * 1:38342 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf Root xref stack exhaustion attempt (file-pdf.rules) * 1:39676 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:43828 <-> DISABLED <-> FILE-OTHER Snackamp malformed AIFF buffer overflow attempt (file-other.rules) * 1:49027 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Ouputs ASCII reply (protocol-scada.rules) * 1:38263 <-> DISABLED <-> SERVER-OTHER CUPS Filters command injection attempt (server-other.rules) * 1:48338 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:43054 <-> DISABLED <-> OS-WINDOWS Microsoft Windows IIS buffer overflow attempt (os-windows.rules) * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:49050 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC S7-1500 remote denial of service attempt (protocol-scada.rules) * 1:49033 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Data Table binary reply (protocol-scada.rules) * 1:38376 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:48936 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:41761 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:42458 <-> DISABLED <-> PROTOCOL-DNS ISC BIND unexpected DNAME CNAME ordering denial of service attempt (protocol-dns.rules) * 1:43826 <-> DISABLED <-> BROWSER-OTHER Opera animation element denial of service attempt (browser-other.rules) * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:46880 <-> DISABLED <-> SERVER-OTHER BMC Server Automation RSCD Agent remote code execution attempt (server-other.rules) * 1:41651 <-> DISABLED <-> SERVER-OTHER Schneider Electric ETY Telnet DOS attempt (server-other.rules) * 1:35796 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules) * 1:39638 <-> DISABLED <-> MALWARE-TOOLS Win.Packer.ConfuserEx packed .NET executable attempt (malware-tools.rules) * 1:37332 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:38373 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:47541 <-> DISABLED <-> SERVER-MAIL EHLO user overflow attempt (server-mail.rules) * 1:37497 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter encrypted stream code execution attempt (file-pdf.rules) * 1:47382 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (file-image.rules) * 1:48339 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:42349 <-> DISABLED <-> PROTOCOL-SCADA InduSoft Web Studio CEServer buffer overflow attempt (protocol-scada.rules) * 1:38525 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Troll dropper document file detected (malware-other.rules) * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (policy-other.rules) * 1:35550 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:46979 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office Discovery User-Agent to a potential URL shortener service (indicator-compromise.rules) * 1:37863 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:38526 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Troll dropper document file detected (malware-other.rules) * 1:45207 <-> DISABLED <-> PROTOCOL-SCADA WelinTech Kingview History Server denial of service attempt (protocol-scada.rules) * 1:37330 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:40161 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:42127 <-> DISABLED <-> PROTOCOL-SCADA Eaton Network Pi3Web DOS attempt (protocol-scada.rules) * 1:36419 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:35527 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:45476 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox HTTP index format out of bounds read attempt (browser-firefox.rules) * 1:48928 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:39047 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Internet Security kl1.sys out of bounds read attempt (file-executable.rules) * 1:44825 <-> DISABLED <-> OS-WINDOWS Microsoft Edge out of bounds write attempt (os-windows.rules) * 1:45576 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Function focus overflow attempt (browser-firefox.rules) * 1:43632 <-> DISABLED <-> FILE-EXECUTABLE SandboxEscaper WER download attempt (file-executable.rules) * 1:43104 <-> DISABLED <-> PROTOCOL-SCADA OPC Systems denial of service attempt (protocol-scada.rules) * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:46619 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:43841 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:35851 <-> DISABLED <-> SERVER-OTHER QEMU VNC set-pixel-format memory corruption attempt (server-other.rules) * 1:40165 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:45579 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules) * 1:45565 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant download attempt (malware-other.rules) * 1:44650 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB transfer attempt (malware-other.rules) * 1:40173 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player out of bounds memory access attempt (file-flash.rules) * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules) * 1:48914 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:43542 <-> DISABLED <-> SERVER-OTHER CCProxy telnet ping buffer overflow attempt (server-other.rules) * 1:40320 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:47129 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules) * 1:40391 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file download request (file-identify.rules) * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:37355 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page detected (exploit-kit.rules) * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules) * 1:45071 <-> DISABLED <-> SERVER-SAMBA Samba write and unlock command memory leak attempt (server-samba.rules) * 1:44120 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record crash attempt (file-other.rules) * 1:47886 <-> DISABLED <-> FILE-OTHER Microsoft Windows JET Database Engine out-of-bounds write attempt (file-other.rules) * 1:46375 <-> DISABLED <-> SERVER-OTHER DualDesk v20 Proxy.exe long string denial of service attempt (server-other.rules) * 1:37452 <-> DISABLED <-> FILE-IDENTIFY PESpin v0.3 packer file magic detected (file-identify.rules) * 1:37314 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (file-pdf.rules) * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:35977 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateObjectTask privilege escalation attempt (os-windows.rules) * 1:35826 <-> DISABLED <-> FILE-OTHER TAR archive with absolute path detected (file-other.rules) * 1:44758 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (file-other.rules) * 1:38546 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT table markup command out of bounds read attempt (server-other.rules) * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:43349 <-> DISABLED <-> SERVER-OTHER Karjasoft Sami HTTP Server denial of service attempt (server-other.rules) * 1:43298 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit WebCore CSSSelector denial of service attempt (browser-webkit.rules) * 1:37060 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:38306 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules) * 1:39637 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ranscam initial download attempt (malware-other.rules) * 1:39757 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:36360 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:38374 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:44180 <-> DISABLED <-> FILE-OTHER Bluezone Desktop buffer overflow attempt (file-other.rules) * 1:37366 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST hostname overflow attempt (os-windows.rules) * 1:39450 <-> DISABLED <-> PROTOCOL-TFTP Firmware upgrade request (protocol-tftp.rules) * 1:43073 <-> DISABLED <-> SQL SysAid potential default credential login attempt (sql.rules) * 1:44889 <-> DISABLED <-> PUA-TOOLBARS WidgiToolbar toolbar runtime detection (pua-toolbars.rules) * 1:39745 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.FakeRean outbound connection detection (malware-other.rules) * 1:38661 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:48569 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell download (malware-tools.rules) * 1:36493 <-> DISABLED <-> SERVER-OTHER Squid snmphandleUDP off-by-one buffer overflow attempt (server-other.rules) * 1:44143 <-> DISABLED <-> SERVER-OTHER LCDproc test_func format string code execution attempt (server-other.rules) * 1:38529 <-> DISABLED <-> MALWARE-OTHER XBot CC Social Engineering (malware-other.rules) * 1:36748 <-> ENABLED <-> FILE-IDENTIFY TTF file attachment detected (file-identify.rules) * 1:44865 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer OLE auto-open attempt (indicator-compromise.rules) * 1:38339 <-> DISABLED <-> FILE-JAVA Oracle Java Class Loader namespace sandbox bypass attempt (file-java.rules) * 1:43161 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:44181 <-> DISABLED <-> FILE-OTHER Bluezone Desktop buffer overflow attempt (file-other.rules) * 1:48223 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantomPDF use after free exploitation attempt (file-pdf.rules) * 1:36547 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (server-other.rules) * 1:38989 <-> DISABLED <-> MALWARE-TOOLS TorStresser http DoS tool (malware-tools.rules) * 1:46381 <-> DISABLED <-> INDICATOR-COMPROMISE Potential data exfiltration through Google form submission (indicator-compromise.rules) * 1:45380 <-> DISABLED <-> SERVER-OTHER Sixnet SixView Manager directory traversal attempt (server-other.rules) * 1:44662 <-> DISABLED <-> SERVER-OTHER D-Link DIR-300 and DIR-600 information disclosure attempt (server-other.rules) * 1:46403 <-> DISABLED <-> NETBIOS SMB NTLM Authentication with unknown authentication message type attempt (netbios.rules) * 1:46078 <-> DISABLED <-> FILE-IMAGE Gifsicle gifread double-free attempt (file-image.rules) * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:46908 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows processor modification return to user-mode attempt (indicator-compromise.rules) * 1:41090 <-> DISABLED <-> SERVER-OTHER Rockwell Factorytalk RNADiagReceiver denial of service attempt (server-other.rules) * 1:43842 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP response format string exploit attempt (file-other.rules) * 1:47875 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (file-image.rules) * 1:45544 <-> DISABLED <-> FILE-OTHER WinAce RAR file directory traversal attempt (file-other.rules) * 1:40390 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules) * 1:38699 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:39666 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:46393 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file detected (file-identify.rules) * 1:35514 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtGdiGetTextMetricsW TEXTMETRICW kernel mode ASLR bypass attempt (os-windows.rules) * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules) * 1:35689 <-> DISABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml buffer overflow attempt (protocol-other.rules) * 1:43843 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:46716 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader use after free attempt (file-pdf.rules) * 1:41066 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Regulating step command (protocol-scada.rules) * 1:44920 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusRectF out of bounds read attempt (file-other.rules) * 1:35845 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules) * 1:42420 <-> DISABLED <-> SERVER-OTHER HP Operations Agent for NonStop server HEALTH packet parsing stack buffer overflow attempt (server-other.rules) * 1:46317 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules) * 1:47366 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:38550 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling splash_remove directory traversal attempt (server-other.rules) * 1:42318 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream width out of bounds read attempt (file-pdf.rules) * 1:48146 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip variant runtime detection (malware-backdoor.rules) * 1:40389 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules) * 1:47413 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic T3 inbound connection detected (policy-other.rules) * 1:44113 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:43443 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Sorebrect download attempt (malware-other.rules) * 1:43944 <-> DISABLED <-> FILE-OTHER multiple products malformed CUE file buffer overflow attempt (file-other.rules) * 1:42058 <-> DISABLED <-> PROTOCOL-SCADA Moxa unlock function code attempt (protocol-scada.rules) * 1:47231 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules) * 1:41603 <-> DISABLED <-> FILE-FLASH Adobe Flash player BitmapData class use after free attempt (file-flash.rules) * 1:48987 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get UnitID ASCII request (protocol-scada.rules) * 1:45747 <-> DISABLED <-> SERVER-OTHER CloudMe Sync Client stack buffer overflow attempt (server-other.rules) * 1:46618 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:37310 <-> DISABLED <-> BROWSER-CHROME Google Chrome MOTW pageSerializer HTML injection attempt (browser-chrome.rules) * 1:35529 <-> DISABLED <-> FILE-OTHER Microsoft Windows malformed TTF table hmtx remote code execution attempt (file-other.rules) * 1:43644 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox display moz-deck style memory corruption attempt (browser-firefox.rules) * 1:38641 <-> DISABLED <-> INDICATOR-OBFUSCATION Invalid header line evasion attempt (indicator-obfuscation.rules) * 1:44112 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:35554 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (server-mail.rules) * 1:39904 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 download attempt (malware-other.rules) * 1:41060 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 List directory (protocol-scada.rules) * 1:43626 <-> DISABLED <-> FILE-OTHER Schneider Electric MaxStream Configuration X-CTU code execution attempt (file-other.rules) * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:40990 <-> DISABLED <-> OS-WINDOWS empty PostScript Type 1 font pfb file null dereference attempt (os-windows.rules) * 1:40459 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:38689 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:48310 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:42224 <-> DISABLED <-> SERVER-OTHER Moxa MX-AOPC XML external entity injection attempt (server-other.rules) * 1:43103 <-> DISABLED <-> PROTOCOL-SCADA Weintek EasyBuilder Pro denial of service attempt (protocol-scada.rules) * 1:43227 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 force off denial of service attempt (protocol-scada.rules) * 1:42257 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules) * 1:37017 <-> DISABLED <-> SERVER-OTHER Redis SSH authorized keys file overwrite attempt (server-other.rules) * 1:46366 <-> ENABLED <-> PUA-OTHER CryptoNight webassembly download attempt (pua-other.rules) * 1:37861 <-> DISABLED <-> SERVER-OTHER SafeNEt SoftRemote IKE service buffer overflow attempt (server-other.rules) * 1:36711 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file attachment detected (file-identify.rules) * 1:38854 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules) * 1:37328 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:43766 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL null menu memory corruption attempt (browser-firefox.rules) * 1:40537 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:38703 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:43581 <-> DISABLED <-> SERVER-OTHER Oracle DBMS AUTH_ALTER_SESSION SQL injection attempt (server-other.rules) * 1:48134 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules) * 1:41532 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:48920 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:43918 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:46383 <-> DISABLED <-> SERVER-OTHER Micro Focus Operations Orchestration information disclosure attempt (server-other.rules) * 1:39682 <-> DISABLED <-> PUA-ADWARE Win.Adware.EoRezo outbound ad download attempt (pua-adware.rules) * 1:35418 <-> DISABLED <-> SERVER-OTHER Fortinet Single Sign On hello message denial of service attempt (server-other.rules) * 1:35876 <-> DISABLED <-> FILE-OTHER InduSoft Web Studio insecure visual basic code execution attempt (file-other.rules) * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules) * 1:43966 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .doc file denial of service attempt (os-windows.rules) * 1:42928 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office with embedded EPS download attempt (indicator-compromise.rules) * 1:43834 <-> DISABLED <-> FILE-OTHER Bmxplay malformed BMX buffer overflow attempt (file-other.rules) * 1:39918 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt (file-executable.rules) * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules) * 1:48135 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules) * 1:44375 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid signature algorithm (server-other.rules) * 1:39671 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules) * 1:36805 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet request for peerdistsvc.dll over SMB attempt (os-windows.rules) * 1:46417 <-> DISABLED <-> SERVER-OTHER X.509 IPAddressFamily extension buffer overread attempt (server-other.rules) * 1:44010 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox empty lookupGetter dangling pointer attempt (browser-firefox.rules) * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:39598 <-> DISABLED <-> FILE-MULTIMEDIA Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt (file-multimedia.rules) * 1:47044 <-> DISABLED <-> INDICATOR-COMPROMISE Atvise SCADA privilege escalation attempt (indicator-compromise.rules) * 1:43638 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (file-office.rules) * 1:49011 <-> DISABLED <-> PROTOCOL-SCADA PCOM Identification ASCII reply (protocol-scada.rules) * 1:48205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Filter Manager Elevation Of Privilege attempt (os-windows.rules) * 1:48930 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:38502 <-> DISABLED <-> MALWARE-OTHER samsam sqlsrvtmg1.exe file load attempt (malware-other.rules) * 1:39786 <-> DISABLED <-> PUA-ADWARE Win.Dowadmin.Adware outbound connection detected (pua-adware.rules) * 1:48109 <-> DISABLED <-> SERVER-OTHER Aktakom oscilloscope denial of service attempt (server-other.rules) * 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (server-other.rules) * 1:47370 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (file-other.rules) * 1:36478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:38578 <-> DISABLED <-> SERVER-OTHER Pidgin multimx_message_received out of bounds read attempt (server-other.rules) * 1:43565 <-> DISABLED <-> APP-DETECT HTTPTunnel proxy outbound connection detected (app-detect.rules) * 1:40871 <-> DISABLED <-> MALWARE-OTHER Virut CnC command reply (malware-other.rules) * 1:36719 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel memory information disclosure attempt (os-windows.rules) * 1:39986 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt (indicator-compromise.rules) * 1:44786 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (file-identify.rules) * 1:35773 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (file-identify.rules) * 1:43162 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:40895 <-> DISABLED <-> FILE-OTHER R Project PDF encoding buffer overflow attempt (file-other.rules) * 1:38650 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:35770 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Cobrike outbound connection (malware-backdoor.rules) * 1:39109 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:42317 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream width out of bounds read attempt (file-pdf.rules) * 1:36501 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:42824 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (malware-other.rules) * 1:45720 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader OCG heap overflow attempt (file-pdf.rules) * 1:37418 <-> ENABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (malware-backdoor.rules) * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:38698 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:44119 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record crash attempt (file-other.rules) * 1:38666 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP header invalid entry evasion attempt (indicator-obfuscation.rules) * 1:40874 <-> DISABLED <-> FILE-PDF Iceni Argus icnChainAlloc heap corruption attempt (file-pdf.rules) * 1:45356 <-> DISABLED <-> FILE-FLASH Adobe Flash Player null pointer dereference attempt (file-flash.rules) * 1:45759 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View built-in function WebGetFile usage attempt (policy-other.rules) * 1:36973 <-> DISABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules) * 1:40189 <-> DISABLED <-> POLICY-OTHER SSH weak 3DES cipher suite use attempt (policy-other.rules) * 1:40172 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player out of bounds memory access attempt (file-flash.rules) * 1:35784 <-> DISABLED <-> FILE-PDF Adobe Reader AcroForm null pointer dereference attempt (file-pdf.rules) * 1:47312 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:36856 <-> DISABLED <-> FILE-IMAGE Microsoft Windows malformed WMF meta escape record memory corruption attempt (file-image.rules) * 1:46447 <-> DISABLED <-> POLICY-OTHER TP-Link device reboot attempt (policy-other.rules) * 1:47365 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:43232 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:48997 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Integers ASCII request (protocol-scada.rules) * 1:36527 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:44932 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file embedded JPEG invalid SOS data memory corruption attempt (file-other.rules) * 1:40598 <-> DISABLED <-> INDICATOR-COMPROMISE shell script download with curl from external source (indicator-compromise.rules) * 1:47157 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (file-image.rules) * 1:37282 <-> DISABLED <-> FILE-OTHER Microsoft Office MScomctl.ocx memory leak attempt (file-other.rules) * 1:40361 <-> DISABLED <-> BROWSER-OTHER Android Browser potential denial of service attempt (browser-other.rules) * 1:41525 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:35988 <-> DISABLED <-> FILE-EXECUTABLE NtGdiStretchBlt buffer overflow privilege escalation attempt (file-executable.rules) * 1:38696 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38665 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:45029 <-> DISABLED <-> FILE-PDF JPEG2000 image coding style default information disclosure attempt (file-pdf.rules) * 1:39906 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 download attempt (malware-other.rules) * 1:36405 <-> DISABLED <-> OS-WINDOWS Microsoft Windows sandbox policy bypass attempt (os-windows.rules) * 1:41465 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (file-executable.rules) * 1:37635 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SPNEGO ASN.1 library heap corruption overflow attempt (os-windows.rules) * 1:44479 <-> DISABLED <-> PROTOCOL-DNS dnsmasq overly large DNS query denial of service attempt (protocol-dns.rules) * 1:44121 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (file-other.rules) * 1:48991 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Bits ASCII request (protocol-scada.rules) * 1:35776 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35314 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_proxy denial of service attempt (server-apache.rules) * 1:45398 <-> DISABLED <-> PUA-ADWARE Osx.Adware.SurfBuyer adware outbound connection detected (pua-adware.rules) * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules) * 1:37298 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules) * 1:38863 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:47153 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:48249 <-> DISABLED <-> SERVER-OTHER GP ProEX WinGP Runtime directory traversal attempt (server-other.rules) * 1:35994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop window privilege escalation attempt (os-windows.rules) * 1:35986 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserSetWindowsHook memory disclosure attempt (os-windows.rules) * 1:36500 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:44694 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules) * 1:43143 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX arbitrary memory disclosure attempt (protocol-scada.rules) * 1:36524 <-> DISABLED <-> FILE-JAVA Oracle Java TrueType font parsing mort table ligature subtable buffer overflow attempt (file-java.rules) * 1:43138 <-> DISABLED <-> FILE-OTHER INSAT MasterSCADA malicious project command execution attempt (file-other.rules) * 1:43767 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox floating layer denial of service attempt (browser-firefox.rules) * 1:41989 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Com Session Moniker pivilege escalation attempt (file-executable.rules) * 1:39584 <-> DISABLED <-> SERVER-OTHER EasyCafe Server remote file access attempt (server-other.rules) * 1:36308 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (file-image.rules) * 1:47352 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:44679 <-> DISABLED <-> SERVER-OTHER Beetel Connection Manager username buffer overflow attempt (server-other.rules) * 1:35665 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules) * 1:46617 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:41807 <-> DISABLED <-> POLICY-OTHER SSLv3 Client Hello attempt (policy-other.rules) * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:47313 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:45684 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro BMP out of bounds read attempt (file-image.rules) * 1:40091 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineOverline property use (indicator-compromise.rules) * 1:47939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules) * 1:42344 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:42261 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules) * 1:43123 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Password read or write attempt (indicator-compromise.rules) * 1:42266 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42872 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:35641 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:48331 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:44957 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed XObject use after free attempt (file-pdf.rules) * 1:40774 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules) * 1:49015 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get PLC Name binary request (protocol-scada.rules) * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (policy-other.rules) * 1:39928 <-> ENABLED <-> MALWARE-OTHER pisloader DNS open command response attempt (malware-other.rules) * 1:44476 <-> DISABLED <-> PUA-ADWARE Win.Adware.OutBrowse variant outbound connection detected (pua-adware.rules) * 1:46409 <-> DISABLED <-> OS-WINDOWS Attempted DNS overflow (os-windows.rules) * 1:38289 <-> DISABLED <-> FILE-PDF Oracle IOT IX SDK libvs_pdf null pointer dereference attempt (file-pdf.rules) * 1:46664 <-> DISABLED <-> INDICATOR-COMPROMISE Outbound freegeoip.net geo-IP location connection attempt (indicator-compromise.rules) * 1:41071 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Step point information (protocol-scada.rules) * 1:40126 <-> DISABLED <-> FILE-OTHER Ichitaro Office Excel TxO record heap overflow attempt (file-other.rules) * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:39877 <-> DISABLED <-> PROTOCOL-SNMP Allen-Bradley MicroLogix PLC firmware update detected (protocol-snmp.rules) * 1:46975 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (browser-chrome.rules) * 1:35333 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:42227 <-> DISABLED <-> SERVER-OTHER NTP Config Unpeer denial of service attempt (server-other.rules) * 1:36011 <-> DISABLED <-> OS-WINDOWS Microsoft Windows task scheduler race condition attempt (os-windows.rules) * 1:43872 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (file-image.rules) * 1:48993 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Longs ASCII request (protocol-scada.rules) * 1:37453 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox location.hostname DOM modification bypass attempt (browser-firefox.rules) * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules) * 1:38501 <-> DISABLED <-> MALWARE-OTHER samsam samsam.exe file load attempt (malware-other.rules) * 1:45589 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:36071 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit browser version detection attempt (exploit-kit.rules) * 1:40353 <-> DISABLED <-> SERVER-OTHER Linknat Vos Manager potential directory traversal attempt (server-other.rules) * 1:38951 <-> ENABLED <-> PUA-ADWARE Win.Adware.OpenSoftwareUpdater variant outbound connection attempt (pua-adware.rules) * 1:39633 <-> DISABLED <-> PUA-ADWARE Win.Adware.Mizenota outbound connection (pua-adware.rules) * 1:45225 <-> DISABLED <-> FILE-FLASH Adobe Flash memory corruption exploit attempt (file-flash.rules) * 1:45101 <-> DISABLED <-> PROTOCOL-SCADA vxworks rpc credential flavor integer overflow device crash attempt (protocol-scada.rules) * 1:44991 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules) * 1:35412 <-> DISABLED <-> BROWSER-CHROME Google Chrome xssauditor policy bypass command injection attempt (browser-chrome.rules) * 1:37304 <-> DISABLED <-> APP-DETECT Hola VPN non-http port ping (app-detect.rules) * 1:45227 <-> DISABLED <-> SERVER-OTHER Docker Rancher Server remote code execution attempt (server-other.rules) * 1:40327 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion fckeditor arbitrary file upload (server-other.rules) * 1:40305 <-> DISABLED <-> PUA-ADWARE Win.Adware.SupTab external connection attempt (pua-adware.rules) * 1:35247 <-> ENABLED <-> FILE-IDENTIFY GNI file download request (file-identify.rules) * 1:39357 <-> ENABLED <-> MALWARE-OTHER Flopex outbound communication attempt (malware-other.rules) * 1:45108 <-> DISABLED <-> PROTOCOL-RPC XDR string allocation denial of service attempt (protocol-rpc.rules) * 1:48167 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:39769 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Alfa download attempt (malware-other.rules) * 1:45188 <-> DISABLED <-> SERVER-OTHER ElectraSoft 32bit FTP PASV reply stack buffer overflow attempt (server-other.rules) * 1:48913 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48328 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:40037 <-> DISABLED <-> PUA-ADWARE Google Chrome Google Contacts extension adware (pua-adware.rules) * 1:48965 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:39667 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:43892 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules) * 1:47059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-image.rules) * 1:36565 <-> DISABLED <-> FILE-MULTIMEDIA libav LZO integer overflow attempt (file-multimedia.rules) * 1:36564 <-> DISABLED <-> FILE-MULTIMEDIA libav LZO integer overflow attempt (file-multimedia.rules) * 1:35240 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (file-pdf.rules) * 1:43276 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:44691 <-> DISABLED <-> PUA-ADWARE Win.Adware.Clover outbound connection (pua-adware.rules) * 1:39665 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:48555 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:46932 <-> DISABLED <-> INDICATOR-COMPROMISE dynamic Excel web query file download attempt (indicator-compromise.rules) * 1:46663 <-> DISABLED <-> INDICATOR-COMPROMISE Outbound telize.com geo-IP location connection attempt (indicator-compromise.rules) * 1:39734 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Xtrat outbound connection detected (malware-other.rules) * 1:39050 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office NXDeleteLineObj memory corruption attempt (file-office.rules) * 1:43546 <-> DISABLED <-> INDICATOR-COMPROMISE Juniper vSRX Application Firewall IPv6 REJECT buffer overflow attempt (indicator-compromise.rules) * 1:42065 <-> DISABLED <-> SERVER-OTHER kaskad SCADA daserver heap overflow exploitation attempt (server-other.rules) * 1:44057 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file EMR_ALPHABLEND record memory corruption attempt (file-other.rules) * 1:39908 <-> DISABLED <-> SERVER-APACHE Apache Tomcat Commons FileUpload library denial of service attempt (server-apache.rules) * 1:43923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:48350 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:38448 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:40196 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:35664 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules) * 1:38575 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS change cipher spec protocol denial of service attempt (server-other.rules) * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules) * 1:42283 <-> DISABLED <-> OS-SOLARIS Solaris catflap telnet remote code execution attempt (os-solaris.rules) * 1:45803 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:48346 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:45802 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:43768 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox floating layer denial of service attempt (browser-firefox.rules) * 1:36804 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet peerdistsvc.dll dll-load exploit attempt (os-windows.rules) * 1:45402 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word memory corruption exploit attempt (file-office.rules) * 1:37061 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:44907 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javscript use after free attempt (file-pdf.rules) * 1:35887 <-> DISABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules) * 1:47195 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:43952 <-> DISABLED <-> FILE-OTHER VLC Media Player malformed AMR buffer overflow attempt (file-other.rules) * 1:40051 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:48998 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Bits ASCII request (protocol-scada.rules) * 1:42082 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (indicator-compromise.rules) * 1:43231 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:45424 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ResponsePDU (protocol-scada.rules) * 1:38659 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:41069 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Single command (protocol-scada.rules) * 1:48996 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Longs ASCII request (protocol-scada.rules) * 1:48343 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:37502 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt (file-pdf.rules) * 1:40086 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineOverline property use (indicator-compromise.rules) * 1:42877 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:37315 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (file-pdf.rules) * 1:46121 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:37341 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:38279 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (malware-other.rules) * 1:38449 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:39983 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt (indicator-compromise.rules) * 1:49012 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Data Table binary request (protocol-scada.rules) * 1:45417 <-> DISABLED <-> POLICY-OTHER Stratum mining protocol outbound connection attempt (policy-other.rules) * 1:37057 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:39985 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules) * 1:38320 <-> DISABLED <-> NETBIOS SMB srvsvc named pipe creation attempt (netbios.rules) * 1:42378 <-> DISABLED <-> SERVER-OTHER Yealink VoIP phone remote code execution attempt (server-other.rules) * 1:40388 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules) * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:46374 <-> DISABLED <-> PROTOCOL-OTHER CLDAP potential reflected distributed denial of service attempt (protocol-other.rules) * 1:44370 <-> DISABLED <-> FILE-PDF Nitro Pro malformed object index buffer overflow attempt (file-pdf.rules) * 1:45058 <-> DISABLED <-> FILE-OTHER Microsoft Windows UAC bypass attempt (file-other.rules) * 1:43794 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (file-other.rules) * 1:42315 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream tile height out of bounds read attempt (file-pdf.rules) * 1:43765 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL null menu memory corruption attempt (browser-firefox.rules) * 1:46428 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:38268 <-> DISABLED <-> SERVER-APACHE 404 OK response (server-apache.rules) * 1:47909 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules) * 1:45533 <-> DISABLED <-> FILE-OTHER Ghostscript rsdparams type confusion attempt (file-other.rules) * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:43576 <-> DISABLED <-> INDICATOR-COMPROMISE possible Samsung DVR authentication bypass attempt (indicator-compromise.rules) * 1:41043 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Ethernet Reset attempt (protocol-scada.rules) * 1:42351 <-> DISABLED <-> PROTOCOL-SCADA InduSoft Web Studio CEServer buffer overflow attempt (protocol-scada.rules) * 1:36585 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari user assisted applescript code execution attempt (browser-webkit.rules) * 1:37155 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid RSASSA-PSS certificate denial of service attempt (server-other.rules) * 1:39736 <-> DISABLED <-> FILE-OTHER VideoCharge buffer overflow SEH attempt (file-other.rules) * 1:46977 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (browser-chrome.rules) * 1:42259 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:43080 <-> ENABLED <-> BROWSER-OTHER Foscam IP Camera User-Agent string detected (browser-other.rules) * 1:40876 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT file transfer length memory disclosure attempt (server-other.rules) * 1:35628 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime tkhd atom matrix integer overflow attempt (file-multimedia.rules) * 1:39663 <-> DISABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt (file-other.rules) * 1:40063 <-> DISABLED <-> OS-LINUX Linux Kernel Challenge ACK provocation attempt (os-linux.rules) * 1:44058 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file EMR_ALPHABLEND record memory corruption attempt (file-other.rules) * 1:38953 <-> ENABLED <-> PUA-ADWARE Win.Adware.OpenSoftwareUpdater variant outbound connection attempt (pua-adware.rules) * 1:35287 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (file-flash.rules) * 1:38292 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules) * 1:37495 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter compressed stream length code execution attempt (file-pdf.rules) * 1:36013 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel SettingsSyncDiagnostics privilege escalation attempt (os-windows.rules) * 1:42319 <-> DISABLED <-> FILE-PDF Poppler PDF library embedded jp2 COD levels integer overflow attempt (file-pdf.rules) * 1:44676 <-> DISABLED <-> SERVER-OTHER Wireshark Sigcomp buffer overflow attempt (server-other.rules) * 1:43127 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration enumeration attempt (policy-other.rules) * 1:42934 <-> DISABLED <-> PROTOCOL-SCADA GE Proficy Historian buffer overflow attempt (protocol-scada.rules) * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:45085 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:44685 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules) * 1:47896 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules) * 1:43277 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:46419 <-> DISABLED <-> OS-WINDOWS Microsoft Windows XXE information disclosure attempt (os-windows.rules) * 1:38684 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:35987 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserSetWindowsHook memory disclosure attempt (os-windows.rules) * 1:36028 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys use after free attempt (os-windows.rules) * 1:35528 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:49017 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Inputs ASCII reply (protocol-scada.rules) * 1:42163 <-> DISABLED <-> FILE-OTHER Microsoft Office OneNote 2007 dll-load exploit attempt (file-other.rules) * 1:36607 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (file-flash.rules) * 1:39799 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:42086 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:43228 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 force on denial of service attempt (protocol-scada.rules) * 1:48823 <-> DISABLED <-> POLICY-OTHER C-More Programming Simulator denial of service attempt (policy-other.rules) * 1:38716 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38497 <-> DISABLED <-> MALWARE-OTHER samsam delfiletype.exe file load attempt (malware-other.rules) * 1:48931 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:43517 <-> DISABLED <-> BROWSER-OTHER Apple Safari nested xml tag denial of service attempt (browser-other.rules) * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules) * 1:48933 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:43226 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework CLI loader denial of service attempt (os-windows.rules) * 1:47897 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules) * 1:40089 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationBlink property use (indicator-compromise.rules) * 1:38652 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:49051 <-> DISABLED <-> SERVER-OTHER Ewon router default credential login attempt (server-other.rules) * 1:49052 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49053 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49054 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49055 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49056 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49057 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49058 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49059 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49060 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49061 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49062 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49063 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49064 <-> DISABLED <-> SERVER-OTHER Westermo router default credential login attempt (server-other.rules) * 1:49065 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner getSystemState attempt (server-other.rules) * 1:49066 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules) * 1:49067 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules) * 1:35187 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:35186 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules) * 1:10064 <-> DISABLED <-> SERVER-OTHER Peercast URL Parameter overflow attempt (server-other.rules) * 1:10078 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10079 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10080 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10081 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10082 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10083 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10088 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by smtp (malware-other.rules) * 1:10089 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by ftp (malware-other.rules) * 1:10090 <-> DISABLED <-> PUA-ADWARE Trickler zango easymessenger outbound connection (pua-adware.rules) * 1:10091 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool spylply.a runtime detection (malware-tools.rules) * 1:10092 <-> DISABLED <-> MALWARE-OTHER Trackware russian searchbar runtime detection (malware-other.rules) * 1:10093 <-> DISABLED <-> PUA-TOOLBARS Hijacker kuaiso toolbar runtime detection (pua-toolbars.rules) * 1:10094 <-> DISABLED <-> PUA-ADWARE Adware borlan runtime detection (pua-adware.rules) * 1:10095 <-> DISABLED <-> MALWARE-OTHER Trackware bydou runtime detection (malware-other.rules) * 1:10096 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - keylog (malware-other.rules) * 1:10097 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules) * 1:10098 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - get system info (malware-other.rules) * 1:10099 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules) * 1:10100 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - open website (malware-other.rules) * 1:10101 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - delete file (malware-backdoor.rules) * 1:10102 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - chat with victim (malware-backdoor.rules) * 1:10103 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules) * 1:10104 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules) * 1:10105 <-> DISABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection - retrieve pc info (malware-backdoor.rules) * 1:10107 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pslist (malware-backdoor.rules) * 1:10108 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pskill (malware-backdoor.rules) * 1:10109 <-> DISABLED <-> MALWARE-BACKDOOR k-msnrat 1.0.0 runtime detection - init connection (malware-backdoor.rules) * 1:10110 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection (malware-backdoor.rules) * 1:10111 <-> DISABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection - init connection (malware-backdoor.rules) * 1:10112 <-> DISABLED <-> MALWARE-BACKDOOR rix3 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:10115 <-> DISABLED <-> FILE-IMAGE Microsoft Windows WMF denial of service attempt (file-image.rules) * 1:10123 <-> DISABLED <-> PROTOCOL-VOIP PA168 chipset based IP phone default password attempt (protocol-voip.rules) * 1:10124 <-> DISABLED <-> PROTOCOL-VOIP PA168 chipset based IP phone authentication bypass (protocol-voip.rules) * 1:10125 <-> DISABLED <-> SERVER-OTHER bomberclone buffer overflow attempt (server-other.rules) * 1:10131 <-> DISABLED <-> BROWSER-FIREFOX Mozilla compareTo arbitrary code execution attempt (browser-firefox.rules) * 1:10134 <-> DISABLED <-> SERVER-OTHER CA Brightstor discovery service buffer overflow attempt (server-other.rules) * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules) * 1:10164 <-> DISABLED <-> PUA-ADWARE Adware adclicker-ej runtime detection (pua-adware.rules) * 1:10165 <-> DISABLED <-> MALWARE-OTHER Keylogger mybr Keylogger runtime detection (malware-other.rules) * 1:10166 <-> DISABLED <-> MALWARE-OTHER Trackware baigoo runtime detection (malware-other.rules) * 1:10167 <-> DISABLED <-> MALWARE-OTHER Keylogger radar spy 1.0 runtime detection - send html log (malware-other.rules) * 1:10168 <-> DISABLED <-> MALWARE-BACKDOOR one runtime detection (malware-backdoor.rules) * 1:10169 <-> DISABLED <-> MALWARE-BACKDOOR matrix 1.03 by mtronic runtime detection - init connection (malware-backdoor.rules) * 1:10180 <-> DISABLED <-> PUA-TOOLBARS Adware eqiso runtime detection (pua-toolbars.rules) * 1:10181 <-> DISABLED <-> MALWARE-OTHER Keylogger systemsleuth runtime detection (malware-other.rules) * 1:10182 <-> DISABLED <-> PUA-ADWARE Adware newweb runtime detection (pua-adware.rules) * 1:10183 <-> DISABLED <-> MALWARE-OTHER Keylogger activity Keylogger runtime detection (malware-other.rules) * 1:10184 <-> DISABLED <-> MALWARE-BACKDOOR wow 23 runtime detection (malware-backdoor.rules) * 1:10185 <-> DISABLED <-> MALWARE-BACKDOOR x-door runtime detection (malware-backdoor.rules) * 1:10186 <-> DISABLED <-> SERVER-MAIL ClamAV mime parsing directory traversal (server-mail.rules) * 1:10196 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor feed.php code execution (malware-backdoor.rules) * 1:10197 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor theme.php code execution (malware-backdoor.rules) * 1:10285 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP svcctl ChangeServiceConfig2A attempt (netbios.rules) * 1:10408 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD tcp request (protocol-rpc.rules) * 1:10409 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD udp request (protocol-rpc.rules) * 1:10410 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD tcp request (protocol-rpc.rules) * 1:10411 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD udp request (protocol-rpc.rules) * 1:10418 <-> DISABLED <-> OS-SOLARIS Oracle Solaris lpd unlink file attempt (os-solaris.rules) * 1:10435 <-> DISABLED <-> MALWARE-OTHER Trackware admedia runtime detection (malware-other.rules) * 1:10436 <-> DISABLED <-> MALWARE-OTHER Keylogger keyspy runtime detection (malware-other.rules) * 1:10437 <-> DISABLED <-> PUA-ADWARE Hijacker bazookabar outbound connection (pua-adware.rules) * 1:10439 <-> DISABLED <-> PUA-ADWARE Adware mokead runtime detection (pua-adware.rules) * 1:10440 <-> DISABLED <-> MALWARE-OTHER Keylogger pc black box runtime detection (malware-other.rules) * 1:10441 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool statwin runtime detection (malware-tools.rules) * 1:10442 <-> DISABLED <-> MALWARE-BACKDOOR nirvana 2.0 runtime detection - explore c drive (malware-backdoor.rules) * 1:10443 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - sniff info (malware-backdoor.rules) * 1:10444 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - open ftp serice (malware-backdoor.rules) * 1:10445 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get password (malware-backdoor.rules) * 1:10446 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get server info (malware-backdoor.rules) * 1:10448 <-> DISABLED <-> MALWARE-BACKDOOR acessor 2.0 runtime detection - init connection (malware-backdoor.rules) * 1:10449 <-> DISABLED <-> MALWARE-BACKDOOR acid shivers runtime detection - init telnet connection (malware-backdoor.rules) * 1:10450 <-> ENABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules) * 1:10451 <-> DISABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules) * 1:10453 <-> DISABLED <-> MALWARE-BACKDOOR zalivator 1.4.2 pro runtime detection - smtp notification (malware-backdoor.rules) * 1:10454 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:10455 <-> ENABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules) * 1:10456 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules) * 1:10457 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - start keylogger (malware-backdoor.rules) * 1:10458 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 or illusion runtime detection - open file manager (malware-backdoor.rules) * 1:10459 <-> DISABLED <-> MALWARE-BACKDOOR wineggdrop shell pro runtime detection - init connection (malware-backdoor.rules) * 1:10460 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules) * 1:10461 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules) * 1:10462 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules) * 1:10463 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules) * 1:10464 <-> DISABLED <-> PROTOCOL-TELNET kerberos login environment variable authentication bypass attempt (protocol-telnet.rules) * 1:11001 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.delete_refresh_operations buffer overflow attempt (server-oracle.rules) * 1:11002 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.generate_refresh_operations buffer overflow attempt (server-oracle.rules) * 1:11003 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.generate_refresh_operations buffer overflow attempt (server-oracle.rules) * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules) * 1:11073 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss _RemoteGetClassObject attempt (os-windows.rules) * 1:11074 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss _RemoteGetClassObject attempt (os-windows.rules) * 1:11175 <-> DISABLED <-> SERVER-ORACLE dbms_cdc_ipublish.chgtab_cache buffer overflow attempt (server-oracle.rules) * 1:11191 <-> DISABLED <-> SERVER-IIS Microsoft Content Management Server memory corruption (server-iis.rules) * 1:11203 <-> DISABLED <-> SERVER-ORACLE sys.dbms_apply_user_agent.set_registration_handler access attempt (server-oracle.rules) * 1:11205 <-> DISABLED <-> SERVER-ORACLE sys.dbms_upgrade_internal access attempt (server-oracle.rules) * 1:11263 <-> DISABLED <-> SERVER-APACHE Apache mod_ssl non-SSL connection to SSL port denial of service attempt (server-apache.rules) * 1:11264 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server 2000 Server hello buffer overflow attempt (server-mssql.rules) * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules) * 1:11266 <-> DISABLED <-> SERVER-OTHER Kerio Personal Firewall authentication buffer overflow attempt (server-other.rules) * 1:11272 <-> DISABLED <-> SERVER-APACHE Apache newline exploit attempt (server-apache.rules) * 1:11273 <-> DISABLED <-> SERVER-APACHE Apache header parsing space saturation denial of service attempt (server-apache.rules) * 1:11305 <-> DISABLED <-> PUA-ADWARE Snoopware childwebguardian outbound connection - send log through smtp (pua-adware.rules) * 1:11306 <-> DISABLED <-> PUA-ADWARE Snoopware childwebguardian outbound connection - udp broadcast (pua-adware.rules) * 1:11307 <-> DISABLED <-> MALWARE-OTHER Keylogger computer monitor Keylogger runtime detection (malware-other.rules) * 1:11309 <-> DISABLED <-> MALWARE-OTHER Keylogger sskc v2.0 runtime detection (malware-other.rules) * 1:11310 <-> DISABLED <-> PUA-ADWARE Trickler iowa webdownloader - icq notification (pua-adware.rules) * 1:11311 <-> DISABLED <-> MALWARE-OTHER Keylogger pcsentinelsoftware Keylogger runtime detection - upload infor (malware-other.rules) * 1:11312 <-> DISABLED <-> MALWARE-OTHER Trackware uplink runtime detection (malware-other.rules) * 1:11314 <-> DISABLED <-> MALWARE-BACKDOOR shadownet remote spy 2.0 runtime detection (malware-backdoor.rules) * 1:11316 <-> DISABLED <-> MALWARE-BACKDOOR lurker 1.1 runtime detection - init connection (malware-backdoor.rules) * 1:11317 <-> DISABLED <-> MALWARE-BACKDOOR abremote pro 3.1 runtime detection - init connection (malware-backdoor.rules) * 1:11318 <-> DISABLED <-> MALWARE-BACKDOOR boer runtime detection - init connection (malware-backdoor.rules) * 1:11319 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - init connection request (malware-backdoor.rules) * 1:11320 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - reverse mode init connection request (malware-backdoor.rules) * 1:11321 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - udp broadcast (malware-backdoor.rules) * 1:11322 <-> ENABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules) * 1:11323 <-> DISABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules) * 1:11681 <-> DISABLED <-> SERVER-OTHER Openview Omni II command bypass attempt (server-other.rules) * 1:11682 <-> DISABLED <-> SERVER-OTHER niprint_lpd module attack attempt (server-other.rules) * 1:11684 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS overflow attempt (os-windows.rules) * 1:11816 <-> DISABLED <-> NETBIOS Session Service NetDDE attack (netbios.rules) * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:11843 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP spoolss AddPrinter overflow attempt (os-windows.rules) * 1:11945 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11946 <-> DISABLED <-> NETBIOS Datagram Service NetDDE attack (netbios.rules) * 1:11948 <-> DISABLED <-> PUA-TOOLBARS Hijacker snap toolbar runtime detection - cookie (pua-toolbars.rules) * 1:11949 <-> DISABLED <-> MALWARE-BACKDOOR lame rat v1.0 runtime detection (malware-backdoor.rules) * 1:11951 <-> DISABLED <-> MALWARE-BACKDOOR winshadow runtime detection - init connection request (malware-backdoor.rules) * 1:11952 <-> DISABLED <-> MALWARE-BACKDOOR winshadow runtime detection - udp response (malware-backdoor.rules) * 1:11953 <-> ENABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules) * 1:11954 <-> DISABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules) * 1:11955 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11956 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:11959 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11960 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:11961 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11962 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:11968 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules) * 1:11969 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules) * 1:11972 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules) * 1:11973 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules) * 1:11975 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules) * 1:11976 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules) * 1:11977 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules) * 1:11979 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules) * 1:11980 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules) * 1:11981 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules) * 1:11982 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules) * 1:11983 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules) * 1:11984 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules) * 1:11985 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules) * 1:11986 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules) * 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:11988 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:11989 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:11990 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules) * 1:11991 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules) * 1:11992 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules) * 1:11993 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules) * 1:11994 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules) * 1:11995 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules) * 1:11996 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules) * 1:11997 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules) * 1:11998 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules) * 1:11999 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules) * 1:12000 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules) * 1:12001 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules) * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:12005 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules) * 1:12006 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules) * 1:12007 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules) * 1:12009 <-> DISABLED <-> SQL Firebird SQL Fbserver buffer overflow attempt (sql.rules) * 1:12031 <-> DISABLED <-> CONTENT-REPLACE MSN deny in-bound file transfer attempts (content-replace.rules) * 1:12032 <-> DISABLED <-> CONTENT-REPLACE MSN deny out-bound file transfer attempts (content-replace.rules) * 1:12033 <-> DISABLED <-> CONTENT-REPLACE Jabber deny in-bound file transfer attempts (content-replace.rules) * 1:12034 <-> DISABLED <-> CONTENT-REPLACE Jabber deny out-bound file transfer attempts (content-replace.rules) * 1:12035 <-> DISABLED <-> CONTENT-REPLACE IRC deny in-bound file transfer attempts (content-replace.rules) * 1:12036 <-> DISABLED <-> CONTENT-REPLACE IRC deny out-bound file transfer attempts (content-replace.rules) * 1:12037 <-> DISABLED <-> CONTENT-REPLACE AIM deny in-bound file transfer attempts (content-replace.rules) * 1:12038 <-> DISABLED <-> CONTENT-REPLACE AIM deny out-bound file transfer attempts (content-replace.rules) * 1:12039 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny in-bound file transfer attempts (content-replace.rules) * 1:12040 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny out-bound file transfer attempts (content-replace.rules) * 1:12041 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny in-bound file transfer attempts (content-replace.rules) * 1:12042 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny out-bound file transfer attempts (content-replace.rules) * 1:12043 <-> DISABLED <-> SERVER-IIS Microsoft XML parser IIS WebDAV attack attempt (server-iis.rules) * 1:12044 <-> DISABLED <-> SERVER-ORACLE Oracle Web Cache denial of service attempt (server-oracle.rules) * 1:12045 <-> DISABLED <-> SERVER-ORACLE Oracle Web Cache denial of service attempt (server-oracle.rules) * 1:12047 <-> DISABLED <-> PUA-ADWARE Adware yayad runtime detection (pua-adware.rules) * 1:12048 <-> DISABLED <-> MALWARE-OTHER Keylogger computer Keylogger runtime detection (malware-other.rules) * 1:12049 <-> DISABLED <-> MALWARE-OTHER Keylogger apophis spy 1.0 runtime detection (malware-other.rules) * 1:12050 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-greets toolbar runtime detection (pua-toolbars.rules) * 1:12051 <-> DISABLED <-> MALWARE-BACKDOOR ultimate rat 2.1 runtime detection (malware-backdoor.rules) * 1:12052 <-> DISABLED <-> MALWARE-BACKDOOR the[x] 1.2 runtime detection - execute command (malware-backdoor.rules) * 1:12053 <-> DISABLED <-> MALWARE-BACKDOOR trail of destruction 2.0 runtime detection - get system info (malware-backdoor.rules) * 1:12054 <-> ENABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection - flowbit set (malware-backdoor.rules) * 1:12055 <-> DISABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection (malware-backdoor.rules) * 1:12058 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SPNEGO ASN.1 library heap corruption overflow attempt (os-windows.rules) * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:12073 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules) * 1:12074 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules) * 1:12080 <-> DISABLED <-> OS-SOLARIS Oracle Solaris printd arbitrary file deletion vulnerability (os-solaris.rules) * 1:12082 <-> DISABLED <-> SERVER-ORACLE Oracle 9i TNS denial of service attempt (server-oracle.rules) * 1:12112 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules) * 1:12113 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules) * 1:12120 <-> DISABLED <-> PUA-ADWARE Adware pprich runtime detection - version check (pua-adware.rules) * 1:12121 <-> DISABLED <-> PUA-ADWARE Adware pprich runtime detection - udp info sent out (pua-adware.rules) * 1:12122 <-> DISABLED <-> PUA-TOOLBARS Trackware spynova runtime detection (pua-toolbars.rules) * 1:12123 <-> DISABLED <-> PUA-ADWARE Hijacker lookquick outbound connection - hijack ie (pua-adware.rules) * 1:12124 <-> DISABLED <-> PUA-ADWARE Hijacker lookquick outbound connection - monitor and collect user info (pua-adware.rules) * 1:12125 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - hijack ie search assistant (pua-toolbars.rules) * 1:12126 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - collect user information (pua-toolbars.rules) * 1:12127 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - ads (pua-toolbars.rules) * 1:12128 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - init connection (malware-other.rules) * 1:12129 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules) * 1:12130 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules) * 1:12131 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules) * 1:12132 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules) * 1:12133 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules) * 1:12134 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules) * 1:12135 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules) * 1:12136 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules) * 1:12137 <-> DISABLED <-> MALWARE-OTHER Keylogger Keylogger king home 2.3 runtime detection (malware-other.rules) * 1:12138 <-> DISABLED <-> PUA-ADWARE Adware zamingo runtime detection (pua-adware.rules) * 1:12139 <-> DISABLED <-> MALWARE-OTHER Trackware stealth website logger 3.4 runtime detection (malware-other.rules) * 1:12140 <-> DISABLED <-> PUA-ADWARE Hijacker cnnic update outbound connection (pua-adware.rules) * 1:12141 <-> DISABLED <-> MALWARE-OTHER Keylogger logit v1.0 runtime detection (malware-other.rules) * 1:12142 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules) * 1:12143 <-> DISABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules) * 1:12144 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules) * 1:12145 <-> DISABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules) * 1:12146 <-> ENABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules) * 1:12147 <-> DISABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules) * 1:12148 <-> ENABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules) * 1:12149 <-> DISABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules) * 1:12150 <-> ENABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:12151 <-> DISABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection (malware-backdoor.rules) * 1:12152 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - init connection (malware-backdoor.rules) * 1:12153 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12154 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12155 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12156 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12157 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12158 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12159 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - keylogging (malware-backdoor.rules) * 1:12160 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12161 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12162 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12163 <-> ENABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules) * 1:12164 <-> DISABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules) * 1:12167 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules) * 1:12170 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules) * 1:12171 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules) * 1:12172 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules) * 1:12173 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules) * 1:12174 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:12175 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:12176 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:12177 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:12178 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:12179 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:12180 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules) * 1:12181 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules) * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:12209 <-> ENABLED <-> PUA-P2P P2PTv TVAnt udp traffic detected (pua-p2p.rules) * 1:12210 <-> ENABLED <-> PUA-P2P P2PTv TVAnts TCP tracker connect traffic detected (pua-p2p.rules) * 1:12211 <-> ENABLED <-> PUA-P2P P2PTv TVAnts TCP connection traffic detected (pua-p2p.rules) * 1:12220 <-> DISABLED <-> SERVER-OTHER IBM Informix Dynamic Server long username buffer overflow attempt (server-other.rules) * 1:12224 <-> DISABLED <-> PUA-ADWARE Adware enbrowser snackman runtime detection (pua-adware.rules) * 1:12225 <-> DISABLED <-> PUA-TOOLBARS Adware zango2007 toolbar runtime detection (pua-toolbars.rules) * 1:12226 <-> DISABLED <-> MALWARE-OTHER Keylogger overspy runtime detection (malware-other.rules) * 1:12227 <-> DISABLED <-> PUA-TOOLBARS Trackware snap ultrasearch/desktop toolbar runtime detection - search (pua-toolbars.rules) * 1:12228 <-> DISABLED <-> PUA-TOOLBARS Trackware snap ultrasearch/desktop toolbar runtime detection - cookie (pua-toolbars.rules) * 1:12229 <-> DISABLED <-> PUA-ADWARE Adware vroomsearch runtime detection (pua-adware.rules) * 1:12230 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool hippynotify 2.0 runtime detection (malware-tools.rules) * 1:12231 <-> DISABLED <-> PUA-ADWARE Adware vroomsearch runtime detection (pua-adware.rules) * 1:12232 <-> DISABLED <-> PUA-ADWARE Adware errorsafe runtime detection (pua-adware.rules) * 1:12233 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules) * 1:12234 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules) * 1:12235 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules) * 1:12236 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules) * 1:12237 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules) * 1:12238 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules) * 1:12239 <-> DISABLED <-> MALWARE-BACKDOOR webcenter v1.0 Backdoor - init connection (malware-backdoor.rules) * 1:12240 <-> ENABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules) * 1:12241 <-> DISABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules) * 1:12242 <-> ENABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules) * 1:12243 <-> DISABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules) * 1:12244 <-> DISABLED <-> MALWARE-BACKDOOR itadem trojan 3.0 runtime detection (malware-backdoor.rules) * 1:12245 <-> DISABLED <-> MALWARE-BACKDOOR furax 1.0 b3 runtime detection (malware-backdoor.rules) * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:12287 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - ebrss request (pua-toolbars.rules) * 1:12288 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - hijack ie searches (pua-toolbars.rules) * 1:12289 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - get updates (pua-toolbars.rules) * 1:12290 <-> DISABLED <-> PUA-ADWARE Hijacker newdotnet quick! search outbound connection (pua-adware.rules) * 1:12291 <-> DISABLED <-> PUA-TOOLBARS Trackware vmn toolbar runtime detection (pua-toolbars.rules) * 1:12292 <-> DISABLED <-> PUA-TOOLBARS Hijacker morpheus toolbar runtime detection - hijack/search (pua-toolbars.rules) * 1:12293 <-> DISABLED <-> PUA-TOOLBARS Hijacker morpheus toolbar runtime detection - get cfg info (pua-toolbars.rules) * 1:12294 <-> DISABLED <-> PUA-TOOLBARS Hijacker 3search runtime detection - counter (pua-toolbars.rules) * 1:12295 <-> DISABLED <-> PUA-ADWARE Hijacker 3search outbound connection - hijacking (pua-adware.rules) * 1:12296 <-> DISABLED <-> PUA-TOOLBARS Hijacker 3search runtime detection - update (pua-toolbars.rules) * 1:12297 <-> ENABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules) * 1:12298 <-> DISABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules) * 1:12299 <-> DISABLED <-> OS-OTHER Cisco NHRP incorrect packet size (os-other.rules) * 1:12300 <-> DISABLED <-> OS-OTHER Cisco NHRP incorrect packet size (os-other.rules) * 1:12303 <-> DISABLED <-> POLICY-SOCIAL Google Chat web client connection (policy-social.rules) * 1:12304 <-> DISABLED <-> POLICY-SOCIAL AOL Instant Messenger web client connection (policy-social.rules) * 1:12305 <-> DISABLED <-> POLICY-SOCIAL Yahoo Messenger web client connection (policy-social.rules) * 1:12306 <-> DISABLED <-> POLICY-SOCIAL Microsoft Messenger web client connection (policy-social.rules) * 1:12357 <-> DISABLED <-> SERVER-OTHER Apple mDNSresponder excessive HTTP headers (server-other.rules) * 1:12359 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk data length field overflow attempt (protocol-voip.rules) * 1:12361 <-> DISABLED <-> PUA-ADWARE Infostealer.Monstres outbound connection (pua-adware.rules) * 1:12363 <-> DISABLED <-> PUA-ADWARE Other-Technologies malware-stopper outbound connection (pua-adware.rules) * 1:12364 <-> DISABLED <-> PUA-TOOLBARS Hijacker proventactics 3.5 runtime detection - get cfg information (pua-toolbars.rules) * 1:12365 <-> DISABLED <-> PUA-ADWARE Hijacker proventactics 3.5 outbound connection - redirect searches (pua-adware.rules) * 1:12366 <-> DISABLED <-> PUA-TOOLBARS Hijacker proventactics 3.5 runtime detection - toolbar search function (pua-toolbars.rules) * 1:12367 <-> DISABLED <-> PUA-ADWARE Hijacker imesh mediabar outbound connection - hijack ie searches (pua-adware.rules) * 1:12368 <-> DISABLED <-> PUA-ADWARE Hijacker imesh mediabar outbound connection - hijack ie side search (pua-adware.rules) * 1:12369 <-> DISABLED <-> PUA-ADWARE Hijacker imesh mediabar outbound connection - collect user information (pua-adware.rules) * 1:12370 <-> DISABLED <-> PUA-TOOLBARS Hijacker imesh mediabar runtime detection - auto update (pua-toolbars.rules) * 1:12372 <-> DISABLED <-> MALWARE-OTHER Keylogger mg-shadow 2.0 runtime detection (malware-other.rules) * 1:12373 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules) * 1:12374 <-> DISABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules) * 1:12375 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules) * 1:12376 <-> DISABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules) * 1:12377 <-> ENABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules) * 1:12378 <-> DISABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules) * 1:12379 <-> DISABLED <-> MALWARE-OTHER Keylogger PaqKeylogger 5.1 runtime detection - ftp (malware-other.rules) * 1:12390 <-> DISABLED <-> POLICY-SOCIAL Yahoo Webmail client chat applet (policy-social.rules) * 1:12391 <-> DISABLED <-> POLICY-SOCIAL Google Webmail client chat applet (policy-social.rules) * 1:12421 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long transport header (server-other.rules) * 1:12422 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long describe request exploit attempt (server-other.rules) * 1:12425 <-> DISABLED <-> PUA-P2P Ruckus P2P client activity (pua-p2p.rules) * 1:12426 <-> DISABLED <-> PUA-P2P Ruckus P2P broadcast domain probe (pua-p2p.rules) * 1:12427 <-> DISABLED <-> PUA-P2P Ruckus P2P encrypted authentication connection (pua-p2p.rules) * 1:12436 <-> DISABLED <-> POLICY-MULTIMEDIA Youtube video player file request (policy-multimedia.rules) * 1:12437 <-> DISABLED <-> POLICY-MULTIMEDIA Google video player request (policy-multimedia.rules) * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:12455 <-> ENABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules) * 1:12457 <-> DISABLED <-> POLICY-SOCIAL Microsoft Live chat video feed initiation (policy-social.rules) * 1:12458 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt (protocol-rpc.rules) * 1:12464 <-> DISABLED <-> PROTOCOL-NNTP cancel overflow attempt (protocol-nntp.rules) * 1:12465 <-> DISABLED <-> SERVER-APACHE Apache APR memory corruption attempt (server-apache.rules) * 1:12480 <-> ENABLED <-> MALWARE-OTHER Keylogger inside website logger 2.4 runtime detection (malware-other.rules) * 1:12481 <-> DISABLED <-> PUA-TOOLBARS Hijacker 411web toolbar runtime detection (pua-toolbars.rules) * 1:12483 <-> DISABLED <-> PUA-ADWARE Other-Technologies virusprotectpro 3.7 outbound connection (pua-adware.rules) * 1:12484 <-> DISABLED <-> PUA-ADWARE Adware instant buzz runtime detection - ads for members (pua-adware.rules) * 1:12485 <-> DISABLED <-> PUA-ADWARE Adware instant buzz runtime detection - random text ads (pua-adware.rules) * 1:12486 <-> DISABLED <-> PUA-TOOLBARS Hijacker soso toolbar runtime detection - get weather information (pua-toolbars.rules) * 1:12487 <-> DISABLED <-> PUA-TOOLBARS Hijacker soso toolbar runtime detection - hijack ie auto searches / soso toolbar searches requests (pua-toolbars.rules) * 1:12593 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Apple Quicktime chrome exploit (browser-firefox.rules) * 1:12594 <-> DISABLED <-> SERVER-OTHER Oracle TNS Service_CurLoad command (server-other.rules) * 1:12597 <-> DISABLED <-> SERVER-OTHER utf8 filename transfer attempt (server-other.rules) * 1:12608 <-> DISABLED <-> PROTOCOL-RPC portmap walld udp request (protocol-rpc.rules) * 1:12609 <-> DISABLED <-> PROTOCOL-RPC portmap walld udp format string attack attempt (protocol-rpc.rules) * 1:12611 <-> DISABLED <-> POLICY-SOCIAL ebuddy.com login attempt (policy-social.rules) * 1:12619 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange ical/vcal malformed property (server-mail.rules) * 1:12620 <-> DISABLED <-> PUA-ADWARE Adware drive cleaner 1.0.111 runtime detection (pua-adware.rules) * 1:12621 <-> DISABLED <-> PUA-TOOLBARS Trackware extra toolbar 1.0 runtime detection (pua-toolbars.rules) * 1:12622 <-> DISABLED <-> PUA-TOOLBARS Trackware extra toolbar 1.0 runtime detection - file download (pua-toolbars.rules) * 1:12623 <-> DISABLED <-> PUA-ADWARE Hijacker onestepsearch 1.0.118 outbound connection (pua-adware.rules) * 1:12624 <-> DISABLED <-> PUA-ADWARE Hijacker onestepsearch 1.0.118 outbound connection - upgrade (pua-adware.rules) * 1:12625 <-> DISABLED <-> MALWARE-OTHER Keylogger windows family safety 2.0 runtime detection (malware-other.rules) * 1:12626 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmap sadmin port query request attempt (protocol-rpc.rules) * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules) * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules) * 1:12652 <-> DISABLED <-> PUA-ADWARE Hijacker new.net domain 7.2.2 outbound connection - hijack browser (pua-adware.rules) * 1:12653 <-> DISABLED <-> PUA-ADWARE Hijacker new.net domain 7.2.2 outbound connection - download code (pua-adware.rules) * 1:12654 <-> DISABLED <-> PUA-ADWARE Hijacker rabio 4.2 outbound connection - hijack browser (pua-adware.rules) * 1:12655 <-> DISABLED <-> PUA-ADWARE Hijacker rabio 4.2 outbound connection - download updates (pua-adware.rules) * 1:12656 <-> DISABLED <-> PUA-ADWARE Adware icoo loader 2.5 runtime detection 1 (pua-adware.rules) * 1:12657 <-> DISABLED <-> PUA-ADWARE Adware icoo loader 2.5 runtime detection 2 (pua-adware.rules) * 1:12658 <-> DISABLED <-> PUA-ADWARE Adware winantivirus pro 2007 runtime detection (pua-adware.rules) * 1:12659 <-> DISABLED <-> PUA-ADWARE Trickler zlob media codec outbound connection - automatic updates (pua-adware.rules) * 1:12660 <-> DISABLED <-> PUA-ADWARE Trickler zlob media codec outbound connection - download redirect domains (pua-adware.rules) * 1:12672 <-> DISABLED <-> PUA-TOOLBARS Trackware searchmiracle elitebar runtime detection - get ads (pua-toolbars.rules) * 1:12675 <-> DISABLED <-> MALWARE-BACKDOOR Versi TheTheef Detection (malware-backdoor.rules) * 1:12676 <-> DISABLED <-> PUA-ADWARE Conspy Update Checking Detected (pua-adware.rules) * 1:12677 <-> DISABLED <-> PUA-ADWARE Adware ISTBar runtime detection - softwares (pua-adware.rules) * 1:12678 <-> DISABLED <-> PUA-ADWARE SpyTech Realtime Spy Detection (pua-adware.rules) * 1:12679 <-> DISABLED <-> PUA-TOOLBARS Trackware myway speedbar / mywebsearch toolbar user-agent detection (pua-toolbars.rules) * 1:12680 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules) * 1:12681 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules) * 1:12682 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules) * 1:12683 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules) * 1:12684 <-> DISABLED <-> MALWARE-BACKDOOR Sygate Remote Administration Engine (malware-backdoor.rules) * 1:12686 <-> DISABLED <-> POLICY-SOCIAL AIM Express usage (policy-social.rules) * 1:12691 <-> DISABLED <-> PUA-P2P Outbound Joltid PeerEnabler traffic detected (pua-p2p.rules) * 1:12693 <-> DISABLED <-> PUA-ADWARE Hijacker personalweb outbound connection (pua-adware.rules) * 1:12694 <-> DISABLED <-> PUA-ADWARE Adware avsystemcare runtime detection (pua-adware.rules) * 1:12695 <-> DISABLED <-> PUA-ADWARE Adware coopen 3.6.1 runtime detection - initial connection (pua-adware.rules) * 1:12696 <-> DISABLED <-> PUA-ADWARE Adware coopen 3.6.1 runtime detection - automatic upgrade (pua-adware.rules) * 1:12697 <-> DISABLED <-> MALWARE-OTHER Trackware browser accelerator runtime detection - pass user information to server (malware-other.rules) * 1:12698 <-> DISABLED <-> MALWARE-OTHER Keylogger net vizo 5.2 runtime detection (malware-other.rules) * 1:12699 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules) * 1:12700 <-> DISABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules) * 1:12704 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer MIFFILE comment overflow (server-mail.rules) * 1:12705 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer statement overflow (server-mail.rules) * 1:12710 <-> DISABLED <-> SERVER-OTHER ASN.1 constructed bit string (server-other.rules) * 1:12711 <-> DISABLED <-> SERVER-APACHE Apache Tomcat WebDAV system tag remote file disclosure attempt (server-apache.rules) * 1:12712 <-> DISABLED <-> PROTOCOL-SNMP oversized sysName set request (protocol-snmp.rules) * 1:12718 <-> DISABLED <-> PUA-ADWARE Hijacker side find 1.0 outbound connection - initial connection (pua-adware.rules) * 1:12719 <-> DISABLED <-> PUA-ADWARE Hijacker side find 1.0 outbound connection - hijacks search engine (pua-adware.rules) * 1:12720 <-> DISABLED <-> PUA-ADWARE Adware pestbot runtime detection - update (pua-adware.rules) * 1:12721 <-> DISABLED <-> PUA-ADWARE Adware pestbot runtime detection - purchase (pua-adware.rules) * 1:12722 <-> DISABLED <-> PUA-ADWARE Hijacker sexyvideoscreensaver outbound connection (pua-adware.rules) * 1:12724 <-> ENABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules) * 1:12725 <-> DISABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules) * 1:12726 <-> ENABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules) * 1:12727 <-> DISABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules) * 1:12758 <-> ENABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules) * 1:12759 <-> DISABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules) * 1:12760 <-> ENABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules) * 1:12761 <-> DISABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules) * 1:12789 <-> DISABLED <-> PUA-ADWARE Adware sunshine spy 1.0 runtime detection - check update (pua-adware.rules) * 1:12790 <-> DISABLED <-> MALWARE-OTHER Trackware partypoker runtime detection (malware-other.rules) * 1:12791 <-> DISABLED <-> PUA-TOOLBARS Adware gophoria toolbar runtime detection (pua-toolbars.rules) * 1:12792 <-> ENABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules) * 1:12793 <-> DISABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules) * 1:12794 <-> DISABLED <-> PUA-ADWARE Hijacker gralicwrap outbound connection - search frauddb process (pua-adware.rules) * 1:12795 <-> DISABLED <-> PUA-ADWARE Hijacker gralicwrap outbound connection - display frauddb information (pua-adware.rules) * 1:12796 <-> DISABLED <-> PUA-TOOLBARS Trackware happytofind toolbar runtime detection (pua-toolbars.rules) * 1:12797 <-> DISABLED <-> PUA-ADWARE Adware x-con spyware destroyer eh 3.2.8 runtime detection (pua-adware.rules) * 1:12801 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules) * 1:12808 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss OpenPrinter overflow attempt (netbios.rules) * 1:12946 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS SMBv2 protocol negotiation attempt (os-windows.rules) * 1:12947 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB SMBv2 protocol negotiation attempt (os-windows.rules) * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules) * 1:13236 <-> ENABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules) * 1:13237 <-> DISABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules) * 1:13238 <-> DISABLED <-> PUA-ADWARE Adware adult p2p 1.5 runtime detection (pua-adware.rules) * 1:13239 <-> DISABLED <-> PUA-TOOLBARS Hijacker blue wave adult links toolbar runtime detection (pua-toolbars.rules) * 1:13240 <-> DISABLED <-> PUA-ADWARE Adware live protection 2.1 runtime detection - redirects to purchase page (pua-adware.rules) * 1:13241 <-> DISABLED <-> PUA-ADWARE Adware live protection 2.1 runtime detection - application updates (pua-adware.rules) * 1:13242 <-> DISABLED <-> PUA-ADWARE Adware netpumper 1.26 runtime detection (pua-adware.rules) * 1:13243 <-> ENABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules) * 1:13244 <-> DISABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules) * 1:13246 <-> DISABLED <-> MALWARE-BACKDOOR troya 1.4 inbound connection (malware-backdoor.rules) * 1:13247 <-> ENABLED <-> MALWARE-BACKDOOR yuri 1.2 runtime detection - init connection (malware-backdoor.rules) * 1:13277 <-> DISABLED <-> PUA-ADWARE Adware netword agent runtime detection (pua-adware.rules) * 1:13278 <-> ENABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules) * 1:13279 <-> DISABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules) * 1:13280 <-> ENABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules) * 1:13281 <-> DISABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules) * 1:13282 <-> DISABLED <-> PUA-TOOLBARS Adware jily ie toolbar runtime detection (pua-toolbars.rules) * 1:13283 <-> DISABLED <-> PUA-ADWARE Hijacker dreambar outbound connection (pua-adware.rules) * 1:13284 <-> DISABLED <-> PUA-ADWARE Adware netguarder web cleaner runtime detection (pua-adware.rules) * 1:13285 <-> DISABLED <-> PUA-ADWARE Hijacker phazebar outbound connection (pua-adware.rules) * 1:13286 <-> DISABLED <-> PUA-ADWARE Adware 3wplayer 1.7 runtime detection (pua-adware.rules) * 1:13339 <-> DISABLED <-> PUA-TOOLBARS Hijacker direct toolbar runtime detection (pua-toolbars.rules) * 1:13340 <-> DISABLED <-> PUA-ADWARE Hijacker search4top outbound connection - hijack ie searches and error pages (pua-adware.rules) * 1:13341 <-> DISABLED <-> PUA-ADWARE Hijacker search4top outbound connection - popup ads (pua-adware.rules) * 1:13342 <-> DISABLED <-> PUA-TOOLBARS Hijacker ditto toolbar runtime detection (pua-toolbars.rules) * 1:13343 <-> DISABLED <-> PUA-ADWARE Adware 2005-search loader runtime detection (pua-adware.rules) * 1:13344 <-> DISABLED <-> PUA-ADWARE Adware yourprivacyguard runtime detection - presale request (pua-adware.rules) * 1:13345 <-> DISABLED <-> PUA-ADWARE Adware yourprivacyguard runtime detection - update (pua-adware.rules) * 1:13346 <-> ENABLED <-> PUA-ADWARE Snoopware remote desktop inspector outbound connection - init connection (pua-adware.rules) * 1:13347 <-> DISABLED <-> PUA-ADWARE Snoopware remote desktop inspector runtime detection - init connection (pua-adware.rules) * 1:13357 <-> DISABLED <-> SERVER-MYSQL failed Oracle Mysql login attempt (server-mysql.rules) * 1:13358 <-> DISABLED <-> SERVER-MYSQL Oracle Mysql login attempt from unauthorized location (server-mysql.rules) * 1:13359 <-> DISABLED <-> APP-DETECT failed IMAP login attempt - invalid username/password (app-detect.rules) * 1:13360 <-> DISABLED <-> APP-DETECT failed FTP login attempt (app-detect.rules) * 1:13367 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss GetPrinterData attempt (netbios.rules) * 1:13415 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules) * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules) * 1:13471 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher invalid pathname overwrite attempt (file-office.rules) * 1:13477 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.collectEmailInfo exploit attempt - compressed (file-pdf.rules) * 1:13478 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.collectEmailInfo exploit attempt (file-pdf.rules) * 1:13479 <-> ENABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules) * 1:13480 <-> DISABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules) * 1:13481 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - hijacks search engine (pua-toolbars.rules) * 1:13482 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - discloses information (pua-toolbars.rules) * 1:13483 <-> ENABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules) * 1:13484 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules) * 1:13485 <-> DISABLED <-> PUA-TOOLBARS Hijacker sofa toolbar runtime detection - hijacks search engine (pua-toolbars.rules) * 1:13486 <-> DISABLED <-> PUA-TOOLBARS Hijacker sofa toolbar runtime detection - records search information (pua-toolbars.rules) * 1:13487 <-> DISABLED <-> PUA-ADWARE Adware elite protector runtime detection (pua-adware.rules) * 1:13488 <-> DISABLED <-> PUA-TOOLBARS Hijacker people pal toolbar runtime detection - automatic upgrade (pua-toolbars.rules) * 1:13489 <-> DISABLED <-> PUA-TOOLBARS Hijacker people pal toolbar runtime detection - traffic for searching (pua-toolbars.rules) * 1:13490 <-> DISABLED <-> PUA-ADWARE Adware spy shredder 2.1 runtime detection - presale request (pua-adware.rules) * 1:13491 <-> DISABLED <-> PUA-ADWARE Adware spy shredder 2.1 runtime detection - update (pua-adware.rules) * 1:13492 <-> DISABLED <-> PUA-TOOLBARS Hijacker deepdo toolbar runtime detection - redirects search engine (pua-toolbars.rules) * 1:13493 <-> DISABLED <-> PUA-TOOLBARS Hijacker deepdo toolbar runtime detection - automatic update (pua-toolbars.rules) * 1:13494 <-> DISABLED <-> MALWARE-OTHER Keylogger smart pc Keylogger runtime detection (malware-other.rules) * 1:13495 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - initial traffic 1 (pua-toolbars.rules) * 1:13496 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - initial traffic 2 (pua-toolbars.rules) * 1:13497 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - tracking traffic (pua-toolbars.rules) * 1:13498 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - search traffic 1 (pua-adware.rules) * 1:13499 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - search traffic 2 (pua-adware.rules) * 1:13500 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - log information (pua-adware.rules) * 1:13501 <-> DISABLED <-> PUA-ADWARE Adware contravirus runtime detection - presale request (pua-adware.rules) * 1:13502 <-> DISABLED <-> PUA-ADWARE Adware contravirus runtime detection - update (pua-adware.rules) * 1:13503 <-> DISABLED <-> PUA-TOOLBARS Hijacker dealio toolbar runtime detection user-agent detected (pua-toolbars.rules) * 1:13504 <-> DISABLED <-> PUA-ADWARE Adware iedefender runtime detection - presale request (pua-adware.rules) * 1:13505 <-> DISABLED <-> PUA-ADWARE Adware iedefender runtime detection - update (pua-adware.rules) * 1:13506 <-> ENABLED <-> MALWARE-BACKDOOR evilotus 1.3.2 runtime detection - init connection (malware-backdoor.rules) * 1:13515 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules) * 1:13556 <-> DISABLED <-> PUA-ADWARE Hijacker kword interkey outbound connection - search traffic 1 (pua-adware.rules) * 1:13557 <-> DISABLED <-> PUA-ADWARE Hijacker kword interkey outbound connection - search traffic 2 (pua-adware.rules) * 1:13558 <-> DISABLED <-> PUA-ADWARE Hijacker kword interkey outbound connection - log user info (pua-adware.rules) * 1:13559 <-> DISABLED <-> PUA-TOOLBARS Hijacker kompass toolbar runtime detection - initial connection (pua-toolbars.rules) * 1:13560 <-> DISABLED <-> PUA-TOOLBARS Hijacker kompass toolbar runtime detection - search traffic (pua-toolbars.rules) * 1:13561 <-> DISABLED <-> PUA-ADWARE Adware malware alarm runtime detection - presale request (pua-adware.rules) * 1:13562 <-> DISABLED <-> PUA-ADWARE Adware malware alarm runtime detection - update request (pua-adware.rules) * 1:13563 <-> DISABLED <-> PUA-ADWARE Adware system doctor runtime detection - presale request (pua-adware.rules) * 1:13564 <-> DISABLED <-> PUA-ADWARE Adware system doctor runtime detection - update status (pua-adware.rules) * 1:13565 <-> DISABLED <-> PUA-ADWARE Trickler iecodec outbound connection - initial traffic (pua-adware.rules) * 1:13566 <-> DISABLED <-> PUA-ADWARE Trickler iecodec outbound connection - message dialog (pua-adware.rules) * 1:13567 <-> DISABLED <-> MALWARE-OTHER Keylogger msn spy monitor runtime detection (malware-other.rules) * 1:13568 <-> DISABLED <-> MALWARE-OTHER Keylogger sys keylog 1.3 advanced runtime detection (malware-other.rules) * 1:13586 <-> DISABLED <-> APP-DETECT SSH server detected on non-standard port (app-detect.rules) * 1:13589 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via header request misplaced - after terminating newline (protocol-voip.rules) * 1:13590 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules) * 1:13594 <-> DISABLED <-> OS-WINDOWS Microsoft Windows print spooler little endian DoS attempt (os-windows.rules) * 1:13613 <-> DISABLED <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt (os-solaris.rules) * 1:13614 <-> DISABLED <-> SERVER-OTHER CVS Argument overflow attempt (server-other.rules) * 1:13615 <-> DISABLED <-> SERVER-OTHER CVS Argument overflow attempt (server-other.rules) * 1:13616 <-> DISABLED <-> SERVER-OTHER CVS Argument overflow (server-other.rules) * 1:13617 <-> DISABLED <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt (server-oracle.rules) * 1:13618 <-> DISABLED <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt (server-oracle.rules) * 1:13620 <-> DISABLED <-> SERVER-OTHER CA Brightstor discovery service alternate buffer overflow attempt (server-other.rules) * 1:13632 <-> DISABLED <-> SERVER-OTHER Zango adware installation request (server-other.rules) * 1:13635 <-> DISABLED <-> PUA-ADWARE Trickler downloader trojan.gen outbound connection - get malicious link (pua-adware.rules) * 1:13636 <-> DISABLED <-> PUA-ADWARE Trickler downloader trojan.gen outbound connection - download malicious link (pua-adware.rules) * 1:13637 <-> DISABLED <-> PUA-ADWARE Adware virus heat runtime detection - presale request (pua-adware.rules) * 1:13639 <-> DISABLED <-> PUA-TOOLBARS Hijacker locmag toolbar runtime detection - connection to toolbar (pua-toolbars.rules) * 1:13640 <-> DISABLED <-> PUA-TOOLBARS Hijacker locmag toolbar runtime detection - hijacks address bar (pua-toolbars.rules) * 1:13641 <-> DISABLED <-> PUA-TOOLBARS Hijacker eclickz toolbar runtime detection - search traffic (pua-toolbars.rules) * 1:13642 <-> DISABLED <-> MALWARE-OTHER Keylogger easy Keylogger runtime detection (malware-other.rules) * 1:13643 <-> DISABLED <-> PUA-TOOLBARS Hijacker zztoolbar runtime detection - toolbar traffic (pua-toolbars.rules) * 1:13644 <-> DISABLED <-> PUA-TOOLBARS Hijacker zztoolbar runtime detection - search traffic (pua-toolbars.rules) * 1:13645 <-> DISABLED <-> PUA-TOOLBARS Hijacker mxs toolbar runtime detection (pua-toolbars.rules) * 1:13646 <-> DISABLED <-> PUA-ADWARE Adware registry defender runtime detection - presale request (pua-adware.rules) * 1:13647 <-> DISABLED <-> PUA-ADWARE Adware registry defender runtime detection - error report request (pua-adware.rules) * 1:13648 <-> DISABLED <-> PUA-ADWARE Hijacker mysearch bar 2.0.2.28 runtime detection (pua-adware.rules) * 1:13649 <-> DISABLED <-> PUA-ADWARE Adware spyware stop runtime detection - presale request (pua-adware.rules) * 1:13650 <-> DISABLED <-> PUA-ADWARE Adware spyware stop runtime detection - auto updates (pua-adware.rules) * 1:13651 <-> DISABLED <-> MALWARE-OTHER Keylogger family cyber alert runtime detection - smtp traffic for recorded activities (malware-other.rules) * 1:13652 <-> DISABLED <-> PUA-ADWARE Keylogger all in one Keylogger runtime detection (pua-adware.rules) * 1:13653 <-> DISABLED <-> PUA-ADWARE Adware cashfiesta adbar runtime detection - updates traffic (pua-adware.rules) * 1:13694 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long get request exploit attempt (server-other.rules) * 1:13695 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long setup request exploit attempt (server-other.rules) * 1:13697 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation - alternate port (policy-other.rules) * 1:13698 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation - second alternate port (policy-other.rules) * 1:13719 <-> DISABLED <-> SERVER-ORACLE database username buffer overflow (server-oracle.rules) * 1:13762 <-> DISABLED <-> PUA-ADWARE Adware system defender runtime detection (pua-adware.rules) * 1:13764 <-> DISABLED <-> PUA-ADWARE Snoopware xpress remote outbound connection - init connection (pua-adware.rules) * 1:13765 <-> DISABLED <-> PUA-ADWARE Adware winxdefender runtime detection - presale request (pua-adware.rules) * 1:13766 <-> DISABLED <-> PUA-ADWARE Adware winxdefender runtime detection - auto update (pua-adware.rules) * 1:13767 <-> ENABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules) * 1:13768 <-> DISABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules) * 1:13769 <-> DISABLED <-> PUA-TOOLBARS Hijacker searchnine toolbar runtime detection - hijacks address bar (pua-toolbars.rules) * 1:13770 <-> DISABLED <-> PUA-TOOLBARS Hijacker searchnine toolbar runtime detection - redirects search function (pua-toolbars.rules) * 1:13771 <-> DISABLED <-> PUA-TOOLBARS Hijacker music of faith toolbar runtime detection - hijacks search engine traffic #1 (pua-toolbars.rules) * 1:13772 <-> DISABLED <-> PUA-TOOLBARS Hijacker music of faith toolbar runtime detection - hijacks search engine traffic #2 (pua-toolbars.rules) * 1:13774 <-> DISABLED <-> PUA-ADWARE Trickler trojan ecodec outbound connection - initial server connection #1 (pua-adware.rules) * 1:13775 <-> DISABLED <-> PUA-ADWARE Trickler trojan ecodec outbound connection - initial server connection #2 (pua-adware.rules) * 1:13776 <-> DISABLED <-> MALWARE-OTHER Trackware syscleaner runtime detection - presale traffic (malware-other.rules) * 1:13778 <-> DISABLED <-> MALWARE-OTHER Keylogger kgb employee monitor runtime detection (malware-other.rules) * 1:13779 <-> DISABLED <-> PUA-TOOLBARS Trackware proofile toolbar runtime detection (pua-toolbars.rules) * 1:13780 <-> DISABLED <-> PUA-TOOLBARS Hijacker find.fm toolbar runtime detection - automatic updates (pua-toolbars.rules) * 1:13781 <-> DISABLED <-> PUA-TOOLBARS Hijacker find.fm toolbar runtime detection - hijacks address bar (pua-toolbars.rules) * 1:13791 <-> DISABLED <-> INDICATOR-OBFUSCATION oversized cast statement - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:13797 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules) * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules) * 1:13808 <-> DISABLED <-> PUA-ADWARE Adware ie antivirus runtime detection - presale request (pua-adware.rules) * 1:13809 <-> DISABLED <-> PUA-ADWARE Adware ie antivirus runtime detection - update request (pua-adware.rules) * 1:13810 <-> DISABLED <-> PUA-ADWARE Trickler Adware.Win32.Ejik runtime detection - udp payload (pua-adware.rules) * 1:13811 <-> DISABLED <-> PUA-ADWARE Adware xp antivirus runtime detection (pua-adware.rules) * 1:13812 <-> DISABLED <-> MALWARE-OTHER Keylogger refog Keylogger runtime detection (malware-other.rules) * 1:13813 <-> DISABLED <-> PUA-ADWARE Trickler mm.exe outbound connection (pua-adware.rules) * 1:13840 <-> DISABLED <-> SERVER-OTHER Borland Interbase service attach operation buffer overflow (server-other.rules) * 1:13841 <-> DISABLED <-> SERVER-OTHER Borland Interbase create operation buffer overflow (server-other.rules) * 1:13842 <-> DISABLED <-> SERVER-OTHER Borland Interbase operation buffer overflow (server-other.rules) * 1:13844 <-> DISABLED <-> SERVER-MAIL BDAT size longer than contents exploit attempt (server-mail.rules) * 1:13845 <-> DISABLED <-> SERVER-MAIL BDAT size public exploit attempt (server-mail.rules) * 1:13847 <-> DISABLED <-> PUA-ADWARE Adware phoenician casino runtime detection (pua-adware.rules) * 1:13848 <-> DISABLED <-> PUA-ADWARE Trickler zwinky runtime detection (pua-adware.rules) * 1:13849 <-> DISABLED <-> PUA-ADWARE Hijacker rcse 4.4 outbound connection - hijack ie browser (pua-adware.rules) * 1:13850 <-> DISABLED <-> PUA-ADWARE Adware roogoo 2.0 runtime detection - popup ads (pua-adware.rules) * 1:13851 <-> DISABLED <-> PUA-ADWARE Adware roogoo 2.0 runtime detection - upgrade (pua-adware.rules) * 1:13852 <-> DISABLED <-> PUA-ADWARE Hijacker bitroll 5.0 outbound connection (pua-adware.rules) * 1:13853 <-> DISABLED <-> PUA-TOOLBARS Hijacker alot toolbar runtime detection - weather request (pua-toolbars.rules) * 1:13854 <-> DISABLED <-> PUA-TOOLBARS Hijacker alot toolbar runtime detection - auto update (pua-toolbars.rules) * 1:13861 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client avatar control (policy-social.rules) * 1:13862 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client item information download (policy-social.rules) * 1:13863 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client successful login (policy-social.rules) * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Dr. Watson error reporting attempt (policy-other.rules) * 1:13866 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker-fc.gen.a runtime detection - popup ads (malware-other.rules) * 1:13867 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker-fc.gen.a runtime detection (malware-other.rules) * 1:13868 <-> DISABLED <-> PUA-ADWARE Adware antispywaremaster runtime detection - start fake scanning (pua-adware.rules) * 1:13869 <-> DISABLED <-> PUA-ADWARE Adware antispywaremaster runtime detection - sale/register request (pua-adware.rules) * 1:13870 <-> DISABLED <-> PUA-ADWARE Adware coopen 5.0.0.87 runtime detection - init conn (pua-adware.rules) * 1:13871 <-> DISABLED <-> PUA-ADWARE Adware coopen 5.0.0.87 runtime detection - ads (pua-adware.rules) * 1:13872 <-> DISABLED <-> PUA-ADWARE Trickler fushion 1.2.4.17 outbound connection - notice (pua-adware.rules) * 1:13873 <-> DISABLED <-> PUA-ADWARE Trickler fushion 1.2.4.17 outbound connection - underground traffic (pua-adware.rules) * 1:13874 <-> DISABLED <-> PUA-ADWARE Adware malware destructor 4.5 runtime detection - order request (pua-adware.rules) * 1:13875 <-> DISABLED <-> PUA-ADWARE Adware malware destructor 4.5 runtime detection - auto update (pua-adware.rules) * 1:13898 <-> ENABLED <-> APP-DETECT Apple iTunes client request for server info (app-detect.rules) * 1:13899 <-> DISABLED <-> APP-DETECT Apple iTunes client login attempt (app-detect.rules) * 1:13900 <-> DISABLED <-> APP-DETECT Apple iTunes server multicast DNS response (app-detect.rules) * 1:13915 <-> ENABLED <-> FILE-IDENTIFY BAK file download request (file-identify.rules) * 1:13923 <-> DISABLED <-> SERVER-MAIL MailEnable SMTP HELO command denial of service attempt (server-mail.rules) * 1:13930 <-> DISABLED <-> PUA-ADWARE Trickler pc privacy cleaner outbound connection - order/register request (pua-adware.rules) * 1:13933 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - ads (malware-other.rules) * 1:13937 <-> DISABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant runtime detection - call home (pua-adware.rules) * 1:13938 <-> ENABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant outbound connection (pua-adware.rules) * 1:13939 <-> DISABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant runtime detection - auto update (pua-adware.rules) * 1:13940 <-> DISABLED <-> PUA-ADWARE Hijacker win32.bho.bgf outbound connection (pua-adware.rules) * 1:13943 <-> ENABLED <-> PUA-ADWARE Trickler dropper agent.rqg outbound connection (pua-adware.rules) * 1:13970 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules) * 1:13979 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Event System Subscription VBScript access (os-windows.rules) * 1:13983 <-> ENABLED <-> FILE-IDENTIFY EPS file download request (file-identify.rules) * 1:13987 <-> DISABLED <-> INDICATOR-OBFUSCATION oversized convert statement - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:13988 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to ascii function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:13989 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to char function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:13991 <-> DISABLED <-> SQL xp_regaddmultistring attempt (sql.rules) * 1:13992 <-> DISABLED <-> SQL xp_regdeletevalue attempt (sql.rules) * 1:13993 <-> DISABLED <-> SQL xp_regenumkeys attempt (sql.rules) * 1:13994 <-> DISABLED <-> SQL xp_regenumvalues attempt (sql.rules) * 1:13995 <-> DISABLED <-> SQL xp_regremovemultistring attempt (sql.rules) * 1:13996 <-> DISABLED <-> SQL xp_servicecontrol attempt (sql.rules) * 1:13997 <-> DISABLED <-> SQL xp_loginconfig attempt (sql.rules) * 1:13998 <-> DISABLED <-> SQL xp_terminate_process attempt (sql.rules) * 1:14008 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to concat function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules) * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules) * 1:14019 <-> DISABLED <-> FILE-MULTIMEDIA CyberLink PowerDVD playlist file handling stack overflow attempt (file-multimedia.rules) * 1:14020 <-> DISABLED <-> FILE-MULTIMEDIA CyberLink PowerDVD playlist file handling stack overflow attempt (file-multimedia.rules) * 1:14054 <-> DISABLED <-> PUA-ADWARE Adware AdwareALERT runtime detection - auto update (pua-adware.rules) * 1:14055 <-> DISABLED <-> PUA-TOOLBARS Hijacker rediff toolbar runtime detection - hijack ie auto search (pua-toolbars.rules) * 1:14056 <-> DISABLED <-> PUA-TOOLBARS Hijacker rediff toolbar runtime detection - get news info (pua-toolbars.rules) * 1:14058 <-> DISABLED <-> PUA-ADWARE Hijacker cpush 2 outbound connection - pass info to controlling server (pua-adware.rules) * 1:14061 <-> DISABLED <-> PUA-ADWARE Trickler antimalware guard runtime detection - order/register request (pua-adware.rules) * 1:14062 <-> DISABLED <-> PUA-ADWARE Trickler antimalware guard runtime detection - auto update (pua-adware.rules) * 1:14063 <-> DISABLED <-> PUA-ADWARE Hijacker cashon outbound connection - hijack ie searches (pua-adware.rules) * 1:14064 <-> DISABLED <-> PUA-ADWARE Hijacker cashon outbound connection - auto update (pua-adware.rules) * 1:14065 <-> DISABLED <-> MALWARE-OTHER Keylogger emptybase j runtime detection (malware-other.rules) * 1:14066 <-> DISABLED <-> PUA-ADWARE Adware winsecuredisc runtime detection (pua-adware.rules) * 1:14067 <-> DISABLED <-> PUA-ADWARE Adware swizzor runtime detection (pua-adware.rules) * 1:14068 <-> DISABLED <-> PUA-ADWARE Adware rond runtime detection (pua-adware.rules) * 1:14069 <-> DISABLED <-> PUA-ADWARE Adware brave sentry runtime detection - order request (pua-adware.rules) * 1:14070 <-> DISABLED <-> PUA-ADWARE Adware brave sentry runtime detection - self update (pua-adware.rules) * 1:14071 <-> DISABLED <-> PUA-ADWARE Hijacker Adware bho.gen runtime detection - pop-up window traffic #1 (pua-adware.rules) * 1:14072 <-> DISABLED <-> PUA-ADWARE Hijacker Adware bho.gen runtime detection - pop-up window traffic #2 (pua-adware.rules) * 1:14073 <-> DISABLED <-> PUA-ADWARE Hijacker Adware bho.gen runtime detection - prompt download page (pua-adware.rules) * 1:14074 <-> DISABLED <-> MALWARE-OTHER Keylogger spybosspro 4.2 runtime detection (malware-other.rules) * 1:14075 <-> DISABLED <-> MALWARE-OTHER Keylogger ultimate Keylogger pro runtime detection (malware-other.rules) * 1:14076 <-> DISABLED <-> PUA-ADWARE Hijacker Adware win32 mostofate runtime detection - hijack search (pua-adware.rules) * 1:14077 <-> DISABLED <-> PUA-ADWARE Hijacker Adware win32 mostofate runtime detection - redirect search results (pua-adware.rules) * 1:14078 <-> DISABLED <-> PUA-ADWARE Adware winspywareprotect runtime detection - download malicous code (pua-adware.rules) * 1:14079 <-> DISABLED <-> PUA-ADWARE Adware winspywareprotect runtime detection - connection to malicious sites (pua-adware.rules) * 1:14080 <-> DISABLED <-> PUA-ADWARE Adware winspywareprotect runtime detection - connection to malicious server (pua-adware.rules) * 1:14264 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (file-identify.rules) * 1:14265 <-> DISABLED <-> PROTOCOL-SCADA Multiple Schneider Electric SCADA products buffer overflow attempt (protocol-scada.rules) * 1:14600 <-> DISABLED <-> SERVER-OTHER SAP Message Server Heap buffer overflow attempt (server-other.rules) * 1:14602 <-> DISABLED <-> SERVER-OTHER Borland Interbase open_marker_file overflow attempt (server-other.rules) * 1:14608 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt (protocol-voip.rules) * 1:14609 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt (protocol-voip.rules) * 1:14615 <-> DISABLED <-> SERVER-OTHER Oracle Java web console format string attempt (server-other.rules) * 1:14741 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Foundation Service NULL service authentication attempt (server-other.rules) * 1:14777 <-> DISABLED <-> PROTOCOL-DNS single byte encoded name response (protocol-dns.rules) * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules) * 1:15071 <-> DISABLED <-> PROTOCOL-SCADA Modbus exception returned (protocol-scada.rules) * 1:15074 <-> DISABLED <-> PROTOCOL-SCADA Modbus user-defined function code - 65 to 72 (protocol-scada.rules) * 1:15075 <-> DISABLED <-> PROTOCOL-SCADA Modbus user-defined function code - 100 to 110 (protocol-scada.rules) * 1:15076 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple coils - too many outputs (protocol-scada.rules) * 1:15077 <-> DISABLED <-> PROTOCOL-SCADA Modbus read multiple coils - too many inputs (protocol-scada.rules) * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules) * 1:15083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file double free attempt (file-office.rules) * 1:15115 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt (os-windows.rules) * 1:15127 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (os-windows.rules) * 1:15128 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (os-windows.rules) * 1:15129 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (os-windows.rules) * 1:15130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (os-windows.rules) * 1:15131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function andx attempt (os-windows.rules) * 1:15132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function attempt (os-windows.rules) * 1:15133 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode andx attempt (os-windows.rules) * 1:15134 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode attempt (os-windows.rules) * 1:15135 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (os-windows.rules) * 1:15136 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (os-windows.rules) * 1:15137 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (os-windows.rules) * 1:15138 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (os-windows.rules) * 1:15139 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function andx attempt (os-windows.rules) * 1:15140 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function attempt (os-windows.rules) * 1:15141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode andx attempt (os-windows.rules) * 1:15142 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode attempt (os-windows.rules) * 1:15144 <-> DISABLED <-> SERVER-MSSQL sp_replwritetovarbin vulnerable function attempt (server-mssql.rules) * 1:15150 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server login Authentication bypass attempt (pua-other.rules) * 1:15151 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server logout Authentication bypass attempt (pua-other.rules) * 1:15152 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server setup-index Authentication bypass attempt (pua-other.rules) * 1:15154 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server gif Authentication bypass attempt (pua-other.rules) * 1:15155 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server png Authentication bypass attempt (pua-other.rules) * 1:15156 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server serverdown Authentication bypass attempt (pua-other.rules) * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules) * 1:15167 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cn dns query (indicator-compromise.rules) * 1:15168 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .ru dns query (indicator-compromise.rules) * 1:15169 <-> DISABLED <-> POLICY-SOCIAL XBOX Live Kerberos authentication request (policy-social.rules) * 1:15170 <-> DISABLED <-> POLICY-SOCIAL XBOX Netflix client activity (policy-social.rules) * 1:15171 <-> DISABLED <-> POLICY-SOCIAL XBOX Marketplace http request (policy-social.rules) * 1:15172 <-> DISABLED <-> POLICY-SOCIAL XBOX avatar retrieval request (policy-social.rules) * 1:15183 <-> DISABLED <-> POLICY-SOCIAL Yahoo messenger http link transmission attempt (policy-social.rules) * 1:15184 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN messenger http link transmission attempt (policy-social.rules) * 1:15185 <-> DISABLED <-> APP-DETECT Nintendo Wii SSL Server Hello (app-detect.rules) * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules) * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15259 <-> DISABLED <-> PROTOCOL-DNS DNS root query traffic amplification attempt (protocol-dns.rules) * 1:15260 <-> DISABLED <-> PROTOCOL-DNS DNS root query response traffic amplification attempt (protocol-dns.rules) * 1:15292 <-> DISABLED <-> POLICY-SOCIAL QQ protocol detected - version 2006 (policy-social.rules) * 1:15293 <-> DISABLED <-> POLICY-SOCIAL QQ protocol detected - version 2008 (policy-social.rules) * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules) * 1:15319 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules) * 1:15320 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules) * 1:15321 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules) * 1:15322 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules) * 1:15323 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules) * 1:15324 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules) * 1:15325 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules) * 1:15326 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules) * 1:15361 <-> ENABLED <-> FILE-PDF pdf file sent via email (file-pdf.rules) * 1:15363 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential obfuscated javascript eval unescape attack attempt (indicator-obfuscation.rules) * 1:15385 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules) * 1:15389 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area write attempt (protocol-scada.rules) * 1:15390 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area fill attempt (protocol-scada.rules) * 1:15391 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area transfer attempt (protocol-scada.rules) * 1:15392 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS parameter area write attempt (protocol-scada.rules) * 1:15393 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS parameter area clear attempt (protocol-scada.rules) * 1:15394 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect attempt (protocol-scada.rules) * 1:15395 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect clear attempt (protocol-scada.rules) * 1:15396 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area write attempt (protocol-scada.rules) * 1:15397 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area clear attempt (protocol-scada.rules) * 1:15398 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS RUN attempt (protocol-scada.rules) * 1:15399 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS STOP attempt (protocol-scada.rules) * 1:15400 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS clock write attempt (protocol-scada.rules) * 1:15401 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS access right acquire attempt (protocol-scada.rules) * 1:15402 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS access right forced acquire attempt (protocol-scada.rules) * 1:15403 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS single file write attempt (protocol-scada.rules) * 1:15404 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS file delete attempt (protocol-scada.rules) * 1:15405 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS forced set/reset attempt (protocol-scada.rules) * 1:15406 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS forced set/reset cancel attempt (protocol-scada.rules) * 1:15407 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS file memory write attempt (protocol-scada.rules) * 1:15408 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS data link table write attempt (protocol-scada.rules) * 1:15409 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS RESET attempt (protocol-scada.rules) * 1:15410 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS name delete attempt (protocol-scada.rules) * 1:15411 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory card format attempt (protocol-scada.rules) * 1:15412 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area write overflow attempt (protocol-scada.rules) * 1:15413 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area fill overflow attempt (protocol-scada.rules) * 1:15414 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect clear brute force attempt (protocol-scada.rules) * 1:15415 <-> DISABLED <-> CONTENT-REPLACE AIM or ICQ deny unencrypted login connection (content-replace.rules) * 1:15416 <-> DISABLED <-> CONTENT-REPLACE ICQ deny http proxy login (content-replace.rules) * 1:15417 <-> DISABLED <-> CONTENT-REPLACE AIM deny server certificate for encrypted login (content-replace.rules) * 1:15418 <-> DISABLED <-> POLICY-SOCIAL AIM server certificate for encrypted login (policy-social.rules) * 1:15420 <-> DISABLED <-> CONTENT-REPLACE MSN deny login (content-replace.rules) * 1:15426 <-> ENABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules) * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules) * 1:15429 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny outbound login attempt (content-replace.rules) * 1:15435 <-> DISABLED <-> SERVER-OTHER IBM Director CIM server consumer name handling denial of service attempt (server-other.rules) * 1:15438 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny udp login (content-replace.rules) * 1:15439 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:15440 <-> DISABLED <-> CONTENT-REPLACE QQ 2008 deny udp login (content-replace.rules) * 1:15441 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:15442 <-> DISABLED <-> SERVER-MYSQL XML Functions ExtractValue Scalar XPath denial of service attempt (server-mysql.rules) * 1:15444 <-> ENABLED <-> FILE-IDENTIFY Core Audio Format file download request (file-identify.rules) * 1:15448 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrShareEnum null policy handle attempt (netbios.rules) * 1:15456 <-> DISABLED <-> SERVER-OTHER WinHTTP SSL/TLS impersonation attempt (server-other.rules) * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15470 <-> DISABLED <-> FILE-EXECUTABLE IIS ASP/ASP.NET potentially malicious file upload attempt (file-executable.rules) * 1:15475 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ISA Server cross-site scripting attempt (os-windows.rules) * 1:15476 <-> DISABLED <-> PUA-ADWARE Waledac spam bot HTTP POST request (pua-adware.rules) * 1:15480 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie record invalid version number exploit attempt (file-multimedia.rules) * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:15487 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime SMIL qtnext redirect file execution attempt (file-multimedia.rules) * 1:15501 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint ParaBuildAtom memory corruption attempt (file-office.rules) * 1:15502 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint DiagramBuildContainer memory corruption attempt (file-office.rules) * 1:15512 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:15513 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules) * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules) * 1:15522 <-> DISABLED <-> SERVER-OTHER Active Directory invalid OID denial of service attempt (server-other.rules) * 1:15528 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DCERPC NCACN-IP-TCP spoolss RpcSetPrinterDataEx attempt (os-windows.rules) * 1:15560 <-> DISABLED <-> POLICY-SOCIAL Yahoo Messenger web client activity (policy-social.rules) * 1:15561 <-> DISABLED <-> POLICY-SOCIAL AOL Aimexpress web client login (policy-social.rules) * 1:15562 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt (file-pdf.rules) * 1:15566 <-> DISABLED <-> PUA-ADWARE Gumblar HTTP GET request attempt (pua-adware.rules) * 1:15567 <-> DISABLED <-> PUA-ADWARE Martuz HTTP GET request attempt (pua-adware.rules) * 1:15568 <-> DISABLED <-> POLICY-SOCIAL AIM encrypted login attempt (policy-social.rules) * 1:15569 <-> DISABLED <-> POLICY-SOCIAL Yahoo encrypted login attempt (policy-social.rules) * 1:15570 <-> DISABLED <-> CONTENT-REPLACE Google Talk deny login (content-replace.rules) * 1:15572 <-> DISABLED <-> SERVER-OTHER Curse of Silence Nokia SMS DoS attempt (server-other.rules) * 1:15574 <-> DISABLED <-> SERVER-MAIL MAIL FROM command overflow attempt (server-mail.rules) * 1:15576 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web client login (policy-social.rules) * 1:15577 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web client activity (policy-social.rules) * 1:15578 <-> DISABLED <-> MALWARE-TOOLS Slowloris http DoS tool (malware-tools.rules) * 1:15579 <-> DISABLED <-> SERVER-OTHER Squid NTLM fakeauth_auth Helper denial of service attempt (server-other.rules) * 1:15581 <-> DISABLED <-> SERVER-SAMBA Samba wildcard filename matching denial of service attempt (server-samba.rules) * 1:15582 <-> ENABLED <-> FILE-IDENTIFY ARJ format file download request (file-identify.rules) * 1:15583 <-> DISABLED <-> FILE-OTHER F-Secure AntiVirus library heap overflow attempt (file-other.rules) * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:15680 <-> DISABLED <-> OS-WINDOWS Microsoft DirectShow QuickTime file atom size parsing heap corruption attempt (os-windows.rules) * 1:15683 <-> DISABLED <-> SERVER-OTHER ISA Server OTP-based Forms-authorization fallback policy bypass attempt (server-other.rules) * 1:15699 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3.5 unicode stack overflow attempt (browser-firefox.rules) * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules) * 1:15713 <-> DISABLED <-> PROTOCOL-SCADA DNP3 device trouble (protocol-scada.rules) * 1:15714 <-> DISABLED <-> PROTOCOL-SCADA DNP3 corrupt configuration (protocol-scada.rules) * 1:15715 <-> DISABLED <-> PROTOCOL-SCADA DNP3 event buffer overflow error (protocol-scada.rules) * 1:15716 <-> DISABLED <-> PROTOCOL-SCADA DNP3 parameter error (protocol-scada.rules) * 1:15717 <-> DISABLED <-> PROTOCOL-SCADA DNP3 unknown object error (protocol-scada.rules) * 1:15718 <-> DISABLED <-> PROTOCOL-SCADA DNP3 unsupported function code error (protocol-scada.rules) * 1:15719 <-> DISABLED <-> PROTOCOL-SCADA DNP3 link service not supported (protocol-scada.rules) * 1:15728 <-> DISABLED <-> FILE-PDF Possible Adobe Acrobat Reader ActionScript byte_array heap spray attempt (file-pdf.rules) * 1:15729 <-> DISABLED <-> FILE-FLASH Possible Adobe Flash Player ActionScript byte_array heap spray attempt (file-flash.rules) * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules) * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules) * 1:15873 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox location spoofing attempt via invalid window.open characters (browser-firefox.rules) * 1:15882 <-> DISABLED <-> SERVER-OTHER McAfee E-Business Server remote preauth code execution attempt (server-other.rules) * 1:15883 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x01 command buffer overflow attempt (server-other.rules) * 1:15884 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x02 command buffer overflow attempt (server-other.rules) * 1:15885 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x03 command buffer overflow attempt (server-other.rules) * 1:15886 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x04 command buffer overflow attempt (server-other.rules) * 1:15887 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x05 command buffer overflow attempt (server-other.rules) * 1:15888 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x31 command buffer overflow attempt (server-other.rules) * 1:15889 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x32 command buffer overflow attempt (server-other.rules) * 1:15890 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x33 command buffer overflow attempt (server-other.rules) * 1:15891 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x34 command buffer overflow attempt (server-other.rules) * 1:15892 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x53 command denial of service attempt (server-other.rules) * 1:15893 <-> DISABLED <-> FILE-OTHER fCreateShellLink function use - potential attack (file-other.rules) * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules) * 1:15903 <-> DISABLED <-> INDICATOR-SHELLCODE x86 PoC CVE-2003-0605 (indicator-shellcode.rules) * 1:15913 <-> DISABLED <-> OS-WINDOWS Microsoft Windows javascript arguments keyword override rce attempt (os-windows.rules) * 1:15921 <-> ENABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules) * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:15932 <-> DISABLED <-> PROTOCOL-FTP LIST globbing denial of service attack (protocol-ftp.rules) * 1:15934 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 172.16/12 address detected (protocol-dns.rules) * 1:15935 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 192.168/16 address detected (protocol-dns.rules) * 1:15936 <-> DISABLED <-> SERVER-MAIL Sendmail identd command parsing vulnerability (server-mail.rules) * 1:15937 <-> DISABLED <-> SERVER-OTHER protos h323 buffer overflow (server-other.rules) * 1:15939 <-> DISABLED <-> SERVER-OTHER MSN Messenger IRC bot calling home attempt (server-other.rules) * 1:15945 <-> ENABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules) * 1:15963 <-> DISABLED <-> OS-LINUX Red Hat Enterprise Linux DNS resolver buffer overflow attempt (os-linux.rules) * 1:15964 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange OWA XSS and spoofing attempt (server-mail.rules) * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules) * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules) * 1:15967 <-> DISABLED <-> SERVER-OTHER ICQ SRV_MULTI/SRV_META_USER overflow attempt (server-other.rules) * 1:15969 <-> DISABLED <-> SERVER-OTHER Symantec Multiple Products ISAKMPd denial of service attempt (server-other.rules) * 1:15970 <-> DISABLED <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt (server-other.rules) * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules) * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules) * 1:15979 <-> DISABLED <-> SERVER-OTHER Check Point VPN-1 ASN.1 Decoding heap overflow attempt (server-other.rules) * 1:15980 <-> DISABLED <-> SERVER-APACHE Apache mod_ssl hook functions format string attempt (server-apache.rules) * 1:15981 <-> DISABLED <-> FILE-OTHER zlib Denial of Service (file-other.rules) * 1:15983 <-> DISABLED <-> SERVER-SAMBA Samba arbitrary file access exploit attempt (server-samba.rules) * 1:15984 <-> DISABLED <-> SERVER-SAMBA Samba Printer Change Notification Request DoS attempt (server-samba.rules) * 1:15985 <-> DISABLED <-> OS-WINDOWS Microsoft ASP.NET canonicalization exploit attempt (os-windows.rules) * 1:15986 <-> DISABLED <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt (server-samba.rules) * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules) * 1:15988 <-> DISABLED <-> OS-WINDOWS Microsoft ISA Server DNS spoofing attempt (os-windows.rules) * 1:15989 <-> DISABLED <-> SERVER-OTHER Squid ASN.1 header parsing denial of service attempt (server-other.rules) * 1:15996 <-> DISABLED <-> OS-WINDOWS Microsoft Negotiate SSP buffer overflow attempt (os-windows.rules) * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules) * 1:16025 <-> DISABLED <-> SERVER-MAIL MailEnable SMTP service SPF lookup buffer overflow attempt (server-mail.rules) * 1:16038 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Thunderbird WYSIWYG engine filtering IFRAME JavaScript execution attempt (browser-firefox.rules) * 1:16040 <-> DISABLED <-> SERVER-OTHER SpamAssassin spamd vpopmail and paranoid options code execution attempt (server-other.rules) * 1:16044 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox CSS Letter-Spacing overflow attempt (browser-firefox.rules) * 1:16051 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 conversion library code execution attempt (file-office.rules) * 1:16053 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules) * 1:16057 <-> DISABLED <-> SERVER-MAIL Sendmail smtp timeout buffer overflow attempt (server-mail.rules) * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules) * 1:16062 <-> DISABLED <-> FILE-OTHER ACD Systems ACDSee Products XPM values section buffer overflow attempt (file-other.rules) * 1:16076 <-> DISABLED <-> SERVER-OTHER Tripwire format string vulnerability nfs exploit attempt (server-other.rules) * 1:16077 <-> DISABLED <-> SERVER-OTHER Tripwire format string vulnerability ftp exploit attempt (server-other.rules) * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules) * 1:16092 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.delf.jwh runtime detection (malware-backdoor.rules) * 1:16114 <-> DISABLED <-> PUA-TOOLBARS Hijacker cramtoolbar runtime detection - hijack (pua-toolbars.rules) * 1:16115 <-> DISABLED <-> PUA-TOOLBARS Hijacker cramtoolbar runtime detection - search (pua-toolbars.rules) * 1:16116 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - pass user info to remote server (malware-other.rules) * 1:16117 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - ads (malware-other.rules) * 1:16118 <-> DISABLED <-> PUA-ADWARE Adware winreanimator runtime detection - register request (pua-adware.rules) * 1:16119 <-> DISABLED <-> PUA-ADWARE Adware winreanimator runtime detection - daily update (pua-adware.rules) * 1:16120 <-> DISABLED <-> PUA-TOOLBARS Trackware 6sq toolbar runtime detection (pua-toolbars.rules) * 1:16121 <-> DISABLED <-> PUA-ADWARE Hijacker weatherstudio outbound connection (pua-adware.rules) * 1:16122 <-> DISABLED <-> PUA-ADWARE rogue antivirus xp 2008 runtime detection - buy (pua-adware.rules) * 1:16123 <-> DISABLED <-> PUA-ADWARE rogue antivirus xp 2008 runtime detection - update (pua-adware.rules) * 1:16125 <-> DISABLED <-> MALWARE-OTHER Keylogger spyyahoo v2.2 runtime detection (malware-other.rules) * 1:16126 <-> DISABLED <-> PUA-ADWARE Trickler virusremover 2008 outbound connection (pua-adware.rules) * 1:16127 <-> DISABLED <-> PUA-ADWARE Adware superiorads runtime detection (pua-adware.rules) * 1:16129 <-> DISABLED <-> MALWARE-OTHER Keylogger kamyab Keylogger v.3 runtime detection (malware-other.rules) * 1:16130 <-> DISABLED <-> MALWARE-OTHER Keylogger lord spy pro 1.4 runtime detection (malware-other.rules) * 1:16131 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker trojan zlob.dnz runtime detection - ads (malware-other.rules) * 1:16132 <-> DISABLED <-> MALWARE-OTHER Trackware owlforce runtime detection - remote server #1 (malware-other.rules) * 1:16133 <-> DISABLED <-> MALWARE-OTHER Trackware owlforce runtime detection - remote server #2 (malware-other.rules) * 1:16134 <-> DISABLED <-> PUA-ADWARE Adware spyware guard 2008 runtime detection - contacts remote server (pua-adware.rules) * 1:16135 <-> DISABLED <-> PUA-ADWARE Adware spyware guard 2008 runtime detection - purchase page (pua-adware.rules) * 1:16136 <-> DISABLED <-> PUA-ADWARE Hijacker xp antispyware 2009 runtime detection - pre-sale webpage (pua-adware.rules) * 1:16137 <-> DISABLED <-> MALWARE-OTHER Keylogger cheat monitor runtime detection (malware-other.rules) * 1:16138 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool 0desa msn pass stealer 8.5 runtime detection (malware-tools.rules) * 1:16141 <-> DISABLED <-> SERVER-OTHER Kaspersky Online Scanner trojaned Dll download attempt (server-other.rules) * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:16153 <-> DISABLED <-> FILE-IMAGE Microsoft Windows malformed WMF meta escape record memory corruption attempt (file-image.rules) * 1:16154 <-> DISABLED <-> FILE-EXECUTABLE GDI+ .NET image property parsing memory corruption (file-executable.rules) * 1:16156 <-> DISABLED <-> FILE-MULTIMEDIA Windows Media Player ASF marker object memory corruption attempt (file-multimedia.rules) * 1:16157 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed ASF voice codec memory corruption attempt (os-windows.rules) * 1:16158 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Runtime malformed ASF codec memory corruption attempt (os-windows.rules) * 1:16167 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSASS integer wrap denial of service attempt (os-windows.rules) * 1:16168 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 integer overflow denial of service attempt (os-windows.rules) * 1:16173 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D progressive mesh continuation pointer overwrite attempt (file-pdf.rules) * 1:16174 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D progressive mesh continuation off by one index attempt (file-pdf.rules) * 1:16175 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.removeStateModel denial of service attempt (file-pdf.rules) * 1:16176 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.addStateModel remote corruption attempt (file-pdf.rules) * 1:16177 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word GDI+ Office Art Property Table remote code execution attempt (file-office.rules) * 1:16178 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel GDI+ Office Art Property Table remote code execution attempt (file-office.rules) * 1:16179 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET MSIL CLR interface multiple instantiation attempt (file-executable.rules) * 1:16181 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI ASN.1 integer overflow attempt (os-windows.rules) * 1:16182 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET MSIL stack corruption attempt (file-executable.rules) * 1:16183 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows .NET MSIL CombineImpl suspicious usage attempt (file-executable.rules) * 1:16184 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:16185 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ compressed TIFF file parsing remote code execution attempt (os-windows.rules) * 1:16186 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ interlaced PNG file parsing heap overflow attempt (file-image.rules) * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules) * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:16220 <-> DISABLED <-> FILE-OTHER Adobe Shockwave director file malformed lcsr block memory corruption attempt (file-other.rules) * 1:16223 <-> DISABLED <-> FILE-OTHER Adobe Shockwave tSAC pointer overwrite attempt (file-other.rules) * 1:16224 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes invalid tref box exploit attempt (file-multimedia.rules) * 1:16225 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Flash arbitrary memory access attempt (file-other.rules) * 1:16226 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel integer field in row record improper validation remote code execution attempt (file-office.rules) * 1:16227 <-> DISABLED <-> SERVER-OTHER Web Service on Devices API WSDAPI URL processing buffer corruption attempt (server-other.rules) * 1:16228 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed StartObject record arbitrary code execution attempt (file-office.rules) * 1:16229 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel oversized ib memory corruption attempt (file-office.rules) * 1:16233 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel oversized ptgFuncVar cparams value buffer overflow attempt (file-office.rules) * 1:16234 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules) * 1:16235 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SXDB record exploit attempt (file-office.rules) * 1:16236 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SxView record exploit attempt (file-office.rules) * 1:16237 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory NTDSA stack space exhaustion attempt (server-other.rules) * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules) * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules) * 1:16240 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file Window/Pane record exploit attempt (file-office.rules) * 1:16241 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FeatHdr BIFF record remote code execution attempt (file-office.rules) * 1:16244 <-> DISABLED <-> PUA-ADWARE rogue software xp police antivirus runtime detection - purchase (pua-adware.rules) * 1:16245 <-> DISABLED <-> PUA-ADWARE rogue software xp police antivirus install-timedetection (pua-adware.rules) * 1:16246 <-> DISABLED <-> PUA-ADWARE rogue software spyware protect 2009 outbound connection - purchase request (pua-adware.rules) * 1:16247 <-> DISABLED <-> PUA-ADWARE rogue software spyware protect 2009 outbound connection - block (pua-adware.rules) * 1:16248 <-> DISABLED <-> PUA-ADWARE rogue software ms antispyware 2009 runtime detection - start (pua-adware.rules) * 1:16249 <-> DISABLED <-> PUA-ADWARE rogue software ms antispyware 2009 runtime detection - pay (pua-adware.rules) * 1:16250 <-> DISABLED <-> PUA-ADWARE rogue software win pc defender outbound connection (pua-adware.rules) * 1:16251 <-> DISABLED <-> PUA-ADWARE rogue software win pc defender outbound connection (pua-adware.rules) * 1:16252 <-> DISABLED <-> PUA-ADWARE rogue software pro antispyware 2009 runtime detection - purchase (pua-adware.rules) * 1:16253 <-> DISABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules) * 1:16254 <-> ENABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules) * 1:16255 <-> DISABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules) * 1:16256 <-> DISABLED <-> PUA-ADWARE rogue software coreguard antivirus 2009 runtime detection (pua-adware.rules) * 1:16257 <-> DISABLED <-> PUA-ADWARE rogue software perfect defender 2009 outbound connection - update (pua-adware.rules) * 1:16258 <-> DISABLED <-> PUA-ADWARE rogue software perfect defender 2009 outbound connection - purchase (pua-adware.rules) * 1:16259 <-> DISABLED <-> PUA-ADWARE rogue software antivirusdoktor2009 runtime detection (pua-adware.rules) * 1:16260 <-> DISABLED <-> PUA-ADWARE rogue software xp antivirus protection runtime detection - installation (pua-adware.rules) * 1:16261 <-> DISABLED <-> PUA-ADWARE rogue software xp antivirus protection runtime detection - runtime (pua-adware.rules) * 1:16262 <-> DISABLED <-> PUA-ADWARE rogue software xp-shield outbound connection (pua-adware.rules) * 1:16263 <-> DISABLED <-> PUA-ADWARE rogue software xp-shield outbound connection - installation (pua-adware.rules) * 1:16264 <-> DISABLED <-> PUA-ADWARE rogue software 007 anti-spyware runtime detection - update (pua-adware.rules) * 1:16265 <-> DISABLED <-> PUA-ADWARE rogue software 007 anti-spyware runtime detection - register (pua-adware.rules) * 1:16266 <-> DISABLED <-> PUA-ADWARE rogue software pc antispyware 2010 runtime detection - buy (pua-adware.rules) * 1:16267 <-> DISABLED <-> PUA-ADWARE rogue software pc antispyware 2010 runtime detection - files (pua-adware.rules) * 1:16276 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl outbound connection (pua-adware.rules) * 1:16277 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl outbound connection - downloads malicious files (pua-adware.rules) * 1:16278 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl installime detection - updates remote server (pua-adware.rules) * 1:16279 <-> DISABLED <-> PUA-ADWARE rogue-software windows antivirus 2008 runtime detection - pre-sale page (pua-adware.rules) * 1:16280 <-> DISABLED <-> PUA-ADWARE rogue-software windows antivirus 2008 runtime detection - registration and payment page (pua-adware.rules) * 1:16281 <-> DISABLED <-> PUA-P2P BitTorrent scrape request (pua-p2p.rules) * 1:16282 <-> DISABLED <-> PUA-P2P Bittorrent uTP peer request (pua-p2p.rules) * 1:16285 <-> DISABLED <-> PROTOCOL-RPC AIX ttdbserv function 15 buffer overflow attempt (protocol-rpc.rules) * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules) * 1:16287 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt (os-windows.rules) * 1:16290 <-> DISABLED <-> SERVER-ORACLE Oracle database server CREATE_TABLES SQL injection attempt (server-oracle.rules) * 1:16293 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Flash memory corruption attempt (file-other.rules) * 1:16294 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP stack zero window size exploit attempt (os-windows.rules) * 1:16309 <-> DISABLED <-> SERVER-ORACLE auth_sesskey buffer overflow attempt (server-oracle.rules) * 1:16312 <-> DISABLED <-> SERVER-IIS ADFS custom header arbitrary code execution attempt (server-iis.rules) * 1:16313 <-> DISABLED <-> FILE-EXECUTABLE download of executable content (file-executable.rules) * 1:16314 <-> DISABLED <-> FILE-OFFICE Microsoft Windows WordPad and Office text converter integer overflow attempt (file-office.rules) * 1:16315 <-> DISABLED <-> FILE-FLASH Adobe Flash PlugIn check if file exists attempt (file-flash.rules) * 1:16316 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed getPropertyLate actioncode attempt (file-flash.rules) * 1:16320 <-> DISABLED <-> FILE-IMAGE Adobe PNG empty sPLT exploit attempt (file-image.rules) * 1:16321 <-> DISABLED <-> FILE-IMAGE Adobe tiff oversized image length attempt (file-image.rules) * 1:16322 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader oversized object width attempt (file-pdf.rules) * 1:16323 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2k uninitialized QCC memory corruption attempt (file-pdf.rules) * 1:16324 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader doc.export arbitrary file write attempt (file-pdf.rules) * 1:16325 <-> DISABLED <-> FILE-PDF Adobe JPEG2k uninitialized QCC memory corruption attempt (file-pdf.rules) * 1:16327 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ TIFF RLE compressed data buffer overflow attempt (os-windows.rules) * 1:16328 <-> DISABLED <-> FILE-OFFICE Microsoft Office Project file parsing arbitrary memory access attempt (file-office.rules) * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt (server-other.rules) * 1:16335 <-> DISABLED <-> FILE-PDF XPDF ObjectStream integer overflow (file-pdf.rules) * 1:16336 <-> DISABLED <-> FILE-PDF Blackberry Server PDF JBIG2 numnewsyms remote code execution attempt (file-pdf.rules) * 1:16337 <-> DISABLED <-> FILE-FLASH Adobe Flash Player directory traversal attempt (file-flash.rules) * 1:16345 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file HostList processing stack buffer overflow attempt (file-other.rules) * 1:16346 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file InformixServerList processing stack buffer overflow attempt (file-other.rules) * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:16348 <-> DISABLED <-> SERVER-MYSQL database PROCEDURE ANALYSE denial of service attempt - 1 (server-mysql.rules) * 1:16349 <-> DISABLED <-> SERVER-MYSQL database Procedure Analyse denial of service attempt - 2 (server-mysql.rules) * 1:16350 <-> DISABLED <-> SERVER-OTHER ntp mode 7 denial of service attempt (server-other.rules) * 1:16354 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader start-of-file alternate header obfuscation (file-pdf.rules) * 1:16355 <-> DISABLED <-> FILE-PDF Xpdf Splash DrawImage integer overflow attempt (file-pdf.rules) * 1:16356 <-> DISABLED <-> SERVER-IIS multiple extension code execution attempt (server-iis.rules) * 1:16357 <-> DISABLED <-> PROTOCOL-FTP multiple extension code execution attempt (protocol-ftp.rules) * 1:16361 <-> DISABLED <-> FILE-OFFICE Microsoft Office BMP header biClrUsed integer overflow attempt (file-office.rules) * 1:16363 <-> DISABLED <-> FILE-EXECUTABLE potentially executable file upload via FTP (file-executable.rules) * 1:16365 <-> DISABLED <-> PUA-ADWARE OnlineGames download attempt (pua-adware.rules) * 1:16366 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded OpenType font engine LZX decompression buffer overflow attempt (os-windows.rules) * 1:16374 <-> DISABLED <-> SERVER-OTHER Oracle Internet Directory heap corruption attempt (server-other.rules) * 1:16381 <-> ENABLED <-> NETBIOS SMB session negotiation request (netbios.rules) * 1:16385 <-> DISABLED <-> SERVER-MYSQL yaSSL library cert parsing stack overflow attempt (server-mysql.rules) * 1:16390 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader alternate file magic obfuscation (file-pdf.rules) * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16410 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint file LinkedSlide10Atom record parsing heap corruption attempt (file-office.rules) * 1:16434 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.51-v0.61 packed file magic detected (file-identify.rules) * 1:16436 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v2.90 v2.93-v3.00 packed file magic detected (file-identify.rules) * 1:16437 <-> DISABLED <-> SERVER-OTHER CVS Entry line flag remote heap overflow attempt (server-other.rules) * 1:16443 <-> DISABLED <-> POLICY-SOCIAL deny Gmail chat DNS request (policy-social.rules) * 1:16454 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt - empty SMB 2 (os-windows.rules) * 1:16455 <-> DISABLED <-> MALWARE-OTHER Keylogger egyspy keylogger 1.13 runtime detection (malware-other.rules) * 1:16456 <-> DISABLED <-> PUA-ADWARE Rogue-Software ang antivirus 09 runtime detection (pua-adware.rules) * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules) * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:16476 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (file-identify.rules) * 1:16477 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (file-identify.rules) * 1:16478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (file-identify.rules) * 1:16479 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer exploit attempt - public shell code (server-apache.rules) * 1:16480 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer exploit attempt (server-apache.rules) * 1:16486 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - command execution attempt (malware-backdoor.rules) * 1:16487 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - yes command attempt (malware-backdoor.rules) * 1:16488 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - write file attempt (malware-backdoor.rules) * 1:16494 <-> DISABLED <-> PUA-ADWARE Cutwail spambot server communication attempt (pua-adware.rules) * 1:16498 <-> DISABLED <-> PUA-ADWARE PC Antispyware 2010 FakeAV download/update attempt (pua-adware.rules) * 1:16513 <-> DISABLED <-> SQL Jive Software Openfire Jabber Server SQL injection attempt (sql.rules) * 1:16525 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web login attempt (policy-social.rules) * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16535 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio improper attribute code execution attempt (file-office.rules) * 1:16536 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio off-by-one in array index code execution attempt (file-office.rules) * 1:16538 <-> ENABLED <-> NETBIOS NT QUERY SECURITY DESC flowbit (netbios.rules) * 1:16539 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 BytesNeeded ring0 buffer overflow attempt (os-windows.rules) * 1:16546 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader/Acrobat Pro CFF font parsing heap overflow attempt (file-pdf.rules) * 1:16550 <-> DISABLED <-> FILE-OTHER Oracle JRE Java Platform SE and Java Deployment Toolkit plugins code execution attempt - java-deployment-toolkit (file-other.rules) * 1:16552 <-> DISABLED <-> FILE-IDENTIFY Adobe .pfb file download request (file-identify.rules) * 1:16553 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ptg index parsing code execution attempt (file-office.rules) * 1:16556 <-> ENABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm get request attempt (file-other.rules) * 1:16557 <-> DISABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm inbound communication attempt (file-other.rules) * 1:16562 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 2 (file-image.rules) * 1:16563 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 3 (file-image.rules) * 1:16564 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 4 (file-image.rules) * 1:16577 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 compound request DoS attempt (os-windows.rules) * 1:16579 <-> DISABLED <-> PUA-OTHER mIRC IRC URL buffer overflow attempt (pua-other.rules) * 1:16582 <-> DISABLED <-> FILE-OTHER Un4seen Developments XMPlay crafted ASX file buffer overflow attempt (file-other.rules) * 1:16586 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules) * 1:16592 <-> DISABLED <-> BROWSER-OTHER Opera asynchronous document modifications attempted memory corruption (browser-other.rules) * 1:16594 <-> ENABLED <-> PROTOCOL-POP STAT command (protocol-pop.rules) * 1:16598 <-> DISABLED <-> SERVER-OTHER Green Dam URL handling overflow attempt (server-other.rules) * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules) * 1:16611 <-> DISABLED <-> SERVER-APACHE Apache 413 error HTTP request method cross-site scripting attack (server-apache.rules) * 1:16612 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox oversized SOCKS5 DNS reply memory corruption attempt (browser-firefox.rules) * 1:16613 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - cmd (indicator-compromise.rules) * 1:16614 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - search (indicator-compromise.rules) * 1:16615 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - upload (indicator-compromise.rules) * 1:16616 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - about (indicator-compromise.rules) * 1:16617 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - encoder (indicator-compromise.rules) * 1:16618 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - bind (indicator-compromise.rules) * 1:16619 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ps_aux (indicator-compromise.rules) * 1:16620 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ftpquickbrute (indicator-compromise.rules) * 1:16621 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - security (indicator-compromise.rules) * 1:16622 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - sql (indicator-compromise.rules) * 1:16623 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - eval (indicator-compromise.rules) * 1:16624 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - feedback (indicator-compromise.rules) * 1:16625 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - selfremove (indicator-compromise.rules) * 1:16626 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - fsbuff (indicator-compromise.rules) * 1:16627 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ls (indicator-compromise.rules) * 1:16628 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - phpinfo (indicator-compromise.rules) * 1:16630 <-> ENABLED <-> FILE-IDENTIFY DAT file download request (file-identify.rules) * 1:16655 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lbl record stack overflow attempt (file-office.rules) * 1:16680 <-> DISABLED <-> APP-DETECT Tandberg VCS SSH default key (app-detect.rules) * 1:16686 <-> DISABLED <-> SERVER-OTHER IBM WebSphere application server cross site scripting attempt (server-other.rules) * 1:16689 <-> DISABLED <-> SERVER-OTHER Palo Alto Networks Firewall editUser.esp XSS attempt (server-other.rules) * 1:16691 <-> ENABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules) * 1:16696 <-> DISABLED <-> FILE-OTHER Astonsoft Deepburner db file path buffer overflow attempt (file-other.rules) * 1:16697 <-> DISABLED <-> PROTOCOL-FTP httpdx USER null byte denial of service (protocol-ftp.rules) * 1:16698 <-> DISABLED <-> PROTOCOL-FTP httpdx PASS null byte denial of service (protocol-ftp.rules) * 1:16707 <-> DISABLED <-> SERVER-MYSQL mysql_log COM_CREATE_DB format string vulnerability exploit attempt (server-mysql.rules) * 1:16708 <-> DISABLED <-> SERVER-MYSQL mysql_log COM_DROP_DB format string vulnerability exploit attempt (server-mysql.rules) * 1:16718 <-> DISABLED <-> PUA-OTHER Skype URI handler input validation exploit attempt (pua-other.rules) * 1:16726 <-> DISABLED <-> FILE-OTHER gAlan malformed file stack overflow attempt (file-other.rules) * 1:16727 <-> DISABLED <-> FILE-OTHER IDEAL Administration IPJ file handling stack overflow attempt (file-other.rules) * 1:16730 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules) * 1:16731 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules) * 1:16732 <-> DISABLED <-> FILE-OTHER SafeNet SoftRemote multiple policy file local overflow attempt (file-other.rules) * 1:16733 <-> DISABLED <-> FILE-OTHER UltraISO CCD file handling overflow attempt (file-other.rules) * 1:16734 <-> DISABLED <-> FILE-OTHER multiple products malformed CUE file buffer overflow attempt (file-other.rules) * 1:16735 <-> DISABLED <-> FILE-OTHER URSoft W32Dasm Import/Export function buffer overflow attempt (file-other.rules) * 1:16736 <-> DISABLED <-> FILE-OTHER VariCAD multiple products DWB file handling overflow attempt (file-other.rules) * 1:16737 <-> DISABLED <-> FILE-MULTIMEDIA Xenorate Media Player XPL file handling overflow attempt - 1 (file-multimedia.rules) * 1:16738 <-> DISABLED <-> FILE-MULTIMEDIA Xenorate Media Player XPL file handling overflow attempt - 2 (file-multimedia.rules) * 1:16739 <-> DISABLED <-> FILE-MULTIMEDIA Multiple audio players playlist file handling heap overflow attempt (file-multimedia.rules) * 1:16742 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file download request (file-identify.rules) * 1:16743 <-> DISABLED <-> FILE-OTHER Cain & Abel Remote Desktop Protocol file handling buffer overflow attempt (file-other.rules) * 1:16744 <-> DISABLED <-> FILE-MULTIMEDIA Worldweaver DX Studio Player plug-in command injection attempt (file-multimedia.rules) * 1:16787 <-> DISABLED <-> FILE-OTHER Symantec multiple products AeXNSConsoleUtilities RunCMD buffer overflow attempt (file-other.rules) * 1:16795 <-> DISABLED <-> BROWSER-CHROME Google Chrome FTP handling out-of-bounds array index denial of service attempt (browser-chrome.rules) * 1:16799 <-> DISABLED <-> SERVER-MAIL Eureka Mail 2.2q server error response overflow attempt (server-mail.rules) * 1:16801 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll remote memory corruption denial of service attempt (file-pdf.rules) * 1:16934 <-> DISABLED <-> POLICY-SPAM pku-edp.cn known spam email attempt (policy-spam.rules) * 1:16935 <-> DISABLED <-> POLICY-SPAM sjtu-edp.cn known spam email attempt (policy-spam.rules) * 1:16936 <-> DISABLED <-> POLICY-SPAM xoposuhop.cn xoposuhop.cn known spam email attempt (policy-spam.rules) * 1:16937 <-> DISABLED <-> POLICY-SPAM bestdrug-store.com known spam email attempt (policy-spam.rules) * 1:16938 <-> DISABLED <-> POLICY-SPAM pharmrik66y.ru known spam email attempt (policy-spam.rules) * 1:16939 <-> DISABLED <-> POLICY-SPAM refillleonardo59y.ru known spam email attempt (policy-spam.rules) * 1:16940 <-> DISABLED <-> POLICY-SPAM medfreddie55a.ru known spam email attempt (policy-spam.rules) * 1:16941 <-> DISABLED <-> POLICY-SPAM drugshershel38w.ru known spam email attempt (policy-spam.rules) * 1:16942 <-> DISABLED <-> POLICY-SPAM drugshayyim77n.ru known spam email attempt (policy-spam.rules) * 1:16943 <-> DISABLED <-> POLICY-SPAM erectguthry99c.ru known spam email attempt (policy-spam.rules) * 1:16944 <-> DISABLED <-> POLICY-SPAM pilldory92n.ru known spam email attempt (policy-spam.rules) * 1:16945 <-> DISABLED <-> POLICY-SPAM tabwinn77t.ru known spam email attempt (policy-spam.rules) * 1:16946 <-> DISABLED <-> POLICY-SPAM pillrenault15j.ru known spam email attempt (policy-spam.rules) * 1:16947 <-> DISABLED <-> POLICY-SPAM pharmrolland95h.ru known spam email attempt (policy-spam.rules) * 1:16948 <-> DISABLED <-> POLICY-SPAM onlineheindrick60i.ru known spam email attempt (policy-spam.rules) * 1:16949 <-> DISABLED <-> POLICY-SPAM erectnormie71a.ru known spam email attempt (policy-spam.rules) * 1:16950 <-> DISABLED <-> POLICY-SPAM tabscotti71i.ru known spam email attempt (policy-spam.rules) * 1:16951 <-> DISABLED <-> POLICY-SPAM drugsjudd45f.ru known spam email attempt (policy-spam.rules) * 1:16952 <-> DISABLED <-> POLICY-SPAM pharmharman55y.ru known spam email attempt (policy-spam.rules) * 1:16953 <-> DISABLED <-> POLICY-SPAM medgaultiero11e.ru known spam email attempt (policy-spam.rules) * 1:16954 <-> DISABLED <-> POLICY-SPAM pillgaylor21n.ru known spam email attempt (policy-spam.rules) * 1:16955 <-> DISABLED <-> POLICY-SPAM drugspenn84f.ru known spam email attempt (policy-spam.rules) * 1:16956 <-> DISABLED <-> POLICY-SPAM medebeneser68c.ru known spam email attempt (policy-spam.rules) * 1:16957 <-> DISABLED <-> POLICY-SPAM tabmario94r.ru known spam email attempt (policy-spam.rules) * 1:16958 <-> DISABLED <-> POLICY-SPAM tablennard88q.ru known spam email attempt (policy-spam.rules) * 1:16959 <-> DISABLED <-> POLICY-SPAM medforster79j.ru known spam email attempt (policy-spam.rules) * 1:16960 <-> DISABLED <-> POLICY-SPAM erectvincent21v.ru known spam email attempt (policy-spam.rules) * 1:16961 <-> DISABLED <-> POLICY-SPAM drugsdemott21o.ru known spam email attempt (policy-spam.rules) * 1:16962 <-> DISABLED <-> POLICY-SPAM onlinelovell30p.ru known spam email attempt (policy-spam.rules) * 1:16963 <-> DISABLED <-> POLICY-SPAM erecttaylor49i.ru known spam email attempt (policy-spam.rules) * 1:16964 <-> DISABLED <-> POLICY-SPAM smellexact.ru known spam email attempt (policy-spam.rules) * 1:16965 <-> DISABLED <-> POLICY-SPAM givehome.ru known spam email attempt (policy-spam.rules) * 1:16966 <-> DISABLED <-> POLICY-SPAM thingpath.ru known spam email attempt (policy-spam.rules) * 1:16967 <-> DISABLED <-> POLICY-SPAM wereif.ru known spam email attempt (policy-spam.rules) * 1:16968 <-> DISABLED <-> POLICY-SPAM bassmax.ru known spam email attempt (policy-spam.rules) * 1:16969 <-> DISABLED <-> POLICY-SPAM steadfig.ru known spam email attempt (policy-spam.rules) * 1:16970 <-> DISABLED <-> POLICY-SPAM drugsmayne5a.ru known spam email attempt (policy-spam.rules) * 1:16971 <-> DISABLED <-> POLICY-SPAM mystick.ru known spam email attempt (policy-spam.rules) * 1:16972 <-> DISABLED <-> POLICY-SPAM drugsrey95a.ru known spam email attempt (policy-spam.rules) * 1:16973 <-> DISABLED <-> POLICY-SPAM milklowly.ru known spam email attempt (policy-spam.rules) * 1:16974 <-> DISABLED <-> POLICY-SPAM numberenough.ru known spam email attempt (policy-spam.rules) * 1:16975 <-> DISABLED <-> POLICY-SPAM oldsheer.ru known spam email attempt (policy-spam.rules) * 1:16976 <-> DISABLED <-> POLICY-SPAM logzest.ru known spam email attempt (policy-spam.rules) * 1:16977 <-> DISABLED <-> POLICY-SPAM energypotent.ru known spam email attempt (policy-spam.rules) * 1:16978 <-> DISABLED <-> POLICY-SPAM outhave.ru known spam email attempt (policy-spam.rules) * 1:16979 <-> DISABLED <-> POLICY-SPAM solvecalm.ru known spam email attempt (policy-spam.rules) * 1:16980 <-> DISABLED <-> POLICY-SPAM stillvisit.ru known spam email attempt (policy-spam.rules) * 1:16981 <-> DISABLED <-> POLICY-SPAM livelycall.ru known spam email attempt (policy-spam.rules) * 1:16982 <-> DISABLED <-> POLICY-SPAM 64.com1.ru known spam email attempt (policy-spam.rules) * 1:16983 <-> DISABLED <-> POLICY-SPAM heatsettle.ru known spam email attempt (policy-spam.rules) * 1:16984 <-> DISABLED <-> POLICY-SPAM freshmuch.ru known spam email attempt (policy-spam.rules) * 1:16985 <-> DISABLED <-> POLICY-SPAM extoleye.ru known spam email attempt (policy-spam.rules) * 1:16987 <-> DISABLED <-> POLICY-SPAM tabemmerich86b.ru known spam email attempt (policy-spam.rules) * 1:16988 <-> DISABLED <-> POLICY-SPAM moderneight.ru known spam email attempt (policy-spam.rules) * 1:16989 <-> DISABLED <-> POLICY-SPAM tabferd49a.ru known spam email attempt (policy-spam.rules) * 1:16990 <-> DISABLED <-> POLICY-SPAM nextmail.ru known spam email attempt (policy-spam.rules) * 1:16991 <-> DISABLED <-> POLICY-SPAM fruitone.ru known spam email attempt (policy-spam.rules) * 1:16992 <-> DISABLED <-> POLICY-SPAM liquideat.ru known spam email attempt (policy-spam.rules) * 1:16993 <-> DISABLED <-> POLICY-SPAM tabwinn2a.ru known spam email attempt (policy-spam.rules) * 1:16994 <-> DISABLED <-> POLICY-SPAM abletool.ru known spam email attempt (policy-spam.rules) * 1:16995 <-> DISABLED <-> POLICY-SPAM miltyrefil.ru known spam email attempt (policy-spam.rules) * 1:16996 <-> DISABLED <-> POLICY-SPAM quincytab.ru known spam email attempt (policy-spam.rules) * 1:16997 <-> DISABLED <-> POLICY-SPAM giacoporx.ru known spam email attempt (policy-spam.rules) * 1:16998 <-> DISABLED <-> POLICY-SPAM drugsnevile.ru known spam email attempt (policy-spam.rules) * 1:16999 <-> DISABLED <-> POLICY-SPAM jasemed.ru known spam email attempt (policy-spam.rules) * 1:17000 <-> DISABLED <-> POLICY-SPAM ximenezdrug.ru known spam email attempt (policy-spam.rules) * 1:17001 <-> DISABLED <-> POLICY-SPAM dillonline.ru known spam email attempt (policy-spam.rules) * 1:17002 <-> DISABLED <-> POLICY-SPAM swellliquid.ru known spam email attempt (policy-spam.rules) * 1:17003 <-> DISABLED <-> POLICY-SPAM younglaugh.ru known spam email attempt (policy-spam.rules) * 1:17004 <-> DISABLED <-> POLICY-SPAM 2047757.kaskad-travel.ru known spam email attempt (policy-spam.rules) * 1:17005 <-> DISABLED <-> POLICY-SPAM paintwater.ru known spam email attempt (policy-spam.rules) * 1:17006 <-> DISABLED <-> POLICY-SPAM lovingover.ru known spam email attempt (policy-spam.rules) * 1:17007 <-> DISABLED <-> POLICY-SPAM pharmerastus.ru known spam email attempt (policy-spam.rules) * 1:17008 <-> DISABLED <-> POLICY-SPAM hisoffer.ru known spam email attempt (policy-spam.rules) * 1:17009 <-> DISABLED <-> POLICY-SPAM butleft.ru known spam email attempt (policy-spam.rules) * 1:17010 <-> DISABLED <-> POLICY-SPAM starknow.ru known spam email attempt (policy-spam.rules) * 1:17011 <-> DISABLED <-> POLICY-SPAM beginwisdom.ru known spam email attempt (policy-spam.rules) * 1:17012 <-> DISABLED <-> POLICY-SPAM oneus.ru known spam email attempt (policy-spam.rules) * 1:17013 <-> DISABLED <-> POLICY-SPAM reapcomfy.ru known spam email attempt (policy-spam.rules) * 1:17014 <-> DISABLED <-> POLICY-SPAM rowsay.ru known spam email attempt (policy-spam.rules) * 1:17015 <-> DISABLED <-> POLICY-SPAM pamperletter.ru known spam email attempt (policy-spam.rules) * 1:17016 <-> DISABLED <-> POLICY-SPAM boxdouble.ru known spam email attempt (policy-spam.rules) * 1:17017 <-> DISABLED <-> POLICY-SPAM beatmoon.ru known spam email attempt (policy-spam.rules) * 1:17018 <-> DISABLED <-> POLICY-SPAM ensureequate.ru known spam email attempt (policy-spam.rules) * 1:17020 <-> DISABLED <-> POLICY-SPAM sheerwheel.ru known spam email attempt (policy-spam.rules) * 1:17021 <-> DISABLED <-> POLICY-SPAM nearpass.ru known spam email attempt (policy-spam.rules) * 1:17022 <-> DISABLED <-> POLICY-SPAM thatmile.ru known spam email attempt (policy-spam.rules) * 1:17023 <-> DISABLED <-> POLICY-SPAM hillfoot.ru known spam email attempt (policy-spam.rules) * 1:17024 <-> DISABLED <-> POLICY-SPAM writeobject.ru known spam email attempt (policy-spam.rules) * 1:17025 <-> DISABLED <-> POLICY-SPAM thoughthese.ru known spam email attempt (policy-spam.rules) * 1:17026 <-> DISABLED <-> POLICY-SPAM redlead.ru known spam email attempt (policy-spam.rules) * 1:17027 <-> DISABLED <-> POLICY-SPAM scoreenjoy.ru known spam email attempt (policy-spam.rules) * 1:17029 <-> DISABLED <-> POLICY-SPAM tenderpower.ru known spam email attempt (policy-spam.rules) * 1:17030 <-> DISABLED <-> POLICY-SPAM fewvalley.ru known spam email attempt (policy-spam.rules) * 1:17031 <-> DISABLED <-> POLICY-SPAM burnshy.ru known spam email attempt (policy-spam.rules) * 1:17032 <-> DISABLED <-> POLICY-SPAM centtry.ru known spam email attempt (policy-spam.rules) * 1:17033 <-> DISABLED <-> POLICY-SPAM signpearl.ru known spam email attempt (policy-spam.rules) * 1:17041 <-> DISABLED <-> SERVER-OTHER ISA Server OTP-based Forms-authorization fallback policy bypass attempt (server-other.rules) * 1:17044 <-> ENABLED <-> SQL WinCC DB default password security bypass attempt (sql.rules) * 1:17059 <-> DISABLED <-> PROTOCOL-FTP Vermillion 1.31 vftpd port command memory corruption (protocol-ftp.rules) * 1:17104 <-> DISABLED <-> FILE-OTHER FeedDemon OPML file handling buffer overflow attempt (file-other.rules) * 1:17105 <-> DISABLED <-> FILE-OTHER FeedDemon unicode OPML file handling buffer overflow attempt (file-other.rules) * 1:17109 <-> DISABLED <-> SERVER-ORACLE Oracle Java Web Console logging functionality format string exploit attempt (server-oracle.rules) * 1:17110 <-> DISABLED <-> APP-DETECT VxWorks remote debugging agent login attempt (app-detect.rules) * 1:17112 <-> DISABLED <-> OS-WINDOWS DCERPC rpcss2 _RemoteGetClassObject attempt (os-windows.rules) * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules) * 1:17118 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET CreateDelegate method arbitrary code execution attempt (file-executable.rules) * 1:17125 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 MaxDataCount overflow attempt (os-windows.rules) * 1:17126 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB large session length with small packet (os-windows.rules) * 1:17141 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid data precision arbitrary code execution exploit attempt (file-flash.rules) * 1:17142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF ActionScript exploit attempt (file-flash.rules) * 1:17151 <-> ENABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (netbios.rules) * 1:17180 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM record exploit attempt (file-other.rules) * 1:17181 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM record exploit attempt (file-other.rules) * 1:17182 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC record exploit attempt (file-other.rules) * 1:17183 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC record exploit attempt (file-other.rules) * 1:17184 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC record exploit attempt (file-other.rules) * 1:17185 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17186 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17187 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17188 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17189 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17190 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:17192 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:17193 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:17196 <-> DISABLED <-> FILE-OTHER Adobe Director file exploit attempt (file-other.rules) * 1:17197 <-> DISABLED <-> FILE-OTHER Adobe Director file exploit attempt (file-other.rules) * 1:17198 <-> DISABLED <-> FILE-OTHER Adobe Director file exploit attempt (file-other.rules) * 1:17199 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director file lRTX overflow attempt (file-other.rules) * 1:17200 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM overflow attempt (file-other.rules) * 1:17201 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director file LsCM overflow attempt (file-other.rules) * 1:17203 <-> DISABLED <-> FILE-OTHER Adobe Director file file rcsL overflow attempt (file-other.rules) * 1:17204 <-> DISABLED <-> FILE-OTHER Adobe Director file mmap overflow attempt (file-other.rules) * 1:17216 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari TABLE tag with large CELLSPACING attribute exploit attempt (browser-webkit.rules) * 1:17217 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari invalid FRAME tag remote code execution attempt (browser-webkit.rules) * 1:17218 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari LI tag with large VALUE attribute exploit attempt (browser-webkit.rules) * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:17240 <-> DISABLED <-> SERVER-MAIL Multiple IMAP server literal CREATE command buffer overflow attempt (server-mail.rules) * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules) * 1:17249 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSASS integer overflow attempt (os-windows.rules) * 1:17257 <-> DISABLED <-> FILE-FLASH Adobe Flash Player and Reader remote code execution attempt (file-flash.rules) * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules) * 1:17267 <-> DISABLED <-> FILE-OTHER Multiple vendor malformed ZIP archive Antivirus detection bypass attempt (file-other.rules) * 1:17277 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (file-other.rules) * 1:17278 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (file-other.rules) * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules) * 1:17319 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MCAtom remote code execution attempt (file-office.rules) * 1:17320 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MCAtom remote code execution attempt (file-office.rules) * 1:17327 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules) * 1:17332 <-> ENABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules) * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules) * 1:17364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules) * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules) * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules) * 1:17396 <-> ENABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules) * 1:17417 <-> DISABLED <-> SERVER-ORACLE Database Intermedia Denial of Service Attempt (server-oracle.rules) * 1:17418 <-> ENABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules) * 1:17426 <-> ENABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules) * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules) * 1:17445 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:17503 <-> DISABLED <-> SERVER-MAIL MailEnable IMAP Service Invalid Command Buffer Overlow LOGIN (server-mail.rules) * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules) * 1:17537 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel unspecified memory corruption attempt (file-office.rules) * 1:17539 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel unspecified memory corruption attempt (file-office.rules) * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules) * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules) * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules) * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules) * 1:17667 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Pragmatic General Multicast Protocol memory consumption denial of service attempt (os-windows.rules) * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules) * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules) * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules) * 1:17745 <-> ENABLED <-> NETBIOS SMB TRANS2 Find_First2 request attempt (netbios.rules) * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules) * 1:17754 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word bookmark bound check remote code execution attempt (file-office.rules) * 1:17755 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unchecked index value remote code execution attempt (file-office.rules) * 1:17763 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel GhostRw record exploit attempt (file-office.rules) * 1:17773 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player Firefox plugin memory corruption attempt (file-multimedia.rules) * 1:17776 <-> DISABLED <-> FILE-JAVA Oracle Java HsbParser.getSoundBank stack buffer overflow attempt (file-java.rules) * 1:17782 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple registers from external source (protocol-scada.rules) * 1:17783 <-> DISABLED <-> PROTOCOL-SCADA Modbus write single register from external source (protocol-scada.rules) * 1:17784 <-> DISABLED <-> PROTOCOL-SCADA Modbus write single coil from external source (protocol-scada.rules) * 1:17785 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple coils from external source (protocol-scada.rules) * 1:17786 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record from external source (protocol-scada.rules) * 1:17787 <-> DISABLED <-> PROTOCOL-SCADA Modbus read discrete inputs from external source (protocol-scada.rules) * 1:17788 <-> DISABLED <-> PROTOCOL-SCADA Modbus read coils from external source (protocol-scada.rules) * 1:17789 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input register from external source (protocol-scada.rules) * 1:17790 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding registers from external source (protocol-scada.rules) * 1:17791 <-> DISABLED <-> PROTOCOL-SCADA Modbus read/write multiple registers from external source (protocol-scada.rules) * 1:17792 <-> DISABLED <-> PROTOCOL-SCADA Modbus read fifo queue from external source (protocol-scada.rules) * 1:17793 <-> DISABLED <-> PROTOCOL-SCADA Modbus read file record from external source (protocol-scada.rules) * 1:17794 <-> DISABLED <-> PROTOCOL-SCADA Modbus read exception status from external source (protocol-scada.rules) * 1:17795 <-> DISABLED <-> PROTOCOL-SCADA Modbus initiate diagnostic from external source (protocol-scada.rules) * 1:17796 <-> DISABLED <-> PROTOCOL-SCADA Modbus get com event counter from external source (protocol-scada.rules) * 1:17797 <-> DISABLED <-> PROTOCOL-SCADA Modbus get com event log from external source (protocol-scada.rules) * 1:17798 <-> DISABLED <-> PROTOCOL-SCADA Modbus report slave id from external source (protocol-scada.rules) * 1:17799 <-> DISABLED <-> PROTOCOL-SCADA Modbus read device identification from external source (protocol-scada.rules) * 1:17800 <-> DISABLED <-> PROTOCOL-SCADA Modbus mask write register from external source (protocol-scada.rules) * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules) * 1:17810 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of server32.exe (indicator-compromise.rules) * 1:17812 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of iexplore.exe (indicator-compromise.rules) * 1:17813 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of iprinp.dll (indicator-compromise.rules) * 1:17814 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of winzf32.dll (indicator-compromise.rules) * 1:17817 <-> DISABLED <-> SERVER-OTHER Thinkpoint fake antivirus binary download (server-other.rules) * 1:17918 <-> DISABLED <-> POLICY-SPAM aaof.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17919 <-> DISABLED <-> POLICY-SPAM akiq.onlinetommie54y.ru known spam email attempt (policy-spam.rules) * 1:17920 <-> DISABLED <-> POLICY-SPAM aobuii.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17921 <-> DISABLED <-> POLICY-SPAM argue.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:17922 <-> DISABLED <-> POLICY-SPAM ava.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17923 <-> DISABLED <-> POLICY-SPAM axoseb.medicdrugsxck.ru known spam email attempt (policy-spam.rules) * 1:17924 <-> DISABLED <-> POLICY-SPAM azo.onlinetommie54y.ru known spam email attempt (policy-spam.rules) * 1:17925 <-> DISABLED <-> POLICY-SPAM back.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:17926 <-> DISABLED <-> POLICY-SPAM by.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:17927 <-> DISABLED <-> POLICY-SPAM cardinals.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:17928 <-> DISABLED <-> POLICY-SPAM chemist.onlineruggiero33q.ru known spam email attempt (policy-spam.rules) * 1:17929 <-> DISABLED <-> POLICY-SPAM chula.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:17930 <-> DISABLED <-> POLICY-SPAM classification.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17931 <-> DISABLED <-> POLICY-SPAM compensate.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:17932 <-> DISABLED <-> POLICY-SPAM cswjlxey.ru known spam email attempt (policy-spam.rules) * 1:17933 <-> DISABLED <-> POLICY-SPAM current.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17934 <-> DISABLED <-> POLICY-SPAM cyacaz.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17935 <-> DISABLED <-> POLICY-SPAM deepcenter.ru known spam email attempt (policy-spam.rules) * 1:17936 <-> DISABLED <-> POLICY-SPAM delegate.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17937 <-> DISABLED <-> POLICY-SPAM diet.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:17938 <-> DISABLED <-> POLICY-SPAM direct.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17939 <-> DISABLED <-> POLICY-SPAM divyo.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:17940 <-> DISABLED <-> POLICY-SPAM drugsgeorge65g.ru known spam email attempt (policy-spam.rules) * 1:17941 <-> DISABLED <-> POLICY-SPAM dux.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17942 <-> DISABLED <-> POLICY-SPAM dypoh.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:17943 <-> DISABLED <-> POLICY-SPAM eaihar.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17944 <-> DISABLED <-> POLICY-SPAM eeez.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:17945 <-> DISABLED <-> POLICY-SPAM egi.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17946 <-> DISABLED <-> POLICY-SPAM ehyw.cumedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:17947 <-> DISABLED <-> POLICY-SPAM eka.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:17948 <-> DISABLED <-> POLICY-SPAM election.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17949 <-> DISABLED <-> POLICY-SPAM elik.drugslevy46b.ru known spam email attempt (policy-spam.rules) * 1:17950 <-> DISABLED <-> POLICY-SPAM epeno.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17951 <-> DISABLED <-> POLICY-SPAM erectgodart30s.ru known spam email attempt (policy-spam.rules) * 1:17952 <-> DISABLED <-> POLICY-SPAM erol.camedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:17953 <-> DISABLED <-> POLICY-SPAM exa.drugslevy46b.ru known spam email attempt (policy-spam.rules) * 1:17954 <-> DISABLED <-> POLICY-SPAM eyu.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:17955 <-> DISABLED <-> POLICY-SPAM fashionchannel.ru known spam email attempt (policy-spam.rules) * 1:17956 <-> DISABLED <-> POLICY-SPAM fauxy.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:17957 <-> DISABLED <-> POLICY-SPAM food.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17958 <-> DISABLED <-> POLICY-SPAM generality.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:17959 <-> DISABLED <-> POLICY-SPAM goyry.ramedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:17960 <-> DISABLED <-> POLICY-SPAM gueepa.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17961 <-> DISABLED <-> POLICY-SPAM has.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17962 <-> DISABLED <-> POLICY-SPAM have.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:17963 <-> DISABLED <-> POLICY-SPAM headtest.ru known spam email attempt (policy-spam.rules) * 1:17964 <-> DISABLED <-> POLICY-SPAM huhuh.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17965 <-> DISABLED <-> POLICY-SPAM hyem.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17966 <-> DISABLED <-> POLICY-SPAM icysa.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17967 <-> DISABLED <-> POLICY-SPAM iiy.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17968 <-> DISABLED <-> POLICY-SPAM iki.onlinetommie54y.ru known spam email attempt (policy-spam.rules) * 1:17969 <-> DISABLED <-> POLICY-SPAM iner.medicdrugsxdl.ru known spam email attempt (policy-spam.rules) * 1:17970 <-> DISABLED <-> POLICY-SPAM in.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:17971 <-> DISABLED <-> POLICY-SPAM intelpost.ru known spam email attempt (policy-spam.rules) * 1:17972 <-> DISABLED <-> POLICY-SPAM inunuw.medicdrugsxpo.ru known spam email attempt (policy-spam.rules) * 1:17973 <-> DISABLED <-> POLICY-SPAM ipiig.drugslevy46b.ru known spam email attempt (policy-spam.rules) * 1:17974 <-> DISABLED <-> POLICY-SPAM iqor.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17975 <-> DISABLED <-> POLICY-SPAM is.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:17976 <-> DISABLED <-> POLICY-SPAM itaca.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17977 <-> DISABLED <-> POLICY-SPAM ive.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17978 <-> DISABLED <-> POLICY-SPAM iweqyz.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:17979 <-> DISABLED <-> POLICY-SPAM iycyde.medicdrugsxco.ru known spam email attempt (policy-spam.rules) * 1:17980 <-> DISABLED <-> POLICY-SPAM iyw.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17981 <-> DISABLED <-> POLICY-SPAM jaecoh.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17982 <-> DISABLED <-> POLICY-SPAM jael.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:17983 <-> DISABLED <-> POLICY-SPAM jex.remedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:17984 <-> DISABLED <-> POLICY-SPAM john.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:17985 <-> DISABLED <-> POLICY-SPAM joseph.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17986 <-> DISABLED <-> POLICY-SPAM jyn.medicdrugsxdl.ru known spam email attempt (policy-spam.rules) * 1:17987 <-> DISABLED <-> POLICY-SPAM jyzyv.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17988 <-> DISABLED <-> POLICY-SPAM koosaf.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17989 <-> DISABLED <-> POLICY-SPAM lybah.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17990 <-> DISABLED <-> POLICY-SPAM manila.onlinephilbert42f.ru known spam email attempt (policy-spam.rules) * 1:17991 <-> DISABLED <-> POLICY-SPAM masa.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:17992 <-> DISABLED <-> POLICY-SPAM medpenny17j.ru known spam email attempt (policy-spam.rules) * 1:17993 <-> DISABLED <-> POLICY-SPAM minionspre.ru known spam email attempt (policy-spam.rules) * 1:17994 <-> DISABLED <-> POLICY-SPAM nazuwu.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17995 <-> DISABLED <-> POLICY-SPAM negotiations.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:17996 <-> DISABLED <-> POLICY-SPAM niqiv.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:17997 <-> DISABLED <-> POLICY-SPAM odimys.medicdrugsxlb.ru known spam email attempt (policy-spam.rules) * 1:17998 <-> DISABLED <-> POLICY-SPAM odoog.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17999 <-> DISABLED <-> POLICY-SPAM oekaka.aimedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:18000 <-> DISABLED <-> POLICY-SPAM oeqio.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:18001 <-> DISABLED <-> POLICY-SPAM of.onlinephilbert42f.ru known spam email attempt (policy-spam.rules) * 1:18002 <-> DISABLED <-> POLICY-SPAM of.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:18003 <-> DISABLED <-> POLICY-SPAM of.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:18004 <-> DISABLED <-> POLICY-SPAM oipek.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18005 <-> DISABLED <-> POLICY-SPAM oji.medicdrugsxto.ru known spam email attempt (policy-spam.rules) * 1:18006 <-> DISABLED <-> POLICY-SPAM onotye.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:18007 <-> DISABLED <-> POLICY-SPAM opy.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:18008 <-> DISABLED <-> POLICY-SPAM orderbuzz.ru known spam email attempt (policy-spam.rules) * 1:18009 <-> DISABLED <-> POLICY-SPAM ouu.almedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:18010 <-> DISABLED <-> POLICY-SPAM oxuc.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18011 <-> DISABLED <-> POLICY-SPAM pillrolfe64l.ru known spam email attempt (policy-spam.rules) * 1:18012 <-> DISABLED <-> POLICY-SPAM recently.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:18013 <-> DISABLED <-> POLICY-SPAM records.onlinephilbert42f.ru known spam email attempt (policy-spam.rules) * 1:18014 <-> DISABLED <-> POLICY-SPAM reobaj.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18015 <-> DISABLED <-> POLICY-SPAM research.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:18016 <-> DISABLED <-> POLICY-SPAM returning.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:18017 <-> DISABLED <-> POLICY-SPAM right.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:18018 <-> DISABLED <-> POLICY-SPAM riwaro.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:18019 <-> DISABLED <-> POLICY-SPAM ruuav.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:18020 <-> DISABLED <-> POLICY-SPAM ryhux.medicdrugsxpa.ru known spam email attempt (policy-spam.rules) * 1:18021 <-> DISABLED <-> POLICY-SPAM software-buyshop-7.ru known spam email attempt (policy-spam.rules) * 1:18022 <-> DISABLED <-> POLICY-SPAM specialyou.ru known spam email attempt (policy-spam.rules) * 1:18023 <-> DISABLED <-> POLICY-SPAM starring.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:18024 <-> DISABLED <-> POLICY-SPAM store-softwarebuy-7.ru known spam email attempt (policy-spam.rules) * 1:18025 <-> DISABLED <-> POLICY-SPAM sya.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18026 <-> DISABLED <-> POLICY-SPAM tabdarin80s.ru known spam email attempt (policy-spam.rules) * 1:18027 <-> DISABLED <-> POLICY-SPAM tabgordan13n.ru known spam email attempt (policy-spam.rules) * 1:18028 <-> DISABLED <-> POLICY-SPAM tablangston19a.ru known spam email attempt (policy-spam.rules) * 1:18029 <-> DISABLED <-> POLICY-SPAM tabwebster77c.ru known spam email attempt (policy-spam.rules) * 1:18030 <-> DISABLED <-> POLICY-SPAM tanuen.dimedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:18031 <-> DISABLED <-> POLICY-SPAM the.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:18032 <-> DISABLED <-> POLICY-SPAM the.onlineruggiero33q.ru known spam email attempt (policy-spam.rules) * 1:18033 <-> DISABLED <-> POLICY-SPAM to.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:18034 <-> DISABLED <-> POLICY-SPAM trails.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:18035 <-> DISABLED <-> POLICY-SPAM trusting-me.ru known spam email attempt (policy-spam.rules) * 1:18036 <-> DISABLED <-> POLICY-SPAM twodays.ru known spam email attempt (policy-spam.rules) * 1:18037 <-> DISABLED <-> POLICY-SPAM tyqaja.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:18038 <-> DISABLED <-> POLICY-SPAM uboi.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18039 <-> DISABLED <-> POLICY-SPAM uf.drugslevy46b.ru known spam email attempt (policy-spam.rules) * 1:18040 <-> DISABLED <-> POLICY-SPAM uielij.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18041 <-> DISABLED <-> POLICY-SPAM unasu.medicdrugsxto.ru known spam email attempt (policy-spam.rules) * 1:18042 <-> DISABLED <-> POLICY-SPAM upazo.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:18043 <-> DISABLED <-> POLICY-SPAM utuqaj.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18044 <-> DISABLED <-> POLICY-SPAM uuji.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:18045 <-> DISABLED <-> POLICY-SPAM variation.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:18046 <-> DISABLED <-> POLICY-SPAM via.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:18047 <-> DISABLED <-> POLICY-SPAM voiceless.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:18048 <-> DISABLED <-> POLICY-SPAM was.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:18049 <-> DISABLED <-> POLICY-SPAM word.onlinephilbert42f.ru known spam email attempt (policy-spam.rules) * 1:18050 <-> DISABLED <-> POLICY-SPAM world.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:18051 <-> DISABLED <-> POLICY-SPAM www.buhni.ru known spam email attempt (policy-spam.rules) * 1:18052 <-> DISABLED <-> POLICY-SPAM www.visitcover.ru known spam email attempt (policy-spam.rules) * 1:18053 <-> DISABLED <-> POLICY-SPAM xob.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:18054 <-> DISABLED <-> POLICY-SPAM ygy.onlinetommie54y.ru known spam email attempt (policy-spam.rules) * 1:18055 <-> DISABLED <-> POLICY-SPAM yit.medicdrugsxor.ru known spam email attempt (policy-spam.rules) * 1:18056 <-> DISABLED <-> POLICY-SPAM ylum.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:18057 <-> DISABLED <-> POLICY-SPAM ymyuto.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:18058 <-> DISABLED <-> POLICY-SPAM yomy.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18059 <-> DISABLED <-> POLICY-SPAM yzugez.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18060 <-> DISABLED <-> POLICY-SPAM zeroprices.ru known spam email attempt (policy-spam.rules) * 1:18061 <-> DISABLED <-> POLICY-SPAM zueuz.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18070 <-> DISABLED <-> FILE-OFFICE Microsoft Office pptimpconv.dll dll-load exploit attempt (file-office.rules) * 1:18071 <-> DISABLED <-> FILE-OFFICE Microsoft Office pptimpconv.dll dll-load exploit attempt (file-office.rules) * 1:18072 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG external redirect attempt (os-windows.rules) * 1:18073 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG arbitrary embedded scripting attempt (os-windows.rules) * 1:18074 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Forefront UAG URL XSS attempt (os-windows.rules) * 1:18077 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules) * 1:18078 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules) * 1:18096 <-> DISABLED <-> SERVER-APACHE Apache Tomcat username enumeration attempt (server-apache.rules) * 1:18132 <-> DISABLED <-> INDICATOR-OBFUSCATION malware-associated JavaScript obfuscation function (indicator-obfuscation.rules) * 1:18170 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox and SeaMonkey onUnload event handler memory corruption attempt (browser-firefox.rules) * 1:18176 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (browser-firefox.rules) * 1:18177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (browser-firefox.rules) * 1:18178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (browser-firefox.rules) * 1:18179 <-> DISABLED <-> INDICATOR-SCAN Proxyfire.net anonymous proxy scan (indicator-scan.rules) * 1:18180 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript remote code execution attempt (file-flash.rules) * 1:18181 <-> DISABLED <-> PROTOCOL-FTP ProFTPd 1.3.3c backdoor activity (protocol-ftp.rules) * 1:18182 <-> DISABLED <-> PROTOCOL-FTP ProFTPd 1.3.3c backdoor help access attempt (protocol-ftp.rules) * 1:18186 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products -moz-grid and -moz-grid-group display styles code execution attempt (browser-firefox.rules) * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules) * 1:18188 <-> DISABLED <-> BROWSER-FIREFOX Multiple browser marquee tag denial of service attempt (browser-firefox.rules) * 1:18195 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt (os-windows.rules) * 1:18202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Address Book smmscrpt.dll malicious DLL load (os-windows.rules) * 1:18203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Address Book smmscrpt.dll malicious DLL load (os-windows.rules) * 1:18208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet peerdist.dll dll-load exploit attempt (os-windows.rules) * 1:18209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet peerdist.dll dll-load exploit attempt (os-windows.rules) * 1:18210 <-> DISABLED <-> OS-WINDOWS Microsoft Movie Maker hhctrl.ocx dll-load attempt (os-windows.rules) * 1:18211 <-> DISABLED <-> OS-WINDOWS Microsoft Movie Maker hhctrl.ocx dll-load attempt (os-windows.rules) * 1:18213 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher column and row remote code execution attempt (file-office.rules) * 1:18214 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 97 conversion remote code execution attempt (file-office.rules) * 1:18215 <-> DISABLED <-> OS-WINDOWS NETAPI RPC interface reboot attempt (os-windows.rules) * 1:18220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malformed character glyph remote code execution attempt (os-windows.rules) * 1:18222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (os-windows.rules) * 1:18224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (os-windows.rules) * 1:18227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18229 <-> DISABLED <-> FILE-IMAGE Microsoft FlashPix tile length overflow attempt (file-image.rules) * 1:18230 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules) * 1:18231 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher oversized oti length attempt (file-office.rules) * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:18236 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFFIM32.FLT filter memory corruption attempt (file-office.rules) * 1:18246 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Fax Services Cover Page Editor overflow attempt (os-windows.rules) * 1:18249 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Route Information stack buffer overflow attempt (protocol-icmp.rules) * 1:18261 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript engine String.toSource memory corruption attempt (browser-firefox.rules) * 1:18262 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript engine function arguments memory corruption attempt (browser-firefox.rules) * 1:18263 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript deleted frame or window reference attempt (browser-firefox.rules) * 1:18264 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript deleted frame or window reference attempt (browser-firefox.rules) * 1:18266 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:18267 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:18273 <-> ENABLED <-> FILE-IDENTIFY BAT file download request (file-identify.rules) * 1:18274 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules) * 1:18276 <-> DISABLED <-> FILE-OTHER Microsoft Data Access Components library attempt (file-other.rules) * 1:18286 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products element style change memory corruption code execution attempt (browser-firefox.rules) * 1:18298 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript large regex memory corruption attempt (browser-firefox.rules) * 1:18301 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox GeckoActiveXObject memory corruption attempt (browser-firefox.rules) * 1:18302 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox new function garbage collection remote code execution attempt (browser-firefox.rules) * 1:18312 <-> DISABLED <-> SERVER-OTHER Subversion 1.0.2 get-dated-rev buffer overflow attempt (server-other.rules) * 1:18315 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrValidateName2 overflow attempt (os-windows.rules) * 1:18320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt (os-windows.rules) * 1:18326 <-> DISABLED <-> PROTOCOL-FTP ProFTPD mod_site_misc module directory traversal attempt (protocol-ftp.rules) * 1:18327 <-> DISABLED <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt (protocol-scada.rules) * 1:18332 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JS Web Worker arbitrary code execution attempt (browser-firefox.rules) * 1:18396 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hypervisor OS-WINDOWS vfd download attempt (os-windows.rules) * 1:18397 <-> DISABLED <-> SERVER-OTHER HP DDMI Agent spoofing - command execution (server-other.rules) * 1:18400 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CRSS local process allowed to persist through logon or logoff attempt (os-windows.rules) * 1:18405 <-> ENABLED <-> OS-WINDOWS Microsoft Windows LSASS domain name buffer overflow attempt (os-windows.rules) * 1:18406 <-> DISABLED <-> FILE-OTHER Microsoft Windows Server 2003 update service principal name spn dos executable attempt (file-other.rules) * 1:18407 <-> DISABLED <-> FILE-OTHER Microsoft Windows Server 2003 update service principal name spn dos attempt (file-other.rules) * 1:18408 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WMI tracing api integer truncation attempt (os-windows.rules) * 1:18409 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys write message to dead thread code execution attempt (os-windows.rules) * 1:18410 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys write message to dead thread code execution attempt (os-windows.rules) * 1:18411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules) * 1:18412 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules) * 1:18413 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WMI tracing api integer truncation attempt (os-windows.rules) * 1:18414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos auth downgrade to DES MITM attempt (os-windows.rules) * 1:18415 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio deserialization double free attempt (file-office.rules) * 1:18418 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript apply function memory corruption attempt (file-flash.rules) * 1:18419 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader field flags exploit attempt (file-pdf.rules) * 1:18420 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript ASnative function remote code execution attempt (file-flash.rules) * 1:18421 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript beginGradientFill memory corruption attempt (file-flash.rules) * 1:18426 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin sqlite.dll dll-load exploit attempt (file-other.rules) * 1:18431 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin sqlite.dll dll-load exploit attempt (file-pdf.rules) * 1:18432 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader d3dref9.dll dll-load exploit attempt (file-pdf.rules) * 1:18433 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader d3dref9.dll dll-load exploit attempt (file-other.rules) * 1:18434 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin ace.dll dll-load exploit attempt (file-other.rules) * 1:18435 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin agm.dll dll-load exploit attempt (file-other.rules) * 1:18436 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin bibutils.dll dll-load exploit attempt (file-other.rules) * 1:18437 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin cooltype.dll dll-load exploit attempt (file-other.rules) * 1:18438 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin cryptocme2.dll dll-load exploit attempt (file-other.rules) * 1:18439 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin ace.dll dll-load exploit attempt (file-pdf.rules) * 1:18440 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin agm.dll dll-load exploit attempt (file-pdf.rules) * 1:18441 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin bibutils.dll dll-load exploit attempt (file-pdf.rules) * 1:18442 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin cooltype.dll dll-load exploit attempt (file-pdf.rules) * 1:18443 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin cryptocme2.dll dll-load exploit attempt (file-pdf.rules) * 1:18444 <-> DISABLED <-> FILE-FLASH Adobe Flash Player forged atom type attempt (file-flash.rules) * 1:18445 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player nvapi.dll dll-load exploit attempt (file-flash.rules) * 1:18446 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player nvapi.dll dll-load exploit attempt (file-flash.rules) * 1:18447 <-> DISABLED <-> FILE-FLASH Adobe OpenAction crafted URI action thru Firefox attempt (file-flash.rules) * 1:18449 <-> DISABLED <-> FILE-OTHER Adobe Acrobat font definition memory corruption attempt (file-other.rules) * 1:18452 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:18455 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed jpeg2000 superbox attempt (file-pdf.rules) * 1:18456 <-> DISABLED <-> FILE-PDF Adobe Acrobat XML entity escape attempt (file-pdf.rules) * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules) * 1:18473 <-> DISABLED <-> PROTOCOL-ICMP ICMPv6 Echo Reply (protocol-icmp.rules) * 1:18474 <-> DISABLED <-> PROTOCOL-ICMP ICMPv6 Echo Request (protocol-icmp.rules) * 1:18477 <-> DISABLED <-> SERVER-MAIL Lotus Notes MIF viewer statement data overflow 2 (server-mail.rules) * 1:18485 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript handler race condition memory corruption attempt (browser-firefox.rules) * 1:18486 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript handler race condition memory corruption attempt (browser-firefox.rules) * 1:18488 <-> DISABLED <-> FILE-OTHER Adobe Photoshop wintab32.dll dll-load exploit attempt (file-other.rules) * 1:18489 <-> DISABLED <-> FILE-OTHER Adobe Photoshop request for wintab32.dll over SMB attempt (file-other.rules) * 1:18493 <-> DISABLED <-> INDICATOR-OBFUSCATION generic PHP code obfuscation attempt (indicator-obfuscation.rules) * 1:18501 <-> DISABLED <-> OS-WINDOWS Microsoft Malware Protection Engine elevation of privilege attempt (os-windows.rules) * 1:18502 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Actionlf out of range negative offset attempt (file-flash.rules) * 1:18503 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript flash.geom.Point constructor memory corruption attempt (file-flash.rules) * 1:18504 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionConstantPool overflow attempt (file-flash.rules) * 1:18505 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionPush overflow attempt (file-flash.rules) * 1:18508 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit ParentStyleSheet exploit attempt (browser-webkit.rules) * 1:18509 <-> DISABLED <-> SERVER-OTHER PeerCast format string exploit attempt (server-other.rules) * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:18529 <-> DISABLED <-> FILE-OTHER Adobe Premiere Pro ibfs32.dll dll-load exploit attempt (file-other.rules) * 1:18530 <-> DISABLED <-> FILE-OTHER Adobe Premier Pro ibfs32.dll dll-load exploit attempt (file-other.rules) * 1:18550 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint with embedded Flash file attachment (file-office.rules) * 1:18565 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for mail.google.com detected (indicator-compromise.rules) * 1:18566 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for www.google.com detected (indicator-compromise.rules) * 1:18567 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (indicator-compromise.rules) * 1:18568 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (indicator-compromise.rules) * 1:18569 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (indicator-compromise.rules) * 1:18570 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.skype.com detected (indicator-compromise.rules) * 1:18571 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for addons.mozilla.org detected (indicator-compromise.rules) * 1:18572 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.live.com detected (indicator-compromise.rules) * 1:18573 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for global trustee detected (indicator-compromise.rules) * 1:18576 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate from usertrust.com detected (indicator-compromise.rules) * 1:18580 <-> DISABLED <-> PROTOCOL-FTP ACCT overflow attempt (protocol-ftp.rules) * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules) * 1:18598 <-> DISABLED <-> SERVER-OTHER GoodTech SSH Server SFTP Processing Buffer Overflow (server-other.rules) * 1:18604 <-> DISABLED <-> MALWARE-OTHER lizamoon script injection (malware-other.rules) * 1:18605 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService path overflow attempt (protocol-scada.rules) * 1:18606 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService file access attempt (protocol-scada.rules) * 1:18607 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService file information access attempt (protocol-scada.rules) * 1:18608 <-> DISABLED <-> APP-DETECT Dropbox desktop software in use (app-detect.rules) * 1:18609 <-> DISABLED <-> APP-DETECT Dropbox desktop software in use (app-detect.rules) * 1:18610 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink vrn.exe opcode 9 or 10 string parsing overflow attempt (protocol-scada.rules) * 1:18614 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink vrn.exe file access attempt (protocol-scada.rules) * 1:18617 <-> DISABLED <-> SERVER-OTHER Tecnomatix FactoryLink CSService null pointer attempt (server-other.rules) * 1:18619 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc40.dll dll-load exploit attempt (os-windows.rules) * 1:18620 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc42.dll dll-load exploit attempt (os-windows.rules) * 1:18621 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc80.dll dll-load exploit attempt (os-windows.rules) * 1:18622 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc90.dll dll-load exploit attempt (os-windows.rules) * 1:18623 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc100.dll dll-load exploit attempt (os-windows.rules) * 1:18624 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET framework optimizer escalation attempt (os-windows.rules) * 1:18625 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc40.dll dll-load exploit attempt (os-windows.rules) * 1:18626 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc42.dll dll-load exploit attempt (os-windows.rules) * 1:18627 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc80.dll dll-load exploit attempt (os-windows.rules) * 1:18628 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc90.dll dll-load exploit attempt (os-windows.rules) * 1:18629 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc100.dll dll-load exploit attempt (os-windows.rules) * 1:18631 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:18633 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules) * 1:18634 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Workspace file FontCount record memory corruption attempt (file-office.rules) * 1:18636 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint SlideAtom record exploit attempt (file-office.rules) * 1:18637 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint OfficeArt atom memory corruption attempt (file-office.rules) * 1:18641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record invalid cmo.ot exploit attempt (file-office.rules) * 1:18642 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules) * 1:18644 <-> DISABLED <-> FILE-OTHER Microsoft Windows OpenType Fonts CompactFontFormat FontMatrix tranform memory corruption attempt (file-other.rules) * 1:18645 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ arbitrary code execution attempt (file-image.rules) * 1:18652 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template operation overflow attempt (protocol-scada.rules) * 1:18658 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CONNECT_FCS_LOGIN overflow attempt (protocol-scada.rules) * 1:18660 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 write packet buffer overflow attempt (os-windows.rules) * 1:18661 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18662 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18663 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18664 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18666 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18667 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:18684 <-> DISABLED <-> FILE-PDF PDF file with embedded PDF object (file-pdf.rules) * 1:18685 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules) * 1:18691 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AFD.SYS null write attempt (os-windows.rules) * 1:18721 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1C84 integer overflow attempt (protocol-scada.rules) * 1:18722 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1C84 integer overflow attempt (protocol-scada.rules) * 1:18725 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 heap overflow attempt (protocol-scada.rules) * 1:18726 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B2 heap overflow attempt (protocol-scada.rules) * 1:18727 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 heap overflow attempt (protocol-scada.rules) * 1:18728 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DAE heap overflow attempt (protocol-scada.rules) * 1:18729 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBC heap overflow attempt (protocol-scada.rules) * 1:18730 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x089A integer overflow attempt (protocol-scada.rules) * 1:18731 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0453 integer overflow attempt (protocol-scada.rules) * 1:18732 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18733 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18734 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18735 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18736 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18737 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18738 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B2 integer overflow attempt (protocol-scada.rules) * 1:18744 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN vlc player subtitle buffer overflow attempt (file-multimedia.rules) * 1:18746 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CTAGLIST_FCS_XTAG overflow attempt (protocol-scada.rules) * 1:18747 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_BINFILE_FCS_xFILE overflow attempt (protocol-scada.rules) * 1:18748 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_MISC_FCS_MSGx overflow attempt (protocol-scada.rules) * 1:18749 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CTAGLIST_FCS_XTAG overflow attempt (protocol-scada.rules) * 1:18750 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_SCRIPT_FCS_STARTPROG overflow attempt (protocol-scada.rules) * 1:18752 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_INFOTAG_SET_CONTROL overflow attempt (protocol-scada.rules) * 1:18758 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Visual Basic script file download request (file-identify.rules) * 1:18763 <-> DISABLED <-> SERVER-OTHER ActFax Server LPD/LPR Remote Buffer Overflow (server-other.rules) * 1:18765 <-> DISABLED <-> SERVER-MAIL Majordomo2 smtp directory traversal attempt (server-mail.rules) * 1:18778 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 integer overflow attempt (protocol-scada.rules) * 1:18779 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 integer overflow attempt (protocol-scada.rules) * 1:18780 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x07D0 integer overflow attempt (protocol-scada.rules) * 1:18781 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x07D0 integer overflow attempt (protocol-scada.rules) * 1:18783 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DAE integer overflow attempt (protocol-scada.rules) * 1:18784 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DB0 integer overflow attempt (protocol-scada.rules) * 1:18785 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0FA4 integer overflow attempt (protocol-scada.rules) * 1:18786 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0FA7 integer overflow attempt (protocol-scada.rules) * 1:18787 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBC integer overflow attempt (protocol-scada.rules) * 1:18788 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBD integer overflow attempt (protocol-scada.rules) * 1:18789 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x26AC integer overflow attempt (protocol-scada.rules) * 1:18805 <-> DISABLED <-> FILE-FLASH Adobe Flash Player undefined tag exploit attempt (file-flash.rules) * 1:18811 <-> DISABLED <-> FILE-IDENTIFY .ade attachment file type blocked by Outlook detected (file-identify.rules) * 1:18812 <-> DISABLED <-> FILE-IDENTIFY .adp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18813 <-> DISABLED <-> FILE-IDENTIFY .app attachment file type blocked by Outlook detected (file-identify.rules) * 1:18814 <-> DISABLED <-> FILE-IDENTIFY .asp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18815 <-> DISABLED <-> FILE-IDENTIFY .bas attachment file type blocked by Outlook detected (file-identify.rules) * 1:18816 <-> DISABLED <-> FILE-IDENTIFY .bat attachment file type blocked by Outlook detected (file-identify.rules) * 1:18817 <-> DISABLED <-> FILE-IDENTIFY .cer attachment file type blocked by Outlook detected (file-identify.rules) * 1:18818 <-> DISABLED <-> FILE-IDENTIFY .chm attachment file type blocked by Outlook detected (file-identify.rules) * 1:18819 <-> DISABLED <-> FILE-IDENTIFY .cmd attachment file type blocked by Outlook detected (file-identify.rules) * 1:18820 <-> DISABLED <-> FILE-IDENTIFY .cnt attachment file type blocked by Outlook detected (file-identify.rules) * 1:18821 <-> DISABLED <-> FILE-IDENTIFY .com attachment file type blocked by Outlook detected (file-identify.rules) * 1:18822 <-> DISABLED <-> FILE-IDENTIFY .cpl attachment file type blocked by Outlook detected (file-identify.rules) * 1:18823 <-> DISABLED <-> FILE-IDENTIFY .crt attachment file type blocked by Outlook detected (file-identify.rules) * 1:18824 <-> DISABLED <-> FILE-IDENTIFY .csh attachment file type blocked by Outlook detected (file-identify.rules) * 1:18825 <-> DISABLED <-> FILE-IDENTIFY .der attachment file type blocked by Outlook detected (file-identify.rules) * 1:18826 <-> DISABLED <-> FILE-IDENTIFY .exe attachment file type blocked by Outlook detected (file-identify.rules) * 1:18827 <-> DISABLED <-> FILE-IDENTIFY .fxp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18828 <-> DISABLED <-> FILE-IDENTIFY .gadget attachment file type blocked by Outlook detected (file-identify.rules) * 1:18829 <-> DISABLED <-> FILE-IDENTIFY .hlp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18830 <-> DISABLED <-> FILE-IDENTIFY .hpj attachment file type blocked by Outlook detected (file-identify.rules) * 1:18831 <-> DISABLED <-> FILE-IDENTIFY .hta attachment file type blocked by Outlook detected (file-identify.rules) * 1:18832 <-> DISABLED <-> FILE-IDENTIFY .inf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18833 <-> DISABLED <-> FILE-IDENTIFY .ins attachment file type blocked by Outlook detected (file-identify.rules) * 1:18834 <-> DISABLED <-> FILE-IDENTIFY .isp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18835 <-> DISABLED <-> FILE-IDENTIFY .its attachment file type blocked by Outlook detected (file-identify.rules) * 1:18836 <-> DISABLED <-> FILE-IDENTIFY .js attachment file type blocked by Outlook detected (file-identify.rules) * 1:18837 <-> DISABLED <-> FILE-IDENTIFY .jse attachment file type blocked by Outlook detected (file-identify.rules) * 1:18838 <-> DISABLED <-> FILE-IDENTIFY .ksh attachment file type blocked by Outlook detected (file-identify.rules) * 1:18839 <-> DISABLED <-> FILE-IDENTIFY .lnk attachment file type blocked by Outlook detected (file-identify.rules) * 1:18840 <-> DISABLED <-> FILE-IDENTIFY .mad attachment file type blocked by Outlook detected (file-identify.rules) * 1:18841 <-> DISABLED <-> FILE-IDENTIFY .maf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18842 <-> DISABLED <-> FILE-IDENTIFY .mag attachment file type blocked by Outlook detected (file-identify.rules) * 1:18843 <-> DISABLED <-> FILE-IDENTIFY .mam attachment file type blocked by Outlook detected (file-identify.rules) * 1:18844 <-> DISABLED <-> FILE-IDENTIFY .maq attachment file type blocked by Outlook detected (file-identify.rules) * 1:18845 <-> DISABLED <-> FILE-IDENTIFY .mar attachment file type blocked by Outlook detected (file-identify.rules) * 1:18846 <-> DISABLED <-> FILE-IDENTIFY .mas attachment file type blocked by Outlook detected (file-identify.rules) * 1:18847 <-> DISABLED <-> FILE-IDENTIFY .mat attachment file type blocked by Outlook detected (file-identify.rules) * 1:18848 <-> DISABLED <-> FILE-IDENTIFY .mau attachment file type blocked by Outlook detected (file-identify.rules) * 1:18849 <-> DISABLED <-> FILE-IDENTIFY .mav attachment file type blocked by Outlook detected (file-identify.rules) * 1:18850 <-> DISABLED <-> FILE-IDENTIFY .maw attachment file type blocked by Outlook detected (file-identify.rules) * 1:18851 <-> DISABLED <-> FILE-IDENTIFY .mda attachment file type blocked by Outlook detected (file-identify.rules) * 1:18852 <-> DISABLED <-> FILE-IDENTIFY .mdb attachment file type blocked by Outlook detected (file-identify.rules) * 1:18853 <-> DISABLED <-> FILE-IDENTIFY .mde attachment file type blocked by Outlook detected (file-identify.rules) * 1:18854 <-> DISABLED <-> FILE-IDENTIFY .mdt attachment file type blocked by Outlook detected (file-identify.rules) * 1:18855 <-> DISABLED <-> FILE-IDENTIFY .mdw attachment file type blocked by Outlook detected (file-identify.rules) * 1:18856 <-> DISABLED <-> FILE-IDENTIFY .mdz attachment file type blocked by Outlook detected (file-identify.rules) * 1:18857 <-> DISABLED <-> FILE-IDENTIFY .msc attachment file type blocked by Outlook detected (file-identify.rules) * 1:18858 <-> DISABLED <-> FILE-IDENTIFY .msh attachment file type blocked by Outlook detected (file-identify.rules) * 1:18859 <-> DISABLED <-> FILE-IDENTIFY .msh1 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18860 <-> DISABLED <-> FILE-IDENTIFY .msh2 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18861 <-> DISABLED <-> FILE-IDENTIFY .mshxml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18862 <-> DISABLED <-> FILE-IDENTIFY .msh1xml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18863 <-> DISABLED <-> FILE-IDENTIFY .msh2xml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18864 <-> DISABLED <-> FILE-IDENTIFY .msi attachment file type blocked by Outlook detected (file-identify.rules) * 1:18865 <-> DISABLED <-> FILE-IDENTIFY .msp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18866 <-> DISABLED <-> FILE-IDENTIFY .mst attachment file type blocked by Outlook detected (file-identify.rules) * 1:18867 <-> DISABLED <-> FILE-IDENTIFY .ops attachment file type blocked by Outlook detected (file-identify.rules) * 1:18868 <-> DISABLED <-> FILE-IDENTIFY .osd attachment file type blocked by Outlook detected (file-identify.rules) * 1:18869 <-> DISABLED <-> FILE-IDENTIFY .pcd attachment file type blocked by Outlook detected (file-identify.rules) * 1:18870 <-> DISABLED <-> FILE-IDENTIFY .pif attachment file type blocked by Outlook detected (file-identify.rules) * 1:18871 <-> DISABLED <-> FILE-IDENTIFY .plg attachment file type blocked by Outlook detected (file-identify.rules) * 1:18872 <-> DISABLED <-> FILE-IDENTIFY .prf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18873 <-> DISABLED <-> FILE-IDENTIFY .prg attachment file type blocked by Outlook detected (file-identify.rules) * 1:18874 <-> DISABLED <-> FILE-IDENTIFY .pst attachment file type blocked by Outlook detected (file-identify.rules) * 1:18875 <-> DISABLED <-> FILE-IDENTIFY .reg attachment file type blocked by Outlook detected (file-identify.rules) * 1:18876 <-> DISABLED <-> FILE-IDENTIFY .scf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18877 <-> DISABLED <-> FILE-IDENTIFY .scr attachment file type blocked by Outlook detected (file-identify.rules) * 1:18878 <-> DISABLED <-> FILE-IDENTIFY .sct attachment file type blocked by Outlook detected (file-identify.rules) * 1:18879 <-> DISABLED <-> FILE-IDENTIFY .shb attachment file type blocked by Outlook detected (file-identify.rules) * 1:18880 <-> DISABLED <-> FILE-IDENTIFY .shs attachment file type blocked by Outlook detected (file-identify.rules) * 1:18881 <-> DISABLED <-> FILE-IDENTIFY .ps1 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18882 <-> DISABLED <-> FILE-IDENTIFY .ps1xml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18883 <-> DISABLED <-> FILE-IDENTIFY .ps2 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18884 <-> DISABLED <-> FILE-IDENTIFY .ps2xml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18885 <-> DISABLED <-> FILE-IDENTIFY .psc1 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18886 <-> DISABLED <-> FILE-IDENTIFY .psc2 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18887 <-> DISABLED <-> FILE-IDENTIFY .tmp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18888 <-> DISABLED <-> FILE-IDENTIFY .url attachment file type blocked by Outlook detected (file-identify.rules) * 1:18889 <-> DISABLED <-> FILE-IDENTIFY .vb attachment file type blocked by Outlook detected (file-identify.rules) * 1:18890 <-> DISABLED <-> FILE-IDENTIFY .vbe attachment file type blocked by Outlook detected (file-identify.rules) * 1:18891 <-> DISABLED <-> FILE-IDENTIFY .vbp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18892 <-> DISABLED <-> FILE-IDENTIFY .vbs attachment file type blocked by Outlook detected (file-identify.rules) * 1:18893 <-> DISABLED <-> FILE-IDENTIFY .vsmacros attachment file type blocked by Outlook detected (file-identify.rules) * 1:18894 <-> DISABLED <-> FILE-IDENTIFY .vsw attachment file type blocked by Outlook detected (file-identify.rules) * 1:18895 <-> DISABLED <-> FILE-IDENTIFY .ws attachment file type blocked by Outlook detected (file-identify.rules) * 1:18896 <-> DISABLED <-> FILE-IDENTIFY .wsc attachment file type blocked by Outlook detected (file-identify.rules) * 1:18897 <-> DISABLED <-> FILE-IDENTIFY .wsf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18898 <-> DISABLED <-> FILE-IDENTIFY .wsh attachment file type blocked by Outlook detected (file-identify.rules) * 1:18899 <-> DISABLED <-> FILE-IDENTIFY .xnk attachment file type blocked by Outlook detected (file-identify.rules) * 1:18931 <-> DISABLED <-> SERVER-APACHE Apache Struts OGNL parameter interception bypass command execution attempt (server-apache.rules) * 1:18933 <-> DISABLED <-> SERVER-OTHER SolarWinds TFTP Server Read request denial of service attempt (server-other.rules) * 1:18950 <-> DISABLED <-> OS-WINDOWS Microsoft WINS service oversize payload exploit attempt (os-windows.rules) * 1:18963 <-> DISABLED <-> FILE-FLASH Adobe ActionScript 3 addEventListener exploit attempt (file-flash.rules) * 1:18964 <-> DISABLED <-> FILE-FLASH Adobe Flash file DefineFont4 remote code execution attempt (file-flash.rules) * 1:18965 <-> DISABLED <-> FILE-FLASH Adobe Flash file ActionScript 2 ActionJump remote code execution attempt (file-flash.rules) * 1:18966 <-> DISABLED <-> FILE-FLASH Adobe Flash file DefineFont4 remote code execution attempt (file-flash.rules) * 1:18967 <-> DISABLED <-> FILE-FLASH Adobe ActionScript argumentCount download attempt (file-flash.rules) * 1:18968 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript3 stack integer overflow attempt (file-flash.rules) * 1:18969 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript ActionIf integer overflow attempt (file-flash.rules) * 1:18970 <-> DISABLED <-> FILE-FLASH Adobe Flash Player null pointer dereference attempt (file-flash.rules) * 1:18971 <-> DISABLED <-> FILE-FLASH Adobe Flash beginGradientfill improper color validation attempt (file-flash.rules) * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules) * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules) * 1:19015 <-> DISABLED <-> POLICY-SPAM visiopharm-3d.eu known spam email attempt (policy-spam.rules) * 1:19020 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cc dns query (indicator-compromise.rules) * 1:19026 <-> DISABLED <-> PUA-ADWARE Smart Protector outbound connection (pua-adware.rules) * 1:19043 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.BestBoan outbound connection (pua-adware.rules) * 1:19044 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.ThinkPoint outbound connection (pua-adware.rules) * 1:19046 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.Winwebsec outbound connection (pua-adware.rules) * 1:19059 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.SystemDefragmenter outbound connection (pua-adware.rules) * 1:19061 <-> DISABLED <-> PUA-ADWARE Adware.Win32.Cashtitan contact to server attempt (pua-adware.rules) * 1:19067 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19068 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19069 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19070 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19075 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript uuencoded eval statement (indicator-obfuscation.rules) * 1:19106 <-> DISABLED <-> MALWARE-OTHER Keylogger Ardamax keylogger runtime detection - http (malware-other.rules) * 1:19122 <-> DISABLED <-> POLICY-SPAM appledownload.com known spam email attempt (policy-spam.rules) * 1:19125 <-> DISABLED <-> PROTOCOL-DNS ISC BIND DNSSEC authority response record overflow attempt (protocol-dns.rules) * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:19135 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Buterat Checkin (malware-backdoor.rules) * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:19178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site request forgery attempt (file-flash.rules) * 1:19179 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site request forgery attempt (file-flash.rules) * 1:19185 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET ArraySegment escape exploit attempt (os-windows.rules) * 1:19188 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (os-windows.rules) * 1:19189 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans2 Distributed File System response PathConsumed integer overflow attempt (os-windows.rules) * 1:19190 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System GET_DFS_REFERRAL request (netbios.rules) * 1:19191 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 zero length write attempt (os-windows.rules) * 1:19199 <-> DISABLED <-> OS-WINDOWS Smb2Create_Finalize malformed EndOfFile field exploit attempt (os-windows.rules) * 1:19200 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff exploit attempt (file-office.rules) * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules) * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules) * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules) * 1:19229 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules) * 1:19230 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules) * 1:19231 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Series record exploit attempt (file-office.rules) * 1:19232 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel XF record exploit attempt (file-office.rules) * 1:19233 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Visual Studio DISCO file download request (file-identify.rules) * 1:19234 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio information disclosure attempt (os-windows.rules) * 1:19247 <-> DISABLED <-> FILE-IMAGE Adobe jpeg 2000 image exploit attempt (file-image.rules) * 1:19248 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D texture continuation integer overflow attempt (file-pdf.rules) * 1:19249 <-> DISABLED <-> FILE-FLASH Adobe Universal3D meshes.removeItem exploit attempt (file-flash.rules) * 1:19250 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D file include overflow attempt (file-pdf.rules) * 1:19251 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CIDFont dictionary glyph width corruption attempt (file-pdf.rules) * 1:19252 <-> ENABLED <-> FILE-IDENTIFY language.engtesselate.ln file download request (file-identify.rules) * 1:19253 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious language.engtesselate.ln file download attempt (file-pdf.rules) * 1:19254 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript in PDF go-to actions exploit attempt (file-pdf.rules) * 1:19255 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC ProfileDescriptionTag overflow attempt (file-pdf.rules) * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:19261 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF8 invalid Selection.cref exploit attempt (file-office.rules) * 1:19289 <-> ENABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules) * 1:19297 <-> ENABLED <-> SERVER-OTHER sidename.js script injection (server-other.rules) * 1:19298 <-> ENABLED <-> SERVER-OTHER cssminibar.js script injection (server-other.rules) * 1:19299 <-> ENABLED <-> SERVER-OTHER banner.txt access - possible compromised multi-mesh injection server (server-other.rules) * 1:19300 <-> DISABLED <-> FILE-OTHER probable multi-mesh injection attack (file-other.rules) * 1:19301 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules) * 1:19302 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules) * 1:19309 <-> DISABLED <-> PUA-ADWARE hijacker starware videos outbound connection (pua-adware.rules) * 1:19311 <-> DISABLED <-> PUA-ADWARE Keylogger aspy v2.12 runtime detection (pua-adware.rules) * 1:19318 <-> DISABLED <-> MALWARE-OTHER Dos.Tool.LOIC UDP default U dun goofed attack (malware-other.rules) * 1:19319 <-> DISABLED <-> MALWARE-OTHER Dos.Tool.LOIC TCP default U dun goofed attack (malware-other.rules) * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:19324 <-> ENABLED <-> MALWARE-OTHER Keylogger WL-Keylogger inbound connection (malware-other.rules) * 1:19325 <-> DISABLED <-> MALWARE-OTHER Keylogger WL-Keylogger outbound connection (malware-other.rules) * 1:19326 <-> ENABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules) * 1:19327 <-> DISABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules) * 1:19333 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules) * 1:19334 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules) * 1:19335 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules) * 1:19336 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules) * 1:19337 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules) * 1:19338 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules) * 1:19354 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Agent.bhxn variant outbound connection (malware-backdoor.rules) * 1:19362 <-> DISABLED <-> MALWARE-OTHER generic IRC botnet connection (malware-other.rules) * 1:19364 <-> DISABLED <-> PROTOCOL-VOIP Time Stop header invalid value (protocol-voip.rules) * 1:19365 <-> DISABLED <-> PROTOCOL-VOIP Time Stop Header invalid value (protocol-voip.rules) * 1:19373 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules) * 1:19374 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules) * 1:19375 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules) * 1:19376 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules) * 1:19377 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules) * 1:19378 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules) * 1:19379 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules) * 1:19380 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules) * 1:19381 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules) * 1:19382 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules) * 1:19383 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules) * 1:19384 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules) * 1:19385 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules) * 1:19386 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules) * 1:19387 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules) * 1:19388 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules) * 1:19391 <-> DISABLED <-> PUA-ADWARE Lost Door v3.0 (pua-adware.rules) * 1:19392 <-> ENABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules) * 1:19393 <-> DISABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules) * 1:19409 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules) * 1:19410 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules) * 1:19416 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPad download attempt (os-mobile.rules) * 1:19417 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPad download attempt (os-mobile.rules) * 1:19418 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPhone download attempt (os-mobile.rules) * 1:19419 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPod download attempt (os-mobile.rules) * 1:19422 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:19423 <-> ENABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules) * 1:19424 <-> ENABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules) * 1:19425 <-> ENABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules) * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules) * 1:19453 <-> DISABLED <-> PUA-ADWARE Sus.BancDI-B trojan outbound connection (pua-adware.rules) * 1:19460 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRSS multiple consoles on a single process attempt (os-windows.rules) * 1:19461 <-> DISABLED <-> OS-WINDOWS Microsoft CSRSS NULL Fontface pointer attempt (os-windows.rules) * 1:19462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRSS negative array index code execution attempt (os-windows.rules) * 1:19463 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRSS double free attempt (os-windows.rules) * 1:19464 <-> DISABLED <-> OS-WINDOWS Microsoft CSRSS integer overflow attempt (os-windows.rules) * 1:19465 <-> DISABLED <-> OS-WINDOWS Visio mfc71 dll-load attempt (os-windows.rules) * 1:19466 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio mfc71 dll-load exploit attempt (file-office.rules) * 1:19467 <-> DISABLED <-> OS-WINDOWS Microsoft CSRSS NULL Fontface pointer attempt (os-windows.rules) * 1:19468 <-> DISABLED <-> OS-WINDOWS Microsoft stale data code execution attempt (os-windows.rules) * 1:19469 <-> DISABLED <-> OS-WINDOWS Microsoft invalid message kernel-mode memory disclosure attempt (os-windows.rules) * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (policy-other.rules) * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (policy-other.rules) * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (policy-other.rules) * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (policy-other.rules) * 1:19486 <-> DISABLED <-> PUA-ADWARE W32.Fiala.A outbound connection (pua-adware.rules) * 1:19551 <-> DISABLED <-> MALWARE-OTHER self-signed SSL certificate with default Internet Widgits Pty Ltd organization name (malware-other.rules) * 1:19566 <-> DISABLED <-> PUA-ADWARE W32.Ackantta.C.mm mass-mailer outbound connection (pua-adware.rules) * 1:19567 <-> DISABLED <-> PUA-ADWARE W32.Ackantta.C.mm mass-mailer outbound connection (pua-adware.rules) * 1:19571 <-> DISABLED <-> PUA-ADWARE Antivirus Agent Pro outbound connection (pua-adware.rules) * 1:19576 <-> DISABLED <-> PUA-ADWARE Antivirus Pro 2010 outbound connection (pua-adware.rules) * 1:19578 <-> DISABLED <-> PUA-ADWARE Personal Guard 2009 outbound connection (pua-adware.rules) * 1:19594 <-> DISABLED <-> PUA-ADWARE Win32.Fruspam outbound connection (pua-adware.rules) * 1:19595 <-> DISABLED <-> MALWARE-OTHER known malicious email string - You have received a Hallmark E-Card (malware-other.rules) * 1:19598 <-> DISABLED <-> PUA-ADWARE Infostealer.Gampass outbound connection (pua-adware.rules) * 1:19601 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspotrc file load exploit attempt (server-other.rules) * 1:19602 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (server-other.rules) * 1:19603 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment .hotspotrc file load exploit attempt (file-java.rules) * 1:19604 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (file-java.rules) * 1:19605 <-> DISABLED <-> SERVER-ORACLE Glass Fish Server malformed username cross site scripting attempt (server-oracle.rules) * 1:19606 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word STSH record parsing memory corruption (file-office.rules) * 1:19607 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word STSH record parsing memory corruption (file-office.rules) * 1:19609 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management upload directory traversal attempt (server-other.rules) * 1:19617 <-> DISABLED <-> FILE-OTHER Adobe Audition assist.dll dll-load exploit attempt (file-other.rules) * 1:19619 <-> DISABLED <-> FILE-OTHER Adobe Audition assist.dll dll-load exploit attempt (file-other.rules) * 1:19621 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (file-multimedia.rules) * 1:19646 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:19647 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:19648 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:19661 <-> DISABLED <-> SERVER-OTHER Alucar php shell download attempt (server-other.rules) * 1:19665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop web access cross site scripting attempt - GET request (os-windows.rules) * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules) * 1:19673 <-> DISABLED <-> OS-WINDOWS Microsoft Data Access Components bidlab.dll dll-load exploit attempt (os-windows.rules) * 1:19674 <-> DISABLED <-> OS-WINDOWS Microsoft Data Access Components bidlab.dll dll-load exploit attempt (os-windows.rules) * 1:19676 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid UMLDTOptions object exploit attempt (file-office.rules) * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules) * 1:19678 <-> DISABLED <-> SERVER-OTHER multiple products blacknurse ICMP denial of service attempt (server-other.rules) * 1:19679 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows NDISTAPI Driver code execution attempt (file-executable.rules) * 1:19680 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows CSRSS SrvDeviceEvent exploit attempt (file-executable.rules) * 1:19681 <-> DISABLED <-> OS-WINDOWS Microsoft Report Viewer reflect XSS attempt (os-windows.rules) * 1:19683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 buffer overflow attempt (file-flash.rules) * 1:19684 <-> DISABLED <-> FILE-OTHER Adobe CFF font storage memory corruption attempt (file-other.rules) * 1:19685 <-> DISABLED <-> FILE-FLASH Adobe Flash regular expression grouping depth buffer overflow attempt (file-flash.rules) * 1:19686 <-> DISABLED <-> FILE-FLASH Adobe Flash uninitialized bitmap structure memory corruption attempt (file-flash.rules) * 1:19688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript BitmapData buffer overflow attempt (file-flash.rules) * 1:19689 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript dynamic calculation double-free attempt (file-flash.rules) * 1:19690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript duplicateDoorInputArguments stack overwrite (file-flash.rules) * 1:19691 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript File reference buffer overflow attempt (file-flash.rules) * 1:19692 <-> DISABLED <-> FILE-FLASH Adobe Flash cross-site request forgery attempt (file-flash.rules) * 1:19709 <-> DISABLED <-> SERVER-APACHE Apache APR apr_fn match infinite loop denial of service attempt (server-apache.rules) * 1:19717 <-> DISABLED <-> PUA-ADWARE Virus.Win32.Virut.ce outbound connection (pua-adware.rules) * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (policy-other.rules) * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (policy-other.rules) * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (policy-other.rules) * 1:19741 <-> DISABLED <-> MALWARE-OTHER PWS.Win32.Scofted keylogger runtime detection (malware-other.rules) * 1:19747 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.GGDoor.22 variant outbound connection (malware-backdoor.rules) * 1:19775 <-> DISABLED <-> PUA-ADWARE PWS.Win32.Ldpinch.gen outbound connection (pua-adware.rules) * 1:19777 <-> DISABLED <-> PUA-ADWARE Fast Antivirus 2009 outbound connection (pua-adware.rules) * 1:19779 <-> DISABLED <-> INDICATOR-SCAN sqlmap SQL injection scan attempt (indicator-scan.rules) * 1:19780 <-> DISABLED <-> POLICY-OTHER logmein.com connection attempt (policy-other.rules) * 1:19806 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit SVG memory corruption attempt (browser-webkit.rules) * 1:19807 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit SVG memory corruption attempt (browser-webkit.rules) * 1:19816 <-> ENABLED <-> NETBIOS Juniper NeoterisSetupService named pipe access attempt (netbios.rules) * 1:19817 <-> DISABLED <-> NETBIOS Juniper Odyssey Access Client DSSETUPSERVICE_CMD_UNINSTALL overflow attempt (netbios.rules) * 1:19823 <-> DISABLED <-> PUA-ADWARE Downloader.Banload.AKBB outbound connection (pua-adware.rules) * 1:19827 <-> DISABLED <-> PUA-ADWARE PWS-QQGame outbound connection (pua-adware.rules) * 1:19835 <-> DISABLED <-> PUA-ADWARE Delphi-Piette Windows (pua-adware.rules) * 1:19837 <-> DISABLED <-> PUA-ADWARE Spyware Guard 2008 outbound connection (pua-adware.rules) * 1:19838 <-> DISABLED <-> PUA-ADWARE Spyware Guard 2008 outbound connection (pua-adware.rules) * 1:19839 <-> DISABLED <-> PUA-ADWARE Antivirus XP 2008 runtime detection (pua-adware.rules) * 1:19840 <-> DISABLED <-> PUA-ADWARE XP Antispyware 2009 outbound connection (pua-adware.rules) * 1:19841 <-> DISABLED <-> PUA-ADWARE 0desa MSN password stealer (pua-adware.rules) * 1:19842 <-> DISABLED <-> PUA-ADWARE Windows Antivirus 2008 (pua-adware.rules) * 1:19843 <-> DISABLED <-> PUA-ADWARE Windows Antivirus 2008 (pua-adware.rules) * 1:19848 <-> DISABLED <-> PUA-ADWARE Adware.Virtumonde runtime detection (pua-adware.rules) * 1:19849 <-> DISABLED <-> PUA-ADWARE Adware.Virtumonde runtime detection (pua-adware.rules) * 1:19853 <-> DISABLED <-> PUA-ADWARE Wowpa KI outbound connection (pua-adware.rules) * 1:19859 <-> DISABLED <-> PUA-ADWARE XP Deluxe Protector outbound connection (pua-adware.rules) * 1:19860 <-> DISABLED <-> PUA-ADWARE Trust Warrior outbound connection (pua-adware.rules) * 1:19868 <-> DISABLED <-> INDICATOR-OBFUSCATION hidden 1x1 div tag - potential malware obfuscation (indicator-obfuscation.rules) * 1:19869 <-> DISABLED <-> MALWARE-TOOLS Anonymous PHP RefRef DoS tool (malware-tools.rules) * 1:19870 <-> DISABLED <-> MALWARE-TOOLS Anonymous Perl RefRef DoS tool (malware-tools.rules) * 1:19883 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player libdirectx_plugin.dll AMV parsing buffer overflow attempt (file-multimedia.rules) * 1:19896 <-> DISABLED <-> PUA-ADWARE Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 Install Detection (pua-adware.rules) * 1:19897 <-> DISABLED <-> PUA-TOOLBARS Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 Runtime Detection (pua-toolbars.rules) * 1:19899 <-> ENABLED <-> MALWARE-OTHER Tong Keylogger outbound connectiooutbound connection (malware-other.rules) * 1:19900 <-> DISABLED <-> MALWARE-OTHER Tong Keylogger outbound connection (malware-other.rules) * 1:19901 <-> DISABLED <-> MALWARE-OTHER Tong Keylogger outbound connection (malware-other.rules) * 1:19902 <-> DISABLED <-> PUA-ADWARE Targetedbanner.biz Adrotator outbound connection (pua-adware.rules) * 1:19903 <-> DISABLED <-> PUA-ADWARE Win32.Agent.vvm outbound connection (pua-adware.rules) * 1:19904 <-> DISABLED <-> PUA-ADWARE WinReanimator outbound connection (pua-adware.rules) * 1:19906 <-> DISABLED <-> PUA-TOOLBARS 6SQ Toolbar runtime detection (pua-toolbars.rules) * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:19927 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19928 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19929 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19930 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19933 <-> DISABLED <-> INDICATOR-SCAN DirBuster brute forcing tool detected (indicator-scan.rules) * 1:19939 <-> DISABLED <-> PUA-ADWARE WeatherStudio outbound connection (pua-adware.rules) * 1:19984 <-> DISABLED <-> PUA-ADWARE Antivirus 2010 outbound connection (pua-adware.rules) * 1:19985 <-> DISABLED <-> PUA-ADWARE AntivirusPC2009 runtime traffic detected (pua-adware.rules) * 1:19986 <-> DISABLED <-> PUA-ADWARE AntivirusPC2009 install-time traffic detected (pua-adware.rules) * 1:19987 <-> DISABLED <-> PUA-ADWARE PCLiveGuard outbound connection (pua-adware.rules) * 1:19989 <-> DISABLED <-> PUA-ADWARE Total Protect 2009 outbound connection (pua-adware.rules) * 1:19990 <-> DISABLED <-> PUA-ADWARE Total Protect 2009 outbound connection (pua-adware.rules) * 1:19994 <-> DISABLED <-> PUA-ADWARE Antivirus 360 outbound connection (pua-adware.rules) * 1:19998 <-> ENABLED <-> PUA-ADWARE IP address disclosure to advertisement sites attempt (pua-adware.rules) * 1:19999 <-> DISABLED <-> PUA-ADWARE ThreatNuker outbound connection (pua-adware.rules) * 1:20000 <-> DISABLED <-> POLICY-OTHER Achievement Unlocked (Billion Dollar Company -- policy-other.rules) * 1:20007 <-> DISABLED <-> PUA-ADWARE Cinmus.asaq outbound connection (pua-adware.rules) * 1:20025 <-> DISABLED <-> PUA-ADWARE VirusBye outbound connection (pua-adware.rules) * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules) * 1:20041 <-> DISABLED <-> PUA-ADWARE Adware.BB outbound connection (pua-adware.rules) * 1:20045 <-> DISABLED <-> SQL PHPSESSID SQL injection attempt (sql.rules) * 1:20046 <-> DISABLED <-> SQL PHPSESSID SQL injection attempt (sql.rules) * 1:20047 <-> DISABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules) * 1:20048 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager CasLogDirectInsertHandler.cs cross site request forgery attempt (server-other.rules) * 1:20049 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules) * 1:20050 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory consumption vulnerability (file-flash.rules) * 1:20051 <-> DISABLED <-> SERVER-OTHER SAP MaxDB malformed handshake request buffer overflow attempt (server-other.rules) * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules) * 1:20053 <-> DISABLED <-> SERVER-MYSQL Database SELECT subquery denial of service attempt (server-mysql.rules) * 1:20054 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager denial of service attempt (server-other.rules) * 1:20055 <-> DISABLED <-> FILE-JAVA Oracle Java runtime JPEGImageReader overflow attempt (file-java.rules) * 1:20058 <-> DISABLED <-> SERVER-OTHER VMWare authorization service user credential parsing DoS attempt (server-other.rules) * 1:20059 <-> DISABLED <-> FILE-IMAGE Apple Quicktime PictureViewer GIF rendering vulnerability (file-image.rules) * 1:20060 <-> DISABLED <-> SERVER-OTHER CVS annotate command buffer overflow attempt (server-other.rules) * 1:20063 <-> DISABLED <-> PUA-ADWARE SecurityTool outbound connection (pua-adware.rules) * 1:20084 <-> DISABLED <-> SERVER-OTHER ALTAP Salamander PE Viewer PDB Filename Buffer Overflow (server-other.rules) * 1:20089 <-> DISABLED <-> INDICATOR-COMPROMISE IRC nick change on non-standard port (indicator-compromise.rules) * 1:20090 <-> DISABLED <-> INDICATOR-COMPROMISE IRC DCC file transfer request on non-standard port (indicator-compromise.rules) * 1:20091 <-> DISABLED <-> INDICATOR-COMPROMISE IRC DCC chat request on non-standard port (indicator-compromise.rules) * 1:20092 <-> DISABLED <-> INDICATOR-COMPROMISE IRC channel join on non-standard port (indicator-compromise.rules) * 1:20093 <-> DISABLED <-> INDICATOR-COMPROMISE IRC channel notice on non-standard port (indicator-compromise.rules) * 1:20094 <-> DISABLED <-> INDICATOR-COMPROMISE IRC message on non-standard port (indicator-compromise.rules) * 1:20095 <-> DISABLED <-> INDICATOR-COMPROMISE IRC dns request on non-standard port (indicator-compromise.rules) * 1:20100 <-> DISABLED <-> PUA-ADWARE Adware Arcade Web - installation/update (pua-adware.rules) * 1:20101 <-> DISABLED <-> PUA-ADWARE Adware Arcade Web - User-Agent (pua-adware.rules) * 1:20102 <-> DISABLED <-> PUA-ADWARE Adware Arcade Web - X-Arcadeweb header (pua-adware.rules) * 1:20103 <-> DISABLED <-> PUA-ADWARE Adware playsushi - User-Agent (pua-adware.rules) * 1:20118 <-> DISABLED <-> OS-WINDOWS Microsoft Windows shell extensions deskpan.dll dll-load exploit attempt (os-windows.rules) * 1:20119 <-> DISABLED <-> OS-WINDOWS Microsoft Windows shell extensions deskpan.dll dll-load exploit attempt (os-windows.rules) * 1:20120 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS internal communications on network exploit attempt (os-windows.rules) * 1:20123 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ShrFmla record use after free attempt (file-office.rules) * 1:20125 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:20126 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:20129 <-> DISABLED <-> FILE-OFFICE Microsoft Office BpscBulletProof uninitialized pointer dereference attempt (file-office.rules) * 1:20132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vista SMB2 zero length write attempt (os-windows.rules) * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (policy-other.rules) * 1:20138 <-> DISABLED <-> SERVER-OTHER Nortel Networks Multiple UNIStim VoIP Products Remote Eavesdrop Attempt (server-other.rules) * 1:20142 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader app.openDoc path vulnerability (file-pdf.rules) * 1:20143 <-> DISABLED <-> PUA-ADWARE Adware mightymagoo/playpickle/livingplay - User-Agent (pua-adware.rules) * 1:20144 <-> DISABLED <-> FILE-PDF Adobe Acrobat embedded TIFF DotRange structure memory corruption attempt (file-pdf.rules) * 1:20145 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PICT parsing corruption attempt (file-pdf.rules) * 1:20146 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded PICT image (file-pdf.rules) * 1:20147 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PICT parsing corruption attempt (file-pdf.rules) * 1:20148 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PICT parsing corruption attempt (file-pdf.rules) * 1:20149 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded IFF file RGBA chunk memory corruption attempt (file-pdf.rules) * 1:20150 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PCX parsing corruption attempt (file-pdf.rules) * 1:20151 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded PCX image (file-pdf.rules) * 1:20152 <-> DISABLED <-> FILE-PDF Adobe Acrobat GDI object leak memory corruption attempt (file-pdf.rules) * 1:20153 <-> DISABLED <-> FILE-PDF Adobe Acrobat embedded JPEG file APP0 chunk memory corruption attempt (file-pdf.rules) * 1:20156 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getCosObj file overwrite attempt (file-pdf.rules) * 1:20157 <-> DISABLED <-> SERVER-ORACLE Oracle GlassFish Server war file upload attempt (server-oracle.rules) * 1:20162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader sandbox disable attempt (file-pdf.rules) * 1:20169 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP parsing corruption attempt (file-pdf.rules) * 1:20170 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP parsing corruption attempt (file-pdf.rules) * 1:20171 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP parsing corruption attempt (file-pdf.rules) * 1:20172 <-> DISABLED <-> FILE-IDENTIFY Metastock mwl file magic detected (file-identify.rules) * 1:20173 <-> DISABLED <-> PROTOCOL-SCADA Cogent DataHub server-side information disclosure (protocol-scada.rules) * 1:20174 <-> DISABLED <-> PROTOCOL-SCADA Cogent DataHub server-side information disclosure (protocol-scada.rules) * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules) * 1:20178 <-> DISABLED <-> PROTOCOL-SCADA RSLogix rna protocol denial of service attempt (protocol-scada.rules) * 1:20181 <-> DISABLED <-> FILE-FLASH Adobe Flash Speex-encoded audio buffer underflow attempt (file-flash.rules) * 1:20182 <-> DISABLED <-> FILE-FLASH Adobe Flash Player viewSource blacklist exclusion attempt (file-flash.rules) * 1:20183 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setInterval use attempt (file-flash.rules) * 1:20184 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit php meterpreter stub .php file upload (indicator-shellcode.rules) * 1:20185 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_fs_method request/response attempt (indicator-shellcode.rules) * 1:20186 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_sys_process_method request/response attempt (indicator-shellcode.rules) * 1:20187 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_sys_eventlog_method request/response attempt (indicator-shellcode.rules) * 1:20189 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_ui_method request/response attempt (indicator-shellcode.rules) * 1:20190 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_registry_method request/response attempt (indicator-shellcode.rules) * 1:20192 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter incognito_method request/response attempt (indicator-shellcode.rules) * 1:20193 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter webcam_method request/response attempt (indicator-shellcode.rules) * 1:20194 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter sniffer_method request/response attempt (indicator-shellcode.rules) * 1:20195 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter priv_method request/response attempt (indicator-shellcode.rules) * 1:20196 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter lanattacks_method request/response attempt (indicator-shellcode.rules) * 1:20197 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter espia_method request/response attempt (indicator-shellcode.rules) * 1:20198 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter networkpug_method request/response attempt (indicator-shellcode.rules) * 1:20199 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_railgun_method request/response attempt (indicator-shellcode.rules) * 1:20206 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcre ActionScript under allocation (file-flash.rules) * 1:20207 <-> DISABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules) * 1:20208 <-> DISABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules) * 1:20209 <-> DISABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules) * 1:20211 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursive stack overflow attempt (file-flash.rules) * 1:20212 <-> DISABLED <-> SERVER-OTHER SSL CBC encryption mode weakness brute force attempt (server-other.rules) * 1:20220 <-> DISABLED <-> PUA-ADWARE Adware.Wizpop outbound connection (pua-adware.rules) * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules) * 1:20224 <-> DISABLED <-> FILE-MULTIMEDIA MPlayer SMI file buffer overflow attempt (file-multimedia.rules) * 1:20225 <-> ENABLED <-> FILE-OTHER SMI file download request (file-other.rules) * 1:20226 <-> DISABLED <-> FILE-OTHER MPlayer SMI file buffer overflow attempt (file-other.rules) * 1:20227 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC webm memory corruption attempt (file-multimedia.rules) * 1:20237 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Jukebox playlist file handling heap overflow attempt (file-multimedia.rules) * 1:20238 <-> DISABLED <-> SERVER-OTHER Oracle Java calendar deserialize vulnerability (server-other.rules) * 1:20239 <-> DISABLED <-> FILE-JAVA Oracle Java GIF LZW minimum code size overflow attempt (file-java.rules) * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules) * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (policy-other.rules) * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (policy-other.rules) * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (policy-other.rules) * 1:20248 <-> DISABLED <-> PROTOCOL-RPC IBM AIX and Oracle Solaris nfsd v4 nfs_portmon security bypass attempt (protocol-rpc.rules) * 1:20249 <-> DISABLED <-> SERVER-OTHER Oracle Java Web Start BasicService arbitrary command execution attempt (server-other.rules) * 1:20251 <-> DISABLED <-> SERVER-OTHER PointBase 4.6 database DoS (server-other.rules) * 1:20253 <-> DISABLED <-> OS-WINDOWS Microsoft products oleacc.dll dll-load exploit attempt (os-windows.rules) * 1:20254 <-> DISABLED <-> OS-WINDOWS Microsoft products oleacc.dll dll-load exploit attempt (os-windows.rules) * 1:20256 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG http response splitting attempt (os-windows.rules) * 1:20257 <-> DISABLED <-> OS-WINDOWS Microsoft ForeFront UAG ExcelTable.asp XSS attempt (os-windows.rules) * 1:20260 <-> ENABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules) * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules) * 1:20270 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows afd.sys kernel-mode memory corruption attempt (file-executable.rules) * 1:20271 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Host Integration Server SNA length dos attempt (os-windows.rules) * 1:20272 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Forefront UAG NLSessionS cookie overflow attempt (os-windows.rules) * 1:20274 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP NetShareEnumAll request (netbios.rules) * 1:20282 <-> ENABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules) * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules) * 1:20296 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules) * 1:20297 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules) * 1:20298 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules) * 1:20299 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules) * 1:20300 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules) * 1:20301 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules) * 1:20302 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules) * 1:20303 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules) * 1:20304 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules) * 1:20305 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules) * 1:20306 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules) * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules) * 1:20308 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules) * 1:20309 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules) * 1:20310 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules) * 1:20311 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules) * 1:20312 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules) * 1:20313 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules) * 1:20314 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:20315 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules) * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules) * 1:20317 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules) * 1:20318 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:20319 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules) * 1:20320 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules) * 1:20321 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules) * 1:20323 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:20324 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules) * 1:20325 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules) * 1:20326 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules) * 1:20327 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules) * 1:20328 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules) * 1:20329 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules) * 1:20330 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules) * 1:20331 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules) * 1:20332 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules) * 1:20333 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules) * 1:20334 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules) * 1:20335 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules) * 1:20336 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules) * 1:20337 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules) * 1:20338 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules) * 1:20339 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules) * 1:20340 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules) * 1:20341 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules) * 1:20342 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules) * 1:20343 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules) * 1:20344 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules) * 1:20345 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules) * 1:20346 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules) * 1:20347 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules) * 1:20348 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules) * 1:20349 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules) * 1:20350 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules) * 1:20351 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules) * 1:20352 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules) * 1:20353 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules) * 1:20354 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20355 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules) * 1:20356 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules) * 1:20357 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules) * 1:20358 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20359 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20360 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules) * 1:20361 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules) * 1:20362 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules) * 1:20363 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules) * 1:20364 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules) * 1:20365 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules) * 1:20366 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules) * 1:20367 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules) * 1:20370 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules) * 1:20371 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules) * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules) * 1:20373 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules) * 1:20374 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules) * 1:20375 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules) * 1:20376 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules) * 1:20377 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules) * 1:20378 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules) * 1:20379 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules) * 1:20380 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules) * 1:20382 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules) * 1:20383 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules) * 1:20384 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules) * 1:20385 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules) * 1:20386 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules) * 1:20387 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt (protocol-voip.rules) * 1:20388 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt (protocol-voip.rules) * 1:20389 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules) * 1:20393 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:20394 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:20396 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood attempt (protocol-voip.rules) * 1:20397 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood (protocol-voip.rules) * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:35175 <-> DISABLED <-> OS-WINDOWS DCOM DCE/RPC NTLM reflection elevation of privilege attempt (os-windows.rules) * 1:20399 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:35188 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:20401 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:20403 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:20404 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules) * 1:20405 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules) * 1:20406 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules) * 1:20407 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:20408 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:20409 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:20410 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules) * 1:20411 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules) * 1:20412 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules) * 1:20413 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules) * 1:20414 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules) * 1:20415 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules) * 1:20416 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:20417 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:20418 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:20419 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules) * 1:20420 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules) * 1:20421 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:20422 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via field request misplaced - after terminating newline (protocol-voip.rules) * 1:20423 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules) * 1:20424 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules) * 1:20426 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules) * 1:20427 <-> DISABLED <-> PROTOCOL-VOIP OpenSBC VIA header denial of service attempt (protocol-voip.rules) * 1:20430 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start BasicServiceImpl security policy bypass attempt (file-java.rules) * 1:20431 <-> DISABLED <-> FILE-OTHER Wireshark DECT packet dissector overflow attempt (file-other.rules) * 1:20433 <-> DISABLED <-> PUA-ADWARE XP Guardian 2010 anutayadokalug host outbound connection (pua-adware.rules) * 1:20434 <-> DISABLED <-> PUA-ADWARE XP Guardian 2010 proantivirus21 host runtime traffic detection (pua-adware.rules) * 1:20436 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (malware-tools.rules) * 1:20437 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (malware-tools.rules) * 1:20438 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (malware-tools.rules) * 1:20439 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (malware-tools.rules) * 1:20440 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules) * 1:20441 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules) * 1:20442 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules) * 1:20443 <-> DISABLED <-> APP-DETECT Apple OSX Remote Mouse usage (app-detect.rules) * 1:20445 <-> DISABLED <-> FILE-PDF Foxit Reader title overflow attempt (file-pdf.rules) * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:20453 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules) * 1:20454 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules) * 1:20455 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules) * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:20458 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules) * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:20460 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20461 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules) * 1:20462 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules) * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:20474 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules) * 1:20475 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules) * 1:20476 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:20477 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:20478 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:20479 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules) * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:20484 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules) * 1:20485 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules) * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:20487 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules) * 1:20488 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules) * 1:20489 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:20490 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules) * 1:20491 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules) * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:20495 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20511 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules) * 1:20512 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules) * 1:20513 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules) * 1:20514 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:20515 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules) * 1:20516 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules) * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules) * 1:20519 <-> ENABLED <-> FILE-IDENTIFY vmd file download request (file-identify.rules) * 1:20520 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules) * 1:20521 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:20522 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:20529 <-> DISABLED <-> FILE-JAVA Oracle Java trusted method chaining attempt (file-java.rules) * 1:20534 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:20535 <-> DISABLED <-> BROWSER-OTHER Opera Config File script access attempt (browser-other.rules) * 1:20540 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document with embedded TrueType font (file-office.rules) * 1:20543 <-> DISABLED <-> OS-WINDOWS Microsoft Windows IppRateLimitIcmp integer overflow exploit attempt (os-windows.rules) * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules) * 1:20545 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF embedded font null pointer attempt (file-flash.rules) * 1:20547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overlapping record overflow attempt (file-flash.rules) * 1:20548 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursive doaction stack exhaustion (file-flash.rules) * 1:20549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion attempt (file-flash.rules) * 1:20550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Mover3D clipping exploit (file-flash.rules) * 1:20551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Stage 3D texture format overflow attempt (file-flash.rules) * 1:20553 <-> DISABLED <-> FILE-MULTIMEDIA Un4seen Developments XMPlay crafted ASX file buffer overflow attempt (file-multimedia.rules) * 1:20556 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PlaceObjectX null pointer dereference attempt (file-flash.rules) * 1:20557 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionDefineFunction2 length overflow attempt (file-flash.rules) * 1:20558 <-> ENABLED <-> EXPLOIT-KIT URI request for known malicious URI /stat2.php (exploit-kit.rules) * 1:20559 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp MIDI file buffer overflow attempt (file-multimedia.rules) * 1:20560 <-> DISABLED <-> FILE-FLASH Adobe Flash Player salign null javascript access attempt (file-flash.rules) * 1:20563 <-> ENABLED <-> FILE-IDENTIFY amf file download request (file-identify.rules) * 1:20564 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules) * 1:20565 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp AMF file buffer overflow attempt (file-other.rules) * 1:20566 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp AMF file buffer overflow attempt (file-other.rules) * 1:20567 <-> DISABLED <-> FILE-FLASH Adobe Flash SWF AVM2 namespace lookup deref exploit (file-flash.rules) * 1:20568 <-> DISABLED <-> FILE-FLASH Adobe Flash SWF ActionScript 3 ByteArray class vulnerability (file-flash.rules) * 1:20572 <-> DISABLED <-> FILE-OTHER Microsoft Windows Font Library file buffer overflow attempt (file-other.rules) * 1:20578 <-> DISABLED <-> SERVER-MAIL Qualcomm Eudora url buffer overflow attempt (server-mail.rules) * 1:20581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:20582 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:20583 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple location headers malicious redirect attempt (browser-firefox.rules) * 1:20584 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple content-type headers malicious redirect attempt (browser-firefox.rules) * 1:20585 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple content-length headers malicious redirect attempt (browser-firefox.rules) * 1:20586 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple content-disposition headers malicious redirect attempt (browser-firefox.rules) * 1:20588 <-> ENABLED <-> FILE-IDENTIFY CDR file download request (file-identify.rules) * 1:20589 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules) * 1:20594 <-> DISABLED <-> SERVER-ORACLE Outside In CorelDRAW file parser integer overflow attempt (server-oracle.rules) * 1:20601 <-> DISABLED <-> PROTOCOL-SERVICES rlogin nobody (protocol-services.rules) * 1:20602 <-> DISABLED <-> PROTOCOL-SERVICES rlogin guest (protocol-services.rules) * 1:20603 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RSH daemon buffer overflow attempt (os-windows.rules) * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:20609 <-> DISABLED <-> SERVER-OTHER Sunway ForceControl SNMP NetDBServer stack buffer overflow attempt (server-other.rules) * 1:20610 <-> DISABLED <-> FILE-FLASH Adobe Shockwave Flash Flex authoring tool XSS exploit attempt (file-flash.rules) * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules) * 1:20612 <-> DISABLED <-> SERVER-APACHE Apache Tomcat Java AJP connector invalid header timeout DOS attempt (server-apache.rules) * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules) * 1:20616 <-> DISABLED <-> SERVER-OTHER Peercast Basic HTTP authentication buffer overflow attempt (server-other.rules) * 1:20618 <-> DISABLED <-> SERVER-OTHER Sage SalesLogix database credential disclosure attempt (server-other.rules) * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules) * 1:20638 <-> DISABLED <-> PROTOCOL-SCADA Progea Movicon/PowerHMI EIDP over HTTP memory corruption attempt (protocol-scada.rules) * 1:20653 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player ASX file ref href buffer overflow attempt (file-multimedia.rules) * 1:20655 <-> DISABLED <-> PUA-OTHER Yahoo Messenger iframe injection status change attempt (pua-other.rules) * 1:20658 <-> DISABLED <-> POLICY-OTHER HP Printer firmware update attempt (policy-other.rules) * 1:20660 <-> DISABLED <-> SERVER-OTHER sl.php script injection (server-other.rules) * 1:20662 <-> DISABLED <-> SERVER-OTHER Dameware Mini Remote Control username buffer overflow (server-other.rules) * 1:20664 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (server-iis.rules) * 1:20665 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (server-iis.rules) * 1:20666 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Thunderbird / SeaMonkey Content-Type header buffer overflow attempt (browser-firefox.rules) * 1:20667 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Thunderbird / SeaMonkey Content-Type header buffer overflow attempt (browser-firefox.rules) * 1:20668 <-> DISABLED <-> EXPLOIT-KIT URI request for known malicious URI - /content/v1.jar (exploit-kit.rules) * 1:20669 <-> DISABLED <-> EXPLOIT-KIT URI request for known malicious URI - w.php?f= (exploit-kit.rules) * 1:20670 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk data length field overflow attempt (protocol-voip.rules) * 1:20673 <-> DISABLED <-> FILE-MULTIMEDIA invalid VLC media player SMB URI download attempt (file-multimedia.rules) * 1:20675 <-> DISABLED <-> SERVER-IIS Microsoft Active Directory Federation Services code execution attempt (server-iis.rules) * 1:20690 <-> DISABLED <-> SERVER-OTHER Quest NetVault SmartDisk libnvbasics.dll denial of service attempt (server-other.rules) * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules) * 1:20698 <-> DISABLED <-> FILE-OTHER Telnet protocol specifier command injection attempt (file-other.rules) * 1:20717 <-> DISABLED <-> FILE-OFFICE Microsoft Windows OLE versioned stream missing data stream (file-office.rules) * 1:20718 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules) * 1:20719 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Opltc memory corruption attempt (file-office.rules) * 1:20721 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher PLC object memory corruption attempt (file-office.rules) * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules) * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (os-solaris.rules) * 1:20727 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox user interface event dispatcher dos attempt (browser-firefox.rules) * 1:20729 <-> DISABLED <-> BROWSER-FIREFOX Mozilla XBL object init code execution attempt (browser-firefox.rules) * 1:20730 <-> DISABLED <-> BROWSER-FIREFOX Mozilla XBL.method memory corruption attempt (browser-firefox.rules) * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules) * 1:20735 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (file-other.rules) * 1:20736 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari x-man-page URI terminal escape attempt (browser-webkit.rules) * 1:20738 <-> DISABLED <-> SERVER-OTHER Check Point vpn-1 ISAKMP buffer overflow attempt (server-other.rules) * 1:20739 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Object.watch parent access attempt (browser-firefox.rules) * 1:20741 <-> DISABLED <-> SERVER-OTHER SpamAssassin GTube string denial of service attempt (server-other.rules) * 1:20742 <-> DISABLED <-> BROWSER-FIREFOX Mozilla PLUGINSPAGE javascript execution attempt (browser-firefox.rules) * 1:20743 <-> DISABLED <-> BROWSER-OTHER Multiple web browser window injection attempt (browser-other.rules) * 1:20745 <-> DISABLED <-> SERVER-OTHER Ethereal Netflow dissector buffer overflow attempt (server-other.rules) * 1:20746 <-> DISABLED <-> SERVER-OTHER Ethereal IGAP Dissector Buffer Overflow attempt (server-other.rules) * 1:20747 <-> DISABLED <-> SERVER-OTHER Ethereal IGAP Dissector Buffer Overflow attempt (server-other.rules) * 1:20748 <-> DISABLED <-> SERVER-OTHER Yahoo Messenger possible file transfer spoofing (server-other.rules) * 1:20750 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules) * 1:20751 <-> ENABLED <-> FILE-IDENTIFY webm file download request (file-identify.rules) * 1:20752 <-> DISABLED <-> PUA-ADWARE Win32.GameVance outbound connection (pua-adware.rules) * 1:20753 <-> DISABLED <-> PUA-ADWARE Win32.GamePlayLabs outbound connection (pua-adware.rules) * 1:20758 <-> DISABLED <-> POLICY-OTHER Progrea Movicon TCPUploadServer.exe unauthenticated access attempt (policy-other.rules) * 1:20761 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:20768 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20769 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20770 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20771 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20772 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20773 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20774 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20775 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20776 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20802 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PRC file MarkupLinkedItem arbitrary code execution attempt (file-pdf.rules) * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules) * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules) * 1:20814 <-> DISABLED <-> BROWSER-FIREFOX Mozilla favicon href javascript execution attempt (browser-firefox.rules) * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules) * 1:20821 <-> DISABLED <-> SERVER-APACHE Apache APR header memory corruption attempt (server-apache.rules) * 1:20831 <-> ENABLED <-> FILE-JAVA Oracle Java Applet Rhino script engine remote code execution attempt (file-java.rules) * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules) * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules) * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules) * 1:20848 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules) * 1:20849 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules) * 1:20852 <-> ENABLED <-> FILE-IDENTIFY DAZ Studio script download request (file-identify.rules) * 1:20853 <-> DISABLED <-> FILE-OTHER DAZ Studio dangerous scripting method attempt (file-other.rules) * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20856 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20857 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20858 <-> DISABLED <-> FILE-JAVA Oracle Java getSoundBank overflow Attempt malicious jar file (file-java.rules) * 1:20859 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya embedded language script download request (file-identify.rules) * 1:20860 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules) * 1:20861 <-> DISABLED <-> FILE-OTHER Autodesk Maya dangerous scripting method attempt (file-other.rules) * 1:20869 <-> ENABLED <-> FILE-IDENTIFY Autodesk 3D Studio Maxscript download request (file-identify.rules) * 1:20870 <-> DISABLED <-> FILE-OTHER Autodesk 3D Studio Maxscript dangerous scripting method attempt (file-other.rules) * 1:20873 <-> DISABLED <-> POLICY-OTHER TRACE attempt (policy-other.rules) * 1:20874 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (server-other.rules) * 1:20876 <-> DISABLED <-> SERVER-OTHER IBM solidDB solid.exe authentication bypass attempt (server-other.rules) * 1:20880 <-> DISABLED <-> FILE-OFFICE Microsoft DirectShow Line 21 decoder exploit attempt (file-office.rules) * 1:20885 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (file-office.rules) * 1:20886 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (file-office.rules) * 1:20887 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (file-office.rules) * 1:20888 <-> ENABLED <-> FILE-IDENTIFY Video Spirit visprj download attempt (file-identify.rules) * 1:20889 <-> DISABLED <-> FILE-OTHER Video Spirit visprj buffer overflow (file-other.rules) * 1:20893 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules) * 1:20894 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules) * 1:20895 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules) * 1:20896 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules) * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20902 <-> DISABLED <-> FILE-OTHER Microsoft Windows OpenType font parsing stack overflow attempt (file-other.rules) * 1:20904 <-> DISABLED <-> FILE-OTHER Microsoft Windows OpenType font parsing stack overflow attempt (file-other.rules) * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20911 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules) * 1:20912 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules) * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20915 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules) * 1:20916 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules) * 1:20917 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules) * 1:20918 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules) * 1:20919 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader BMP color unused corruption (file-pdf.rules) * 1:20920 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DCT dequantizer memory corruption attempt (file-pdf.rules) * 1:20921 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP colors used integer overflow attempt (file-pdf.rules) * 1:20922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP bit count integer overflow attempt (file-pdf.rules) * 1:20923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP bit count integer overflow attempt (file-pdf.rules) * 1:20924 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20928 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20960 <-> ENABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules) * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules) * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules) * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules) * 1:20964 <-> ENABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules) * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20968 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules) * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules) * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules) * 1:20972 <-> ENABLED <-> FILE-IDENTIFY M4V file magic request (file-identify.rules) * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules) * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules) * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules) * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules) * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules) * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20989 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic single_static_bit encoder (indicator-shellcode.rules) * 1:20990 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic avoid_utf8_tolower encoder (indicator-shellcode.rules) * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:20992 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:20997 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit Display box rendering corruption attempt (browser-webkit.rules) * 1:20998 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript submitform memory corruption attempt (file-pdf.rules) * 1:21000 <-> DISABLED <-> PROTOCOL-SCADA Microsys PROMOTIC ActiveX clsid access (protocol-scada.rules) * 1:21001 <-> DISABLED <-> PROTOCOL-SCADA Microsys PROMOTIC ActiveX function call access (protocol-scada.rules) * 1:21007 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:21008 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file download request (file-identify.rules) * 1:21009 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules) * 1:21010 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules) * 1:21011 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:21012 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules) * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21015 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:21016 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules) * 1:21017 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules) * 1:21018 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules) * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21040 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules) * 1:21052 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file download request (file-identify.rules) * 1:21053 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules) * 1:21054 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules) * 1:21056 <-> DISABLED <-> FILE-JAVA Oracle Java attempt to write in system32 (file-java.rules) * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules) * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21075 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor (server-apache.rules) * 1:21078 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow GraphEdt closed captioning memory corruption (file-multimedia.rules) * 1:21079 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC HMI Administrator cookie detected (protocol-scada.rules) * 1:21082 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel window2 record use after free attempt (file-office.rules) * 1:21083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel window2 record use after free attempt (file-office.rules) * 1:21088 <-> DISABLED <-> OS-WINDOWS Microsoft Windows remote desktop denial of service attempt (os-windows.rules) * 1:21089 <-> DISABLED <-> OS-WINDOWS Microsoft Windows remote desktop oversized cookie attempt (os-windows.rules) * 1:21090 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp player mp4 memory corruption attempt (file-multimedia.rules) * 1:21091 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp player mp4 memory corruption attempt (file-multimedia.rules) * 1:21092 <-> ENABLED <-> MALWARE-TOOLS JavaScript LOIC attack (malware-tools.rules) * 1:21093 <-> DISABLED <-> FILE-MULTIMEDIA A-PDF Wav to mp3 converter buffer overfow (file-multimedia.rules) * 1:21095 <-> DISABLED <-> FILE-PDF Foxit Reader malicious pdf file write access (file-pdf.rules) * 1:21102 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:21103 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:21104 <-> ENABLED <-> MALWARE-TOOLS slowhttptest DoS tool (malware-tools.rules) * 1:21105 <-> DISABLED <-> SERVER-OTHER Avaya WinPDM Unite host router buffer overflow attempt (server-other.rules) * 1:21107 <-> DISABLED <-> FILE-MULTIMEDIA MJM Quickplayer s3m buffer overflow (file-multimedia.rules) * 1:21108 <-> DISABLED <-> EXPLOIT-KIT unknown exploit kit obfuscated landing page (exploit-kit.rules) * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules) * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:21117 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell (indicator-compromise.rules) * 1:21118 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell security information display (indicator-compromise.rules) * 1:21119 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell interactive file system information display (indicator-compromise.rules) * 1:21120 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell interactive console display (indicator-compromise.rules) * 1:21121 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell interactive SQL display (indicator-compromise.rules) * 1:21129 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell (indicator-compromise.rules) * 1:21130 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell enumeration page (indicator-compromise.rules) * 1:21131 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell domain lookup page (indicator-compromise.rules) * 1:21132 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell sql interaction page (indicator-compromise.rules) * 1:21133 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell encoder page (indicator-compromise.rules) * 1:21134 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell security information page (indicator-compromise.rules) * 1:21135 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell password cracking page (indicator-compromise.rules) * 1:21136 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell security bypass page (indicator-compromise.rules) * 1:21137 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell tools page (indicator-compromise.rules) * 1:21138 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell database parsing page (indicator-compromise.rules) * 1:21139 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell spread shell page (indicator-compromise.rules) * 1:21140 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell kill shell page (indicator-compromise.rules) * 1:21146 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules) * 1:21147 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules) * 1:21148 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules) * 1:21149 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules) * 1:21150 <-> DISABLED <-> PROTOCOL-VOIP Grandstream networks denial of service (protocol-voip.rules) * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products floating point buffer overflow attempt (browser-firefox.rules) * 1:21155 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products floating point buffer overflow attempt (browser-firefox.rules) * 1:21160 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (server-iis.rules) * 1:21162 <-> DISABLED <-> FILE-PDF Adobe Acrobat file extension overflow attempt (file-pdf.rules) * 1:21164 <-> DISABLED <-> SERVER-SAMBA Samba username map script command injection attempt (server-samba.rules) * 1:21165 <-> DISABLED <-> FILE-OTHER multiple products GeckoActiveX COM object recon attempt (file-other.rules) * 1:21166 <-> DISABLED <-> BROWSER-CHROME Google Chrome https spoofing attempt (browser-chrome.rules) * 1:21168 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:21169 <-> DISABLED <-> PUA-ADWARE Apperhand SDK advertising data request - Counterclank (pua-adware.rules) * 1:21171 <-> DISABLED <-> APP-DETECT Thunder p2p application activity detection (app-detect.rules) * 1:21172 <-> DISABLED <-> APP-DETECT Thunder p2p application activity detection (app-detect.rules) * 1:21173 <-> DISABLED <-> FILE-EXECUTABLE APP-CONTROL Thunder p2p application download detection (file-executable.rules) * 1:21174 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules) * 1:21176 <-> DISABLED <-> PUA-ADWARE Win32.WindowsOptimizationAndSecurity outbound connection (pua-adware.rules) * 1:21184 <-> DISABLED <-> PUA-ADWARE Internet Security 2010 outbound connection (pua-adware.rules) * 1:21189 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari innerHTML use after free exploit attempt (browser-webkit.rules) * 1:21232 <-> DISABLED <-> SERVER-OTHER Remote Desktop Protocol brute force attempt (server-other.rules) * 1:21244 <-> DISABLED <-> FILE-IDENTIFY New Executable binary file magic detected (file-identify.rules) * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules) * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules) * 1:21254 <-> DISABLED <-> FILE-PDF Foxit Reader createDataObject file write attempt (file-pdf.rules) * 1:21255 <-> ENABLED <-> MALWARE-OTHER known malicious FTP login banner - 0wns j0 (malware-other.rules) * 1:21256 <-> ENABLED <-> MALWARE-OTHER known malicious FTP quit banner - Goodbye happy r00ting (malware-other.rules) * 1:21261 <-> DISABLED <-> SERVER-OTHER Xitami if-modified-since header buffer overflow attempt (server-other.rules) * 1:21262 <-> DISABLED <-> OS-WINDOWS DCERPC ISystemActivate flood attempt (os-windows.rules) * 1:21263 <-> DISABLED <-> SERVER-OTHER Embarcadero Interbase connect request buffer overflow attempt (server-other.rules) * 1:21265 <-> DISABLED <-> INDICATOR-SHELLCODE Piecemeal exploit and shellcode construction (indicator-shellcode.rules) * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (policy-other.rules) * 1:21281 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (os-windows.rules) * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules) * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules) * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules) * 1:21291 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid row option attempt (file-office.rules) * 1:21293 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio corrupted compressed data memory corruption attempt (file-office.rules) * 1:21295 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules) * 1:21296 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules) * 1:21315 <-> DISABLED <-> SERVER-OTHER Quest NetVault SmartDisk libnvbasics.dll DOS attempt (server-other.rules) * 1:21317 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:21319 <-> DISABLED <-> FILE-OTHER Multiple products request for version.dll over SMB attempt (file-other.rules) * 1:21320 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player request for atl.dll over SMB attempt (file-flash.rules) * 1:21321 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player request for uxtheme.dll over SMB attempt (file-flash.rules) * 1:21322 <-> DISABLED <-> FILE-OTHER Multiple products version.dll dll-load exploit attempt (file-other.rules) * 1:21323 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player atl.dll dll-load exploit attempt (file-flash.rules) * 1:21324 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player uxtheme.dll dll-load exploit attempt (file-flash.rules) * 1:21325 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross site request forgery attempt (file-flash.rules) * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (file-flash.rules) * 1:21328 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format server integer overflow attempt (server-other.rules) * 1:21329 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format client integer overflow attempt (server-other.rules) * 1:21330 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format server integer overflow attempt (server-other.rules) * 1:21331 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format client integer overflow attempt (server-other.rules) * 1:21332 <-> ENABLED <-> APP-DETECT Synergy network kvm usage detected (app-detect.rules) * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (file-flash.rules) * 1:21337 <-> DISABLED <-> SERVER-APACHE Apache XML HMAC truncation authentication bypass attempt (server-apache.rules) * 1:21349 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:21350 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:21356 <-> DISABLED <-> SERVER-APACHE Apache URI directory traversal attempt (server-apache.rules) * 1:21357 <-> DISABLED <-> OS-WINDOWS Microsoft Windows OLEAUT32.DLL malicious WMF file remote code execution attempt (os-windows.rules) * 1:21370 <-> DISABLED <-> SERVER-SAMBA Samba name mangling buffer overflow attempt (server-samba.rules) * 1:21387 <-> DISABLED <-> FILE-JAVA Oracle Java runtime RMIConnectionImpl deserialization execution attempt (file-java.rules) * 1:21393 <-> DISABLED <-> FILE-MULTIMEDIA Magix Musik Maker 16 buffer overflow attempt (file-multimedia.rules) * 1:21394 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox null byte file remote code execution attempt (browser-firefox.rules) * 1:21395 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:21396 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:21397 <-> DISABLED <-> FILE-MULTIMEDIA MicroP mppl stack buffer overflow (file-multimedia.rules) * 1:21398 <-> ENABLED <-> FILE-IDENTIFY MPPL file download request (file-identify.rules) * 1:21399 <-> DISABLED <-> BROWSER-OTHER Opera Web Browser History Search Input validation vulnerability (browser-other.rules) * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules) * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules) * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21413 <-> DISABLED <-> FILE-OTHER PeaZip command injection attempt (file-other.rules) * 1:21417 <-> DISABLED <-> FILE-PDF hostile PDF associated with Laik exploit kit (file-pdf.rules) * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules) * 1:21431 <-> DISABLED <-> FILE-PDF Possible malicious pdf - new pdf exploit (file-pdf.rules) * 1:21432 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules) * 1:21433 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules) * 1:21437 <-> DISABLED <-> FILE-OTHER WordPerfect WP3TablesGroup heap overflow attempt (file-other.rules) * 1:21439 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ arbitrary code execution attempt (file-image.rules) * 1:21445 <-> DISABLED <-> SERVER-OTHER vsFTPd denial of service attempt (server-other.rules) * 1:21446 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileSystemObject clsid access (browser-chrome.rules) * 1:21459 <-> ENABLED <-> MALWARE-TOOLS Havij advanced SQL injection tool user-agent string (malware-tools.rules) * 1:21480 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21483 <-> DISABLED <-> PROTOCOL-SCADA Moxa Device Manager buffer overflow attempt (protocol-scada.rules) * 1:21485 <-> DISABLED <-> SERVER-OTHER EMC RepliStor denial of service attempt (server-other.rules) * 1:21488 <-> DISABLED <-> APP-DETECT User-Agent known user agent - GetRight (app-detect.rules) * 1:21489 <-> DISABLED <-> FILE-OTHER Microsoft Windows chm file malware related exploit (file-other.rules) * 1:21490 <-> DISABLED <-> PROTOCOL-SCADA General Electric d20me configuration retrieval attempt (protocol-scada.rules) * 1:21491 <-> DISABLED <-> PROTOCOL-SCADA Sielco Sistemi Winlog Pro stack buffer overflow attempt (protocol-scada.rules) * 1:21494 <-> DISABLED <-> PROTOCOL-SCADA General Electric D20ME backdoor attempt (protocol-scada.rules) * 1:21498 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21501 <-> DISABLED <-> FILE-JAVA Oracle JavaScript file upload keystroke hijack attempt (file-java.rules) * 1:21503 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB memory corruption (file-office.rules) * 1:21509 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit rhino jar request (exploit-kit.rules) * 1:21510 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit logo transfer (exploit-kit.rules) * 1:21512 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zegost.B runtime detection (malware-backdoor.rules) * 1:21513 <-> ENABLED <-> MALWARE-TOOLS HOIC http denial of service attack (malware-tools.rules) * 1:21515 <-> DISABLED <-> SERVER-APACHE Apache Tomcat Web Application Manager access (server-apache.rules) * 1:21519 <-> DISABLED <-> INDICATOR-OBFUSCATION Dadongs obfuscated javascript (indicator-obfuscation.rules) * 1:21524 <-> DISABLED <-> FILE-OFFICE Microsoft Windows object packager dialogue code execution attempt (file-office.rules) * 1:21530 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action script 3 bitmap malicious rectangle attempt (file-flash.rules) * 1:21531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action script 3 bitmap malicious rectangle attempt (file-flash.rules) * 1:21532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action script 3 bitmap malicious rectangle attempt (file-flash.rules) * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21550 <-> ENABLED <-> MALWARE-BACKDOOR ToolsPack PHP Backdoor access (malware-backdoor.rules) * 1:21555 <-> DISABLED <-> MALWARE-OTHER Horde javascript.php href backdoor (malware-other.rules) * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (policy-other.rules) * 1:21557 <-> DISABLED <-> FILE-OTHER Apple OSX ZIP archive shell script execution attempt (file-other.rules) * 1:21573 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file download request (file-identify.rules) * 1:21574 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules) * 1:21575 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules) * 1:21576 <-> DISABLED <-> FILE-OTHER Microsoft Windows Visual Studio .addin file access (file-other.rules) * 1:21577 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - charcode (indicator-obfuscation.rules) * 1:21578 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - eval (indicator-obfuscation.rules) * 1:21579 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - fromCharCode (indicator-obfuscation.rules) * 1:21580 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - fromCharCode (indicator-obfuscation.rules) * 1:21582 <-> DISABLED <-> FILE-PDF PDF obfuscation attempt (file-pdf.rules) * 1:21583 <-> DISABLED <-> FILE-PDF Possible malicious pdf detection - qwe123 (file-pdf.rules) * 1:21584 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file download request (file-identify.rules) * 1:21585 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules) * 1:21586 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules) * 1:21587 <-> DISABLED <-> FILE-OTHER VisiWave VWR file parsing code execution attempt (file-other.rules) * 1:21595 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D initialization request detection (os-mobile.rules) * 1:21596 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D initialization response detection (os-mobile.rules) * 1:21597 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D sms logging request detection (os-mobile.rules) * 1:21598 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D sms logging response detection (os-mobile.rules) * 1:21599 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21600 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21601 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21602 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21603 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21604 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21605 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21606 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21607 <-> DISABLED <-> FILE-OTHER IBM Installation Manager iim uri code execution attempt (file-other.rules) * 1:21608 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 call number denial of service (protocol-voip.rules) * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21629 <-> DISABLED <-> FILE-OTHER ELF file parsing in different antivirus evasion attempt (file-other.rules) * 1:21630 <-> DISABLED <-> FILE-OTHER ELF file parsing in different antivirus evasion attempt (file-other.rules) * 1:21637 <-> DISABLED <-> POLICY-SPAM local user attempted to fill out paypal phishing form (policy-spam.rules) * 1:21641 <-> DISABLED <-> MALWARE-OTHER Possible banking trojan with known banking strings (malware-other.rules) * 1:21642 <-> DISABLED <-> MALWARE-OTHER Possible malicious jar file download page (malware-other.rules) * 1:21644 <-> DISABLED <-> PUA-ADWARE Adware.MediaGetInstaller inbound connection - destination ip infected (pua-adware.rules) * 1:21645 <-> DISABLED <-> PUA-ADWARE Adware.MediaGetInstaller outbound connection - source ip infected (pua-adware.rules) * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules) * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:21662 <-> DISABLED <-> SERVER-OTHER Blue Coat Systems WinProxy telnet denial of service attempt (server-other.rules) * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (exploit-kit.rules) * 1:21669 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk missing SIP version denial of service attempt (protocol-voip.rules) * 1:21672 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP capabilities response message capabilities count overflow attempt (protocol-voip.rules) * 1:21673 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP overly large mem copy attempt (protocol-voip.rules) * 1:21674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules) * 1:21675 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules) * 1:21676 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules) * 1:21677 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules) * 1:21678 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21679 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call attempt (exploit-kit.rules) * 1:21680 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21681 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21682 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21683 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21684 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21685 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21686 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:21708 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21711 <-> ENABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules) * 1:21712 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21715 <-> ENABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules) * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21718 <-> ENABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules) * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21721 <-> ENABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules) * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21724 <-> ENABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules) * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21727 <-> ENABLED <-> FILE-IDENTIFY ANI file magic detection (file-identify.rules) * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21748 <-> ENABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules) * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21751 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:21759 <-> DISABLED <-> FILE-OTHER Ultra Shareware Office HttpUpload buffer overflow attempt (file-other.rules) * 1:21763 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve Backup denial of service attempt (server-other.rules) * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules) * 1:21765 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF subroutine pointer attempt (file-pdf.rules) * 1:21767 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 Channel Driver DoS attempt (protocol-voip.rules) * 1:21768 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 Channel Driver DoS attempt (protocol-voip.rules) * 1:21777 <-> DISABLED <-> SQL waitfor delay function in POST - possible SQL injection attempt (sql.rules) * 1:21779 <-> DISABLED <-> SQL parameter ending in encoded comment characters - possible sql injection attempt - POST (sql.rules) * 1:21780 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded waitfor delay function in POST - possible sql injection attempt (indicator-obfuscation.rules) * 1:21781 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded union select function in POST - possible sql injection attempt (indicator-obfuscation.rules) * 1:21782 <-> DISABLED <-> INDICATOR-OBFUSCATION script tag in POST parameters - likely cross-site scripting (indicator-obfuscation.rules) * 1:21783 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded script tag in POST parameters - likely cross-site scripting (indicator-obfuscation.rules) * 1:21784 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded script tag in POST parameters - likely cross-site scripting (indicator-obfuscation.rules) * 1:21785 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript escape function in POST parameters - likely javascript injection (indicator-obfuscation.rules) * 1:21786 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded javascript escape function in POST parameters - likely javascript injection (indicator-obfuscation.rules) * 1:21787 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded javascript escape function in POST parameters - likely javascript injection (indicator-obfuscation.rules) * 1:21788 <-> DISABLED <-> SQL or kic = kic - known SQL injection routine (sql.rules) * 1:21789 <-> DISABLED <-> SQL or kic = kic - known SQL injection routine (sql.rules) * 1:21802 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file download request (file-identify.rules) * 1:21803 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules) * 1:21804 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules) * 1:21805 <-> DISABLED <-> FILE-MULTIMEDIA HT-MP3Player file parsing boundary buffer overflow attempt (file-multimedia.rules) * 1:21807 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules) * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21810 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:21811 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules) * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21814 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21817 <-> DISABLED <-> PROTOCOL-DNS excessive queries of type ANY - potential DoS (protocol-dns.rules) * 1:21845 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - redirect received (malware-other.rules) * 1:21848 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - page redirecting to a SutraTDS (malware-other.rules) * 1:21849 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - HTTP header redirecting to a SutraTDS (malware-other.rules) * 1:21850 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - request hi.cgi (malware-other.rules) * 1:21851 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - redirect received (malware-other.rules) * 1:21853 <-> DISABLED <-> APP-DETECT ptunnel icmp proxy (app-detect.rules) * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21858 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader msiexec.exe file load exploit attempt (file-pdf.rules) * 1:21859 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader msiexec.exe file load exploit attempt (file-pdf.rules) * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21863 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21864 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21881 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21907 <-> DISABLED <-> FILE-OFFICE Microsoft Office rtf document generic exploit indicator (file-office.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21920 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In CorelDRAW file parser buffer overflow attempt (server-oracle.rules) * 1:21921 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In CorelDRAW file parser buffer overflow attempt (server-oracle.rules) * 1:21923 <-> DISABLED <-> SERVER-APACHE Apache Tomcat PUT request remote file deployment attempt (server-apache.rules) * 1:21924 <-> DISABLED <-> PUA-ADWARE Adware.Downware variant outbound connection attempt (pua-adware.rules) * 1:21929 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules) * 1:21930 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules) * 1:21934 <-> DISABLED <-> PUA-ADWARE 888Poker install outbound connection attempt (pua-adware.rules) * 1:21938 <-> DISABLED <-> PROTOCOL-TELNET RuggedCom default backdoor login attempt (protocol-telnet.rules) * 1:21939 <-> ENABLED <-> PROTOCOL-TELNET RuggedCom telnet initial banner (protocol-telnet.rules) * 1:21941 <-> DISABLED <-> INDICATOR-COMPROMISE Wordpress Request for php file in fgallery directory (indicator-compromise.rules) * 1:21949 <-> ENABLED <-> MALWARE-OTHER nikjju script injection (malware-other.rules) * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules) * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules) * 1:21967 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip.A runtime detection (malware-backdoor.rules) * 1:21968 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Rebhip.A variant outbound connection type A (malware-backdoor.rules) * 1:21969 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Rebhip.A variant outbound connection type B (malware-backdoor.rules) * 1:21970 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zlob.P variant outbound connection (malware-backdoor.rules) * 1:21971 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zlob.P variant inbound connection (malware-backdoor.rules) * 1:21972 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.ZZSlash variant outbound connection (malware-backdoor.rules) * 1:21973 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.ZZSlash runtime detection (malware-backdoor.rules) * 1:21977 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Pinit variant outbound connection (malware-backdoor.rules) * 1:21978 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nervos variant outbound connection (malware-backdoor.rules) * 1:21979 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nervos variant inbound connection (malware-backdoor.rules) * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (file-identify.rules) * 1:22002 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Basic v6.0 - additional file magic detected (file-identify.rules) * 1:22013 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file download request (file-identify.rules) * 1:22014 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules) * 1:22015 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules) * 1:22016 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules) * 1:22017 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file download request (file-identify.rules) * 1:22018 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules) * 1:22019 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules) * 1:22020 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules) * 1:22021 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file download request (file-identify.rules) * 1:22022 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules) * 1:22023 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules) * 1:22024 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules) * 1:22025 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file download request (file-identify.rules) * 1:22026 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules) * 1:22027 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules) * 1:22028 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules) * 1:22029 <-> DISABLED <-> FILE-OTHER Visual Studio DBP file handling buffer overflow attempt (file-other.rules) * 1:22030 <-> DISABLED <-> FILE-OTHER Visual Studio PKP file handling buffer overflow attempt (file-other.rules) * 1:22031 <-> DISABLED <-> FILE-OTHER Visual Studio SLN file handling buffer overflow attempt (file-other.rules) * 1:22032 <-> DISABLED <-> FILE-OTHER Visual Studio VAP file handling buffer overflow attempt (file-other.rules) * 1:22043 <-> ENABLED <-> FILE-IDENTIFY XM file download request (file-identify.rules) * 1:22044 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules) * 1:22045 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules) * 1:22046 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules) * 1:22061 <-> ENABLED <-> MALWARE-OTHER Alureon - Malicious IFRAME load attempt (malware-other.rules) * 1:22071 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - eval (indicator-obfuscation.rules) * 1:22072 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - fromCharCode (indicator-obfuscation.rules) * 1:22073 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - unescape (indicator-obfuscation.rules) * 1:22074 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - charCode (indicator-obfuscation.rules) * 1:22079 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework EvidenceBase class remote code execution attempt (os-windows.rules) * 1:22085 <-> DISABLED <-> FILE-OFFICE Microsoft Office GDI+ incorrect index validation of malformed EMF image attempt (file-office.rules) * 1:22086 <-> DISABLED <-> FILE-OFFICE Microsoft Office GDI+ incorrect index validation of malformed EMF image attempt (file-office.rules) * 1:22087 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font maxComponentPoints overflow attempt (file-other.rules) * 1:22090 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework malicious XBAP attempt (os-windows.rules) * 1:22095 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Agent variant outbound connection (malware-backdoor.rules) * 1:22098 <-> DISABLED <-> INDICATOR-COMPROMISE hex-encoded create_function detected (indicator-compromise.rules) * 1:22110 <-> DISABLED <-> SERVER-MAIL Metamail format string exploit attempt (server-mail.rules) * 1:22111 <-> DISABLED <-> SERVER-MAIL Metamail format string exploit attempt (server-mail.rules) * 1:22112 <-> DISABLED <-> SERVER-MAIL Metamail format string exploit attempt (server-mail.rules) * 1:22113 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (server-mail.rules) * 1:22114 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (server-mail.rules) * 1:22115 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (server-mail.rules) * 1:22917 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - cmd (indicator-compromise.rules) * 1:22918 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - search (indicator-compromise.rules) * 1:22919 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - upload (indicator-compromise.rules) * 1:22920 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - about (indicator-compromise.rules) * 1:22921 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - encoder (indicator-compromise.rules) * 1:22922 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - bind (indicator-compromise.rules) * 1:22923 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ps_aux (indicator-compromise.rules) * 1:22924 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ftpquickbrute (indicator-compromise.rules) * 1:22925 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - security (indicator-compromise.rules) * 1:22926 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - sql (indicator-compromise.rules) * 1:22927 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - eval (indicator-compromise.rules) * 1:22928 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - feedback (indicator-compromise.rules) * 1:22929 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - selfremove (indicator-compromise.rules) * 1:22930 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - fsbuff (indicator-compromise.rules) * 1:22931 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ls (indicator-compromise.rules) * 1:22932 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - phpinfo (indicator-compromise.rules) * 1:22933 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - tools (indicator-compromise.rules) * 1:22940 <-> DISABLED <-> INDICATOR-COMPROMISE Win32.Virut web propagation detection (indicator-compromise.rules) * 1:22941 <-> DISABLED <-> FILE-PDF Possible malicious PDF detection - qweqwe= (file-pdf.rules) * 1:22943 <-> ENABLED <-> FILE-IDENTIFY NAB file download request (file-identify.rules) * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22946 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:22948 <-> DISABLED <-> PROTOCOL-VOIP Avaya WinPDM header buffer overflow attempt (protocol-voip.rules) * 1:22953 <-> DISABLED <-> MALWARE-TOOLS Hulk denial of service attempt (malware-tools.rules) * 1:22955 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules) * 1:22956 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules) * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22967 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules) * 1:22968 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules) * 1:22969 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules) * 1:22970 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules) * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (file-identify.rules) * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (file-identify.rules) * 1:22973 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules) * 1:22974 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules) * 1:22975 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules) * 1:22976 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules) * 1:22977 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules) * 1:22978 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules) * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22981 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules) * 1:22982 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules) * 1:22983 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules) * 1:22984 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules) * 1:22985 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:22986 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:22987 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules) * 1:22988 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules) * 1:22989 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules) * 1:22990 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules) * 1:22991 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules) * 1:22992 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules) * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22997 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22998 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22999 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23002 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules) * 1:23003 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules) * 1:23004 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:23005 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:23006 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:23007 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:23011 <-> ENABLED <-> FILE-IDENTIFY Collada file download request (file-identify.rules) * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23016 <-> DISABLED <-> INDICATOR-COMPROMISE base64-encoded c99shell download (indicator-compromise.rules) * 1:23017 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell comment (indicator-compromise.rules) * 1:23043 <-> DISABLED <-> FILE-PDF Unknown malicious PDF - CreationDate (file-pdf.rules) * 1:23044 <-> DISABLED <-> FILE-PDF Unknown malicious PDF - CreationDate (file-pdf.rules) * 1:23045 <-> DISABLED <-> FILE-PDF Unknown malicious PDF - Title (file-pdf.rules) * 1:23054 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nSSVGValue memory corruption attempt (browser-firefox.rules) * 1:23055 <-> DISABLED <-> PROTOCOL-FTP Multiple Products FTP MKD buffer overflow attempt (protocol-ftp.rules) * 1:23058 <-> ENABLED <-> MALWARE-OTHER NeoSploit Malvertising - URI Requested (malware-other.rules) * 1:23085 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - join (indicator-obfuscation.rules) * 1:23086 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - push (indicator-obfuscation.rules) * 1:23087 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - xval (indicator-obfuscation.rules) * 1:23088 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - qweqwe (indicator-obfuscation.rules) * 1:23089 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript strings - obfuscation pattern (indicator-obfuscation.rules) * 1:23090 <-> DISABLED <-> SERVER-OTHER known malicious SSL certificate derived from Microsoft CA detected (server-other.rules) * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (policy-other.rules) * 1:23106 <-> ENABLED <-> EXPLOIT-KIT SET java applet load attempt (exploit-kit.rules) * 1:23107 <-> DISABLED <-> INDICATOR-COMPROMISE BeEF javascript hook.js download attempt (indicator-compromise.rules) * 1:23110 <-> DISABLED <-> FILE-IMAGE Microsoft Windows graphics rendering engine buffer overflow attempt (file-image.rules) * 1:23113 <-> DISABLED <-> INDICATOR-OBFUSCATION eval gzinflate base64_decode call - likely malicious (indicator-obfuscation.rules) * 1:23114 <-> DISABLED <-> INDICATOR-OBFUSCATION GIF header with PHP tags - likely malicious (indicator-obfuscation.rules) * 1:23115 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB client authentication bypass attempt (server-mysql.rules) * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (file-flash.rules) * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (file-flash.rules) * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (file-flash.rules) * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (file-flash.rules) * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (file-flash.rules) * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (file-flash.rules) * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (file-flash.rules) * 1:23140 <-> DISABLED <-> FILE-PDF Unknown Malicious PDF - CreationDate (file-pdf.rules) * 1:23141 <-> ENABLED <-> EXPLOIT-KIT Fake transaction redirect page to exploit kit (exploit-kit.rules) * 1:23147 <-> ENABLED <-> EXPLOIT-KIT Suspicious taskkill script - StrReverse (exploit-kit.rules) * 1:23148 <-> ENABLED <-> EXPLOIT-KIT Suspicious StrReverse - Shell (exploit-kit.rules) * 1:23149 <-> ENABLED <-> EXPLOIT-KIT Suspicious StrReverse - Scripting.FileSystemObject (exploit-kit.rules) * 1:23160 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - fromCharCode (indicator-obfuscation.rules) * 1:23161 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - eval (indicator-obfuscation.rules) * 1:23166 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XDP encoded download attempt (file-pdf.rules) * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules) * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23171 <-> DISABLED <-> INDICATOR-COMPROMISE Wordpress Request for html file in fgallery directory (indicator-compromise.rules) * 1:23173 <-> DISABLED <-> OS-MOBILE Android Zitmo trojan command and control channel traffic (os-mobile.rules) * 1:23178 <-> DISABLED <-> PROTOCOL-ICMP IPv6 router advertisement flood attempt (protocol-icmp.rules) * 1:23179 <-> DISABLED <-> INDICATOR-COMPROMISE script before DOCTYPE possible malicious redirect attempt (indicator-compromise.rules) * 1:23188 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23189 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23203 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23204 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23208 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (protocol-voip.rules) * 1:23217 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic avoid_utf8_tolower javascript encoder (indicator-shellcode.rules) * 1:23226 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript error suppression routine (indicator-obfuscation.rules) * 1:23230 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST client identifier overflow attempt (os-windows.rules) * 1:23231 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST hostname overflow attempt (os-windows.rules) * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules) * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules) * 1:23239 <-> DISABLED <-> SERVER-OTHER Wireshark console.lua file load exploit attempt (server-other.rules) * 1:23246 <-> DISABLED <-> PUA-ADWARE Wajam Monitizer url outbound connection - post install (pua-adware.rules) * 1:23247 <-> DISABLED <-> PUA-ADWARE Wajam Monitizer outbound connection - post install (pua-adware.rules) * 1:23309 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:23310 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:23311 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:23312 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:23313 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:23315 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word request for imeshare.dll over SMB attempt (file-office.rules) * 1:23316 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word imeshare.dll dll-load exploit attempt (file-office.rules) * 1:23318 <-> DISABLED <-> FILE-OTHER ELF multiple antivirus evasion attempts (file-other.rules) * 1:23319 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules) * 1:23320 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules) * 1:23321 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules) * 1:23322 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules) * 1:23323 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23324 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23325 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23326 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23327 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23328 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23329 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23330 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:23338 <-> DISABLED <-> MALWARE-BACKDOOR Spindest.A runtime detection - initial connection (malware-backdoor.rules) * 1:23347 <-> ENABLED <-> FILE-IDENTIFY Lotus file download request (file-identify.rules) * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23350 <-> DISABLED <-> MALWARE-OTHER potential clickjacking via css pointer-events attempt (malware-other.rules) * 1:23351 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23356 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office text converters integer underflow attempt (file-office.rules) * 1:23357 <-> DISABLED <-> FILE-OTHER ELF multiple antivirus evasion attempts (file-other.rules) * 1:23358 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23359 <-> DISABLED <-> SERVER-OTHER Multiple Vendors SOAP large array parameter DoS attempt (server-other.rules) * 1:23360 <-> DISABLED <-> SERVER-IIS tilde character file name discovery attempt (server-iis.rules) * 1:23361 <-> DISABLED <-> SERVER-IIS tilde character file name discovery attempt (server-iis.rules) * 1:23362 <-> DISABLED <-> SERVER-IIS tilde character file name discovery attempt (server-iis.rules) * 1:23369 <-> DISABLED <-> PUA-ADWARE Adware.Phono post infection download attempt (pua-adware.rules) * 1:23381 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Thoper.C runtime detection (malware-backdoor.rules) * 1:23393 <-> ENABLED <-> SQL IBM SolidDB initial banner (sql.rules) * 1:23397 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services stack buffer overflow attempt (server-other.rules) * 1:23404 <-> DISABLED <-> SERVER-MAIL Mortal Universe POP Peeper date header overflow attempt (server-mail.rules) * 1:23408 <-> DISABLED <-> OS-WINDOWS Microsoft Windows large image resize denial of service attempt (os-windows.rules) * 1:23435 <-> DISABLED <-> SERVER-MAIL Alt-N MDaemon file attachment directory traversal attempt (server-mail.rules) * 1:23436 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX IDirectPlay4 denial of service attempt (os-windows.rules) * 1:23437 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX IDirectPlay4 denial of service attempt (os-windows.rules) * 1:23438 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell initialization attempt (indicator-compromise.rules) * 1:23439 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell upload attempt (indicator-compromise.rules) * 1:23440 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell upload attempt (indicator-compromise.rules) * 1:23441 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell upload attempt (indicator-compromise.rules) * 1:23442 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command injection attempt (indicator-compromise.rules) * 1:23443 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell failed remote command injection attempt (indicator-compromise.rules) * 1:23445 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox use-after free remote code execution attempt (browser-firefox.rules) * 1:23471 <-> DISABLED <-> BROWSER-CHROME Google Chrome net-internals uri fragment identifier XSS attempt (browser-chrome.rules) * 1:23472 <-> DISABLED <-> PUA-ADWARE FakeAV landing page request (pua-adware.rules) * 1:23474 <-> ENABLED <-> FILE-IDENTIFY PLP file download request (file-identify.rules) * 1:23475 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules) * 1:23476 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules) * 1:23477 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules) * 1:23478 <-> DISABLED <-> FILE-OTHER ACDSee FotoSlate PLP file buffer overflow attempt (file-other.rules) * 1:23479 <-> DISABLED <-> FILE-OTHER ACDSee FotoSlate PLP file buffer overflow attempt (file-other.rules) * 1:23481 <-> DISABLED <-> INDICATOR-OBFUSCATION hex escaped characters in setTimeout call (indicator-obfuscation.rules) * 1:23482 <-> DISABLED <-> INDICATOR-OBFUSCATION hex escaped characters in addEventListener call (indicator-obfuscation.rules) * 1:23483 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Georbot file download (malware-backdoor.rules) * 1:23484 <-> DISABLED <-> INDICATOR-COMPROMISE Wordpress Invit0r plugin non-image file upload attempt (indicator-compromise.rules) * 1:23486 <-> ENABLED <-> FILE-IDENTIFY JOB file download request (file-identify.rules) * 1:23487 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:23488 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (file-other.rules) * 1:23490 <-> DISABLED <-> FILE-MULTIMEDIA Oracle Java MixerSequencer RMF MIDI structure handling exploit attempt (file-multimedia.rules) * 1:23496 <-> ENABLED <-> FILE-IDENTIFY CUR file download request (file-identify.rules) * 1:23497 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23498 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23513 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:23514 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:23515 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:23516 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:23525 <-> DISABLED <-> FILE-OFFICE Microsoft Office BMP header biClrUsed integer overflow attempt (file-office.rules) * 1:23531 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:23532 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:23533 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:23540 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word GDI+ Office Art Property Table remote code execution attempt (file-office.rules) * 1:23541 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel GDI+ Office Art Property Table remote code execution attempt (file-office.rules) * 1:23542 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel integer field in row record improper validation remote code execution attempt (file-office.rules) * 1:23543 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SxView record exploit attempt (file-office.rules) * 1:23557 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office text converters integer underflow attempt (file-office.rules) * 1:23564 <-> DISABLED <-> FILE-OTHER Adobe Illustrator DSC comment overflow attempt (file-other.rules) * 1:23578 <-> DISABLED <-> FILE-OTHER Microsoft Windows malformed ASF voice codec memory corruption attempt (file-other.rules) * 1:23589 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:23590 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:23596 <-> DISABLED <-> INDICATOR-COMPROMISE iframe before DOCTYPE possible malicious redirect attempt (indicator-compromise.rules) * 1:23601 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan default agent string (indicator-scan.rules) * 1:23602 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan Firefox agent string (indicator-scan.rules) * 1:23603 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan MSIE agent string (indicator-scan.rules) * 1:23604 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan iPhone agent string (indicator-scan.rules) * 1:23616 <-> ENABLED <-> APP-DETECT Amazon Kindle 3.0 User-Agent string requested (app-detect.rules) * 1:23617 <-> DISABLED <-> APP-DETECT Amazon Kindle chrome-scriptable-plugin attempt (app-detect.rules) * 1:23618 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection attempt (malware-other.rules) * 1:23620 <-> ENABLED <-> MALWARE-OTHER Malvertising network attempted redirect (malware-other.rules) * 1:23621 <-> DISABLED <-> INDICATOR-OBFUSCATION known packer routine with secondary obfuscation (indicator-obfuscation.rules) * 1:23624 <-> DISABLED <-> SERVER-OTHER Ubisoft Uplay browser plugin backdoor attempt (server-other.rules) * 1:23625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox resource URL handling directory traversal attempt (browser-firefox.rules) * 1:23636 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript built-in function parseInt appears obfuscated - likely packer or encoder (indicator-obfuscation.rules) * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:23642 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules) * 1:23643 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules) * 1:23644 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules) * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:23646 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules) * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:23648 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23649 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules) * 1:23650 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules) * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:23660 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules) * 1:23661 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules) * 1:23662 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:23663 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:23664 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:23665 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules) * 1:23666 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:23668 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules) * 1:23669 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules) * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:23671 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules) * 1:23672 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules) * 1:23673 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:23674 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules) * 1:23675 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules) * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:23679 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23688 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules) * 1:23689 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules) * 1:23690 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules) * 1:23691 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:23692 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules) * 1:23693 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules) * 1:23694 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules) * 1:23695 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:23696 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:23698 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:23702 <-> DISABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules) * 1:23703 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:23704 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.51-v0.61 packed file magic detected (file-identify.rules) * 1:23705 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.62-v1.22 packed file magic detected (file-identify.rules) * 1:23706 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v2.90 v2.93-v3.00 packed file magic detected (file-identify.rules) * 1:23707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:23709 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules) * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:23713 <-> DISABLED <-> FILE-IDENTIFY Metastock mwl file magic detected (file-identify.rules) * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:23722 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Address Book file magic detected (file-identify.rules) * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:23726 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules) * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:23728 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:23730 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules) * 1:23731 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules) * 1:23732 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules) * 1:23733 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules) * 1:23734 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules) * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:23736 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:23737 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:23749 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:23750 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:23751 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:23752 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:23756 <-> DISABLED <-> FILE-IDENTIFY New Executable binary file magic detected (file-identify.rules) * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23760 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:23762 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:23763 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:23764 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:23765 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:23768 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Basic v6.0 - additional file magic detected (file-identify.rules) * 1:23769 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules) * 1:23770 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules) * 1:23771 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules) * 1:23772 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules) * 1:23773 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules) * 1:23774 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:23776 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules) * 1:23779 <-> DISABLED <-> SERVER-APACHE Apache WebDAV mod_dav nested entity reference DoS attempt (server-apache.rules) * 1:23798 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection page (malware-other.rules) * 1:23807 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23810 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23813 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23816 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23819 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23822 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23823 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23829 <-> DISABLED <-> INDICATOR-COMPROMISE Loaderz Web Shell (indicator-compromise.rules) * 1:23830 <-> DISABLED <-> INDICATOR-COMPROMISE Alsa3ek Web Shell (indicator-compromise.rules) * 1:23831 <-> DISABLED <-> INDICATOR-OBFUSCATION non-alphanumeric javascript detected (indicator-obfuscation.rules) * 1:23832 <-> DISABLED <-> INDICATOR-OBFUSCATION non-alphanumeric javascript detected (indicator-obfuscation.rules) * 1:23833 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection campaign - blackmuscat (malware-other.rules) * 1:23846 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Terminal server RDP freed memory write attempt (os-windows.rules) * 1:23851 <-> DISABLED <-> FILE-PDF Blackhole exploit kit related malicious file detection (file-pdf.rules) * 1:23852 <-> DISABLED <-> FILE-PDF Blackhole exploit kit related malicious file detection (file-pdf.rules) * 1:23863 <-> DISABLED <-> PUA-ADWARE LiveSecurityPlatinum.A outbound connection - initial connection (pua-adware.rules) * 1:23864 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid font WeightVector attempt (file-pdf.rules) * 1:23865 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid font WeightVector attempt (file-pdf.rules) * 1:23866 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23867 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23868 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23869 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23870 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23871 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23874 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader postscript font execution malformed subroutine entries attempt (file-pdf.rules) * 1:23875 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader postscript font execution malformed subroutine entries attempt (file-pdf.rules) * 1:23881 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23882 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23883 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 encoding invalid symbol in dictionary segment (file-pdf.rules) * 1:23884 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 encoding invalid symbol in dictionary segment (file-pdf.rules) * 1:23891 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23892 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23898 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.collectEmailInfo exploit attempt (file-pdf.rules) * 1:23899 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (file-pdf.rules) * 1:23900 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (file-pdf.rules) * 1:23901 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (file-pdf.rules) * 1:23902 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (file-pdf.rules) * 1:23905 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23906 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23907 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23908 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23909 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23910 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23911 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23912 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23913 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23914 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23915 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23916 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23917 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23918 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23919 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23920 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23921 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23922 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23923 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23924 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23925 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23926 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23927 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23928 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23929 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23930 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23931 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23932 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23933 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules) * 1:23947 <-> DISABLED <-> SQL IBM System Storage DS storage manager profiler sql injection attempt (sql.rules) * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules) * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules) * 1:23952 <-> DISABLED <-> MALWARE-TOOLS Tors Hammer slow post flood attempt (malware-tools.rules) * 1:23954 <-> DISABLED <-> OS-MOBILE Android SMSZombie APK file download attempt (os-mobile.rules) * 1:23964 <-> DISABLED <-> PROTOCOL-SCADA BroadWin WebAccess Client format string exploit attempt (protocol-scada.rules) * 1:23965 <-> DISABLED <-> PROTOCOL-SCADA BroadWin WebAccess Client arbitrary memory corruption attempt (protocol-scada.rules) * 1:23966 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk invite malformed SDP denial of service attempt (protocol-voip.rules) * 1:23969 <-> ENABLED <-> OS-MOBILE Android SMSZombie APK file download (os-mobile.rules) * 1:23979 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23980 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23981 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23982 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23983 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23990 <-> DISABLED <-> POLICY-SOCIAL Apple Messages client side certificate request attempt (policy-social.rules) * 1:23991 <-> DISABLED <-> POLICY-SOCIAL Apple Messages service server request attempt (policy-social.rules) * 1:23998 <-> DISABLED <-> SERVER-OTHER DHCP discover broadcast flood attempt (server-other.rules) * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24008 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool (policy-other.rules) * 1:24017 <-> ENABLED <-> MALWARE-OTHER Possible malicious redirect - rebots.php (malware-other.rules) * 1:24020 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24021 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24022 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24023 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24024 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24025 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24027 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24028 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24036 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24037 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24038 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24045 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file download request (file-identify.rules) * 1:24046 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules) * 1:24047 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules) * 1:24048 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file download request (file-identify.rules) * 1:24049 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules) * 1:24050 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules) * 1:24051 <-> DISABLED <-> FILE-OTHER Winamp skin file arbitrary code execution attempt (file-other.rules) * 1:24052 <-> DISABLED <-> FILE-OTHER Winamp skin file arbitrary code execution attempt (file-other.rules) * 1:24055 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24056 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24057 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24058 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24064 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24065 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24066 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24067 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 buffer over-read attempt (file-other.rules) * 1:24068 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 bufer over-read attempt (file-other.rules) * 1:24069 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 buffer over-read attempt (file-other.rules) * 1:24070 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 buffer over-read attempt (file-other.rules) * 1:24074 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24084 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24085 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24086 <-> DISABLED <-> PUA-ADWARE Adware.AdultAds outbound connection (pua-adware.rules) * 1:24089 <-> ENABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (os-windows.rules) * 1:24094 <-> DISABLED <-> APP-DETECT Teamviewer control server ping (app-detect.rules) * 1:24095 <-> DISABLED <-> APP-DETECT Teamviewer installer download attempt (app-detect.rules) * 1:24096 <-> DISABLED <-> APP-DETECT Teamviewer remote connection attempt (app-detect.rules) * 1:24097 <-> DISABLED <-> APP-DETECT Teamviewer remote connection attempt (app-detect.rules) * 1:24098 <-> DISABLED <-> APP-DETECT Teamviewer remote connection attempt (app-detect.rules) * 1:24099 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection attempt (malware-other.rules) * 1:24100 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:24101 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:24103 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPG file (malware-other.rules) * 1:24104 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPEG file (malware-other.rules) * 1:24105 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a GIF file (malware-other.rules) * 1:24106 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a PNG file (malware-other.rules) * 1:24107 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a BMP file (malware-other.rules) * 1:24108 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a RAR file (malware-other.rules) * 1:24109 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a ZIP file (malware-other.rules) * 1:24110 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to an MP3 file (malware-other.rules) * 1:24114 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic avoid_underscore_tolower encoder (indicator-shellcode.rules) * 1:24115 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24116 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24117 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24118 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24119 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24120 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24121 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24122 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24123 <-> DISABLED <-> MALWARE-BACKDOOR Virus.Win32.Xpaj.A variant outbound connection (malware-backdoor.rules) * 1:24125 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24126 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24127 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - QUERY_PATH_INFO csrss.exe (indicator-compromise.rules) * 1:24128 <-> DISABLED <-> OS-WINDOWS Microsoft SCCM ReportChart xss attempt (os-windows.rules) * 1:24129 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel catLabel pointer manipulation attempt (file-office.rules) * 1:24130 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel catLabel pointer manipulation attempt (file-office.rules) * 1:24131 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24132 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24133 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24134 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24135 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24136 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24137 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24143 <-> ENABLED <-> MALWARE-OTHER Dorifel/Quervar/XDocCrypt query for machine name KASPERSKY (malware-other.rules) * 1:24144 <-> ENABLED <-> MALWARE-OTHER Dorifel/Quervar/XDocCrypt download (malware-other.rules) * 1:24145 <-> ENABLED <-> MALWARE-OTHER Dorifel/Quervar/XDocCrypt sent over email (malware-other.rules) * 1:24148 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious charstring stream attempt (file-pdf.rules) * 1:24149 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious charstring stream attempt (file-pdf.rules) * 1:24152 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF bytecode memory corruption attempt (file-pdf.rules) * 1:24153 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF bytecode memory corruption attempt (file-pdf.rules) * 1:24154 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader free text annotation invalid IT value denial of service attempt (file-pdf.rules) * 1:24155 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader free text annotation invalid IT value denial of service attempt (file-pdf.rules) * 1:24159 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24160 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24161 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24162 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24163 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24164 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24165 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24166 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24167 <-> DISABLED <-> INDICATOR-OBFUSCATION document write of unescaped value with remote script (indicator-obfuscation.rules) * 1:24168 <-> DISABLED <-> INDICATOR-OBFUSCATION hidden iframe - potential include of malicious content (indicator-obfuscation.rules) * 1:24173 <-> DISABLED <-> MALWARE-BACKDOOR Trojan-Downloader.Win32.Doneltart.A runtime detection (malware-backdoor.rules) * 1:24176 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24177 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24178 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24179 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24180 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24181 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24190 <-> ENABLED <-> FILE-IDENTIFY X PixMap file magic detected (file-identify.rules) * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules) * 1:24209 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow (file-other.rules) * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24218 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:24219 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:24221 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24222 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24223 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24225 <-> ENABLED <-> MALWARE-OTHER malicious redirection attempt (malware-other.rules) * 1:24229 <-> DISABLED <-> FILE-OTHER RealNetworks Netzip Classic zip archive long filename buffer overflow attempt (file-other.rules) * 1:24230 <-> DISABLED <-> FILE-OTHER RealNetworks Netzip Classic zip archive long filename buffer overflow attempt (file-other.rules) * 1:24231 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit redirection attempt (exploit-kit.rules) * 1:24232 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit outbound connection (exploit-kit.rules) * 1:24233 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit outbound connection (exploit-kit.rules) * 1:24234 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit outbound connection (exploit-kit.rules) * 1:24250 <-> DISABLED <-> SERVER-OTHER telephone URI to USSD code for factory reset (server-other.rules) * 1:24251 <-> DISABLED <-> OS-MOBILE Android/Fakelash.A!tr.spy trojan command and control channel traffic (os-mobile.rules) * 1:24253 <-> DISABLED <-> INDICATOR-COMPROMISE IP only webpage redirect attempt (indicator-compromise.rules) * 1:24254 <-> DISABLED <-> INDICATOR-COMPROMISE IP only webpage redirect attempt (indicator-compromise.rules) * 1:24256 <-> ENABLED <-> MALWARE-BACKDOOR phpMyAdmin server_sync.php backdoor access attempt (malware-backdoor.rules) * 1:24257 <-> ENABLED <-> MALWARE-OTHER mygeeksmail.dll download (malware-other.rules) * 1:24258 <-> ENABLED <-> MALWARE-OTHER mygeeksmail.dll download (malware-other.rules) * 1:24259 <-> ENABLED <-> MALWARE-OTHER PwDump7.exe download (malware-other.rules) * 1:24260 <-> ENABLED <-> MALWARE-OTHER PwDump7.exe download (malware-other.rules) * 1:24261 <-> ENABLED <-> MALWARE-OTHER Lanman2.dll download (malware-other.rules) * 1:24262 <-> ENABLED <-> MALWARE-OTHER Lanman2.dll download (malware-other.rules) * 1:24264 <-> DISABLED <-> FILE-PDF Overly large CreationDate within a pdf - likely malicious (file-pdf.rules) * 1:24265 <-> ENABLED <-> MALWARE-OTHER Malicious UA detected on non-standard port (malware-other.rules) * 1:24266 <-> DISABLED <-> FILE-PDF xpdf ObjectStream integer overflow (file-pdf.rules) * 1:24270 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk RTP comfort noise denial of service attempt (protocol-voip.rules) * 1:24283 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC webm memory corruption attempt (file-multimedia.rules) * 1:24290 <-> DISABLED <-> SERVER-OTHER Fortinet FortiOS appliedTags field cross site scripting attempt (server-other.rules) * 1:24294 <-> DISABLED <-> PROTOCOL-ICMP IPv6 neighbor advertisement flood attempt (protocol-icmp.rules) * 1:24295 <-> DISABLED <-> PROTOCOL-ICMP suspicious IPv6 router advertisement attempt (protocol-icmp.rules) * 1:24296 <-> DISABLED <-> PROTOCOL-ICMP IPv6 router advertisement invalid prefix option attempt (protocol-icmp.rules) * 1:24297 <-> DISABLED <-> PROTOCOL-ICMP IPv6 oversized ICMP ping attempt (protocol-icmp.rules) * 1:24298 <-> DISABLED <-> PROTOCOL-ICMP IPv6 0xdeadbeef ICMP ping attempt (protocol-icmp.rules) * 1:24299 <-> DISABLED <-> PROTOCOL-ICMP IPv6 invalid router advertisement attempt (protocol-icmp.rules) * 1:24301 <-> DISABLED <-> PROTOCOL-ICMP IPv6 MLD multicast listener query attempt (protocol-icmp.rules) * 1:24302 <-> DISABLED <-> PROTOCOL-ICMP IPv6 multicast neighbor delete attempt (protocol-icmp.rules) * 1:24304 <-> DISABLED <-> PROTOCOL-DNS dead alive6 DNS attempt (protocol-dns.rules) * 1:24305 <-> DISABLED <-> PROTOCOL-ICMP invalid ICMPv6 header attempt (protocol-icmp.rules) * 1:24306 <-> DISABLED <-> SERVER-APACHE HP Operations Dashboard Apache Tomcat default admin account access attempt (server-apache.rules) * 1:24311 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Downloader download (malware-other.rules) * 1:24312 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Downloader inbound email (malware-other.rules) * 1:24344 <-> ENABLED <-> EXPLOIT-KIT Unknown exploit kit redirection page (exploit-kit.rules) * 1:24348 <-> DISABLED <-> SERVER-APACHE Apache mod_rpaf X-Forwarded-For header denial of service attempt (server-apache.rules) * 1:24355 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server Reporting Services cross site scripting attempt (server-mssql.rules) * 1:24356 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server Reporting Services cross site scripting attempt (server-mssql.rules) * 1:24359 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules) * 1:24360 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Kerberos NULL session denial of service attempt (os-windows.rules) * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24370 <-> DISABLED <-> OS-LINUX Linux kernel IA32 out-of-bounds system call attempt (os-linux.rules) * 1:24371 <-> DISABLED <-> OS-LINUX Linux kernel IA32 out-of-bounds system call attempt (os-linux.rules) * 1:24372 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules) * 1:24376 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.Delf.KDV runtime detection (malware-backdoor.rules) * 1:24377 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.FakeAV.FakeAlert runtime detection (malware-backdoor.rules) * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules) * 1:24379 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules) * 1:24386 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products xdomain object information disclosure attempt (browser-firefox.rules) * 1:24387 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products xdomain object information disclosure attempt (browser-firefox.rules) * 1:24388 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro file upload (indicator-compromise.rules) * 1:24389 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro status check (indicator-compromise.rules) * 1:24390 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro start perl (indicator-compromise.rules) * 1:24391 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro start php (indicator-compromise.rules) * 1:24392 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro write file (indicator-compromise.rules) * 1:24393 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro stop attack (indicator-compromise.rules) * 1:24394 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro start attack (indicator-compromise.rules) * 1:24395 <-> DISABLED <-> MALWARE-OTHER itsoknoproblembro TCP flood (malware-other.rules) * 1:24396 <-> DISABLED <-> MALWARE-OTHER itsoknoproblembro UDP flood (malware-other.rules) * 1:24397 <-> DISABLED <-> APP-DETECT Steam game URI handler (app-detect.rules) * 1:24400 <-> DISABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Protos.A runtime detection (malware-backdoor.rules) * 1:24401 <-> DISABLED <-> OS-WINDOWS PCT Client_Hello overflow attempt (os-windows.rules) * 1:24402 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO install time detection (malware-backdoor.rules) * 1:24403 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (malware-backdoor.rules) * 1:24404 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (malware-backdoor.rules) * 1:24408 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Miniflame download attempt (malware-other.rules) * 1:24409 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Miniflame download attempt (malware-other.rules) * 1:24410 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gauss download attempt (malware-other.rules) * 1:24411 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gauss download attempt (malware-other.rules) * 1:24412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules) * 1:24413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules) * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24421 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL injection attempt (protocol-scada.rules) * 1:24422 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL injection attempt (protocol-scada.rules) * 1:24423 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL hard coded user login attempt (protocol-scada.rules) * 1:24424 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL hard coded user login attempt (protocol-scada.rules) * 1:24425 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi command injection attempt (protocol-scada.rules) * 1:24426 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot class download (malware-other.rules) * 1:24427 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot jar download (malware-other.rules) * 1:24432 <-> DISABLED <-> BROWSER-OTHER HTML5 canvas element heap spray attempt (browser-other.rules) * 1:24433 <-> DISABLED <-> BROWSER-OTHER HTML5 canvas element heap spray attempt (browser-other.rules) * 1:24434 <-> DISABLED <-> INDICATOR-COMPROMISE fx29shell.php connection attempt (indicator-compromise.rules) * 1:24453 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules) * 1:24454 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules) * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24459 <-> ENABLED <-> FILE-IDENTIFY PSD file download request (file-identify.rules) * 1:24460 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules) * 1:24461 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules) * 1:24462 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules) * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:24466 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules) * 1:24467 <-> ENABLED <-> FILE-IDENTIFY XCF file download request (file-identify.rules) * 1:24468 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules) * 1:24469 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules) * 1:24470 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules) * 1:24471 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules) * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24474 <-> DISABLED <-> BROWSER-OTHER Puffin Browser usage detected (browser-other.rules) * 1:24476 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:24477 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:24478 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:24479 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:24481 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24488 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI common name spoofing attempt (os-windows.rules) * 1:24489 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI common name spoofing attempt (os-windows.rules) * 1:24490 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI common name spoofing attempt (os-windows.rules) * 1:24498 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules) * 1:24499 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules) * 1:24506 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader null pointer dereference attempt (file-pdf.rules) * 1:24510 <-> DISABLED <-> FILE-JAVA Oracle Java XGetSamplePtrFromSnd memory corruption attempt (file-java.rules) * 1:24511 <-> DISABLED <-> FILE-JAVA Oracle Java XGetSamplePtrFromSnd memory corruption attempt (file-java.rules) * 1:24512 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules) * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules) * 1:24515 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Lucuis malware file download (malware-other.rules) * 1:24516 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Lucuis malware file download (malware-other.rules) * 1:24522 <-> DISABLED <-> SERVER-OTHER VxWorks RPC request to MGCP service attempt (server-other.rules) * 1:24524 <-> DISABLED <-> SERVER-MAIL Novell GroupWise internet agent iCalendar parsing denial of service attempt (server-mail.rules) * 1:24530 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.Ransomlock runtime detection (malware-backdoor.rules) * 1:24536 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules) * 1:24537 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules) * 1:24538 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules) * 1:24540 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Spy.Heur variant outbound connection attempt (malware-backdoor.rules) * 1:24545 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client response (malware-backdoor.rules) * 1:24551 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:24552 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:24553 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24580 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:24581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:24582 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:24583 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:24584 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:24585 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:24589 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24590 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24591 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24592 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24594 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.MiniFlame C&C command response attempt (malware-other.rules) * 1:24598 <-> DISABLED <-> POLICY-SPAM 1.usa.gov URL in email, possible spam redirect (policy-spam.rules) * 1:24600 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24601 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24602 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24603 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24604 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24605 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24606 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24607 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24609 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24610 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24611 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24612 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24613 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24614 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24615 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24616 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24617 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24618 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24619 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24620 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24621 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24622 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24625 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules) * 1:24626 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules) * 1:24627 <-> DISABLED <-> SERVER-OTHER Quest NetVault SmartDisk libnvbasics.dll denial of service attempt (server-other.rules) * 1:24648 <-> DISABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules) * 1:24649 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:24650 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:24651 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file download request (file-identify.rules) * 1:24652 <-> DISABLED <-> FILE-OTHER Microsoft proxy autoconfig script system library import attempt (file-other.rules) * 1:24655 <-> DISABLED <-> OS-WINDOWS Microsoft .NET fully qualified System.Data.dll assembly name exploit attempt (os-windows.rules) * 1:24656 <-> DISABLED <-> OS-WINDOWS Microsoft .NET fully qualified System.Data.dll assembly name exploit attempt (os-windows.rules) * 1:24658 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record code execution attempt (file-office.rules) * 1:24659 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record code execution attempt (file-office.rules) * 1:24664 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET blacklisted method reflection sandbox bypass attempt (file-executable.rules) * 1:24665 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET blacklisted method reflection sandbox bypass attempt (file-executable.rules) * 1:24673 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SST record invalid length memory corruption attempt (file-office.rules) * 1:24674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SST record invalid length memory corruption attempt (file-office.rules) * 1:24708 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file download request (file-identify.rules) * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24721 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader empty object page tree node reference attempt (file-pdf.rules) * 1:24722 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader empty object page tree node reference attempt (file-pdf.rules) * 1:24727 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules) * 1:24763 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules) * 1:24764 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules) * 1:24770 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24785 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit possible redirection attempt (exploit-kit.rules) * 1:24786 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java Exploit request structure (exploit-kit.rules) * 1:24787 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java Exploit download (exploit-kit.rules) * 1:24788 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit PDF Exploit request structure (exploit-kit.rules) * 1:24789 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit PDF Exploit download attempt (exploit-kit.rules) * 1:24790 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Portable Executable request (exploit-kit.rules) * 1:24791 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Portable Executable download (exploit-kit.rules) * 1:24799 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.Imuler suspicious download (malware-other.rules) * 1:24800 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.Imuler suspicious download (malware-other.rules) * 1:24805 <-> DISABLED <-> SERVER-OTHER lighthttpd connection header denial of service attempt (server-other.rules) * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24814 <-> DISABLED <-> PROTOCOL-SNMP Samsung printer default community string (protocol-snmp.rules) * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24818 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24819 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (file-identify.rules) * 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24824 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file download request (file-identify.rules) * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24866 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (server-iis.rules) * 1:24867 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (server-iis.rules) * 1:24868 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint bad text header txttype attempt (file-office.rules) * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24883 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules) * 1:24884 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules) * 1:24888 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules) * 1:24889 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:24891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action InitArray stack overflow attempt (file-flash.rules) * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24894 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24897 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL grant file long database name stack overflow attempt (server-mysql.rules) * 1:24899 <-> ENABLED <-> MALWARE-OTHER Compromised Website response - leads to Exploit Kit (malware-other.rules) * 1:24900 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules) * 1:24901 <-> ENABLED <-> FILE-IDENTIFY JNLP file download request (file-identify.rules) * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24908 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL user enumeration attempt (server-mysql.rules) * 1:24909 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL select UpdateXML nested xml elements denial of service attempt (server-mysql.rules) * 1:24910 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL MDL free corrupted pointer heap overflow attempt (server-mysql.rules) * 1:24912 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In Excel file parsing integer overflow attempt (server-oracle.rules) * 1:24955 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:24972 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 find file and directory info request (netbios.rules) * 1:24977 <-> ENABLED <-> EXPLOIT-KIT ProPack exploit kit outbound connection attempt (exploit-kit.rules) * 1:24978 <-> ENABLED <-> EXPLOIT-KIT ProPack exploit kit outbound payload request (exploit-kit.rules) * 1:24979 <-> ENABLED <-> EXPLOIT-KIT ProPack exploit kit outbound connection (exploit-kit.rules) * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24988 <-> DISABLED <-> MALWARE-OTHER itsoknoproblembro v2 UDP flood attempt (malware-other.rules) * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:25001 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Narilam variant outbound connection (malware-other.rules) * 1:25002 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Narilam variant inbound attachemtn (malware-other.rules) * 1:25012 <-> DISABLED <-> FILE-OTHER Sophos CAB CFDATA cbData overflow attempt (file-other.rules) * 1:25013 <-> DISABLED <-> FILE-OTHER Sophos CAB CFDATA cbData overflow attempt (file-other.rules) * 1:25014 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file magic detected (file-identify.rules) * 1:25015 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - NOP command attempt (malware-backdoor.rules) * 1:25018 <-> ENABLED <-> MALWARE-OTHER connection to malware sinkhole (malware-other.rules) * 1:25020 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules) * 1:25031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent variant outbound connection (malware-other.rules) * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (file-identify.rules) * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25039 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules) * 1:25040 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules) * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (exploit-kit.rules) * 1:25046 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java V6 exploit download (exploit-kit.rules) * 1:25047 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java V7 exploit download (exploit-kit.rules) * 1:25048 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit PDF Library exploit download (exploit-kit.rules) * 1:25057 <-> DISABLED <-> PROTOCOL-SCADA Tridium Niagara directory traversal config.bog access attempt (protocol-scada.rules) * 1:25058 <-> DISABLED <-> SERVER-OTHER IBM Director CIM server alert indication request dll injection attempt (server-other.rules) * 1:25059 <-> DISABLED <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt (server-other.rules) * 1:25060 <-> DISABLED <-> INDICATOR-OBFUSCATION ActiveX multiple adjacent object tags (indicator-obfuscation.rules) * 1:25080 <-> DISABLED <-> APP-DETECT Apple Messages push.apple.com DNS TXT request attempt (app-detect.rules) * 1:25081 <-> DISABLED <-> APP-DETECT Apple Messages courier.push.apple.com DNS TXT request attempt (app-detect.rules) * 1:25082 <-> DISABLED <-> APP-DETECT Apple Messages client side certificate request attempt (app-detect.rules) * 1:25083 <-> DISABLED <-> APP-DETECT Apple Messages service server request attempt (app-detect.rules) * 1:25084 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25085 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25086 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25087 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25088 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25089 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25090 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25091 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25092 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool variant outbound connection (malware-other.rules) * 1:25094 <-> ENABLED <-> MALWARE-OTHER PERL.Exploit.C99 suspicious file download (malware-other.rules) * 1:25095 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules) * 1:25096 <-> ENABLED <-> MALWARE-OTHER PHP.Exploit.C99 suspicious file download (malware-other.rules) * 1:25097 <-> ENABLED <-> MALWARE-OTHER PHP.Exploit.C99 suspicious file download (malware-other.rules) * 1:25101 <-> DISABLED <-> SERVER-OTHER Cisco IOS syslog message flood denial of service attempt (server-other.rules) * 1:25102 <-> DISABLED <-> SERVER-OTHER Zabbix Agent net.tcp.listen command injection attempt (server-other.rules) * 1:25103 <-> DISABLED <-> SERVER-OTHER Zabbix Server arbitrary command execution attempt (server-other.rules) * 1:25106 <-> DISABLED <-> MALWARE-BACKDOOR UnrealIRCd backdoor command execution attempt (malware-backdoor.rules) * 1:25227 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox iframe and xul element reload crash attempt (browser-firefox.rules) * 1:25228 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox iframe and xul element reload crash attempt (browser-firefox.rules) * 1:25247 <-> DISABLED <-> FILE-OTHER Lattice PAC Designer symbol value buffer overflow attempt (file-other.rules) * 1:25248 <-> DISABLED <-> FILE-OTHER Lattice PAC Designer symbol value buffer overflow attempt (file-other.rules) * 1:25266 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion Admin API arbitrary command execution attempt (server-other.rules) * 1:25267 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion Admin API arbitrary command execution attempt (server-other.rules) * 1:25270 <-> ENABLED <-> FILE-OTHER overly large XML file MSXML heap overflow attempt (file-other.rules) * 1:25274 <-> DISABLED <-> SERVER-IIS Microsoft Windows Server 2012 IIS OData protocol nested replace filter dos attempt (server-iis.rules) * 1:25275 <-> ENABLED <-> FILE-OTHER MSXML dynamic pointer casting arbitrary code execution attempt (file-other.rules) * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules) * 1:25277 <-> ENABLED <-> MALWARE-OTHER Request for a non-legit postal receipt (malware-other.rules) * 1:25278 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - listen (malware-backdoor.rules) * 1:25279 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - slave (malware-backdoor.rules) * 1:25280 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - tran (malware-backdoor.rules) * 1:25281 <-> DISABLED <-> MALWARE-BACKDOOR Htran banner (malware-backdoor.rules) * 1:25282 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - listen (malware-backdoor.rules) * 1:25283 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - slave (malware-backdoor.rules) * 1:25284 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - tran (malware-backdoor.rules) * 1:25285 <-> DISABLED <-> SERVER-OTHER Ruby on Rails authlogic session cookie SQL injection attempt (server-other.rules) * 1:25289 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules) * 1:25290 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules) * 1:25291 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules) * 1:25292 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules) * 1:25294 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules) * 1:25295 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules) * 1:25296 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules) * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (file-identify.rules) * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (file-identify.rules) * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25358 <-> ENABLED <-> APP-DETECT Acunetix web vulnerability scan attempt (app-detect.rules) * 1:25359 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner probe attempt (app-detect.rules) * 1:25360 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner authentication attempt (app-detect.rules) * 1:25361 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner RFI attempt (app-detect.rules) * 1:25362 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner base64 XSS attempt (app-detect.rules) * 1:25363 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner URI injection attempt (app-detect.rules) * 1:25364 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner prompt XSS attempt (app-detect.rules) * 1:25365 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner XSS attempt (app-detect.rules) * 1:25369 <-> DISABLED <-> OS-WINDOWS NVIDIA graphics driver nvsr named pipe buffer overflow attempt (os-windows.rules) * 1:25370 <-> DISABLED <-> SERVER-OTHER CakePHP unserialize method vulnerability exploitation attempt (server-other.rules) * 1:25373 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file download request (file-identify.rules) * 1:25374 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules) * 1:25375 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules) * 1:25376 <-> DISABLED <-> FILE-IMAGE Apple QuickTime Targa image file buffer overflow attempt (file-image.rules) * 1:25378 <-> DISABLED <-> FILE-IMAGE Apple QuickTime Targa image file buffer overflow attempt (file-image.rules) * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Forefront Threat Management Gateway remote code execution attempt (server-other.rules) * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:25449 <-> ENABLED <-> FILE-PDF Javascript openDoc UNC network request attempt (file-pdf.rules) * 1:25450 <-> ENABLED <-> FILE-PDF Javascript openDoc UNC network request attempt (file-pdf.rules) * 1:25451 <-> ENABLED <-> INDICATOR-OBFUSCATION GIF header followed by PDF header (indicator-obfuscation.rules) * 1:25452 <-> ENABLED <-> INDICATOR-OBFUSCATION PNG header followed by PDF header (indicator-obfuscation.rules) * 1:25453 <-> ENABLED <-> INDICATOR-OBFUSCATION JPEG header followed by PDF header (indicator-obfuscation.rules) * 1:25454 <-> ENABLED <-> INDICATOR-OBFUSCATION DOC header followed by PDF header (indicator-obfuscation.rules) * 1:25455 <-> ENABLED <-> INDICATOR-OBFUSCATION GIF header followed by PDF header (indicator-obfuscation.rules) * 1:25456 <-> ENABLED <-> INDICATOR-OBFUSCATION PNG header followed by PDF header (indicator-obfuscation.rules) * 1:25457 <-> ENABLED <-> INDICATOR-OBFUSCATION JPEG header followed by PDF header (indicator-obfuscation.rules) * 1:25458 <-> ENABLED <-> INDICATOR-OBFUSCATION DOC header followed by PDF header (indicator-obfuscation.rules) * 1:25461 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules) * 1:25462 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules) * 1:25463 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules) * 1:25464 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules) * 1:25466 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules) * 1:25467 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules) * 1:25468 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules) * 1:25469 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules) * 1:25474 <-> DISABLED <-> SERVER-OTHER Citrix Access Gateway legacy authentication attempt (server-other.rules) * 1:25478 <-> DISABLED <-> POLICY-SOCIAL IRC G-line active (policy-social.rules) * 1:25479 <-> DISABLED <-> POLICY-SOCIAL IRC K-line active (policy-social.rules) * 1:25512 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSsend variant outbound connection (os-mobile.rules) * 1:25518 <-> DISABLED <-> OS-MOBILE Apple iPod User-Agent detected (os-mobile.rules) * 1:25519 <-> DISABLED <-> OS-MOBILE Apple iPad User-Agent detected (os-mobile.rules) * 1:25520 <-> DISABLED <-> OS-MOBILE Apple iPhone User-Agent detected (os-mobile.rules) * 1:25521 <-> DISABLED <-> OS-MOBILE Android User-Agent detected (os-mobile.rules) * 1:25522 <-> DISABLED <-> OS-MOBILE Nokia User-Agent detected (os-mobile.rules) * 1:25523 <-> DISABLED <-> OS-MOBILE Samsung User-Agent detected (os-mobile.rules) * 1:25524 <-> DISABLED <-> OS-MOBILE Kindle User-Agent detected (os-mobile.rules) * 1:25525 <-> DISABLED <-> OS-OTHER Nintendo User-Agent detected (os-other.rules) * 1:25536 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF parsing bad cmap format attempt (file-pdf.rules) * 1:25537 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF parsing bad cmap format attempt (file-pdf.rules) * 1:25552 <-> DISABLED <-> SERVER-OTHER Rails JSON to YAML parsing deserialization attempt (server-other.rules) * 1:25556 <-> DISABLED <-> SERVER-OTHER RaySharp CCTV derivative user credential retrieval attempt (server-other.rules) * 1:25557 <-> DISABLED <-> SERVER-OTHER RaySharp CCTV derivative command injection attempt (server-other.rules) * 1:25558 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit redirection (exploit-kit.rules) * 1:25559 <-> ENABLED <-> EXPLOIT-KIT JDB exploit kit landing page retrieval (exploit-kit.rules) * 1:25560 <-> ENABLED <-> EXPLOIT-KIT JDB exploit kit landing page (exploit-kit.rules) * 1:25561 <-> ENABLED <-> EXPLOIT-KIT JDB exploit kit landing page (exploit-kit.rules) * 1:25563 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader heap-based buffer overflow attempt (file-pdf.rules) * 1:25564 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader heap-based buffer overflow attempt (file-pdf.rules) * 1:25567 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop web access cross site scripting attempt - POST request (os-windows.rules) * 1:25578 <-> ENABLED <-> MALWARE-OTHER Fake postal receipt HTTP Response phishing attack (malware-other.rules) * 1:25579 <-> ENABLED <-> MALWARE-OTHER Fake bookinginfo HTTP Response phishing attack (malware-other.rules) * 1:25580 <-> ENABLED <-> MALWARE-OTHER Fake bookingdetails HTTP Response phishing attack (malware-other.rules) * 1:25589 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25601 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25602 <-> ENABLED <-> SERVER-OTHER Sybase Open Server TDS login request (server-other.rules) * 1:25604 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file download request (file-identify.rules) * 1:25605 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules) * 1:25606 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules) * 1:25607 <-> DISABLED <-> FILE-OTHER cSounds.com Csound hetro audio file buffer overflow attempt (file-other.rules) * 1:25608 <-> DISABLED <-> FILE-OTHER cSounds.com Csound hetro audio file buffer overflow attempt (file-other.rules) * 1:25612 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25615 <-> DISABLED <-> OS-MOBILE Apple iOS 6.x jailbreak download attempt (os-mobile.rules) * 1:25616 <-> DISABLED <-> OS-MOBILE Apple iOS 6.x jailbreak download attempt (os-mobile.rules) * 1:25617 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25618 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25619 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25620 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25621 <-> DISABLED <-> BROWSER-OTHER Opera use after free attempt (browser-other.rules) * 1:25622 <-> DISABLED <-> BROWSER-OTHER Opera use after free attempt (browser-other.rules) * 1:25630 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules) * 1:25631 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules) * 1:25633 <-> DISABLED <-> FILE-OTHER ELF file parsing in different antivirus evasion attempt (file-other.rules) * 1:25635 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25637 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25638 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25641 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25642 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25643 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25653 <-> DISABLED <-> BROWSER-OTHER Opera browser window null pointer dereference attempt (browser-other.rules) * 1:25654 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25655 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25656 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25657 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations directory traversal attempt (server-other.rules) * 1:25658 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations directory traversal attempt (server-other.rules) * 1:25664 <-> DISABLED <-> SERVER-OTHER MiniUPnPd SSDP request buffer overflow attempt (server-other.rules) * 1:25683 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:25767 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt (file-pdf.rules) * 1:25768 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unchecked index value remote code execution attempt (file-office.rules) * 1:25780 <-> ENABLED <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt (server-other.rules) * 1:25782 <-> DISABLED <-> MALWARE-OTHER WIN.Trojan.Nap Malicious executable file download from webroot (malware-other.rules) * 1:25783 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to char function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:25795 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow MPEG heap overflow attempt (file-multimedia.rules) * 1:25796 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow MPEG heap overflow attempt (file-multimedia.rules) * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules) * 1:25814 <-> DISABLED <-> FILE-FLASH Adobe Flash Player nested SWF cross domain clickjacking attempt (file-flash.rules) * 1:25815 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules) * 1:25816 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules) * 1:25821 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit possible plugin detection attempt (exploit-kit.rules) * 1:25822 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit malicious PDF retrieval (exploit-kit.rules) * 1:25823 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java V5 exploit download (exploit-kit.rules) * 1:25824 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit malicious payload retrieval (exploit-kit.rules) * 1:25825 <-> DISABLED <-> SERVER-OTHER TLSv1.0 plaintext recovery attempt (server-other.rules) * 1:25826 <-> DISABLED <-> SERVER-OTHER TLSv1.1 plaintext recovery attempt (server-other.rules) * 1:25827 <-> DISABLED <-> SERVER-OTHER TLSv1.2 plaintext recovery attempt (server-other.rules) * 1:25828 <-> DISABLED <-> SERVER-OTHER SSLv3 plaintext recovery attempt (server-other.rules) * 1:25836 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Virtuallythere (indicator-compromise.rules) * 1:25837 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 IBM (indicator-compromise.rules) * 1:25838 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Webmail (indicator-compromise.rules) * 1:25839 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Alpha (indicator-compromise.rules) * 1:25840 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Email (indicator-compromise.rules) * 1:25841 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Lame (indicator-compromise.rules) * 1:25842 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 NS (indicator-compromise.rules) * 1:25843 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Server (indicator-compromise.rules) * 1:25844 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Sur (indicator-compromise.rules) * 1:25845 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 AOL (indicator-compromise.rules) * 1:25846 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Yahoo (indicator-compromise.rules) * 1:25847 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Moon-Night (indicator-compromise.rules) * 1:25848 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 No-Name (indicator-compromise.rules) * 1:25864 <-> DISABLED <-> OS-MOBILE Android AngryBirdsRioUnlocker initial device info send (os-mobile.rules) * 1:25868 <-> DISABLED <-> OS-MOBILE Android.Trojan.Rus.SMS outbound communication attempt (os-mobile.rules) * 1:25869 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25870 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25871 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25872 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25873 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25874 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25875 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25876 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25877 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25878 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25879 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25880 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25881 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25882 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25883 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25884 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25885 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25886 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25887 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25888 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25889 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25890 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25891 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25892 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25893 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25894 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25895 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25896 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25897 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25898 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25899 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25900 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25901 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25902 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25903 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25904 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25905 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25906 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25908 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25909 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25910 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25911 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25912 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25913 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25914 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25915 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25916 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25917 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25918 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25919 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25920 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25921 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25922 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25923 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25924 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25925 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25926 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25927 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25928 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25929 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25930 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25931 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25932 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25933 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25934 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25935 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25936 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25937 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25938 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25939 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25940 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25941 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25942 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25943 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25944 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25945 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25947 <-> DISABLED <-> APP-DETECT Ammyy remote access tool (app-detect.rules) * 1:25948 <-> ENABLED <-> EXPLOIT-KIT redirection to driveby download (exploit-kit.rules) * 1:25975 <-> ENABLED <-> POLICY-OTHER Adobe ColdFusion admin interface access attempt (policy-other.rules) * 1:25976 <-> ENABLED <-> POLICY-OTHER Adobe ColdFusion admin API access attempt (policy-other.rules) * 1:25977 <-> ENABLED <-> POLICY-OTHER Adobe ColdFusion component browser access attempt (policy-other.rules) * 1:25981 <-> DISABLED <-> APP-DETECT Chocoplayer successful installation (app-detect.rules) * 1:25983 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS tunneling attempt (indicator-obfuscation.rules) * 1:25997 <-> DISABLED <-> OS-MOBILE Android jSMSHider initial encrypted device info send (os-mobile.rules) * 1:25998 <-> DISABLED <-> OS-MOBILE Android ADRD encrypted information leak (os-mobile.rules) * 1:25999 <-> DISABLED <-> OS-MOBILE Android ADRD encrypted information leak (os-mobile.rules) * 1:26000 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26001 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26002 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26003 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26004 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26005 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26006 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26007 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26008 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF-based shellcode download attempt (file-flash.rules) * 1:26009 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF-based shellcode download attempt (file-flash.rules) * 1:26015 <-> DISABLED <-> OS-MOBILE Android Lovetrap initial connection (os-mobile.rules) * 1:26016 <-> DISABLED <-> OS-MOBILE Android GGTracker server communication (os-mobile.rules) * 1:26017 <-> DISABLED <-> OS-MOBILE Android GGTracker leak of device phone number (os-mobile.rules) * 1:26018 <-> DISABLED <-> OS-MOBILE Android GGTracker installation call out (os-mobile.rules) * 1:26020 <-> ENABLED <-> EXPLOIT-KIT Sibhost exploit kit (exploit-kit.rules) * 1:26026 <-> DISABLED <-> OS-MOBILE Android Gmaster device information send (os-mobile.rules) * 1:26027 <-> DISABLED <-> FILE-OTHER Adobe Director file file rcsL overflow attempt (file-other.rules) * 1:26028 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk memory corruption attempt (file-other.rules) * 1:26029 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:26034 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - stats access (exploit-kit.rules) * 1:26035 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - java on (exploit-kit.rules) * 1:26036 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Java Exploit (exploit-kit.rules) * 1:26040 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Portable Executable download attempt (exploit-kit.rules) * 1:26041 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Portable Executable download attempt (exploit-kit.rules) * 1:26042 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - stats loaded (exploit-kit.rules) * 1:26043 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Portable Executable download attempt (exploit-kit.rules) * 1:26044 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - redirection attempt (exploit-kit.rules) * 1:26045 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - setup (exploit-kit.rules) * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (file-identify.rules) * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:26059 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:26060 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:26061 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:26062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:26070 <-> ENABLED <-> FILE-EXECUTABLE Ichitaro JSMISC32.dll dll-load exploit attempt (file-executable.rules) * 1:26071 <-> ENABLED <-> FILE-EXECUTABLE Ichitaro JSMISC32.dll dll-load exploit attempt (file-executable.rules) * 1:26073 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Message Server buffer overflow attempt (server-other.rules) * 1:26074 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Message Server buffer overflow attempt (server-other.rules) * 1:26079 <-> DISABLED <-> FILE-PDF PDF file with embedded PDF object (file-pdf.rules) * 1:26082 <-> DISABLED <-> FILE-PDF Nuance PDF reader launch overflow attempt (file-pdf.rules) * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:26087 <-> DISABLED <-> OS-MOBILE Android GoneIn60Seconds data upload (os-mobile.rules) * 1:26093 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules) * 1:26102 <-> DISABLED <-> OS-MOBILE Android GoldDream device registration (os-mobile.rules) * 1:26104 <-> DISABLED <-> OS-MOBILE Android KMin imei imsi leakage (os-mobile.rules) * 1:26107 <-> DISABLED <-> SERVER-OTHER HP Linux Imaging and Printing Project hpssd daemon command injection attempt (server-other.rules) * 1:26108 <-> DISABLED <-> SERVER-OTHER HP Linux Imaging and Printing Project hpssd daemon command injection attempt (server-other.rules) * 1:26114 <-> DISABLED <-> OS-MOBILE Android Zitmo trojan intercepted sms upload (os-mobile.rules) * 1:26122 <-> DISABLED <-> FILE-OTHER Lattice Semiconductor ispXCF version attribute overflow attempt (file-other.rules) * 1:26123 <-> DISABLED <-> FILE-OTHER Lattice Semiconductor ispXCF version attribute overflow attempt (file-other.rules) * 1:26126 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file download request (file-identify.rules) * 1:26127 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules) * 1:26128 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules) * 1:26163 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSheet code execution attempt (file-office.rules) * 1:26164 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSheet code execution attempt (file-office.rules) * 1:26170 <-> DISABLED <-> FILE-OFFICE Microsoft Office OneNote 2010 buffer overread info disclosure attempt (file-office.rules) * 1:26171 <-> DISABLED <-> FILE-OFFICE Microsoft Office OneNote 2010 buffer overread info disclosure attempt (file-office.rules) * 1:26172 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sortOn heap overflow attempt (file-flash.rules) * 1:26173 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sortOn heap overflow attempt (file-flash.rules) * 1:26176 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB memory corruption attempt (file-office.rules) * 1:26177 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB memory corruption attempt (file-office.rules) * 1:26180 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt (server-other.rules) * 1:26188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3.5 unicode stack overflow attempt (browser-firefox.rules) * 1:26189 <-> DISABLED <-> OS-MOBILE Android YZHC device registration (os-mobile.rules) * 1:26190 <-> DISABLED <-> OS-MOBILE Android YZHC device registration (os-mobile.rules) * 1:26192 <-> DISABLED <-> OS-MOBILE Android CruseWind imei leakage (os-mobile.rules) * 1:26195 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:26196 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib LookupOp integer overflow attempt (file-java.rules) * 1:26197 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt (file-java.rules) * 1:26198 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:26199 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib LookupOp integer overflow attempt (file-java.rules) * 1:26200 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt (file-java.rules) * 1:26205 <-> DISABLED <-> OS-MOBILE Android Fakenetflix email password upload (os-mobile.rules) * 1:26206 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file download request (file-identify.rules) * 1:26207 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules) * 1:26208 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules) * 1:26209 <-> DISABLED <-> FILE-OTHER CyberLink Power2Go name parameter overflow attempt (file-other.rules) * 1:26210 <-> DISABLED <-> FILE-OTHER CyberLink Power2Go name parameter overflow attempt (file-other.rules) * 1:26226 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit redirection attempt (exploit-kit.rules) * 1:26242 <-> DISABLED <-> FILE-MULTIMEDIA CCMPlayer m3u buffer overflow attempt (file-multimedia.rules) * 1:26243 <-> DISABLED <-> FILE-MULTIMEDIA CCMPlayer m3u buffer overflow attempt (file-multimedia.rules) * 1:26246 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.PremiumSMS APK file download attempt (os-mobile.rules) * 1:26247 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.PremiumSMS APK file download attempt (os-mobile.rules) * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:26257 <-> DISABLED <-> OS-MOBILE Android ANDR-WIN.MSIL variant PC-USB Malicious executable file download (os-mobile.rules) * 1:26258 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari SVG Markers Memory Use-After-Free attempt (browser-webkit.rules) * 1:26259 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari SVG Markers Memory Use-After-Free attempt (browser-webkit.rules) * 1:26261 <-> ENABLED <-> MALWARE-OTHER Fake postal receipt HTTP Response phishing attack (malware-other.rules) * 1:26262 <-> DISABLED <-> SERVER-OTHER MongoDB nativeHelper.apply method command injection attempt (server-other.rules) * 1:26272 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Chuli APK file download attempt (os-mobile.rules) * 1:26273 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Chuli APK file download attempt (os-mobile.rules) * 1:26286 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search.dnssearch.org (app-detect.rules) * 1:26287 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search.namequery.com (app-detect.rules) * 1:26290 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.RootSmart outbound communication attempt (os-mobile.rules) * 1:26291 <-> DISABLED <-> OS-MOBILE Android Ksapp device registration (os-mobile.rules) * 1:26292 <-> ENABLED <-> EXPLOIT-KIT Oracle Java Jar file downloaded when zip is defined (exploit-kit.rules) * 1:26293 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit request (exploit-kit.rules) * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules) * 1:26299 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules) * 1:26300 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules) * 1:26301 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules) * 1:26302 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules) * 1:26303 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules) * 1:26304 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules) * 1:26305 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules) * 1:26306 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules) * 1:26307 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules) * 1:26308 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules) * 1:26309 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules) * 1:26310 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules) * 1:26311 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules) * 1:26312 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules) * 1:26313 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules) * 1:26314 <-> DISABLED <-> SERVER-OTHER Coppermine Photo Gallery picEditor.php command execution attempt (server-other.rules) * 1:26315 <-> DISABLED <-> SERVER-OTHER Coppermine Photo Gallery picEditor.php command execution attempt (server-other.rules) * 1:26316 <-> DISABLED <-> SERVER-OTHER Coppermine Photo Gallery picEditor.php command execution attempt (server-other.rules) * 1:26317 <-> DISABLED <-> FILE-MULTIMEDIA Cool Player Plus M3U buffer overflow attempt (file-multimedia.rules) * 1:26318 <-> DISABLED <-> FILE-MULTIMEDIA Cool Player Plus M3U buffer overflow attempt (file-multimedia.rules) * 1:26321 <-> DISABLED <-> NETBIOS SMB named pipe bruteforce attempt (netbios.rules) * 1:26323 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit redirection page (exploit-kit.rules) * 1:26324 <-> DISABLED <-> PROTOCOL-DNS ISC BIND NAPTR record regular expression handling denial of service attempt (protocol-dns.rules) * 1:26326 <-> ENABLED <-> MALWARE-BACKDOOR DarkSeoul related wiper (malware-backdoor.rules) * 1:26328 <-> ENABLED <-> MALWARE-BACKDOOR Windows vernot download (malware-backdoor.rules) * 1:26332 <-> ENABLED <-> MALWARE-BACKDOOR Jokra dropper download (malware-backdoor.rules) * 1:26333 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra diag request buffer overflow attempt (server-other.rules) * 1:26334 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra diag request buffer overflow attempt (server-other.rules) * 1:26336 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra snmp request buffer overflow attempt (server-other.rules) * 1:26340 <-> DISABLED <-> FILE-OTHER Corel WordPerfect document parsing buffer overflow attempt (file-other.rules) * 1:26353 <-> DISABLED <-> INDICATOR-COMPROMISE IP address check to dyndns.org detected (indicator-compromise.rules) * 1:26366 <-> DISABLED <-> EXPLOIT-KIT Egypack exploit kit landing page (exploit-kit.rules) * 1:26367 <-> DISABLED <-> EXPLOIT-KIT Egypack exploit kit outbound connection (exploit-kit.rules) * 1:26368 <-> DISABLED <-> EXPLOIT-KIT Egypack exploit kit landing page (exploit-kit.rules) * 1:26369 <-> ENABLED <-> MALWARE-OTHER Double HTTP Server declared (malware-other.rules) * 1:26379 <-> DISABLED <-> SERVER-OTHER Squid proxy Accept-Language denial of service attempt (server-other.rules) * 1:26380 <-> DISABLED <-> MALWARE-OTHER UTF-8 BOM in zip file attachment detected (malware-other.rules) * 1:26381 <-> DISABLED <-> MALWARE-OTHER UTF-8 BOM in zip file attachment detected (malware-other.rules) * 1:26382 <-> DISABLED <-> MALWARE-OTHER UTF-8 BOM in zip file attachment detected (malware-other.rules) * 1:26385 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows executable file save onto SMB share attempt (file-executable.rules) * 1:26386 <-> DISABLED <-> SERVER-OTHER Polycom HDX authorization bypass attempt (server-other.rules) * 1:26387 <-> DISABLED <-> OS-MOBILE Android Stels initial server contact (os-mobile.rules) * 1:26388 <-> DISABLED <-> OS-MOBILE Android Stels server response (os-mobile.rules) * 1:26391 <-> DISABLED <-> PROTOCOL-POP libcurl MD5 digest buffer overflow attempt (protocol-pop.rules) * 1:26394 <-> DISABLED <-> SERVER-OTHER Bopup Communications server buffer overflow attempt (server-other.rules) * 1:26395 <-> DISABLED <-> APP-DETECT Ufasoft bitcoin miner possible data upload (app-detect.rules) * 1:26397 <-> DISABLED <-> INDICATOR-COMPROMISE IP address check to myip.dnsomatic.com detected (indicator-compromise.rules) * 1:26410 <-> DISABLED <-> INDICATOR-COMPROMISE IP address check to j.maxmind.com detected (indicator-compromise.rules) * 1:26411 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot folder snkb0ptz creation attempt SMB (malware-other.rules) * 1:26412 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot executable snkb0ptz.exe creation attempt SMB (malware-other.rules) * 1:26413 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot Desktop.ini snkb0ptz.exe creation attempt SMB (malware-other.rules) * 1:26425 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP SDP header parsing stack buffer overflow attempt (protocol-voip.rules) * 1:26426 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP SDP header parsing stack buffer overflow attempt (protocol-voip.rules) * 1:26427 <-> DISABLED <-> PROTOCOL-DNS ISC libdns client NAPTR record regular expression handling denial of service attempt (protocol-dns.rules) * 1:26429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules) * 1:26430 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules) * 1:26432 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:26433 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:26437 <-> DISABLED <-> PUA-OTHER Bitcoin inbound response attempt (pua-other.rules) * 1:26438 <-> DISABLED <-> PUA-OTHER Bitcoin outbound request attempt (pua-other.rules) * 1:26439 <-> DISABLED <-> FILE-JAVA Oracle Java known malicious jar file download - specific structure (file-java.rules) * 1:26440 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript/html generated by myobfuscate.com detected (indicator-obfuscation.rules) * 1:26442 <-> DISABLED <-> OS-MOBILE Android MDK encrypted information leak (os-mobile.rules) * 1:26443 <-> DISABLED <-> OS-MOBILE Android MDK encrypted information leak (os-mobile.rules) * 1:26451 <-> DISABLED <-> INDICATOR-OBFUSCATION g01pack Javascript substr function wrapper attempt (indicator-obfuscation.rules) * 1:26454 <-> DISABLED <-> SERVER-OTHER UltraVNC Listening mode stack buffer overflow attempt (server-other.rules) * 1:26455 <-> DISABLED <-> SERVER-OTHER UltraVNC Listening mode stack buffer overflow attempt (server-other.rules) * 1:26456 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (file-identify.rules) * 1:26457 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (file-identify.rules) * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (file-identify.rules) * 1:26459 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules) * 1:26460 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules) * 1:26461 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules) * 1:26462 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules) * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:26468 <-> DISABLED <-> SERVER-ORACLE Oracle WebCenter FatWire Satellite Server header injection on blobheadername2 attempt (server-oracle.rules) * 1:26469 <-> DISABLED <-> SERVER-ORACLE Oracle WebCenter FatWire Satellite Server header injection on blobheadername2 attempt (server-oracle.rules) * 1:26470 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Zeus Spam 2013 dated zip/exe HTTP Response - potential malware download (malware-other.rules) * 1:26471 <-> DISABLED <-> PROTOCOL-FTP VanDyke AbsoluteFTP LIST command stack buffer overflow attempt (protocol-ftp.rules) * 1:26489 <-> ENABLED <-> BROWSER-OTHER Novell Messenger Client nim URI handler buffer overflow attempt (browser-other.rules) * 1:26490 <-> ENABLED <-> BROWSER-OTHER Novell Messenger Client nim URI handler buffer overflow attempt (browser-other.rules) * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (file-identify.rules) * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:26514 <-> ENABLED <-> FILE-IDENTIFY maplet file download attempt (file-identify.rules) * 1:26515 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules) * 1:26516 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules) * 1:26517 <-> ENABLED <-> FILE-IDENTIFY maplet bin file download attempt (file-identify.rules) * 1:26520 <-> DISABLED <-> FILE-OTHER Maple Maplet File Creation and Command Execution attempt (file-other.rules) * 1:26521 <-> DISABLED <-> FILE-OTHER Maple Maplet File Creation and Command Execution attempt (file-other.rules) * 1:26527 <-> ENABLED <-> EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt (exploit-kit.rules) * 1:26528 <-> DISABLED <-> INDICATOR-COMPROMISE Unix.Backdoor.Cdorked redirect attempt (indicator-compromise.rules) * 1:26529 <-> DISABLED <-> MALWARE-BACKDOOR Unix.Backdoor.Cdorked backdoor command attempt (malware-backdoor.rules) * 1:26530 <-> DISABLED <-> INDICATOR-COMPROMISE Unix.Backdoor.Cdorked redirected URI attempt (indicator-compromise.rules) * 1:26531 <-> ENABLED <-> MALWARE-OTHER Unix.Backdoor.Cdorked download attempt (malware-other.rules) * 1:26532 <-> ENABLED <-> MALWARE-OTHER Unix.Backdoor.Cdorked download attempt (malware-other.rules) * 1:26542 <-> DISABLED <-> SERVER-OTHER Autonomy Ultraseek cs.html url parameter with url - possible malicious redirection attempt (server-other.rules) * 1:26553 <-> DISABLED <-> PUA-ADWARE Win.Adware.BProtector browser hijacker dll list download attempt (pua-adware.rules) * 1:26559 <-> DISABLED <-> OS-OTHER DLink IP camera remote command execution vulnerability - access to vulnerable rtpd.cgi (os-other.rules) * 1:26562 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit Spoofed Host Header .com- requests (exploit-kit.rules) * 1:26565 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded nop sled detected (indicator-obfuscation.rules) * 1:26567 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded nop sled detected (indicator-obfuscation.rules) * 1:26585 <-> DISABLED <-> INDICATOR-COMPROMISE config.inc.php in iframe (indicator-compromise.rules) * 1:26586 <-> DISABLED <-> SERVER-OTHER PostgreSQL database name command line injection attempt (server-other.rules) * 1:26591 <-> ENABLED <-> EXPLOIT-KIT unknown exploit kit script injection attempt (exploit-kit.rules) * 1:26594 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Management Interface HTTP digest authentication stack buffer overflow attempt (protocol-voip.rules) * 1:26597 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules) * 1:26598 <-> DISABLED <-> FILE-OTHER .tar multiple antivirus evasion attempt (file-other.rules) * 1:26610 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Dulevco.A runtime detection (malware-backdoor.rules) * 1:26611 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Dulevco.A runtime detection (malware-backdoor.rules) * 1:26615 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript substr rename attempt (indicator-obfuscation.rules) * 1:26616 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript indexOf rename attempt (indicator-obfuscation.rules) * 1:26619 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple comment tags used in embedded RTF object - potentially malicious (indicator-obfuscation.rules) * 1:26620 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple comment tags used in embedded RTF object - potentially malicious (indicator-obfuscation.rules) * 1:26621 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion adminapi information disclosure attempt (server-other.rules) * 1:26626 <-> DISABLED <-> FILE-OFFICE XML parameter entity reference local file disclosure attempt (file-office.rules) * 1:26627 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio SVG external entity local file disclosure attempt (file-office.rules) * 1:26628 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio SVG external entity local file disclosure attempt (file-office.rules) * 1:26644 <-> ENABLED <-> SERVER-OTHER SSL TLS DEFLATE compression detected (server-other.rules) * 1:26645 <-> DISABLED <-> SERVER-OTHER SSL TLS deflate compression weakness brute force attempt (server-other.rules) * 1:26650 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript regex embedded sandbox escape attempt (file-pdf.rules) * 1:26655 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.PCRat data upload (malware-backdoor.rules) * 1:26658 <-> DISABLED <-> BROWSER-WEBKIT Possible Google Chrome Plugin install from non-trusted source (browser-webkit.rules) * 1:26659 <-> DISABLED <-> BROWSER-FIREFOX Possible Mozilla Firefox Plugin install from non-Mozilla source (browser-firefox.rules) * 1:26660 <-> ENABLED <-> MALWARE-OTHER Fake delivery information phishing attack (malware-other.rules) * 1:26662 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:26670 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.KitM file download (malware-other.rules) * 1:26671 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.KitM file download (malware-other.rules) * 1:26687 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:26688 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:26689 <-> DISABLED <-> OS-MOBILE Android Denofow phone information exfiltration (os-mobile.rules) * 1:26693 <-> DISABLED <-> OS-MOBILE Android Antammi device information exfiltration (os-mobile.rules) * 1:26694 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader dll injection sandbox escape (file-pdf.rules) * 1:26698 <-> ENABLED <-> MALWARE-OTHER Compromised Website response - leads to Exploit Kit (malware-other.rules) * 1:26699 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:26700 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:26701 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:26705 <-> DISABLED <-> OS-MOBILE Android Ewalls device information exfiltration (os-mobile.rules) * 1:26716 <-> ENABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:26717 <-> ENABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:26755 <-> DISABLED <-> FILE-PDF Adobe Acrobat file extension overflow attempt (file-pdf.rules) * 1:26759 <-> DISABLED <-> SERVER-OTHER MIT Kerberos libkdb_ldap principal name handling denial of service attempt (server-other.rules) * 1:26760 <-> DISABLED <-> OS-MOBILE Android Fakeinst device information leakage (os-mobile.rules) * 1:26768 <-> DISABLED <-> OS-MOBILE Android Fakedoc device information leakage (os-mobile.rules) * 1:26769 <-> DISABLED <-> SERVER-OTHER MIT Kerberos kpasswd process_chpw_request denial of service attempt (server-other.rules) * 1:26772 <-> ENABLED <-> SERVER-OTHER Apache Struts2 skillName remote code execution attempt (server-other.rules) * 1:26773 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.Midwgif.A runtime detection (malware-backdoor.rules) * 1:26778 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Kazy download attempt (malware-other.rules) * 1:26783 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Opfake APK file download (os-mobile.rules) * 1:26788 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:26789 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:26795 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.ZertSecurity apk download (os-mobile.rules) * 1:26796 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.ZertSecurity encrypted information leak (malware-other.rules) * 1:26802 <-> DISABLED <-> MALWARE-OTHER WIN.Worm.Beagle.AZ SMTP propagation detection (malware-other.rules) * 1:26803 <-> ENABLED <-> MALWARE-OTHER DNS data exfiltration attempt (malware-other.rules) * 1:26814 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit Initial Gate from Linked-In Mailing Campaign (exploit-kit.rules) * 1:26817 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript regex embedded sandbox escape attempt (file-pdf.rules) * 1:26823 <-> DISABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Neshgai.A runtime detection (malware-backdoor.rules) * 1:26826 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Opfake credential theft attempt (os-mobile.rules) * 1:26827 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Opfake device information disclosure attempt (os-mobile.rules) * 1:26833 <-> DISABLED <-> FILE-OFFICE Microsoft Office MSComctlLib.Toolbar ActiveX control exploit attempt (file-office.rules) * 1:26838 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit Initial Gate from NatPay Mailing Campaign (exploit-kit.rules) * 1:26842 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Boda Malware Checkin (malware-backdoor.rules) * 1:26881 <-> DISABLED <-> MALWARE-OTHER HTML.Dropper.Agent uri scheme detected (malware-other.rules) * 1:26891 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit executable download (exploit-kit.rules) * 1:26892 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit jar file download (exploit-kit.rules) * 1:26893 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit landing page (exploit-kit.rules) * 1:26894 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit Java V6 exploit download (exploit-kit.rules) * 1:26895 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit Java V7 exploit download (exploit-kit.rules) * 1:26896 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit Plugin detection response (exploit-kit.rules) * 1:26897 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit malware download (exploit-kit.rules) * 1:26902 <-> ENABLED <-> FILE-IDENTIFY Android APK download request (file-identify.rules) * 1:26903 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules) * 1:26904 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules) * 1:26906 <-> DISABLED <-> SERVER-OTHER Foswiki/Twiki MAKETEXT command execution attempt (server-other.rules) * 1:26909 <-> DISABLED <-> FILE-IMAGE Microsoft Windows WMF denial of service attempt (file-image.rules) * 1:26921 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Kazy download attempt (malware-other.rules) * 1:26922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:26926 <-> DISABLED <-> FILE-OTHER Multiple products ZIP archive virus detection bypass attempt (file-other.rules) * 1:26933 <-> ENABLED <-> MALWARE-OTHER Clickserver ad harvesting redirection attempt (malware-other.rules) * 1:26934 <-> ENABLED <-> MALWARE-OTHER Clickserver ad harvesting redirection attempt (malware-other.rules) * 1:26938 <-> DISABLED <-> OS-MOBILE Android Tetus device information leakage (os-mobile.rules) * 1:26939 <-> DISABLED <-> OS-MOBILE Android Tetus device information leakage variant (os-mobile.rules) * 1:26949 <-> ENABLED <-> EXPLOIT-KIT DotkaChef/Rmayana/DotCache exploit kit landing page (exploit-kit.rules) * 1:26951 <-> ENABLED <-> EXPLOIT-KIT DotkaChef/Rmayana/DotCache exploit kit Malvertising Campaign URI request (exploit-kit.rules) * 1:26956 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 1 (exploit-kit.rules) * 1:26957 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 2 (exploit-kit.rules) * 1:26958 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 3 (exploit-kit.rules) * 1:26959 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 4 (exploit-kit.rules) * 1:26960 <-> ENABLED <-> EXPLOIT-KIT Zuponcic exploit kit landing page (exploit-kit.rules) * 1:26961 <-> ENABLED <-> EXPLOIT-KIT Flim exploit kit landing page (exploit-kit.rules) * 1:26962 <-> ENABLED <-> EXPLOIT-KIT Flim exploit kit portable executable download (exploit-kit.rules) * 1:26963 <-> DISABLED <-> EXPLOIT-KIT Flim exploit kit outbound jar request (exploit-kit.rules) * 1:26964 <-> DISABLED <-> EXPLOIT-KIT Flim exploit kit outbound jnlp request (exploit-kit.rules) * 1:26982 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules) * 1:26983 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules) * 1:26985 <-> ENABLED <-> EXPLOIT-KIT Rawin exploit kit outbound java retrieval (exploit-kit.rules) * 1:26989 <-> DISABLED <-> FILE-OTHER Multiple products ZIP archive virus detection bypass attempt (file-other.rules) * 1:27005 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Portable Executable downloaded when mp3 is declared (exploit-kit.rules) * 1:27016 <-> DISABLED <-> OS-MOBILE Android AnserverBot initial contact (os-mobile.rules) * 1:27024 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Netweird.A file download attempt (malware-other.rules) * 1:27025 <-> DISABLED <-> MALWARE-OTHER UNIX.Trojan.Netweird.A file download attempt (malware-other.rules) * 1:27026 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit landing page (exploit-kit.rules) * 1:27031 <-> DISABLED <-> OS-MOBILE Android Satfi device information leakage (os-mobile.rules) * 1:27032 <-> DISABLED <-> OS-MOBILE Android Walkinwat / Wandt information leakage generic (os-mobile.rules) * 1:27034 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.Transhell file download (malware-other.rules) * 1:27035 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.Transhell file download (malware-other.rules) * 1:27037 <-> DISABLED <-> OS-MOBILE Android Vidro / EClips sms send instructions (os-mobile.rules) * 1:27038 <-> DISABLED <-> OS-MOBILE Android Vidro / EClips device information leakage (os-mobile.rules) * 1:27046 <-> DISABLED <-> APP-DETECT iodine dns tunneling handshake server ACK (app-detect.rules) * 1:27047 <-> DISABLED <-> INDICATOR-COMPROMISE Unknown ?1 redirect (indicator-compromise.rules) * 1:27050 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Dokstormac file download (malware-other.rules) * 1:27051 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Dokstormac file download (malware-other.rules) * 1:27052 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.JVDrop.A jar file download attempt (malware-other.rules) * 1:27053 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.JVDrop.A jar file download attempt (malware-other.rules) * 1:27055 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Yakes download attempt (malware-other.rules) * 1:27056 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Yakes download attempt (malware-other.rules) * 1:27059 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.HackBack file download attempt (malware-other.rules) * 1:27060 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.HackBack file upload attempt (malware-other.rules) * 1:27064 <-> DISABLED <-> OS-MOBILE Android Spy2Mobile device information leakage (os-mobile.rules) * 1:27068 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious jar file download (exploit-kit.rules) * 1:27069 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious portable executable download (exploit-kit.rules) * 1:27078 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit landing page - specific structure (exploit-kit.rules) * 1:27079 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit landing page stage 2 (exploit-kit.rules) * 1:27080 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit Firefox exploit download - autopwn (exploit-kit.rules) * 1:27084 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit rhino remote code execution exploit download - autopwn (exploit-kit.rules) * 1:27085 <-> ENABLED <-> EXPLOIT-KIT Unknown Malvertising exploit kit Hostile Jar pipe.class (exploit-kit.rules) * 1:27086 <-> ENABLED <-> EXPLOIT-KIT Unknown Malvertising exploit kit stage-1 redirect (exploit-kit.rules) * 1:27089 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules) * 1:27090 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules) * 1:27094 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeToken information disclosure attempt (os-mobile.rules) * 1:27095 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeToken APK file download attempt (os-mobile.rules) * 1:27096 <-> DISABLED <-> FILE-OTHER XML exponential entity expansion attack attempt (file-other.rules) * 1:27097 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSSilence APK file download attempt (os-mobile.rules) * 1:27098 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSSilence unsolicited sms attempt (os-mobile.rules) * 1:27099 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSSilence device information disclosure attempt (os-mobile.rules) * 1:27102 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime enof atom parsing heap buffer overflow attempt (file-multimedia.rules) * 1:27103 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime enof atom parsing heap buffer overflow attempt (file-multimedia.rules) * 1:27106 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious jar download (exploit-kit.rules) * 1:27107 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious jar download (exploit-kit.rules) * 1:27108 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit malicious jar file downloaded when exe is declared (exploit-kit.rules) * 1:27109 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit malicious jar download (exploit-kit.rules) * 1:27115 <-> ENABLED <-> MALWARE-OTHER DirtJumper denial of service attack traffic (malware-other.rules) * 1:27116 <-> DISABLED <-> OS-MOBILE Android Androrat device information leakage (os-mobile.rules) * 1:27117 <-> DISABLED <-> OS-MOBILE Android Androrat sms message leakage (os-mobile.rules) * 1:27118 <-> DISABLED <-> OS-MOBILE Android Androrat contact list leakage (os-mobile.rules) * 1:27119 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple plugin version detection attempt (indicator-obfuscation.rules) * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:27136 <-> ENABLED <-> OS-WINDOWS Microsoft Windows .NET CLR mutlidimensional array handling remote code execution attempt (os-windows.rules) * 1:27139 <-> ENABLED <-> OS-WINDOWS Microsoft Windows .NET CLR mutlidimensional array handling remote code execution attempt (os-windows.rules) * 1:27193 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules) * 1:27194 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules) * 1:27195 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules) * 1:27197 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Pintsized file download attempt (malware-other.rules) * 1:27198 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Pintsized file download attempt (malware-other.rules) * 1:27203 <-> DISABLED <-> INDICATOR-COMPROMISE Apache auto_prepend_file a.control.bin C2 traffic (indicator-compromise.rules) * 1:27210 <-> ENABLED <-> SERVER-OTHER IPMI RAKP cipher zero remote authentication bypass attempt (server-other.rules) * 1:27224 <-> ENABLED <-> SERVER-OTHER Adobe ColdFusion websocket invoke method access (server-other.rules) * 1:27225 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion JRun error page getWriter denial of service attempt (server-other.rules) * 1:27228 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.Janicab file download attempt (malware-other.rules) * 1:27229 <-> ENABLED <-> MALWARE-OTHER IFRAMEr Tool code injection attack (malware-other.rules) * 1:27231 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:27234 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory LDAP search denial of service attempt (server-other.rules) * 1:27236 <-> DISABLED <-> SERVER-OTHER Citrix XenApp password buffer overflow attempt (server-other.rules) * 1:27237 <-> DISABLED <-> SERVER-OTHER IPMI default username - root (server-other.rules) * 1:27238 <-> DISABLED <-> SERVER-OTHER IPMI default username - admin (server-other.rules) * 1:27239 <-> DISABLED <-> SERVER-OTHER IPMI default username - USERID (server-other.rules) * 1:27240 <-> DISABLED <-> SERVER-OTHER multiple vendors IPMI RAKP username brute force attempt (server-other.rules) * 1:27241 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page detected (exploit-kit.rules) * 1:27242 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:27246 <-> ENABLED <-> MALWARE-OTHER Mac OSX FBI ransomware (malware-other.rules) * 1:27249 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:27255 <-> DISABLED <-> INDICATOR-COMPROMISE All Numbers .EXE file name from abnormally ordered HTTP headers - Potential Yakes Trojan Download (indicator-compromise.rules) * 1:27258 <-> DISABLED <-> INDICATOR-OBFUSCATION eval large block of fromCharCode (indicator-obfuscation.rules) * 1:27259 <-> DISABLED <-> INDICATOR-OBFUSCATION eval large block of fromCharCode (indicator-obfuscation.rules) * 1:27265 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap buffer overflow attempt (file-flash.rules) * 1:27266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap buffer overflow attempt (file-flash.rules) * 1:27267 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript user-supplied PCM resampling integer overflow attempt (file-flash.rules) * 1:27268 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript user-supplied PCM resampling integer overflow attempt (file-flash.rules) * 1:27269 <-> DISABLED <-> SERVER-OTHER GuildFTPd CWD command heap overflow attempt (server-other.rules) * 1:27270 <-> DISABLED <-> SERVER-OTHER GuildFTPd LIST command heap overflow attempt (server-other.rules) * 1:27273 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit iframe redirection (exploit-kit.rules) * 1:27274 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java Exploit request structure (exploit-kit.rules) * 1:27275 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:27276 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:27277 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file download request (file-identify.rules) * 1:27278 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (file-other.rules) * 1:27279 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (file-other.rules) * 1:27280 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (file-other.rules) * 1:27281 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (file-other.rules) * 1:27525 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:27526 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:27527 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:27528 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:27529 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:27530 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:27532 <-> DISABLED <-> SERVER-MAIL Exim and Dovecot mail from remote command execution attempt (server-mail.rules) * 1:27536 <-> DISABLED <-> APP-DETECT TCP over DNS response attempt (app-detect.rules) * 1:27538 <-> DISABLED <-> MALWARE-OTHER self-signed SSL certificate with default MyCompany Ltd organization name (malware-other.rules) * 1:27540 <-> DISABLED <-> APP-DETECT OzymanDNS dns tunneling up attempt (app-detect.rules) * 1:27541 <-> DISABLED <-> APP-DETECT OzymanDNS dns tunneling down attempt (app-detect.rules) * 1:27542 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:27543 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:27550 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules) * 1:27552 <-> DISABLED <-> OS-MOBILE Android Exploit Extra_Field APK file download attempt (os-mobile.rules) * 1:27565 <-> ENABLED <-> MALWARE-OTHER HideMeBetter spam injection variant (malware-other.rules) * 1:27569 <-> DISABLED <-> FILE-IMAGE JPEG parser multipacket heap overflow attempt (file-image.rules) * 1:27572 <-> ENABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:27573 <-> ENABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:27574 <-> ENABLED <-> SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt (server-apache.rules) * 1:27575 <-> ENABLED <-> SERVER-APACHE Apache Struts arbitrary OGNL remote code execution attempt (server-apache.rules) * 1:27576 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font maxComponentPoints overflow attempt (file-other.rules) * 1:27578 <-> DISABLED <-> SERVER-OTHER OpenX POST to known backdoored file (server-other.rules) * 1:27579 <-> DISABLED <-> SERVER-OTHER Sybase Open Server function pointer array code execution attempt (server-other.rules) * 1:27593 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split (indicator-obfuscation.rules) * 1:27594 <-> ENABLED <-> MALWARE-OTHER Fake Adobe Flash Player update warning enticing clicks to malware payload (malware-other.rules) * 1:27595 <-> ENABLED <-> MALWARE-OTHER Fake Adobe Flash Player malware binary requested (malware-other.rules) * 1:27602 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:27603 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:27604 <-> DISABLED <-> POLICY-SPAM FedEX spam campaign outbound connection (policy-spam.rules) * 1:27609 <-> DISABLED <-> POLICY-OTHER Microsoft ADFS endpoint information disclosure attempt (policy-other.rules) * 1:27610 <-> DISABLED <-> PROTOCOL-ICMP Truncated ICMPv6 denial of service attempt (protocol-icmp.rules) * 1:27611 <-> DISABLED <-> PROTOCOL-ICMP Truncated ICMPv6 denial of service attempt (protocol-icmp.rules) * 1:27623 <-> DISABLED <-> SERVER-OTHER Joomla media.php arbitrary file upload attempt (server-other.rules) * 1:27624 <-> DISABLED <-> OS-WINDOWS Microsoft ICMPv6 mismatched prefix length and length field denial of service attempt (os-windows.rules) * 1:27668 <-> DISABLED <-> APP-DETECT Heyoka initial outbound connection attempt (app-detect.rules) * 1:27669 <-> DISABLED <-> APP-DETECT Heyoka outbound communication attempt (app-detect.rules) * 1:27689 <-> DISABLED <-> FILE-PDF Foxit PDF Reader authentication bypass attempt (file-pdf.rules) * 1:27690 <-> DISABLED <-> FILE-PDF Foxit PDF Reader authentication bypass attempt (file-pdf.rules) * 1:27693 <-> DISABLED <-> FILE-JAVA Oracle Java 2D ImagingLib BytePackedRaster signed integer overflow attempt (file-java.rules) * 1:27694 <-> DISABLED <-> FILE-JAVA Oracle Java 2D ImagingLib BytePackedRaster signed integer overflow attempt (file-java.rules) * 1:27700 <-> DISABLED <-> APP-DETECT NSTX DNS tunnel outbound connection attempt (app-detect.rules) * 1:27712 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection injection (exploit-kit.rules) * 1:27713 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection injection (exploit-kit.rules) * 1:27715 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page (exploit-kit.rules) * 1:27721 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .su dns query (indicator-compromise.rules) * 1:27723 <-> DISABLED <-> SQL McAfee ePolicy Orchestrator timing based SQL injection attempt (sql.rules) * 1:27724 <-> DISABLED <-> SQL McAfee ePolicy Orchestrator timing based SQL injection attempt (sql.rules) * 1:27725 <-> DISABLED <-> OS-MOBILE Android SMSAgent.C outbound SMTP communication (os-mobile.rules) * 1:27729 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /Silic.jsp (indicator-compromise.rules) * 1:27730 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /css3.jsp (indicator-compromise.rules) * 1:27731 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /inback.jsp (indicator-compromise.rules) * 1:27732 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /jspspy.jsp (indicator-compromise.rules) * 1:27733 <-> DISABLED <-> EXPLOIT-KIT IFRAMEr Tool embedded javascript attack method - generic structure (exploit-kit.rules) * 1:27734 <-> ENABLED <-> EXPLOIT-KIT IFRAMEr Tool embedded javascript attack method - specific structure (exploit-kit.rules) * 1:27738 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit landing page (exploit-kit.rules) * 1:27739 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit redirection page (exploit-kit.rules) * 1:27754 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:27755 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:27764 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:27765 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:27783 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit plugin detection page (exploit-kit.rules) * 1:27786 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:27787 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:27810 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit redirection (exploit-kit.rules) * 1:27818 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint denial of service attempt (server-other.rules) * 1:27819 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint denial of service attempt (server-other.rules) * 1:27820 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel PtgMemFunc zero-value cce-field read access violation attempt (file-office.rules) * 1:27821 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel PtgMemFunc zero-value cce-field read access violation attempt (file-office.rules) * 1:27824 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid external defined names read AV attempt (file-office.rules) * 1:27825 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid external defined names read AV attempt (file-office.rules) * 1:27850 <-> ENABLED <-> FILE-OFFICE Microsoft Office SDTI signed integer underflow attempt (file-office.rules) * 1:27851 <-> ENABLED <-> FILE-OFFICE Microsoft Office SDTI signed integer underflow attempt (file-office.rules) * 1:27852 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word invalid number of cells memory corruption attempt (file-office.rules) * 1:27853 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word invalid number of cells memory corruption attempt (file-office.rules) * 1:27854 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (file-office.rules) * 1:27855 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (file-office.rules) * 1:27856 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (file-office.rules) * 1:27857 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (file-office.rules) * 1:27858 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word malformed OCXINFO element EoP attempt (file-office.rules) * 1:27859 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word malformed OCXINFO element EoP attempt (file-office.rules) * 1:27860 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt (os-windows.rules) * 1:27861 <-> DISABLED <-> SERVER-ORACLE Oracle Enterprise Manager Database Control directory traversal attempt (server-oracle.rules) * 1:27879 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Acrobat Reader 8 (exploit-kit.rules) * 1:27880 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Acrobat Reader 9 (exploit-kit.rules) * 1:27882 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Flash Player (exploit-kit.rules) * 1:27887 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27888 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27889 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27890 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit secondary payload (exploit-kit.rules) * 1:27891 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit secondary payload (exploit-kit.rules) * 1:27899 <-> DISABLED <-> PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt (protocol-voip.rules) * 1:27900 <-> DISABLED <-> PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt (protocol-voip.rules) * 1:27901 <-> DISABLED <-> PROTOCOL-VOIP Ghost call attack attempt (protocol-voip.rules) * 1:27902 <-> DISABLED <-> PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt (protocol-voip.rules) * 1:27903 <-> DISABLED <-> PROTOCOL-VOIP Ghost call attack attempt (protocol-voip.rules) * 1:27904 <-> DISABLED <-> PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt (protocol-voip.rules) * 1:27907 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit payload download attempt (exploit-kit.rules) * 1:27911 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit landing page (exploit-kit.rules) * 1:27912 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit landing page (exploit-kit.rules) * 1:27913 <-> DISABLED <-> PUA-ADWARE Vittalia adware - get ads (pua-adware.rules) * 1:27914 <-> DISABLED <-> PUA-ADWARE Vittalia adware - post install (pua-adware.rules) * 1:27915 <-> DISABLED <-> PUA-ADWARE Vittalia adware outbound connection - pre install (pua-adware.rules) * 1:27916 <-> DISABLED <-> PUA-TOOLBARS Vittalia adware outbound connection - Eazel toolbar install (pua-toolbars.rules) * 1:27917 <-> DISABLED <-> PUA-TOOLBARS Vittalia adware outbound connection - offers (pua-toolbars.rules) * 1:27922 <-> DISABLED <-> APP-DETECT Splashtop outbound connection attempt (app-detect.rules) * 1:27923 <-> DISABLED <-> APP-DETECT Splashtop connection negotiation attempt (app-detect.rules) * 1:27924 <-> DISABLED <-> APP-DETECT Splashtop Streamer download attempt (app-detect.rules) * 1:27925 <-> DISABLED <-> APP-DETECT Splashtop Personal download attempt (app-detect.rules) * 1:27926 <-> DISABLED <-> APP-DETECT Splashtop Streamer certificate server connect attempt (app-detect.rules) * 1:27927 <-> DISABLED <-> APP-DETECT Splashtop inbound connection negotiation attempt (app-detect.rules) * 1:27928 <-> DISABLED <-> APP-DETECT Splashtop connection attempt (app-detect.rules) * 1:27929 <-> DISABLED <-> APP-DETECT Splashtop communication attempt (app-detect.rules) * 1:27930 <-> DISABLED <-> APP-DETECT DNS request for Splashtop domain splashtop.com (app-detect.rules) * 1:27931 <-> DISABLED <-> APP-DETECT DNS request for Splashtop domain splashtop.net (app-detect.rules) * 1:27932 <-> DISABLED <-> APP-DETECT DNS request for Splashtop domain devicevm.com (app-detect.rules) * 1:27933 <-> DISABLED <-> APP-DETECT Splashtop streamer download attempt (app-detect.rules) * 1:27934 <-> DISABLED <-> APP-DETECT Splashtop personal download attempt (app-detect.rules) * 1:27935 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit landing page (exploit-kit.rules) * 1:27936 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit portable executable download (exploit-kit.rules) * 1:27938 <-> DISABLED <-> PROTOCOL-DNS IPv6 host name enumeration (protocol-dns.rules) * 1:27956 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit download attempt (malware-other.rules) * 1:27957 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit download attempt (malware-other.rules) * 1:27958 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit download attempt (malware-other.rules) * 1:27959 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit upload attempt (malware-other.rules) * 1:27960 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit upload attempt (malware-other.rules) * 1:27961 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit upload attempt (malware-other.rules) * 1:27982 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application executable download attempt (app-detect.rules) * 1:27983 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application zip download attempt (app-detect.rules) * 1:27984 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dfgvx.com (app-detect.rules) * 1:27985 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain hjuyv.com (app-detect.rules) * 1:27986 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain rfvcd.com (app-detect.rules) * 1:27987 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain vfrtg.com (app-detect.rules) * 1:27988 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dongtaiwang.com (app-detect.rules) * 1:27989 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain mjuyh.com (app-detect.rules) * 1:27990 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain umikl.com (app-detect.rules) * 1:27991 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain ziyouforever.com (app-detect.rules) * 1:27992 <-> DISABLED <-> APP-DETECT DNS response for Dynamic Internet Technology domain ziyouforever.com (app-detect.rules) * 1:27993 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain xcder.com (app-detect.rules) * 1:27994 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dit-inc.us (app-detect.rules) * 1:27995 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain ewsxz.com (app-detect.rules) * 1:27996 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain nbgtr.com (app-detect.rules) * 1:27997 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dongtaiwang.net (app-detect.rules) * 1:27998 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain washingtonchinareview.org (app-detect.rules) * 1:27999 <-> DISABLED <-> APP-DETECT Possible Dynamic Internet Technology Frontgate application PING (app-detect.rules) * 1:28000 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application executable download attempt (app-detect.rules) * 1:28001 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application zip download attempt (app-detect.rules) * 1:28002 <-> DISABLED <-> INDICATOR-SCAN UPnP WANPPPConnection (indicator-scan.rules) * 1:28003 <-> DISABLED <-> INDICATOR-SCAN UPnP WANIPConnection (indicator-scan.rules) * 1:28006 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kuluoz outbound download request (malware-other.rules) * 1:28015 <-> ENABLED <-> EXPLOIT-KIT g01pack exploit kit redirection attempt (exploit-kit.rules) * 1:28016 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28017 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28018 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28019 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28020 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28021 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28022 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - IFRAMEr injection tool (exploit-kit.rules) * 1:28026 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:28028 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit exploit download attempt (exploit-kit.rules) * 1:28038 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit successful redirection (exploit-kit.rules) * 1:28043 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:28046 <-> DISABLED <-> OS-MOBILE Android fake iMessage app download (os-mobile.rules) * 1:28054 <-> ENABLED <-> MALWARE-OTHER VBScript potential executable write attempt (malware-other.rules) * 1:28055 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV outbound communication attempt (os-mobile.rules) * 1:28056 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV APK file download attempt (os-mobile.rules) * 1:28057 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV APK file download attempt (os-mobile.rules) * 1:28068 <-> DISABLED <-> APP-DETECT 360.cn Safeguard runtime outbound communication (app-detect.rules) * 1:28069 <-> DISABLED <-> APP-DETECT DNS request for potential malware SafeGuard to domain 360.cn (app-detect.rules) * 1:28070 <-> DISABLED <-> APP-DETECT DNS request for potential malware SafeGuard to domain 360safe.com (app-detect.rules) * 1:28071 <-> DISABLED <-> APP-DETECT 360.cn SafeGuard local HTTP management console access attempt (app-detect.rules) * 1:28081 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Malapp APK file download attempt (os-mobile.rules) * 1:28082 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Malapp APK file download attempt (os-mobile.rules) * 1:28086 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SmsSpy APK file download attempt (os-mobile.rules) * 1:28087 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SmsSpy APK file download attempt (os-mobile.rules) * 1:28088 <-> DISABLED <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt (policy-social.rules) * 1:28089 <-> DISABLED <-> POLICY-SOCIAL multiple chat protocols link to local file attempt (policy-social.rules) * 1:28090 <-> DISABLED <-> POLICY-SOCIAL multiple chat protocols link to local file attempt (policy-social.rules) * 1:28098 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS reGenerateReports/DeleteReports SQL injection attempt (server-other.rules) * 1:28099 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS reGenerateReports/DeleteReports SQL injection attempt (server-other.rules) * 1:28100 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS deleteReportFilter SQL injection attempt (server-other.rules) * 1:28101 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS reGenerateReports/DeleteReports SQL injection attempt (server-other.rules) * 1:28102 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS ReportFilterID/reportTemplateID SQL injection attempt (server-other.rules) * 1:28103 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Workspace file FontCount record memory corruption attempt (file-office.rules) * 1:28137 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ShrFmla record use after free attempt (file-office.rules) * 1:28138 <-> ENABLED <-> EXPLOIT-KIT DotkaChef/Rmayana exploit kit redirection attempt (exploit-kit.rules) * 1:28140 <-> DISABLED <-> PUA-ADWARE Win.Adware.Schmidti outbound communication attempt (pua-adware.rules) * 1:28149 <-> DISABLED <-> SERVER-OTHER Quest Software Big Brother attempted arbitrary file deletion (server-other.rules) * 1:28150 <-> DISABLED <-> SERVER-OTHER Quest Software Big Brother attempted arbitrary file upload (server-other.rules) * 1:28156 <-> DISABLED <-> PUA-ADWARE Linkury outbound time check (pua-adware.rules) * 1:28161 <-> DISABLED <-> FILE-OTHER Microsoft .NET XML digital signature denial of service attempt (file-other.rules) * 1:28162 <-> DISABLED <-> FILE-OTHER Microsoft .NET XML digital signature denial of service attempt (file-other.rules) * 1:28165 <-> DISABLED <-> PROTOCOL-VOIP attempted DOS detected (protocol-voip.rules) * 1:28190 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cc dns query (indicator-compromise.rules) * 1:28194 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit landing page (exploit-kit.rules) * 1:28195 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit post java exploit download attempt (exploit-kit.rules) * 1:28201 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint XSS attempt (server-other.rules) * 1:28202 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules) * 1:28203 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules) * 1:28205 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2003 macro byte opcode large data structure arbitrary code execution attempt (file-office.rules) * 1:28206 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2003 macro byte opcode large data structure arbitrary code execution attempt (file-office.rules) * 1:28213 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit redirection received (exploit-kit.rules) * 1:28233 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit payload download attempt (exploit-kit.rules) * 1:28238 <-> DISABLED <-> EXPLOIT-KIT Multiple exploit kits malicious pdf download (exploit-kit.rules) * 1:28245 <-> DISABLED <-> APP-DETECT Bizhi Sogou Wallpaper application outbound connection attempt (app-detect.rules) * 1:28246 <-> DISABLED <-> APP-DETECT Bizhi Sogou Wallpaper application download schema response (app-detect.rules) * 1:28264 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit java compromise successful (exploit-kit.rules) * 1:28265 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page attempt (exploit-kit.rules) * 1:28279 <-> ENABLED <-> PUA-ADWARE Wajam outbound connection - post install (pua-adware.rules) * 1:28280 <-> ENABLED <-> PUA-ADWARE Wajam outbound connection - post install (pua-adware.rules) * 1:28286 <-> ENABLED <-> FILE-OTHER overly large XML file MSXML heap overflow attempt (file-other.rules) * 1:28291 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit exploit download attempt (exploit-kit.rules) * 1:28292 <-> DISABLED <-> PROTOCOL-ICMP IPv6 0xfacebabe ICMP ping attempt (protocol-icmp.rules) * 1:28301 <-> DISABLED <-> INDICATOR-SCAN User-Agent known malicious user-agent Masscan (indicator-scan.rules) * 1:28308 <-> ENABLED <-> EXPLOIT-KIT Himan exploit kit payload - Adobe Reader compromise (exploit-kit.rules) * 1:28310 <-> ENABLED <-> EXPLOIT-KIT Himan exploit kit payload - Oracle Java compromise (exploit-kit.rules) * 1:28324 <-> ENABLED <-> PUA-ADWARE FakeAV runtime detection (pua-adware.rules) * 1:28344 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to chr function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:28347 <-> DISABLED <-> MALWARE-OTHER SimpleTDS - page redirecting to a SimpleTDS (malware-other.rules) * 1:28348 <-> DISABLED <-> MALWARE-OTHER SimpleTDS - request to go.php (malware-other.rules) * 1:28365 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Stoberox outbound communication attempt (malware-other.rules) * 1:28367 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:28368 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:28369 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:28370 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:28371 <-> ENABLED <-> PUA-ADWARE UpdateStar CIS file retrieval attempt (pua-adware.rules) * 1:28372 <-> ENABLED <-> PUA-ADWARE UpdateStar encapsulated installer outbound connection (pua-adware.rules) * 1:28382 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index file download request (file-identify.rules) * 1:28383 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules) * 1:28384 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules) * 1:28386 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTML Help security zone bypass attempt (os-windows.rules) * 1:28387 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTML Help security zone bypass attempt (os-windows.rules) * 1:28390 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:28391 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:28392 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (file-multimedia.rules) * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules) * 1:28423 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit single digit exe detection (exploit-kit.rules) * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:28450 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retrieve attempt (exploit-kit.rules) * 1:28483 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Magitart outbound communication attempt (malware-other.rules) * 1:28497 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules) * 1:28498 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:28499 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:28500 <-> DISABLED <-> FILE-OTHER WordPerfect file magic with .doc extension (file-other.rules) * 1:28501 <-> DISABLED <-> FILE-OTHER WordPerfect file magic with .doc extension (file-other.rules) * 1:28502 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:28503 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:28521 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:28530 <-> DISABLED <-> PUA-TOOLBARS Babylon toolbar outbound connection (pua-toolbars.rules) * 1:28531 <-> DISABLED <-> PUA-ADWARE FreePDS installer outbound connection (pua-adware.rules) * 1:28532 <-> DISABLED <-> MALWARE-TOOLS PyLoris http DoS tool (malware-tools.rules) * 1:28534 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28535 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28536 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28537 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28544 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules) * 1:28545 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules) * 1:28546 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules) * 1:28549 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:28550 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:28552 <-> DISABLED <-> INDICATOR-SCAN inbound probing for IPTUX messenger port (indicator-scan.rules) * 1:28555 <-> DISABLED <-> MALWARE-OTHER SQL Slammer worm propagation attempt inbound (malware-other.rules) * 1:28567 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free race condition (file-flash.rules) * 1:28568 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules) * 1:28569 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules) * 1:28570 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:28571 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:28572 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:28573 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:28574 <-> ENABLED <-> FILE-IDENTIFY FDF file download request (file-identify.rules) * 1:28575 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader FDF submitForm cross-site scripting attempt (file-other.rules) * 1:28576 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader FDF submitForm cross-site scripting attempt (file-other.rules) * 1:28577 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader memory disclosure attempt (file-pdf.rules) * 1:28578 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader memory disclosure attempt (file-pdf.rules) * 1:28587 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GlyphOffset memory disclosure attempt (file-flash.rules) * 1:28588 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GlyphOffset memory disclosure attempt (file-flash.rules) * 1:28589 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28590 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28591 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF remote code execution attempt (file-pdf.rules) * 1:28592 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF remote code execution attempt (file-pdf.rules) * 1:28593 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit payload download (exploit-kit.rules) * 1:28594 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit Microsoft Internet Explorer vulnerability request (exploit-kit.rules) * 1:28597 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader field dictionary null pointer dereference attempt (file-pdf.rules) * 1:28598 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader field dictionary null pointer dereference attempt (file-pdf.rules) * 1:28600 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (file-pdf.rules) * 1:28601 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (file-pdf.rules) * 1:28602 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (file-pdf.rules) * 1:28603 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (file-pdf.rules) * 1:28608 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit Atomic exploit download - specific-structure (exploit-kit.rules) * 1:28609 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit obfuscated exploit payload download (exploit-kit.rules) * 1:28610 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retreive attempt (exploit-kit.rules) * 1:28617 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDSElementGetPageRangeList recursive call denial of service attempt (file-pdf.rules) * 1:28618 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDSElementGetPageRangeList recursive call denial of service attempt (file-pdf.rules) * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:28796 <-> ENABLED <-> EXPLOIT-KIT iFRAMEr successful cnt.php redirection (exploit-kit.rules) * 1:28797 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit binkey xored binary download attempt (exploit-kit.rules) * 1:28798 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit possibly malicious iframe embedded into a webpage (exploit-kit.rules) * 1:28818 <-> DISABLED <-> FILE-OTHER 7-Zip ARJ archive handling buffer overflow attempt (file-other.rules) * 1:28819 <-> DISABLED <-> FILE-OTHER 7-Zip ARJ archive handling buffer overflow attempt (file-other.rules) * 1:28821 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28822 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28823 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28824 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28825 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28826 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28827 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28831 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro d2d1.dll dll-load exploit attempt (file-other.rules) * 1:28833 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules) * 1:28834 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules) * 1:28835 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules) * 1:28836 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wintab32.dll dll-load exploit attempt (file-other.rules) * 1:28837 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro d2d1.dll dll-load exploit attempt (file-other.rules) * 1:28839 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules) * 1:28840 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules) * 1:28841 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules) * 1:28842 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wintab32.dll dll-load exploit attempt (file-other.rules) * 1:28847 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Tavdig download attempt (malware-other.rules) * 1:28848 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Tavdig download attempt (malware-other.rules) * 1:28867 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28871 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28872 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28883 <-> ENABLED <-> PUA-ADWARE Apponic CIS file retrieval attempt (pua-adware.rules) * 1:28884 <-> ENABLED <-> PUA-ADWARE Apponic encapsulated installer outbound connection (pua-adware.rules) * 1:28885 <-> ENABLED <-> PUA-ADWARE Apponic encapsulated installer outbound connection (pua-adware.rules) * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (file-identify.rules) * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (file-identify.rules) * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28908 <-> DISABLED <-> SERVER-OTHER Nagios core config manager tfpassword sql injection attempt (server-other.rules) * 1:28913 <-> DISABLED <-> MALWARE-BACKDOOR Zollard variant outbound connection attempt (malware-backdoor.rules) * 1:28917 <-> DISABLED <-> PROTOCOL-SCADA Microsys Promotic directory traversal attempt (protocol-scada.rules) * 1:28926 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:28927 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:28929 <-> ENABLED <-> PUA-ADWARE Amonetize installer outbound connection attempt (pua-adware.rules) * 1:28934 <-> DISABLED <-> PUA-ADWARE InstallBrain software download attempt (pua-adware.rules) * 1:28935 <-> DISABLED <-> PUA-ADWARE InstallBrain software download attempt (pua-adware.rules) * 1:28945 <-> DISABLED <-> INDICATOR-COMPROMISE exe.exe download (indicator-compromise.rules) * 1:28963 <-> ENABLED <-> EXPLOIT-KIT HiMan exploit kit Flash Exploit landing page (exploit-kit.rules) * 1:28966 <-> ENABLED <-> EXPLOIT-KIT HiMan exploit kit outbound POST connection (exploit-kit.rules) * 1:28968 <-> ENABLED <-> EXPLOIT-KIT HiMan exploit kit outbound flash exploit retrieval attempt (exploit-kit.rules) * 1:28978 <-> DISABLED <-> FILE-OTHER CHM LZX compression reset interval anti-virus evasion attempt (file-other.rules) * 1:28979 <-> DISABLED <-> FILE-OTHER CHM LZX compression reset interval anti-virus evasion attempt (file-other.rules) * 1:28993 <-> DISABLED <-> PROTOCOL-VOIP Sipvicious User-Agent detected (protocol-voip.rules) * 1:28998 <-> DISABLED <-> OS-LINUX Linux kernel ARM put_user write outside process address space privilege escalation attempt (os-linux.rules) * 1:28999 <-> DISABLED <-> OS-LINUX Linux kernel ARM put_user write outside process address space privilege escalation attempt (os-linux.rules) * 1:29001 <-> ENABLED <-> EXPLOIT-KIT SPL2 exploit kit landing page detection (exploit-kit.rules) * 1:29002 <-> ENABLED <-> EXPLOIT-KIT SPL2 exploit kit Silverlight plugin outbound connection attempt (exploit-kit.rules) * 1:29006 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules) * 1:29007 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules) * 1:29008 <-> ENABLED <-> FILE-IDENTIFY XWD image file download request (file-identify.rules) * 1:29009 <-> DISABLED <-> FILE-OTHER GIMP XWD file heap buffer overflow attempt (file-other.rules) * 1:29010 <-> DISABLED <-> FILE-OTHER GIMP XWD file heap buffer overflow attempt (file-other.rules) * 1:29012 <-> ENABLED <-> MALWARE-OTHER Possible Win.Trojan.Zbot variant outbound connection (malware-other.rules) * 1:29013 <-> ENABLED <-> MALWARE-OTHER Possible Win.Trojan.Zbot variant outbound connection (malware-other.rules) * 1:29014 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded OpenType font engine LZX decompression buffer overflow attempt (os-windows.rules) * 1:29023 <-> ENABLED <-> MALWARE-OTHER multi-hop iframe campaign client-side exploit attempt (malware-other.rules) * 1:29024 <-> ENABLED <-> MALWARE-OTHER multi-hop iframe campaign client-side exploit attempt (malware-other.rules) * 1:29025 <-> ENABLED <-> MALWARE-OTHER multi-hop iframe campaign client-side exploit attempt (malware-other.rules) * 1:29028 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server TDS packet fragment handling remote denial of service attempt (server-mssql.rules) * 1:29029 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server TDS packet fragment handling remote denial of service attempt (server-mssql.rules) * 1:29047 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29048 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29049 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29050 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29051 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29052 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29053 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29054 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29055 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Descrantol variant data exfiltration attempt (malware-backdoor.rules) * 1:29061 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:29062 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed JBIG2 decode segment null pointer crash attempt (file-pdf.rules) * 1:29063 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed JBIG2 decode segment null pointer crash attempt (file-pdf.rules) * 1:29094 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.Shatekrat variant initial outbound connection (malware-backdoor.rules) * 1:29096 <-> ENABLED <-> MALWARE-TOOLS Browser Password Decryptor - Password List sent via FTP (malware-tools.rules) * 1:29124 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.InstallMonster variant outbound connection (malware-other.rules) * 1:29162 <-> ENABLED <-> FILE-IDENTIFY CIS file download request (file-identify.rules) * 1:29164 <-> DISABLED <-> EXPLOIT-KIT CritX exploit kit outbound flash request (exploit-kit.rules) * 1:29182 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29183 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29184 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29185 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29186 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound connection (exploit-kit.rules) * 1:29188 <-> DISABLED <-> EXPLOIT-KIT Magnitude exploit kit embedded open type font file request (exploit-kit.rules) * 1:29194 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding registers - too many inputs (protocol-scada.rules) * 1:29195 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input register - too many inputs (protocol-scada.rules) * 1:29196 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input status - too many inputs (protocol-scada.rules) * 1:29197 <-> DISABLED <-> PROTOCOL-SCADA Modbus read write multiple registers - too many writes (protocol-scada.rules) * 1:29198 <-> DISABLED <-> PROTOCOL-SCADA Modbus read write multiple registers - too many writes (protocol-scada.rules) * 1:29199 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple registers - too many registers (protocol-scada.rules) * 1:29200 <-> DISABLED <-> PROTOCOL-SCADA Modbus write single coil - invalid state (protocol-scada.rules) * 1:29201 <-> DISABLED <-> PROTOCOL-SCADA Modbus read coil status response - too many coils (protocol-scada.rules) * 1:29202 <-> DISABLED <-> PROTOCOL-SCADA Modbus read coil status response - too many coils (protocol-scada.rules) * 1:29203 <-> DISABLED <-> PROTOCOL-SCADA Modbus read fifo response invalid byte count (protocol-scada.rules) * 1:29204 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding register response - invalid byte count (protocol-scada.rules) * 1:29205 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input registers response invalid byte count (protocol-scada.rules) * 1:29206 <-> DISABLED <-> PROTOCOL-SCADA Modbus read write register response - invalid byte count (protocol-scada.rules) * 1:29207 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29208 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29209 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29210 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29211 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29212 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29214 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules) * 1:29215 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules) * 1:29218 <-> ENABLED <-> FILE-JAVA Oracle Java and JavaFX JPEGImageReader memory corruption attempt (file-java.rules) * 1:29219 <-> ENABLED <-> FILE-JAVA Oracle Java and JavaFX JPEGImageReader memory corruption attempt (file-java.rules) * 1:29266 <-> DISABLED <-> SERVER-OTHER Cisco Prime Data Center Network Manager arbitrary file read attempt (server-other.rules) * 1:29268 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules) * 1:29269 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules) * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (file-identify.rules) * 1:29282 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29283 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29284 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29286 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29287 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29288 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29314 <-> DISABLED <-> PROTOCOL-SCADA Modbus function scan (protocol-scada.rules) * 1:29315 <-> DISABLED <-> PROTOCOL-SCADA Modbus list scan (protocol-scada.rules) * 1:29316 <-> DISABLED <-> PROTOCOL-SCADA Modbus value scan (protocol-scada.rules) * 1:29317 <-> DISABLED <-> PROTOCOL-SCADA Modbus invalid exception message (protocol-scada.rules) * 1:29318 <-> DISABLED <-> PROTOCOL-SCADA Modbus invalid encapsulated interface response (protocol-scada.rules) * 1:29319 <-> DISABLED <-> PROTOCOL-SCADA Modbus invalid encapsulated interface request (protocol-scada.rules) * 1:29320 <-> DISABLED <-> APP-DETECT Baidu IME download attempt (app-detect.rules) * 1:29321 <-> DISABLED <-> APP-DETECT Baidu IME download attempt (app-detect.rules) * 1:29322 <-> DISABLED <-> APP-DETECT Baidu IME runtime detection - remote sync (app-detect.rules) * 1:29354 <-> DISABLED <-> APP-DETECT Foca file scanning attempt (app-detect.rules) * 1:29357 <-> DISABLED <-> PUA-P2P Vuze BitTorrent client outbound connection (pua-p2p.rules) * 1:29360 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit encrypted binary download (exploit-kit.rules) * 1:29361 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules) * 1:29362 <-> DISABLED <-> SERVER-OTHER Novell NetWare AFP denial of service attempt (server-other.rules) * 1:29364 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Esjey outbound communication attempt (malware-other.rules) * 1:29381 <-> DISABLED <-> APP-DETECT VPN Over DNS outbound traffic attempt (app-detect.rules) * 1:29382 <-> DISABLED <-> APP-DETECT VPN Over DNS application download attempt (app-detect.rules) * 1:29383 <-> DISABLED <-> APP-DETECT VPN Over DNS application download attempt (app-detect.rules) * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (file-identify.rules) * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:29393 <-> DISABLED <-> SERVER-OTHER ntp monlist denial of service attempt (server-other.rules) * 1:29396 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same (policy-spam.rules) * 1:29397 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same (policy-spam.rules) * 1:29398 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same (policy-spam.rules) * 1:29399 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same (policy-spam.rules) * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (file-identify.rules) * 1:29411 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page (exploit-kit.rules) * 1:29412 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Java download attempt (exploit-kit.rules) * 1:29413 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:29414 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:29418 <-> DISABLED <-> OS-MOBILE Android signature validation bypass APK file download attempt (os-mobile.rules) * 1:29419 <-> DISABLED <-> OS-MOBILE Android signature validation bypass APK file download attempt (os-mobile.rules) * 1:29433 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:29437 <-> DISABLED <-> OS-MOBILE Android Goodix gt915 touchscreen driver improper bounds-check privileged access attempt (os-mobile.rules) * 1:29438 <-> DISABLED <-> OS-MOBILE Android Goodix gt915 touchscreen driver improper bounds-check privileged access attempt (os-mobile.rules) * 1:29444 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit flashplayer11 payload download (exploit-kit.rules) * 1:29447 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit payload download - scandsk.exe (exploit-kit.rules) * 1:29454 <-> DISABLED <-> PROTOCOL-ICMP Unusual L3retriever Ping detected (protocol-icmp.rules) * 1:29455 <-> DISABLED <-> PROTOCOL-ICMP Unusual Microsoft Windows Ping detected (protocol-icmp.rules) * 1:29456 <-> DISABLED <-> PROTOCOL-ICMP Unusual PING detected (protocol-icmp.rules) * 1:29457 <-> DISABLED <-> PROTOCOL-ICMP Unusual Microsoft Windows 7 Ping detected (protocol-icmp.rules) * 1:29490 <-> ENABLED <-> FILE-JAVA Oracle Java ShortComponentRaster integer overflow attempt (file-java.rules) * 1:29491 <-> ENABLED <-> FILE-JAVA Oracle Java ShortComponentRaster integer overflow attempt (file-java.rules) * 1:29500 <-> DISABLED <-> PUA-ADWARE 4Shared Downloader outbound connection attempt (pua-adware.rules) * 1:29501 <-> DISABLED <-> PUA-ADWARE 4Shared Downloader executable file download attempt (pua-adware.rules) * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:29515 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:29516 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29517 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules) * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules) * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:29534 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:29539 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29540 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29541 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29542 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29543 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29544 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29545 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29546 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29551 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (file-flash.rules) * 1:29552 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (file-flash.rules) * 1:29553 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (file-flash.rules) * 1:29554 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (file-flash.rules) * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:29582 <-> DISABLED <-> SERVER-OTHER Mediawiki DjVu and PDF handling code execution attempt (server-other.rules) * 1:29585 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt (server-other.rules) * 1:29586 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29587 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29588 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:29589 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:29590 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:29591 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:29604 <-> DISABLED <-> OS-OTHER CoDeSys Gateway Server Denial of Service attempt detected (os-other.rules) * 1:29605 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:29606 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules) * 1:29611 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules) * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules) * 1:29626 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29628 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29629 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29640 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules) * 1:29641 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules) * 1:29642 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules) * 1:29643 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules) * 1:29660 <-> DISABLED <-> FILE-OTHER Norton Anti-Virus decompression bomb denial of service attempt (file-other.rules) * 1:29661 <-> DISABLED <-> FILE-OTHER Norton Anti-Virus decompression bomb denial of service attempt (file-other.rules) * 1:29669 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader pattern object memory corruption attempt (file-pdf.rules) * 1:29715 <-> DISABLED <-> SERVER-IIS Microsoft Windows ASP .NET denial of service attempt (server-iis.rules) * 1:29723 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (file-office.rules) * 1:29724 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (file-office.rules) * 1:29725 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (file-office.rules) * 1:29726 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (file-office.rules) * 1:29745 <-> DISABLED <-> INDICATOR-OBFUSCATION Alternating character encodings - JS variable (indicator-obfuscation.rules) * 1:29755 <-> DISABLED <-> BROWSER-CHROME Google Chrome and Apple Safari Ruby before and after memory corruption (browser-chrome.rules) * 1:29792 <-> DISABLED <-> SERVER-OTHER Novell iPrint Server remote code execution attempt (server-other.rules) * 1:29793 <-> DISABLED <-> SERVER-OTHER D-Link IP Cameras execution of commands from administration web interface (server-other.rules) * 1:29794 <-> DISABLED <-> SERVER-OTHER D-Link IP Cameras access to the video stream via HTTP (server-other.rules) * 1:29795 <-> DISABLED <-> SERVER-OTHER D-Link IP Cameras access the ASCII video stream via image luminance (server-other.rules) * 1:29800 <-> DISABLED <-> FILE-OTHER XML exponential entity expansion attack attempt (file-other.rules) * 1:29807 <-> DISABLED <-> INDICATOR-OBFUSCATION Alternating character encodings - JS array (indicator-obfuscation.rules) * 1:29809 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (browser-webkit.rules) * 1:29810 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (browser-webkit.rules) * 1:29811 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (browser-webkit.rules) * 1:29812 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (browser-webkit.rules) * 1:29823 <-> DISABLED <-> OS-WINDOWS Microsoft Windows secure channel malformed certificate request memory corruption attempt (os-windows.rules) * 1:29835 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode object type confusion information disclosure attempt (file-flash.rules) * 1:29836 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode object type confusion information disclosure attempt (file-flash.rules) * 1:29864 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit payload request (exploit-kit.rules) * 1:29866 <-> DISABLED <-> SERVER-IIS Microsoft Windows Server 2012 IIS OData protocol nested replace filter dos attempt (server-iis.rules) * 1:29871 <-> DISABLED <-> SERVER-ORACLE Oracle Reports server remote code execution attempt (server-oracle.rules) * 1:29874 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Dremseko outbound username enumeration (malware-backdoor.rules) * 1:29888 <-> DISABLED <-> FILE-OTHER Clam Anti-Virus TNEF file handling denial of service attempt (file-other.rules) * 1:29889 <-> DISABLED <-> FILE-OTHER Clam Anti-Virus TNEF file handling denial of service attempt (file-other.rules) * 1:29896 <-> DISABLED <-> SERVER-APACHE Apache Tomcat infinite loop denial of service attempt (server-apache.rules) * 1:29902 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:29903 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:29904 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:29905 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:29918 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Vacky system information disclosure (malware-other.rules) * 1:29926 <-> ENABLED <-> FILE-FLASH Adobe Flash Player buffer overflow attempt (file-flash.rules) * 1:29927 <-> ENABLED <-> FILE-FLASH Adobe Flash Player buffer overflow attempt (file-flash.rules) * 1:29932 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE regexp out of bounds memory leak ASLR bypass attempt (file-flash.rules) * 1:29933 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE regexp out of bounds memory leak ASLR bypass attempt (file-flash.rules) * 1:29934 <-> DISABLED <-> FILE-FLASH Adobe Flash regular expression grouping depth buffer overflow attempt (file-flash.rules) * 1:29935 <-> DISABLED <-> PROTOCOL-DNS ISC libdns client NAPTR record regular expression handling denial of service attempt (protocol-dns.rules) * 1:29938 <-> DISABLED <-> SERVER-OTHER InduSoft Web Studio Remote Agent buffer overflow attempt (server-other.rules) * 1:29939 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29940 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29941 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29942 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29950 <-> DISABLED <-> SERVER-OTHER TP-Link TL-WR740N wireless router remote denial of service attempt (server-other.rules) * 1:29951 <-> DISABLED <-> SERVER-OTHER HylaFAX plus LDAP authentication username buffer overflow attempt (server-other.rules) * 1:29952 <-> DISABLED <-> SERVER-OTHER HP LoadRunner XDR handling heap buffer overflow (server-other.rules) * 1:29953 <-> DISABLED <-> SERVER-OTHER Ubiquiti airCam RTSP service buffer overflow attempt (server-other.rules) * 1:29954 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server heap buffer overflow attempt (protocol-scada.rules) * 1:29958 <-> DISABLED <-> SERVER-OTHER multiple products HTTP HEAD request buffer overflow attempt (server-other.rules) * 1:29959 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:29960 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (protocol-scada.rules) * 1:29961 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (protocol-scada.rules) * 1:29962 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (protocol-scada.rules) * 1:29963 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (protocol-scada.rules) * 1:29964 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime directory traversal attempt (protocol-scada.rules) * 1:29965 <-> DISABLED <-> PROTOCOL-SCADA Tri PLC Nano 10 PLC denial of service attempt (protocol-scada.rules) * 1:29966 <-> DISABLED <-> SERVER-OTHER Ubiquiti airCam RTSP service buffer overflow attempt (server-other.rules) * 1:29967 <-> DISABLED <-> SERVER-OTHER Python socket.recvfrom_into remote buffer overflow attempt (server-other.rules) * 1:29968 <-> DISABLED <-> SERVER-OTHER Python socket.recvfrom_into remote buffer overflow attempt (server-other.rules) * 1:29969 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (file-java.rules) * 1:29970 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (file-java.rules) * 1:29971 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (file-java.rules) * 1:29972 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (file-java.rules) * 1:29991 <-> DISABLED <-> PUA-ADWARE The Best All Codecs App runtime detection (pua-adware.rules) * 1:30000 <-> DISABLED <-> MALWARE-BACKDOOR FireCrotch exploit kit backdoor attempt (malware-backdoor.rules) * 1:30010 <-> DISABLED <-> SERVER-APACHE Apache Solr SolrResourceLoader directory traversal attempt (server-apache.rules) * 1:30014 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:30017 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:30018 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (file-identify.rules) * 1:30032 <-> DISABLED <-> SERVER-OTHER Borland VisiBroker Smart Agent heap overflow attempt (server-other.rules) * 1:30038 <-> DISABLED <-> PUA-TOOLBARS Babylon toolbar outbound connection (pua-toolbars.rules) * 1:30070 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.iBanking outbound connection attempt (malware-other.rules) * 1:30071 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.iBanking outbound connection attempt (malware-other.rules) * 1:30072 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.iBanking outbound connection attempt (malware-other.rules) * 1:30133 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit landing page (exploit-kit.rules) * 1:30134 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit malicious payload delivery - specific string (exploit-kit.rules) * 1:30137 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - RULEZ cookie set (malware-other.rules) * 1:30138 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - RULEZ cookie (malware-other.rules) * 1:30146 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (file-flash.rules) * 1:30147 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (file-flash.rules) * 1:30148 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (file-flash.rules) * 1:30149 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (file-flash.rules) * 1:30150 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:30151 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:30152 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:30195 <-> DISABLED <-> APP-DETECT Paros proxy outbound connection attempt (app-detect.rules) * 1:30202 <-> DISABLED <-> SERVER-MAIL Mortal Universe POP Peeper uidl header overflow attempt (server-mail.rules) * 1:30205 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (server-other.rules) * 1:30206 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (server-other.rules) * 1:30207 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (server-other.rules) * 1:30212 <-> DISABLED <-> FILE-IMAGE GIMP heap buffer overflow vulnerability attempt (file-image.rules) * 1:30213 <-> DISABLED <-> FILE-IMAGE GIMP heap buffer overflow vulnerability attempt (file-image.rules) * 1:30215 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow attempt (file-multimedia.rules) * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:30218 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:30221 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit linux/x86 reverse_tcp stager transfer attempt (indicator-shellcode.rules) * 1:30222 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit shellcode linux/x86/meterpreter stage transfer attempt (indicator-shellcode.rules) * 1:30223 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit shellcode linux/x86/shell stage transfer attempt (indicator-shellcode.rules) * 1:30224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit shellcode linux/x86/shell_reverse_tcp single stage transfer attempt (indicator-shellcode.rules) * 1:30225 <-> DISABLED <-> INDICATOR-SHELLCODE possible /bin/sh shellcode transfer attempt (indicator-shellcode.rules) * 1:30226 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/meterpreter stage transfer attempt (indicator-shellcode.rules) * 1:30227 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/reverse_tcp stager transfer attempt (indicator-shellcode.rules) * 1:30228 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/shell stage transfer attempt (indicator-shellcode.rules) * 1:30229 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/shell stage transfer attempt (indicator-shellcode.rules) * 1:30236 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader field flags exploit attempt (file-pdf.rules) * 1:30237 <-> DISABLED <-> PUA-ADWARE InstallMonster initial runtime outbound connection (pua-adware.rules) * 1:30238 <-> DISABLED <-> PUA-ADWARE InstallMonster follow-up outbound connection (pua-adware.rules) * 1:30240 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules) * 1:30241 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules) * 1:30242 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:30243 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:30244 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fOdbcConn parsing remote code execution attempt (file-office.rules) * 1:30245 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules) * 1:30246 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules) * 1:30247 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules) * 1:30248 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules) * 1:30252 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor filter security policy bypass attempt (browser-chrome.rules) * 1:30253 <-> DISABLED <-> APP-DETECT Anyplace proxy header detected (app-detect.rules) * 1:30254 <-> DISABLED <-> APP-DETECT Anyplace usage attempt (app-detect.rules) * 1:30260 <-> ENABLED <-> PUA-ADWARE Lucky Leap Adware outbound connection (pua-adware.rules) * 1:30261 <-> ENABLED <-> PUA-ADWARE Lucky Leap Adware outbound connection (pua-adware.rules) * 1:30272 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Onimiki redirected client DNS request (malware-other.rules) * 1:30273 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Onimiki DNS compromised server response (malware-other.rules) * 1:30281 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool SMBv2 (policy-other.rules) * 1:30306 <-> ENABLED <-> EXPLOIT-KIT SofosFO/Stamp exploit kit plugin detection page (exploit-kit.rules) * 1:30312 <-> ENABLED <-> EXPLOIT-KIT WhiteLotus exploit kit plugin outbound detection (exploit-kit.rules) * 1:30316 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules) * 1:30317 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules) * 1:30320 <-> ENABLED <-> MALWARE-OTHER connection to malware sinkhole (malware-other.rules) * 1:30325 <-> ENABLED <-> MALWARE-OTHER malicious iframe injection redirect attempt (malware-other.rules) * 1:30326 <-> DISABLED <-> OS-LINUX Linux kernel SCTP duplicate cookie denial of service attempt (os-linux.rules) * 1:30329 <-> DISABLED <-> SERVER-OTHER McAfee Asset Manager downloadReport information disclosure attempt (server-other.rules) * 1:30330 <-> DISABLED <-> SERVER-OTHER McAfee Asset Manager downloadReport information disclosure attempt (server-other.rules) * 1:30337 <-> DISABLED <-> SERVER-OTHER Cisco Catalyst SSH protocol mismatch denial of service attempt (server-other.rules) * 1:30338 <-> DISABLED <-> SERVER-OTHER Cisco 677-678 telnet buffer overflow attempt (server-other.rules) * 1:30339 <-> DISABLED <-> SERVER-OTHER Cisco Catalyst telnet memory leak denial of service attempt (server-other.rules) * 1:30347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (file-flash.rules) * 1:30348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (file-flash.rules) * 1:30349 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (file-flash.rules) * 1:30350 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_bind_tcp (indicator-shellcode.rules) * 1:30351 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_find_port (indicator-shellcode.rules) * 1:30352 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_interact (indicator-shellcode.rules) * 1:30353 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_reverse_tcp (indicator-shellcode.rules) * 1:30354 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload android_shell_reverse_tcp (indicator-shellcode.rules) * 1:30355 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_sparc_shell_bind_tcp (indicator-shellcode.rules) * 1:30356 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_sparc_shell_reverse_tcp (indicator-shellcode.rules) * 1:30357 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_exec (indicator-shellcode.rules) * 1:30358 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_bind_ipv6_tcp (indicator-shellcode.rules) * 1:30359 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_bind_tcp (indicator-shellcode.rules) * 1:30360 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_find_port (indicator-shellcode.rules) * 1:30361 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_reverse_ipv6_tcp (indicator-shellcode.rules) * 1:30362 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_reverse_tcp (indicator-shellcode.rules) * 1:30363 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsdi_x86_shell_find_port (indicator-shellcode.rules) * 1:30364 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_awk (indicator-shellcode.rules) * 1:30365 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_inetd (indicator-shellcode.rules) * 1:30366 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_lua (indicator-shellcode.rules) * 1:30367 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_netcat (indicator-shellcode.rules) * 1:30368 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_netcat_gaping (indicator-shellcode.rules) * 1:30369 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_netcat_gaping_ipv6 (indicator-shellcode.rules) * 1:30370 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_nodejs (indicator-shellcode.rules) * 1:30371 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_perl (indicator-shellcode.rules) * 1:30372 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_perl_ipv6 (indicator-shellcode.rules) * 1:30373 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_ruby (indicator-shellcode.rules) * 1:30374 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_zsh (indicator-shellcode.rules) * 1:30375 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse (indicator-shellcode.rules) * 1:30376 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_awk (indicator-shellcode.rules) * 1:30377 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_lua (indicator-shellcode.rules) * 1:30378 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_openssl (indicator-shellcode.rules) * 1:30379 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (indicator-shellcode.rules) * 1:30380 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl_ssl (indicator-shellcode.rules) * 1:30381 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_php_ssl (indicator-shellcode.rules) * 1:30382 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_python (indicator-shellcode.rules) * 1:30383 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_ruby (indicator-shellcode.rules) * 1:30384 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_ruby_ssl (indicator-shellcode.rules) * 1:30385 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_zsh (indicator-shellcode.rules) * 1:30386 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_adduser (indicator-shellcode.rules) * 1:30387 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_bind_perl (indicator-shellcode.rules) * 1:30388 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_bind_perl_ipv6 (indicator-shellcode.rules) * 1:30389 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_bind_ruby (indicator-shellcode.rules) * 1:30390 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_download_exec_vbs (indicator-shellcode.rules) * 1:30391 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_reverse_perl (indicator-shellcode.rules) * 1:30392 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_reverse_powershell (indicator-shellcode.rules) * 1:30393 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_reverse_ruby (indicator-shellcode.rules) * 1:30394 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload firefox_exec (indicator-shellcode.rules) * 1:30395 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload firefox_shell_bind_tcp (indicator-shellcode.rules) * 1:30396 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload java_jsp_shell_bind_tcp (indicator-shellcode.rules) * 1:30397 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload java_shell_reverse_tcp (indicator-shellcode.rules) * 1:30398 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_adduser (indicator-shellcode.rules) * 1:30399 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_exec (indicator-shellcode.rules) * 1:30400 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_shell_bind_tcp (indicator-shellcode.rules) * 1:30401 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_shell_reverse_tcp (indicator-shellcode.rules) * 1:30402 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsbe_shell_bind_tcp (indicator-shellcode.rules) * 1:30403 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsbe_shell_reverse_tcp (indicator-shellcode.rules) * 1:30404 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsle_reboot (indicator-shellcode.rules) * 1:30405 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsle_shell_bind_tcp (indicator-shellcode.rules) * 1:30406 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsle_shell_reverse_tcp (indicator-shellcode.rules) * 1:30407 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc64_shell_bind_tcp (indicator-shellcode.rules) * 1:30408 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc64_shell_find_port (indicator-shellcode.rules) * 1:30409 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc_shell_bind_tcp (indicator-shellcode.rules) * 1:30410 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc_shell_find_port (indicator-shellcode.rules) * 1:30411 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_exec (indicator-shellcode.rules) * 1:30412 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_bind_tcp (indicator-shellcode.rules) * 1:30413 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_bind_tcp_random_port (indicator-shellcode.rules) * 1:30414 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_find_port (indicator-shellcode.rules) * 1:30415 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_reverse_tcp (indicator-shellcode.rules) * 1:30416 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_adduser (indicator-shellcode.rules) * 1:30417 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_chmod (indicator-shellcode.rules) * 1:30418 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_exec (indicator-shellcode.rules) * 1:30419 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_bind_ipv6_tcp (indicator-shellcode.rules) * 1:30420 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_bind_nonx_tcp (indicator-shellcode.rules) * 1:30421 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_bind_tcp (indicator-shellcode.rules) * 1:30422 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_find_tag (indicator-shellcode.rules) * 1:30423 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_reverse_ipv6_tcp (indicator-shellcode.rules) * 1:30424 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_reverse_nonx_tcp (indicator-shellcode.rules) * 1:30425 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_reverse_tcp (indicator-shellcode.rules) * 1:30426 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_bind_ipv6_tcp (indicator-shellcode.rules) * 1:30427 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_bind_tcp (indicator-shellcode.rules) * 1:30428 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_bind_tcp_random_port (indicator-shellcode.rules) * 1:30429 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_find_port (indicator-shellcode.rules) * 1:30430 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_reverse_tcp (indicator-shellcode.rules) * 1:30431 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_reverse_tcp2 (indicator-shellcode.rules) * 1:30432 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload netware_shell_reverse_tcp (indicator-shellcode.rules) * 1:30433 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload nodejs_shell_bind_tcp (indicator-shellcode.rules) * 1:30434 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_armle_shell_bind_tcp (indicator-shellcode.rules) * 1:30435 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_armle_shell_reverse_tcp (indicator-shellcode.rules) * 1:30436 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_armle_vibrate (indicator-shellcode.rules) * 1:30437 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_ppc_shell_bind_tcp (indicator-shellcode.rules) * 1:30438 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_ppc_shell_find_tag (indicator-shellcode.rules) * 1:30439 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_ppc_shell_reverse_tcp (indicator-shellcode.rules) * 1:30440 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_dupandexecve_bind_tcp (indicator-shellcode.rules) * 1:30441 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_dupandexecve_reverse_tcp (indicator-shellcode.rules) * 1:30442 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_exec (indicator-shellcode.rules) * 1:30443 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_say (indicator-shellcode.rules) * 1:30444 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_shell_find_tag (indicator-shellcode.rules) * 1:30445 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_shell_reverse_tcp (indicator-shellcode.rules) * 1:30446 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_exec (indicator-shellcode.rules) * 1:30447 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_isight_bind_tcp (indicator-shellcode.rules) * 1:30448 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_isight_reverse_tcp (indicator-shellcode.rules) * 1:30449 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_shell_find_port (indicator-shellcode.rules) * 1:30450 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_vforkshell_bind_tcp (indicator-shellcode.rules) * 1:30451 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_vforkshell_reverse_tcp (indicator-shellcode.rules) * 1:30452 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_bind_perl (indicator-shellcode.rules) * 1:30453 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_download_exec (indicator-shellcode.rules) * 1:30454 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_exec (indicator-shellcode.rules) * 1:30455 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_meterpreter_bind_tcp (indicator-shellcode.rules) * 1:30456 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_meterpreter_reverse_tcp (indicator-shellcode.rules) * 1:30457 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_reverse_perl (indicator-shellcode.rules) * 1:30458 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_reverse_php (indicator-shellcode.rules) * 1:30459 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_shell_findsock (indicator-shellcode.rules) * 1:30460 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload python_meterpreter_bind_tcp (indicator-shellcode.rules) * 1:30461 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload python_shell_reverse_tcp_ssl (indicator-shellcode.rules) * 1:30462 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload ruby_shell_bind_tcp (indicator-shellcode.rules) * 1:30463 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload ruby_shell_reverse_tcp (indicator-shellcode.rules) * 1:30464 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload ruby_shell_reverse_tcp_ssl (indicator-shellcode.rules) * 1:30465 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_sparc_shell_bind_tcp (indicator-shellcode.rules) * 1:30466 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_sparc_shell_find_port (indicator-shellcode.rules) * 1:30467 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_sparc_shell_reverse_tcp (indicator-shellcode.rules) * 1:30468 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_x86_shell_bind_tcp (indicator-shellcode.rules) * 1:30469 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_x86_shell_find_port (indicator-shellcode.rules) * 1:30470 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_x86_shell_reverse_tcp (indicator-shellcode.rules) * 1:30471 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_adduser (indicator-shellcode.rules) * 1:30472 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_messagebox (indicator-shellcode.rules) * 1:30473 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_bind_nonx_tcp (indicator-shellcode.rules) * 1:30474 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_bind_tcp (indicator-shellcode.rules) * 1:30475 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_find_tag (indicator-shellcode.rules) * 1:30476 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_reverse_ord_tcp (indicator-shellcode.rules) * 1:30477 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_shell_bind_tcp_xpfw (indicator-shellcode.rules) * 1:30478 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_speak_pwned (indicator-shellcode.rules) * 1:30479 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_x64_exec (indicator-shellcode.rules) * 1:30480 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_x64_meterpreter_reverse_https (indicator-shellcode.rules) * 1:30485 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:30486 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:30487 <-> DISABLED <-> SERVER-OTHER Zilab Chat and Instant Messaging server heap overflow attempt (server-other.rules) * 1:30488 <-> DISABLED <-> SERVER-OTHER Zilab Chat and Instant Messaging server channel join heap overflow attempt (server-other.rules) * 1:30489 <-> DISABLED <-> SERVER-OTHER Zilab Chat and Instant Messaging server connection heap overflow attempt (server-other.rules) * 1:30492 <-> DISABLED <-> PUA-ADWARE Win.Adware.Boaxxe suspicious advert traffic related to click fraud (pua-adware.rules) * 1:30493 <-> DISABLED <-> PUA-ADWARE Win.Adware.Boaxxe suspicious advert traffic related to click fraud (pua-adware.rules) * 1:30496 <-> DISABLED <-> PUA-ADWARE Win.Adware.Boaxxe suspicious advert traffic related to click fraud (pua-adware.rules) * 1:30507 <-> DISABLED <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt (server-other.rules) * 1:30510 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30511 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30512 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30513 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30514 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30515 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30516 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30517 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30520 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 heartbeat read overrun attempt - vulnerable client response (server-other.rules) * 1:30521 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 heartbeat read overrun attempt - vulnerable client response (server-other.rules) * 1:30522 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - vulnerable client response (server-other.rules) * 1:30523 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt - vulnerable client response (server-other.rules) * 1:30524 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30525 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30530 <-> DISABLED <-> FILE-MULTIMEDIA CoCSoft Stream Down SEH based buffer overflow attempt (file-multimedia.rules) * 1:30531 <-> DISABLED <-> FILE-MULTIMEDIA CoCSoft Stream Down SEH based buffer overflow attempt (file-multimedia.rules) * 1:30532 <-> ENABLED <-> FILE-MULTIMEDIA CoCSoft Stream Download session (file-multimedia.rules) * 1:30535 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:30536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:30537 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:30538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:30539 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigateToUrl hidden channel to file creation (file-flash.rules) * 1:30540 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigateToUrl hidden channel to file creation (file-flash.rules) * 1:30549 <-> ENABLED <-> SERVER-OTHER OpenSSL Heartbleed masscan access exploitation attempt (server-other.rules) * 1:30562 <-> ENABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 stack buffer overflow attempt (protocol-scada.rules) * 1:30564 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime long rnet atom size buffer overflow attempt (file-multimedia.rules) * 1:30565 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime long rnet atom size buffer overflow attempt (file-multimedia.rules) * 1:30567 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent E-FAX phishing attempt (malware-other.rules) * 1:30568 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent E-FAX phishing attempt (malware-other.rules) * 1:30569 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent Funeral ceremony phishing attempt (malware-other.rules) * 1:30711 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30712 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30713 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30714 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30715 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30716 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30717 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30718 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30719 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30720 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30721 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30722 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30723 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30724 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30725 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30726 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30727 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30728 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30729 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30730 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30731 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30732 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30733 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30734 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30735 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30736 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30737 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30738 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30739 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30740 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30741 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30742 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30756 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30757 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30758 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30759 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30760 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file download request (file-identify.rules) * 1:30761 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:30762 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:30763 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:30764 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:30765 <-> DISABLED <-> PUA-TOOLBARS Inbox Public Transport Toolbar outbound connection (pua-toolbars.rules) * 1:30766 <-> ENABLED <-> EXPLOIT-KIT Magnitude exploit kit landing page (exploit-kit.rules) * 1:30770 <-> DISABLED <-> FILE-PDF Foxit Reader CFF CharStrings buffer overflow attempt (file-pdf.rules) * 1:30771 <-> DISABLED <-> FILE-PDF Foxit Reader CFF CharStrings buffer overflow attempt (file-pdf.rules) * 1:30777 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30778 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30779 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30780 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30781 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30782 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30783 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30784 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30785 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30786 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30787 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30788 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30790 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30791 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30792 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30793 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30797 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 RETR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30798 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 STOR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30799 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 ATTR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30800 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 XATR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30801 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 PMODE bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30802 <-> ENABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 bkclogserv buffer overflow attempt (protocol-scada.rules) * 1:30816 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - invalid reference type (protocol-scada.rules) * 1:30817 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large byte count (protocol-scada.rules) * 1:30818 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large reference value (protocol-scada.rules) * 1:30819 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - small byte count (protocol-scada.rules) * 1:30820 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - invalid reference type (protocol-scada.rules) * 1:30821 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large byte count (protocol-scada.rules) * 1:30822 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large reference value (protocol-scada.rules) * 1:30823 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - small byte count (protocol-scada.rules) * 1:30843 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Reader cross-site scripting attempt (file-flash.rules) * 1:30844 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Reader cross-site scripting attempt (file-flash.rules) * 1:30845 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF ActionScript exploit attempt (file-flash.rules) * 1:30846 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF ActionScript exploit attempt (file-flash.rules) * 1:30852 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page - base64 encoded xml/jnlp statement (exploit-kit.rules) * 1:30853 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain bitseed.xf2.org (app-detect.rules) * 1:30854 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.btcltcftc.com (app-detect.rules) * 1:30855 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.fc.altcointech.net (app-detect.rules) * 1:30856 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.feathercoin.com (app-detect.rules) * 1:30857 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.koin-project.com (app-detect.rules) * 1:30858 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.litecoinpool.org (app-detect.rules) * 1:30859 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.litecointools.com (app-detect.rules) * 1:30860 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.ltc.xurious.com (app-detect.rules) * 1:30861 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.ppc.altcointech.net (app-detect.rules) * 1:30862 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.xpm.altcointech.net (app-detect.rules) * 1:30863 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dvcstable01.dvcnode.org (app-detect.rules) * 1:30864 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dvcstable02.dvcnode.org (app-detect.rules) * 1:30865 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.bitcoinstats.com (app-detect.rules) * 1:30866 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.dglibrary.org (app-detect.rules) * 1:30867 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.dogechain.info (app-detect.rules) * 1:30868 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.dogecoin.com (app-detect.rules) * 1:30869 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.mophides.com (app-detect.rules) * 1:30870 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.ppcoin.net (app-detect.rules) * 1:30871 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed1.metiscoininvest.info (app-detect.rules) * 1:30872 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed1.net.terracoin.org (app-detect.rules) * 1:30873 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed1.qrkcoin.org (app-detect.rules) * 1:30874 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed2.net.terracoin.org (app-detect.rules) * 1:30875 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain tnseed.ppcoin.net (app-detect.rules) * 1:30878 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit mp3 requested by Java (exploit-kit.rules) * 1:30898 <-> DISABLED <-> FILE-OTHER Microsoft Windows Briefcase integer underflow (file-other.rules) * 1:30904 <-> DISABLED <-> FILE-OTHER RARLAB WinRAR ZIP format filename spoof attempt (file-other.rules) * 1:30907 <-> DISABLED <-> FILE-OTHER RARLAB WinRAR ZIP format filename spoof attempt (file-other.rules) * 1:30920 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit redirection gate (exploit-kit.rules) * 1:30927 <-> DISABLED <-> PUA-ADWARE Win.Adware.Linkular variant outbound connection (pua-adware.rules) * 1:30930 <-> DISABLED <-> PUA-ADWARE Win.Adware.FakeAV variant outbound connection (pua-adware.rules) * 1:30934 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity/Rig exploit kit encrypted binary download (exploit-kit.rules) * 1:30935 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity/Rig exploit kit landing page - specific structure (exploit-kit.rules) * 1:30939 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows NtUserMessageCall implementation exploitation attempt (file-executable.rules) * 1:30940 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows NtUserMessageCall implementation exploitation attempt (file-executable.rules) * 1:30946 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Wysotot variant download attempt (malware-other.rules) * 1:30948 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Hikit outbound banner response (malware-backdoor.rules) * 1:30950 <-> DISABLED <-> SERVER-MAIL BitDefender Antivirus logging function format string remote code execution attempt (server-mail.rules) * 1:30960 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit outbound jnlp request (exploit-kit.rules) * 1:30965 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Oracle Java exploit (exploit-kit.rules) * 1:30966 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Microsoft Internet Explorer exploit (exploit-kit.rules) * 1:30967 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Adobe Flash exploit (exploit-kit.rules) * 1:30968 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to font exploit (exploit-kit.rules) * 1:30969 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Internet Explorer landing page (exploit-kit.rules) * 1:30970 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Adobe Flash landing page (exploit-kit.rules) * 1:30971 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Oracle Java landing page (exploit-kit.rules) * 1:30972 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Silverlight landing page (exploit-kit.rules) * 1:30975 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Oracle Java exploit (exploit-kit.rules) * 1:30976 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Adobe Flash exploit (exploit-kit.rules) * 1:30992 <-> DISABLED <-> FILE-OTHER invalid ELF padding field value attempt (file-other.rules) * 1:30993 <-> DISABLED <-> FILE-OTHER invalid ELF padding field value attempt (file-other.rules) * 1:30994 <-> DISABLED <-> INDICATOR-COMPROMISE possible TAR file oversize length field (indicator-compromise.rules) * 1:30995 <-> DISABLED <-> INDICATOR-COMPROMISE possible TAR file oversize length field (indicator-compromise.rules) * 1:31008 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader length-compute UTF-16 string buffer overflow attempt (file-pdf.rules) * 1:31009 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader length-compute UTF-16 string buffer overflow attempt (file-pdf.rules) * 1:31011 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader DCT encoded stream null pointer dereference attempt (file-pdf.rules) * 1:31012 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader DCT encoded stream null pointer dereference attempt (file-pdf.rules) * 1:31013 <-> DISABLED <-> SERVER-OTHER UNIX platform forwardslash directory traversal (server-other.rules) * 1:31015 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (file-pdf.rules) * 1:31016 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (file-pdf.rules) * 1:31019 <-> DISABLED <-> PUA-ADWARE Win.Adware.OptimumInstaller variant outbound connection (pua-adware.rules) * 1:31021 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader api call handling arbitrary execution attempt (file-pdf.rules) * 1:31022 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader api call handling arbitrary execution attempt (file-pdf.rules) * 1:31023 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:31024 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:31025 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:31026 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:31037 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CS3000 BKESimmgr.exe buffer overflow attempt (protocol-scada.rules) * 1:31038 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (file-image.rules) * 1:31039 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (file-image.rules) * 1:31040 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (file-image.rules) * 1:31041 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (file-image.rules) * 1:31042 <-> DISABLED <-> PUA-ADWARE Win.Adware.Outbrowse installation attempt (pua-adware.rules) * 1:31045 <-> DISABLED <-> SERVER-OTHER Oracle Demantra arbitrary file retrieval with authentication bypass attempt (server-other.rules) * 1:31048 <-> DISABLED <-> PUA-ADWARE Win.Adware.PCSpeedUp variant outbound connection (pua-adware.rules) * 1:31052 <-> DISABLED <-> PUA-ADWARE Win.Adware.Kdupd variant outbound connection (pua-adware.rules) * 1:31056 <-> DISABLED <-> PROTOCOL-SNMP Motorola Netopia 3347 series WEP key enumeration attempt (protocol-snmp.rules) * 1:31057 <-> DISABLED <-> PROTOCOL-SNMP Motorola Netopia 3347 series WPA key enumeration attempt (protocol-snmp.rules) * 1:31058 <-> DISABLED <-> PROTOCOL-SNMP Brocade snAgentUserAccntName enumeration attempt (protocol-snmp.rules) * 1:31059 <-> DISABLED <-> PROTOCOL-SNMP Brocade snAgentUserAccntPassword enumeration attempt (protocol-snmp.rules) * 1:31074 <-> DISABLED <-> PUA-TOOLBARS AVG anti-virus toolbar download attempt - download-toolbar.avg.com (pua-toolbars.rules) * 1:31075 <-> DISABLED <-> PUA-TOOLBARS AVG anti-virus toolbar download attempt - mmi.explabs.net (pua-toolbars.rules) * 1:31076 <-> DISABLED <-> PUA-TOOLBARS Babylon toolbar download attempt - stat.info-stream.net (pua-toolbars.rules) * 1:31082 <-> DISABLED <-> SERVER-OTHER Vino VNC multiple client authentication denial of service attempt (server-other.rules) * 1:31085 <-> DISABLED <-> FILE-OTHER Autodesk AutoCAD insecure acad.fas file load attempt (file-other.rules) * 1:31086 <-> DISABLED <-> FILE-OTHER Autodesk AutoCAD insecure acad.fas file load attempt (file-other.rules) * 1:31087 <-> DISABLED <-> FILE-OTHER Sophos RAR virtual machine filters memory corruption attempt (file-other.rules) * 1:31088 <-> DISABLED <-> FILE-OTHER Sophos RAR virtual machine filters memory corruption attempt (file-other.rules) * 1:31089 <-> ENABLED <-> PUA-ADWARE Win.Adware.CloseApp variant outbound connection (pua-adware.rules) * 1:31091 <-> ENABLED <-> PUA-ADWARE Win.Adware.Inbox/PCFixSpeed/RebateInformer variant outbound connection (pua-adware.rules) * 1:31095 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series WEP key enumeration attempt (protocol-snmp.rules) * 1:31096 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series WPA key enumeration attempt (protocol-snmp.rules) * 1:31097 <-> DISABLED <-> PROTOCOL-SNMP CableHome Devices cabhPsDevUIPassword enumeration attempt (protocol-snmp.rules) * 1:31098 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series WEP key enumeration attempt (protocol-snmp.rules) * 1:31099 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series WPA key enumeration attempt (protocol-snmp.rules) * 1:31100 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series password enumeration attempt (protocol-snmp.rules) * 1:31101 <-> DISABLED <-> SERVER-OTHER Sharetronix cross site request forgery attempt (server-other.rules) * 1:31102 <-> DISABLED <-> SERVER-OTHER TrendMicro InterScan Viruswall directory traversal attempt (server-other.rules) * 1:31125 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:31126 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:31127 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:31128 <-> DISABLED <-> PROTOCOL-FTP CoreFTP FTP Server TYPE command denial of service attempt (protocol-ftp.rules) * 1:31130 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31146 <-> DISABLED <-> PUA-ADWARE Win.Adware.iBryte variant outbound connection (pua-adware.rules) * 1:31162 <-> DISABLED <-> SERVER-OTHER Beetel 450TC2 CSRF attempt (server-other.rules) * 1:31166 <-> DISABLED <-> PUA-ADWARE InstallRex bundled installer outbound activity (pua-adware.rules) * 1:31167 <-> DISABLED <-> PUA-ADWARE InstallRex bundled installer outbound activity (pua-adware.rules) * 1:31176 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31177 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31178 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31179 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31180 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules) * 1:31181 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules) * 1:31184 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ZBerp variant download attempt (malware-other.rules) * 1:31185 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ZBerp variant download attempt (malware-other.rules) * 1:31212 <-> DISABLED <-> INDICATOR-COMPROMISE http GET request smuggling attempt (indicator-compromise.rules) * 1:31213 <-> DISABLED <-> INDICATOR-COMPROMISE http POST request smuggling attempt (indicator-compromise.rules) * 1:31217 <-> DISABLED <-> OS-WINDOWS Microsoft Lync Server meeting URL XSS attempt (os-windows.rules) * 1:31229 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:31230 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit outbound connection (exploit-kit.rules) * 1:31231 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit outbound connection (exploit-kit.rules) * 1:31237 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound swf request (exploit-kit.rules) * 1:31245 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:31246 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:31274 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit encrypted binary download (exploit-kit.rules) * 1:31275 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit landing page (exploit-kit.rules) * 1:31281 <-> DISABLED <-> FILE-FLASH Adobe Flash Player redirect attempt (file-flash.rules) * 1:31282 <-> DISABLED <-> FILE-FLASH Adobe Flash Player redirect attempt (file-flash.rules) * 1:31283 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31291 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DynamicAnnotStore exploit attempt (file-pdf.rules) * 1:31292 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DynamicAnnotStore exploit attempt (file-pdf.rules) * 1:31298 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules) * 1:31313 <-> DISABLED <-> PUA-ADWARE Ticno Multibar installation attempt (pua-adware.rules) * 1:31329 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Zbot variant download attempt (malware-other.rules) * 1:31331 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31337 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules) * 1:31338 <-> DISABLED <-> SERVER-OTHER OpenAFS GetStatistics buffer overflow attempt (server-other.rules) * 1:31347 <-> ENABLED <-> FILE-FLASH Adobe AS3 pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31348 <-> ENABLED <-> FILE-FLASH Adobe AS3 pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31349 <-> ENABLED <-> FILE-FLASH Adobe AS3 simplified pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31350 <-> ENABLED <-> FILE-FLASH Adobe AS3 simplified pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31351 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31352 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31353 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31354 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31370 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit redirection page (exploit-kit.rules) * 1:31376 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer mpeg width integer memory underflow attempt (file-multimedia.rules) * 1:31378 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules) * 1:31379 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTTextFflow overflow attempt (file-office.rules) * 1:31392 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31393 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31394 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31395 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31396 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31397 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31405 <-> DISABLED <-> SERVER-APACHE Apache Chunked-Encoding worm attempt (server-apache.rules) * 1:31411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31412 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31413 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31415 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31416 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31435 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB record memory corruption attempt (file-office.rules) * 1:31436 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB record memory corruption attempt (file-office.rules) * 1:31455 <-> DISABLED <-> EXPLOIT-KIT Rig Exploit Kit Outbound DGA Request (exploit-kit.rules) * 1:31477 <-> DISABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31478 <-> DISABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31479 <-> DISABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31480 <-> DISABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31481 <-> ENABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31482 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31483 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31484 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31487 <-> ENABLED <-> MALWARE-OTHER Game Over Zeus executable download detected (malware-other.rules) * 1:31488 <-> ENABLED <-> MALWARE-OTHER Game Over Zeus executable download detected (malware-other.rules) * 1:31489 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31490 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31510 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Injector outbound traffic (malware-other.rules) * 1:31511 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:31512 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:31513 <-> DISABLED <-> BROWSER-FIREFOX Multiple browser pressure function denial of service attempt (browser-firefox.rules) * 1:31532 <-> DISABLED <-> APP-DETECT Xolominer outbound connection attempt (app-detect.rules) * 1:31534 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31535 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31536 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31537 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules) * 1:31552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31554 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules) * 1:31555 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt (file-pdf.rules) * 1:31558 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Andromeda variant outbound connection (malware-backdoor.rules) * 1:31559 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Andromeda variant outbound connection (malware-backdoor.rules) * 1:31570 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB mysql.cc buffer overflow attempt (server-mysql.rules) * 1:31571 <-> DISABLED <-> FILE-IMAGE GIMP XWD BlueMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31572 <-> DISABLED <-> FILE-IMAGE GIMP XWD GreenMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31573 <-> DISABLED <-> FILE-IMAGE GIMP XWD RedMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31574 <-> DISABLED <-> FILE-IMAGE GIMP XWD BlueMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31575 <-> DISABLED <-> FILE-IMAGE GIMP XWD GreenMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31576 <-> DISABLED <-> FILE-IMAGE GIMP XWD RedMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31577 <-> DISABLED <-> PROTOCOL-SNMP HP Huawei password disclosure attempt (protocol-snmp.rules) * 1:31578 <-> DISABLED <-> PROTOCOL-SNMP HP Huawei password disclosure attempt (protocol-snmp.rules) * 1:31579 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record attempt (file-office.rules) * 1:31587 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XDP encoded download attempt (file-pdf.rules) * 1:31589 <-> DISABLED <-> PROTOCOL-SERVICES Linux iscsi_add_notunderstood_response request buffer overflow attempt (protocol-services.rules) * 1:31590 <-> DISABLED <-> PROTOCOL-SERVICES Linux iscsi_add_notunderstood_response request buffer overflow attempt (protocol-services.rules) * 1:31594 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (browser-chrome.rules) * 1:31595 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (browser-chrome.rules) * 1:31596 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (browser-chrome.rules) * 1:31597 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (browser-chrome.rules) * 1:31598 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (browser-chrome.rules) * 1:31599 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (browser-chrome.rules) * 1:31612 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded PRC stream NULL dereference denial of service attempt (file-pdf.rules) * 1:31613 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded PRC stream NULL dereference denial of service attempt (file-pdf.rules) * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player possible cross-domain bypass attempt (policy-other.rules) * 1:31670 <-> DISABLED <-> FILE-OTHER Symantec Endpoint Protection Sysplant kernel pool overflow exploit attempt (file-other.rules) * 1:31671 <-> DISABLED <-> FILE-OTHER Symantec Endpoint Protection Sysplant kernel pool overflow exploit attempt (file-other.rules) * 1:31673 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URL handling remote code execution attempt (file-flash.rules) * 1:31674 <-> DISABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31675 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31676 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31677 <-> DISABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31678 <-> ENABLED <-> FILE-FLASH Adobe Flash valueOf memory leak attempt (file-flash.rules) * 1:31679 <-> ENABLED <-> FILE-FLASH Adobe Flash valueOf memory leak attempt (file-flash.rules) * 1:31684 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-origin security policy bypass attempt (file-flash.rules) * 1:31685 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-origin security policy bypass attempt (file-flash.rules) * 1:31692 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page detected (exploit-kit.rules) * 1:31695 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31699 <-> ENABLED <-> EXPLOIT-KIT Hanjuan exploit kit encrypted binary download (exploit-kit.rules) * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31704 <-> DISABLED <-> SERVER-OTHER FCKeditor textinputs cross site scripting attempt (server-other.rules) * 1:31708 <-> DISABLED <-> SERVER-OTHER Cougar-LG SSH key path access attempt (server-other.rules) * 1:31709 <-> DISABLED <-> SERVER-OTHER Cougar-LG configuration file access attempt (server-other.rules) * 1:31719 <-> DISABLED <-> FILE-IMAGE Microsoft Multiple Products JPEG parser heap overflow attempt (file-image.rules) * 1:31723 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules) * 1:31724 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules) * 1:31725 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules) * 1:31726 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules) * 1:31727 <-> DISABLED <-> SERVER-OTHER Cistron-LG configuration file access attempt (server-other.rules) * 1:31732 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MMgc use-after-free attempt (file-flash.rules) * 1:31733 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MMgc use-after-free attempt (file-flash.rules) * 1:31734 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detection (exploit-kit.rules) * 1:31739 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (file-flash.rules) * 1:31740 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (file-flash.rules) * 1:31741 <-> ENABLED <-> SERVER-OTHER Multi-Router Looking Glass remote command injection attempt (server-other.rules) * 1:31746 <-> ENABLED <-> MALWARE-BACKDOOR Backdoor.Perl.Shellbot outbound communication attempt (malware-backdoor.rules) * 1:31749 <-> DISABLED <-> FILE-FLASH Adobe Flash Player marshallException through JavaScript XSS attempt (file-flash.rules) * 1:31750 <-> DISABLED <-> FILE-FLASH Adobe Flash Player marshallException through JavaScript XSS attempt (file-flash.rules) * 1:31764 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC TGS request cross-realm referral null pointer dereference denial of service attempt (server-other.rules) * 1:31765 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC TGS request cross-realm referral null pointer dereference denial of service attempt (server-other.rules) * 1:31766 <-> DISABLED <-> SERVER-OTHER Cougar-LG addr parameter XSS attempt (server-other.rules) * 1:31767 <-> DISABLED <-> SERVER-OTHER MRLG fastping echo reply memory corruption attempt (server-other.rules) * 1:31769 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit outbound connection on non-standard port (exploit-kit.rules) * 1:31770 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit jquery_datepicker domain decode attempt (exploit-kit.rules) * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31817 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Graftor variant retrieval of a DLL hosted as a JPG (malware-other.rules) * 1:31821 <-> DISABLED <-> FILE-OTHER Mozilla products clipPath element stroke-width buffer overflow attempt (file-other.rules) * 1:31822 <-> DISABLED <-> FILE-OTHER Mozilla products clipPath element stroke-width buffer overflow attempt (file-other.rules) * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules) * 1:31839 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules) * 1:31840 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules) * 1:31841 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules) * 1:31842 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules) * 1:31847 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (file-flash.rules) * 1:31848 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (file-flash.rules) * 1:31849 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (file-flash.rules) * 1:31850 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (file-flash.rules) * 1:31851 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A 128 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31852 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A 64 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31853 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A WPA key enumeration attempt (protocol-snmp.rules) * 1:31854 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 128 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31855 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 64 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31856 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products WPA key enumeration attempt (protocol-snmp.rules) * 1:31857 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit enumeration code detected (exploit-kit.rules) * 1:31858 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit enumeration code detected (exploit-kit.rules) * 1:31859 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit exfiltration attempt (exploit-kit.rules) * 1:31860 <-> DISABLED <-> SERVER-OTHER Apple CUPS web interface cross site scripting attempt (server-other.rules) * 1:31861 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (file-flash.rules) * 1:31862 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (file-flash.rules) * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:31898 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:31899 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash encoded shellcode detected (exploit-kit.rules) * 1:31900 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Internet Explorer encoded shellcode detected (exploit-kit.rules) * 1:31902 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit flash file download (exploit-kit.rules) * 1:31903 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit flash file download (exploit-kit.rules) * 1:31966 <-> DISABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules) * 1:31967 <-> DISABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules) * 1:31972 <-> DISABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules) * 1:31986 <-> ENABLED <-> FILE-OTHER Wireshark MPEG dissector stack buffer overflow attempt (file-other.rules) * 1:31987 <-> ENABLED <-> FILE-OTHER Wireshark MPEG dissector stack buffer overflow attempt (file-other.rules) * 1:31988 <-> ENABLED <-> EXPLOIT-KIT Gong Da exploit kit landing page (exploit-kit.rules) * 1:32005 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules) * 1:32006 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules) * 1:32008 <-> ENABLED <-> MALWARE-OTHER Fake Delta Ticket HTTP Response phishing attack (malware-other.rules) * 1:32021 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D format Line Set Continuation out-of-bounds memory access attempt (file-pdf.rules) * 1:32022 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D format Line Set Continuation out-of-bounds memory access attempt (file-pdf.rules) * 1:32024 <-> ENABLED <-> FILE-FLASH Adobe Flash Player unsupported bitmapFormat value memory disclosure attempt (file-flash.rules) * 1:32025 <-> ENABLED <-> FILE-FLASH Adobe Flash Player unsupported bitmapFormat value memory disclosure attempt (file-flash.rules) * 1:32026 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules) * 1:32027 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules) * 1:32029 <-> DISABLED <-> BROWSER-OTHER Android WebView same origin policy bypass attempt (browser-other.rules) * 1:32045 <-> ENABLED <-> OS-OTHER Bash redir_stack here document handling denial of service attempt (os-other.rules) * 1:32046 <-> ENABLED <-> OS-OTHER Bash redir_stack here document handling denial of service attempt (os-other.rules) * 1:32047 <-> ENABLED <-> OS-OTHER Bash CGI nested loops word_lineno denial of service attempt (os-other.rules) * 1:32049 <-> ENABLED <-> OS-OTHER Bash CGI nested loops word_lineno denial of service attempt (os-other.rules) * 1:32055 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Blohi variant outbound connection (malware-backdoor.rules) * 1:32059 <-> ENABLED <-> PROTOCOL-SCADA KingSCADA Alarm Server stack buffer overflow attempt (protocol-scada.rules) * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (policy-other.rules) * 1:32076 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 directory traversal attempt (server-other.rules) * 1:32077 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP ping abort message double free attempt (file-flash.rules) * 1:32080 <-> ENABLED <-> MALWARE-BACKDOOR Linux.Backdoor.Starysu variant inbound connection (malware-backdoor.rules) * 1:32081 <-> ENABLED <-> MALWARE-BACKDOOR Linux.Backdoor.Starysu variant inbound connection (malware-backdoor.rules) * 1:32084 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32085 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32087 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules) * 1:32088 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules) * 1:32089 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules) * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (policy-other.rules) * 1:32099 <-> DISABLED <-> FILE-OTHER Adobe Flash Player integer overflow out-of-bounds read attempt (file-other.rules) * 1:32100 <-> DISABLED <-> FILE-OTHER Adobe Flash Player integer overflow out-of-bounds read attempt (file-other.rules) * 1:32117 <-> DISABLED <-> PUA-ADWARE MplayerX malvertising browser hijacker (pua-adware.rules) * 1:32118 <-> DISABLED <-> PUA-ADWARE MplayerX malvertising connectivity check (pua-adware.rules) * 1:32119 <-> DISABLED <-> PUA-ADWARE Vsearch installer User-Agent (pua-adware.rules) * 1:32120 <-> DISABLED <-> PUA-ADWARE Vsearch installer request (pua-adware.rules) * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:32141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32142 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32143 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32146 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32147 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word styleWithEffects use-after-free attempt (file-office.rules) * 1:32148 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word styleWithEffects use-after-free attempt (file-office.rules) * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (file-identify.rules) * 1:32166 <-> ENABLED <-> FILE-OTHER Microsoft Internet Explorer SVG heap corruption attempt (file-other.rules) * 1:32167 <-> ENABLED <-> FILE-OTHER Microsoft Internet Explorer SVG heap corruption attempt (file-other.rules) * 1:32170 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader string replacement heap overflow attempt (file-pdf.rules) * 1:32171 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader string replacement heap overflow attempt (file-pdf.rules) * 1:32190 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font parsing remote code execution attempt (os-windows.rules) * 1:32191 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font parsing remote code execution attempt (os-windows.rules) * 1:32199 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 305 directory traversal attempt (server-other.rules) * 1:32204 <-> DISABLED <-> SERVER-OTHER SSLv3 POODLE CBC padding brute force attempt (server-other.rules) * 1:32205 <-> DISABLED <-> SERVER-OTHER SSLv3 POODLE CBC padding brute force attempt (server-other.rules) * 1:32236 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (file-flash.rules) * 1:32237 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (file-flash.rules) * 1:32238 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (file-flash.rules) * 1:32239 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (file-flash.rules) * 1:32240 <-> DISABLED <-> SERVER-OTHER rsyslog remote PRI out of bounds attempt (server-other.rules) * 1:32244 <-> DISABLED <-> BROWSER-FIREFOX Mozilla 1.0 Javascript arbitrary cookie access attempt (browser-firefox.rules) * 1:32247 <-> ENABLED <-> MALWARE-BACKDOOR PHP IRCBot command execution attempt (malware-backdoor.rules) * 1:32248 <-> ENABLED <-> MALWARE-BACKDOOR PHP IRCBot file edit attempt (malware-backdoor.rules) * 1:32249 <-> ENABLED <-> MALWARE-BACKDOOR PHP IRCBot port bind attempt (malware-backdoor.rules) * 1:32251 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:32252 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:32253 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file download request (file-identify.rules) * 1:32260 <-> ENABLED <-> MALWARE-OTHER Sinkhole reply - irc-sinkhole.cert.pl (malware-other.rules) * 1:32274 <-> DISABLED <-> OS-MOBILE Apple iOS 8.x jailbreak download attempt (os-mobile.rules) * 1:32275 <-> DISABLED <-> OS-MOBILE Apple iOS 8.x jailbreak download attempt (os-mobile.rules) * 1:32277 <-> DISABLED <-> SERVER-OTHER Novell ZENworks PreBoot directory traversal attempt (server-other.rules) * 1:32301 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32302 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32303 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32304 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32305 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32306 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32307 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32308 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32319 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink locationAttributeSetter use after free attempt (browser-chrome.rules) * 1:32320 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink locationAttributeSetter use after free attempt (browser-chrome.rules) * 1:32321 <-> DISABLED <-> SERVER-OTHER Generic JPEG stored cross site scripting attempt (server-other.rules) * 1:32322 <-> DISABLED <-> SERVER-OTHER Generic JPEG stored cross site scripting attempt (server-other.rules) * 1:32337 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader pattern object memory corruption attempt (file-pdf.rules) * 1:32339 <-> DISABLED <-> PUA-ADWARE Nosibay Bubble Dock freeware auto update outbound connection (pua-adware.rules) * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:32346 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 directory traversal attempt (server-other.rules) * 1:32358 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JpxDecode invalid crgn memory corruption attempt (file-pdf.rules) * 1:32361 <-> DISABLED <-> FILE-OTHER Microsoft Windows Briefcase integer overflow (file-other.rules) * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules) * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules) * 1:32371 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32376 <-> DISABLED <-> SERVER-OTHER Citrix NetScaler stack buffer overflow attempt (server-other.rules) * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (file-identify.rules) * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (file-identify.rules) * 1:32381 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules) * 1:32382 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules) * 1:32387 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit jar file download (exploit-kit.rules) * 1:32388 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules) * 1:32390 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:32399 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound Oracle Java request (exploit-kit.rules) * 1:32403 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32404 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32405 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32406 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32407 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32408 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32409 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32410 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32411 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32412 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32413 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32414 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32415 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32416 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32417 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32419 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel ECDH key exchange heap overflow attempt (os-windows.rules) * 1:32420 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel ECDH key exchange heap overflow attempt (os-windows.rules) * 1:32421 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel ECDH key exchange heap overflow attempt (os-windows.rules) * 1:32422 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DTLSv1.0 handshake cookie buffer overflow attempt (os-windows.rules) * 1:32423 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DTLSv1.0 hello verify request out of bounds read attempt (os-windows.rules) * 1:32428 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document malicious lcbSttbfBkmkArto value attempt (file-office.rules) * 1:32429 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document malicious lcbSttbfBkmkArto value attempt (file-office.rules) * 1:32432 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word lcbPlcffndTxt out-of-bounds attempt (file-office.rules) * 1:32433 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word fcPlfguidUim out-of-bounds attempt (file-office.rules) * 1:32434 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word lcbPlcffndTxt out-of-bounds attempt (file-office.rules) * 1:32435 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word fcPlfguidUim out-of-bounds attempt (file-office.rules) * 1:32465 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (server-other.rules) * 1:32466 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (server-other.rules) * 1:32467 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (server-other.rules) * 1:32468 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (server-other.rules) * 1:32474 <-> ENABLED <-> OS-WINDOWS .NET Framework BinaryServerFormatterSink-ProcessMessage IMessage corruption attempt (os-windows.rules) * 1:32475 <-> ENABLED <-> OS-WINDOWS .NET Framework BinaryServerFormatterSink-ProcessMessage IMessage corruption attempt (os-windows.rules) * 1:32476 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word bOffset value overflow attempt (file-office.rules) * 1:32477 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word bOffset value overflow attempt (file-office.rules) * 1:32489 <-> DISABLED <-> OS-WINDOWS Microsoft Windows tcpip.sys null pointer dereference attempt (os-windows.rules) * 1:32490 <-> DISABLED <-> OS-WINDOWS Microsoft Windows tcpip.sys null pointer dereference attempt (os-windows.rules) * 1:32499 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer EPM sandbox escape attempt (file-other.rules) * 1:32500 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer EPM sandbox escape attempt (file-other.rules) * 1:32501 <-> ENABLED <-> FILE-OTHER Microsoft XML invalid priority in xsl template (file-other.rules) * 1:32502 <-> ENABLED <-> FILE-OTHER Microsoft XML invalid priority in xsl template (file-other.rules) * 1:32514 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules) * 1:32515 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules) * 1:32516 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules) * 1:32517 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules) * 1:32518 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer registry symbolic link attack attempt (file-other.rules) * 1:32519 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer registry symbolic link attack attempt (file-other.rules) * 1:32525 <-> ENABLED <-> BROWSER-OTHER FreeBSD tnftp client detected (browser-other.rules) * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (policy-other.rules) * 1:32530 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32533 <-> ENABLED <-> SERVER-MYSQL Oracle MySQL Server XPath memory Corruption attempt (server-mysql.rules) * 1:32534 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32535 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32537 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32540 <-> ENABLED <-> FILE-FLASH Adobe Flash Player decompressed microphone object codec denial of service attempt (file-flash.rules) * 1:32541 <-> ENABLED <-> FILE-FLASH Adobe Flash Player decompressed microphone object codec denial of service attempt (file-flash.rules) * 1:32542 <-> ENABLED <-> FILE-FLASH Adobe Flash Player compressed microphone object codec denial of service attempt (file-flash.rules) * 1:32543 <-> ENABLED <-> FILE-FLASH Adobe Flash Player compressed microphone object codec denial of service attempt (file-flash.rules) * 1:32544 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML focus with no data denial of service attempt (file-flash.rules) * 1:32545 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML focus with no data denial of service attempt (file-flash.rules) * 1:32552 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect codec denial of service attempt (file-flash.rules) * 1:32553 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect codec denial of service attempt (file-flash.rules) * 1:32554 <-> ENABLED <-> EXPLOIT-KIT Hellspawn exploit kit landing page detected (exploit-kit.rules) * 1:32558 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (file-flash.rules) * 1:32559 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (file-flash.rules) * 1:32560 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (file-flash.rules) * 1:32561 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (file-flash.rules) * 1:32566 <-> DISABLED <-> POLICY-OTHER SSLv3 CBC client connection attempt (policy-other.rules) * 1:32567 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (file-flash.rules) * 1:32568 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (file-flash.rules) * 1:32569 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (file-flash.rules) * 1:32570 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (file-flash.rules) * 1:32571 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32572 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32573 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32574 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32575 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32576 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32578 <-> ENABLED <-> PUA-OTHER Request for known malware domain pierrejb.agora.eu.org (pua-other.rules) * 1:32587 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Series record exploit attempt (file-office.rules) * 1:32588 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules) * 1:32589 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules) * 1:32592 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed JPEG information leak attempt (file-flash.rules) * 1:32593 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed JPEG information leak attempt (file-flash.rules) * 1:32601 <-> DISABLED <-> SERVER-OTHER Hikvision DVR RTSP request buffer overflow attempt (server-other.rules) * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (policy-other.rules) * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (policy-other.rules) * 1:32616 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules) * 1:32617 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules) * 1:32618 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file download request (file-identify.rules) * 1:32619 <-> DISABLED <-> FILE-OTHER MostGear EasyLanFolderShare serial key overflow attempt (file-other.rules) * 1:32620 <-> DISABLED <-> FILE-OTHER MostGear EasyLanFolderShare serial key overflow attempt (file-other.rules) * 1:32628 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32636 <-> DISABLED <-> FILE-OTHER fCreateShellLink function use - potential attack (file-other.rules) * 1:32637 <-> DISABLED <-> PROTOCOL-TFTP UDP large packet use after free attempt (protocol-tftp.rules) * 1:32638 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit Adobe Flash exploit on defined port (exploit-kit.rules) * 1:32640 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit outbound payload detection (exploit-kit.rules) * 1:32641 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit Oracle Java jnlp file requested on defined port (exploit-kit.rules) * 1:32647 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32648 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32649 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32650 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32651 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32668 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray.uncompress use after free attempt (file-flash.rules) * 1:32669 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray.uncompress use after free attempt (file-flash.rules) * 1:32671 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (file-other.rules) * 1:32672 <-> DISABLED <-> SERVER-OTHER Cisco ios ftp proxy overflow attempt (server-other.rules) * 1:32673 <-> DISABLED <-> SERVER-OTHER Web Service on Devices API WSDAPI URL processing buffer corruption attempt (server-other.rules) * 1:32683 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel blip image use after free attempt (file-office.rules) * 1:32684 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel blip image use after free attempt (file-office.rules) * 1:32687 <-> DISABLED <-> FILE-OFFICE Microsoft Office use after free (file-office.rules) * 1:32688 <-> DISABLED <-> FILE-OFFICE Microsoft Office use after free (file-office.rules) * 1:32705 <-> DISABLED <-> SERVER-MAIL Microsoft Exchange OWA meeting invite XSS attempt (server-mail.rules) * 1:32707 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object use after free attempt (file-office.rules) * 1:32708 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object use after free attempt (file-office.rules) * 1:32711 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word array index out-of-bounds attempt (file-office.rules) * 1:32712 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word array index out-of-bounds attempt (file-office.rules) * 1:32713 <-> DISABLED <-> BROWSER-OTHER Microsoft Internet Explorer cross site scripting filter bypass attempt (browser-other.rules) * 1:32718 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel remote code execution attempt (file-office.rules) * 1:32719 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel remote code execution attempt (file-office.rules) * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (policy-other.rules) * 1:32731 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32732 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32737 <-> DISABLED <-> SERVER-OTHER Lianja SQL Server db_netserver Buffer Overflow attempt (server-other.rules) * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32748 <-> DISABLED <-> SERVER-OTHER Ecava IntegraXor HMI /res buffer overflow attempt (server-other.rules) * 1:32749 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules) * 1:32750 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules) * 1:32751 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules) * 1:32752 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules) * 1:32755 <-> DISABLED <-> SERVER-OTHER TLSv1.0 POODLE CBC padding brute force attempt (server-other.rules) * 1:32756 <-> DISABLED <-> SERVER-OTHER TLSv1.1 POODLE CBC padding brute force attempt (server-other.rules) * 1:32757 <-> DISABLED <-> SERVER-OTHER TLSv1.2 POODLE CBC padding brute force attempt (server-other.rules) * 1:32758 <-> DISABLED <-> SERVER-OTHER TLSv1.0 POODLE CBC padding brute force attempt (server-other.rules) * 1:32759 <-> DISABLED <-> SERVER-OTHER TLSv1.1 POODLE CBC padding brute force attempt (server-other.rules) * 1:32760 <-> DISABLED <-> SERVER-OTHER TLSv1.2 POODLE CBC padding brute force attempt (server-other.rules) * 1:32764 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (file-flash.rules) * 1:32765 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (file-flash.rules) * 1:32766 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (file-flash.rules) * 1:32767 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (file-flash.rules) * 1:32768 <-> DISABLED <-> SQL PK-CMS SQL injection attempt (sql.rules) * 1:32771 <-> DISABLED <-> MALWARE-OTHER Adobe Invoice email scam phishing attempt (malware-other.rules) * 1:32772 <-> DISABLED <-> MALWARE-OTHER Adobe License Key email scam phishing attempt (malware-other.rules) * 1:32787 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32788 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32789 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32790 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32793 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:32794 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:32795 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D light resource orphaned array use after free attempt (file-pdf.rules) * 1:32796 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D light resource orphaned array use after free attempt (file-pdf.rules) * 1:32797 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32798 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32799 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32800 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32801 <-> DISABLED <-> FILE-FLASH Adobe Flash Player orphaning MP3 crash attempt (file-flash.rules) * 1:32802 <-> DISABLED <-> FILE-FLASH Adobe Flash Player orphaning MP3 crash attempt (file-flash.rules) * 1:32805 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32806 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32807 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32808 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32809 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32813 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D object use after free attempt (file-pdf.rules) * 1:32814 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D object use after free attempt (file-pdf.rules) * 1:32815 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:32816 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:32817 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:32818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:32819 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 row out of bounds memory corruption attempt (file-pdf.rules) * 1:32820 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 row out of bounds memory corruption attempt (file-pdf.rules) * 1:32821 <-> DISABLED <-> FILE-PDF Cross Domain potentially malicious redirection attempt (file-pdf.rules) * 1:32822 <-> DISABLED <-> FILE-PDF Cross Domain potentially malicious redirection attempt (file-pdf.rules) * 1:32828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32832 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32833 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32834 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32835 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32836 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32837 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32838 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ANTrustPropgateAll privilege propagation attempt (file-pdf.rules) * 1:32839 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ANTrustPropgateAll privilege propagation attempt (file-pdf.rules) * 1:32845 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - 209.53.113.223 (app-detect.rules) * 1:32846 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - absolute.com (app-detect.rules) * 1:32847 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - bh.namequery.com (app-detect.rules) * 1:32848 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - namequery.nettrace.co.za (app-detect.rules) * 1:32849 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search.us.namequery.com (app-detect.rules) * 1:32850 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search2.namequery.com (app-detect.rules) * 1:32851 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search64.namequery.com (app-detect.rules) * 1:32864 <-> DISABLED <-> APP-DETECT I2P NetBIOS name resolution request attempt (app-detect.rules) * 1:32865 <-> DISABLED <-> APP-DETECT I2P DNS request attempt (app-detect.rules) * 1:32866 <-> DISABLED <-> APP-DETECT I2P UPNP query attempt (app-detect.rules) * 1:32867 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader resampling invalid graphic matrix value attempt (file-pdf.rules) * 1:32868 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader resampling invalid graphic matrix value attempt (file-pdf.rules) * 1:32872 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff exploit attempt (file-office.rules) * 1:32873 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray crash attempt (file-flash.rules) * 1:32874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray crash attempt (file-flash.rules) * 1:32875 <-> DISABLED <-> MALWARE-TOOLS BlackSpider Tool ali.txt file upload attempt (malware-tools.rules) * 1:32877 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:32878 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:32879 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit payload delivery (exploit-kit.rules) * 1:32880 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules) * 1:32883 <-> DISABLED <-> FILE-OTHER Adobe Reader MoveFileEx arbitrary file write attempt (file-other.rules) * 1:32884 <-> DISABLED <-> FILE-OTHER Adobe Reader MoveFileEx arbitrary file write attempt (file-other.rules) * 1:32889 <-> DISABLED <-> FILE-IMAGE Microsoft and libpng multiple products PNG large image width overflow attempt (file-image.rules) * 1:32890 <-> DISABLED <-> SERVER-OTHER ntpd configure buffer overflow attempt (server-other.rules) * 1:32898 <-> DISABLED <-> FILE-MULTIMEDIA Quicktime MJPEG Frame stsd Atom Heap Overflow attempt (file-multimedia.rules) * 1:32899 <-> DISABLED <-> FILE-MULTIMEDIA Quicktime MJPEG Frame stsd Atom Heap Overflow attempt (file-multimedia.rules) * 1:32900 <-> DISABLED <-> FILE-FLASH Adobe Flash pepper player 307 redirect custom header cross domain policy evasion attempt (file-flash.rules) * 1:32903 <-> DISABLED <-> FILE-OTHER Oracle Database Server XML stack buffer overflow attempt (file-other.rules) * 1:32904 <-> DISABLED <-> FILE-OTHER Oracle Database Server XML stack buffer overflow attempt (file-other.rules) * 1:32907 <-> DISABLED <-> POLICY-OTHER PirateBrowser User-Agent detected (policy-other.rules) * 1:32911 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper inbound communication attempt (malware-backdoor.rules) * 1:32912 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper outbound communication attempt (malware-backdoor.rules) * 1:32913 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper download attempt (malware-backdoor.rules) * 1:32914 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper download attempt (malware-backdoor.rules) * 1:32915 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper inbound communication attempt (malware-backdoor.rules) * 1:32916 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper outbound communication attempt (malware-backdoor.rules) * 1:32917 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper inbound communication attempt (malware-backdoor.rules) * 1:32918 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper download attempt (malware-backdoor.rules) * 1:32919 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32920 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32921 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32922 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32923 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32924 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32925 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32926 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32927 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32928 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32929 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32930 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32931 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32932 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32933 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32934 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32935 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32936 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Wiper proxy tools download attempt (malware-tools.rules) * 1:32937 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Wiper proxy communication attempt (malware-tools.rules) * 1:32938 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Wiper proxy tool download attempt (malware-tools.rules) * 1:32940 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed Label record exploit attempt (file-office.rules) * 1:32941 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules) * 1:32942 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules) * 1:32943 <-> DISABLED <-> FILE-OTHER Microsoft SYmbolic LinK stack overflow attempt (file-other.rules) * 1:32945 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules) * 1:32946 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules) * 1:32947 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file download request (file-identify.rules) * 1:32948 <-> DISABLED <-> INDICATOR-COMPROMISE Download of executable screensaver file (indicator-compromise.rules) * 1:32949 <-> DISABLED <-> MALWARE-OTHER Download of executable screensaver file (malware-other.rules) * 1:32951 <-> DISABLED <-> POLICY-OTHER base64 encoded executable file download (policy-other.rules) * 1:32953 <-> DISABLED <-> SERVER-OTHER XCat Blind XPath Injection attempt (server-other.rules) * 1:32954 <-> DISABLED <-> SERVER-OTHER XCat Blind XPath Injection attempt (server-other.rules) * 1:32955 <-> DISABLED <-> SERVER-OTHER XCat Blind XPath Injection attempt (server-other.rules) * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (protocol-dns.rules) * 1:32960 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules) * 1:32961 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules) * 1:32965 <-> DISABLED <-> OS-WINDOWS Microsoft Windows identity token authorization bypass attempt (os-windows.rules) * 1:32966 <-> DISABLED <-> OS-WINDOWS Microsoft Windows identity token authorization bypass attempt (os-windows.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules) * 1:32974 <-> DISABLED <-> OS-MOBILE Android ObjectInputStream privilege escalation attempt (os-mobile.rules) * 1:32975 <-> DISABLED <-> OS-MOBILE Android ObjectInputStream privilege escalation attempt (os-mobile.rules) * 1:32995 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit Adobe Flash download (exploit-kit.rules) * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules) * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules) * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (file-identify.rules) * 1:33048 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebdavRedirector privilege escalation attempt (os-windows.rules) * 1:33049 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebdavRedirector privilege escalation attempt (os-windows.rules) * 1:33062 <-> DISABLED <-> FILE-OTHER BulletProof FTP Client BPS file buffer overflow attempt (file-other.rules) * 1:33063 <-> DISABLED <-> FILE-OTHER BulletProof FTP Client BPS file buffer overflow attempt (file-other.rules) * 1:33155 <-> DISABLED <-> OS-WINDOWS CryptProtectMemory Impersonation Check Bypass attempt (os-windows.rules) * 1:33156 <-> DISABLED <-> OS-WINDOWS CryptProtectMemory Impersonation Check Bypass attempt (os-windows.rules) * 1:33159 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM2 opcode type confusion denial of service attempt (file-flash.rules) * 1:33160 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM2 opcode type confusion denial of service attempt (file-flash.rules) * 1:33162 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:33163 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:33164 <-> DISABLED <-> FILE-FLASH Adobe Flash Player RTMP out-of-bounds read attempt (file-flash.rules) * 1:33176 <-> ENABLED <-> FILE-FLASH Adobe Flash AWM2 out of bounds corruption attempt (file-flash.rules) * 1:33177 <-> ENABLED <-> FILE-FLASH Adobe Flash AWM2 out of bounds corruption attempt (file-flash.rules) * 1:33183 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:33185 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:33186 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (exploit-kit.rules) * 1:33187 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (exploit-kit.rules) * 1:33197 <-> DISABLED <-> SERVER-OTHER BMC Track-It FileStorageService directory traversal attempt (server-other.rules) * 1:33205 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC 2.1.5 Media Player libavcodex memory corruption attempt (file-multimedia.rules) * 1:33206 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC 2.1.5 Media Player libavcodex memory corruption attempt (file-multimedia.rules) * 1:33208 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bladbindi obfuscated with Yano Obfuscator download attempt (malware-other.rules) * 1:33212 <-> ENABLED <-> PUA-ADWARE SoftPulse variant HTTP response attempt (pua-adware.rules) * 1:33213 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader newfunction memory corruption attempt (file-pdf.rules) * 1:33214 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader newfunction memory corruption attempt (file-pdf.rules) * 1:33215 <-> DISABLED <-> INDICATOR-COMPROMISE DNS request for known malware domain icanhazip.com (indicator-compromise.rules) * 1:33216 <-> DISABLED <-> INDICATOR-COMPROMISE DNS request for known malware domain tor2web.org (indicator-compromise.rules) * 1:33224 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.Blocker variant outbound connection attempt (indicator-compromise.rules) * 1:33280 <-> DISABLED <-> PUA-ADWARE Win.Adware.iBryte variant outbound connection (pua-adware.rules) * 1:33286 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (exploit-kit.rules) * 1:33292 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:33295 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (file-flash.rules) * 1:33296 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (file-flash.rules) * 1:33297 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (file-flash.rules) * 1:33298 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (file-flash.rules) * 1:33304 <-> ENABLED <-> PUA-ADWARE Win.Adware.Gamevance variant outbound connection (pua-adware.rules) * 1:33306 <-> ENABLED <-> MALWARE-OTHER connection to malware sinkhole (malware-other.rules) * 1:33307 <-> DISABLED <-> FILE-OTHER Microsoft Visio packed object parsing memory corruption attempt (file-other.rules) * 1:33308 <-> DISABLED <-> FILE-OTHER Microsoft Visio packed object parsing memory corruption attempt (file-other.rules) * 1:33309 <-> DISABLED <-> FILE-OTHER libxml2 entity reference name heap buffer overflow attempt (file-other.rules) * 1:33310 <-> DISABLED <-> FILE-OTHER libxml2 entity reference name heap buffer overflow attempt (file-other.rules) * 1:33311 <-> ENABLED <-> PUA-ADWARE Win.Adware.OptimizerPro variant outbound connection (pua-adware.rules) * 1:33343 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 x64 linked cursor double free attempt (os-windows.rules) * 1:33344 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 x64 linked cursor double free attempt (os-windows.rules) * 1:33355 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys use-after-free attempt (os-windows.rules) * 1:33363 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules) * 1:33364 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules) * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (policy-other.rules) * 1:33430 <-> DISABLED <-> APP-DETECT I2P traffic transmission attempt (app-detect.rules) * 1:33436 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font integer overflow attempt (file-other.rules) * 1:33437 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font integer overflow attempt (file-other.rules) * 1:33441 <-> DISABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (file-office.rules) * 1:33442 <-> DISABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (file-office.rules) * 1:33445 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP channel driver denial of service attempt (protocol-voip.rules) * 1:33452 <-> ENABLED <-> PUA-TOOLBARS Win.Toolbar.Crossrider variant outbound connection (pua-toolbars.rules) * 1:33454 <-> ENABLED <-> FILE-OTHER Adobe Reader CoolType.DLL out-of-bounds memory access attempt (file-other.rules) * 1:33455 <-> ENABLED <-> FILE-OTHER Adobe Reader CoolType.DLL out-of-bounds memory access attempt (file-other.rules) * 1:33475 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (file-flash.rules) * 1:33476 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (file-flash.rules) * 1:33477 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (file-flash.rules) * 1:33478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (file-flash.rules) * 1:33480 <-> DISABLED <-> PUA-ADWARE Win.Adware.DownloadGuide variant outbound connection (pua-adware.rules) * 1:33483 <-> ENABLED <-> PUA-ADWARE Win.Adware.InstallMonster variant outbound connection (pua-adware.rules) * 1:33515 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33516 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33517 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33518 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33525 <-> DISABLED <-> FILE-OTHER Apple OSX Safari format string validation corruption attempt (file-other.rules) * 1:33526 <-> DISABLED <-> FILE-OTHER Apple OSX Safari format string validation corruption attempt (file-other.rules) * 1:33527 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33528 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33529 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33530 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33531 <-> DISABLED <-> PUA-ADWARE MediaBuzz malvertising browser redirect attempt (pua-adware.rules) * 1:33532 <-> DISABLED <-> PUA-ADWARE MediaBuzz malvertising browser redirect attempt (pua-adware.rules) * 1:33549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33553 <-> DISABLED <-> PUA-ADWARE Win.Adware.iBryte variant outbound connection (pua-adware.rules) * 1:33561 <-> DISABLED <-> SERVER-OTHER OpenSSL fragmented protocol downgrade attempt (server-other.rules) * 1:33562 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document with embedded networking script (file-office.rules) * 1:33563 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document with embedded networking script (file-office.rules) * 1:33564 <-> DISABLED <-> SERVER-MAIL GNU Mailman date field buffer overflow attempt (server-mail.rules) * 1:33565 <-> DISABLED <-> SERVER-OTHER McAfee E-Business Server remote preauth code execution attempt (server-other.rules) * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules) * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules) * 1:33580 <-> DISABLED <-> PUA-ADWARE SuperFish adware outbound connection attempt (pua-adware.rules) * 1:33583 <-> DISABLED <-> PROTOCOL-DNS ISC BIND recursive resolver resource consumption denial of service attempt (protocol-dns.rules) * 1:33588 <-> DISABLED <-> FILE-OTHER Oracle Java WebStart JNLP stack buffer overflow attempt (file-other.rules) * 1:33592 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player SwDir.dll PlayerVersion Buffer Overflow attempt (file-other.rules) * 1:33593 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player SwDir.dll PlayerVersion Buffer Overflow attempt (file-other.rules) * 1:33595 <-> DISABLED <-> SERVER-OTHER GnuTLS TLSA record heap buffer overflow attempt (server-other.rules) * 1:33596 <-> DISABLED <-> SERVER-OTHER GnuTLS TLSA record heap buffer overflow attempt (server-other.rules) * 1:33603 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption attempt (file-other.rules) * 1:33604 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption attempt (file-other.rules) * 1:33615 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules) * 1:33618 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.lubot download (malware-backdoor.rules) * 1:33619 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.lubot download (malware-backdoor.rules) * 1:33622 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33624 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33625 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33626 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33627 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33628 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33629 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33630 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33631 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33634 <-> DISABLED <-> FILE-FLASH Adobe Flash Player decompressing denial of service attempt (file-flash.rules) * 1:33635 <-> DISABLED <-> FILE-FLASH Adobe Flash Player decompressing denial of service attempt (file-flash.rules) * 1:33636 <-> DISABLED <-> SERVER-OTHER SAP Sybase ESP xmlrpc unsafe pointer dereference attempt (server-other.rules) * 1:33637 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query object integer overflow attempt (server-mysql.rules) * 1:33640 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file download request (file-identify.rules) * 1:33641 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules) * 1:33642 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules) * 1:33643 <-> DISABLED <-> FILE-OTHER Apple Motion OZDocumentparseElement Integer Overflow attempt (file-other.rules) * 1:33644 <-> DISABLED <-> FILE-OTHER Apple Motion OZDocumentparseElement Integer Overflow attempt (file-other.rules) * 1:33645 <-> DISABLED <-> PUA-ADWARE SuperFish adware outbound connection attempt (pua-adware.rules) * 1:33654 <-> DISABLED <-> SERVER-OTHER OpenSSH maxstartup threshold connection exhaustion denial of service attempt (server-other.rules) * 1:33661 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (browser-chrome.rules) * 1:33662 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (browser-chrome.rules) * 1:33663 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound uri structure (exploit-kit.rules) * 1:33664 <-> DISABLED <-> BROWSER-OTHER Network Security Services NSS library RSA signature forgery attempt (browser-other.rules) * 1:33666 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file download request (file-identify.rules) * 1:33667 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules) * 1:33668 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules) * 1:33669 <-> DISABLED <-> FILE-OTHER Executable disguised as PIF file (file-other.rules) * 1:33679 <-> DISABLED <-> SERVER-OTHER Cisco CNS Network Registrar denial of service attempt (server-other.rules) * 1:33680 <-> DISABLED <-> SERVER-OTHER Cisco CNS Network Registrar denial of service attempt (server-other.rules) * 1:33682 <-> DISABLED <-> SERVER-OTHER PHP unserialize use after free attempt (server-other.rules) * 1:33683 <-> DISABLED <-> SERVER-OTHER PHP unserialize use after free attempt (server-other.rules) * 1:33685 <-> DISABLED <-> SERVER-OTHER PHPMoAdmin remote code execution attempt (server-other.rules) * 1:33713 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules) * 1:33714 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules) * 1:33717 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Task Scheduler access control bypass attempt (os-windows.rules) * 1:33728 <-> DISABLED <-> OS-WINDOWS ATLMFD.DLL improperly terminated encrypted charstrings in type 1 font attempt (os-windows.rules) * 1:33729 <-> DISABLED <-> OS-WINDOWS ATLMFD.DLL improperly terminated encrypted charstrings in type 1 font attempt (os-windows.rules) * 1:33732 <-> DISABLED <-> FILE-OTHER Microsoft OpenType font atlmfd.dll uninitialized memory read attempt (file-other.rules) * 1:33733 <-> DISABLED <-> FILE-OTHER Microsoft OpenType font atlmfd.dll uninitialized memory read attempt (file-other.rules) * 1:33734 <-> DISABLED <-> FILE-OFFICE Microsoft Office ADODB.RecordSet code execution attempt (file-office.rules) * 1:33735 <-> DISABLED <-> FILE-OFFICE Microsoft Office ADODB.RecordSet code execution attempt (file-office.rules) * 1:33758 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.CTB-Locker download attempt (malware-other.rules) * 1:33759 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.CTB-Locker download attempt (malware-other.rules) * 1:33760 <-> DISABLED <-> FILE-IMAGE Microsoft Internet Explorer PNG tRNS chuck size 1 information disclosure attempt (file-image.rules) * 1:33761 <-> DISABLED <-> FILE-IMAGE Microsoft Internet Explorer PNG tRNS chuck size 1 information disclosure attempt (file-image.rules) * 1:33765 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetClipboardAccessToken privilege escalation attempt (os-windows.rules) * 1:33766 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetClipboardAccessToken privilege escalation attempt (os-windows.rules) * 1:33767 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserFnINOUTNCCALCSIZE kernel memory leak attempt (os-windows.rules) * 1:33768 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserFnINOUTNCCALCSIZE kernel memory leak attempt (os-windows.rules) * 1:33769 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserfnINSTRINGNULL memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:33770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserfnINSTRINGNULL memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:33771 <-> DISABLED <-> FILE-OTHER Microsoft Windows jxr information disclosure attempt (file-other.rules) * 1:33772 <-> DISABLED <-> FILE-OTHER Microsoft Windows jxr information disclosure attempt (file-other.rules) * 1:33773 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CmpGetVirtualizationID race condition user impersonation attempt (os-windows.rules) * 1:33774 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CmpGetVirtualizationID race condition user impersonation attempt (os-windows.rules) * 1:33777 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33778 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33779 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33780 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33781 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33782 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33783 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33784 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33785 <-> DISABLED <-> SERVER-OTHER SSL request for export grade cipher suite attempt (server-other.rules) * 1:33786 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33787 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33788 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33789 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33790 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33791 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33792 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33793 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33794 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33795 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33796 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33797 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33798 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33799 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33800 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33801 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33802 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33803 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33804 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33805 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33806 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33807 <-> DISABLED <-> SERVER-MAIL Microsoft Exchange OWA X-OWA-CANARY command injection attempt (server-mail.rules) * 1:33808 <-> DISABLED <-> SERVER-OTHER Microsoft Sharepoint Server Newsfeed XSS attempt (server-other.rules) * 1:33809 <-> DISABLED <-> SERVER-OTHER Microsoft Sharepoint user display name XSS attempt (server-other.rules) * 1:33810 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server custom DLP policy name cross-site scripting attempt (server-other.rules) * 1:33811 <-> DISABLED <-> SERVER-MAIL Microsoft Exchange UM Management user stored XSS attempt (server-mail.rules) * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:33815 <-> DISABLED <-> PUA-ADWARE Adware Goobzo/CrossRider variant outbound connection (pua-adware.rules) * 1:33816 <-> DISABLED <-> PUA-ADWARE Adware Goobzo/CrossRider variant outbound connection (pua-adware.rules) * 1:33823 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Speccom variant outbound connection (malware-backdoor.rules) * 1:33825 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules) * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules) * 1:33830 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:33833 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules) * 1:33834 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules) * 1:33835 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules) * 1:33858 <-> DISABLED <-> SERVER-OTHER rsyslog remote PRI out of bounds attempt (server-other.rules) * 1:33874 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Latekonsul Runtime Detection (malware-other.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules) * 1:33908 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll out-of-bounds memory write access attempt (file-pdf.rules) * 1:33909 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll out-of-bounds memory write access attempt (file-pdf.rules) * 1:33910 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit rowspan denial of service attempt (browser-webkit.rules) * 1:33911 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit rowspan denial of service attempt (browser-webkit.rules) * 1:33939 <-> DISABLED <-> MALWARE-OTHER Executable control panel file attachment detected (malware-other.rules) * 1:33940 <-> DISABLED <-> MALWARE-OTHER Executable control panel file attachment detected (malware-other.rules) * 1:33941 <-> DISABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:33942 <-> DISABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:33943 <-> ENABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:33944 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33945 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33946 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33947 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33948 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33949 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33950 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33951 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33952 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33953 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33954 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33955 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33956 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33957 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33958 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33959 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33960 <-> DISABLED <-> SERVER-OTHER PHP unserialize code execution attempt (server-other.rules) * 1:33961 <-> DISABLED <-> SERVER-OTHER PHP unserialize code execution attempt (server-other.rules) * 1:33962 <-> DISABLED <-> BROWSER-CHROME Google Chrome Pepper Flash same-origin-policy bypass attempt (browser-chrome.rules) * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33971 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross domain policy bypass attempt (file-flash.rules) * 1:33972 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross domain policy bypass attempt (file-flash.rules) * 1:33973 <-> DISABLED <-> FILE-FLASH Adobe Flash Player compressed file cross domain policy bypass attempt (file-flash.rules) * 1:33974 <-> DISABLED <-> FILE-FLASH Adobe Flash Player compressed file cross domain policy bypass attempt (file-flash.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34027 <-> DISABLED <-> SERVER-OTHER PHP 4 unserialize ZVAL Reference Counter Overflow attempt (server-other.rules) * 1:34053 <-> DISABLED <-> SERVER-OTHER PHP unserialize and __wakeup use after free attempt (server-other.rules) * 1:34054 <-> DISABLED <-> SERVER-OTHER PHP unserialize and __wakeup use after free attempt (server-other.rules) * 1:34057 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:34058 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:34078 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules) * 1:34079 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules) * 1:34080 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules) * 1:34081 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules) * 1:34082 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules) * 1:34083 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules) * 1:34088 <-> DISABLED <-> SERVER-IIS Web.config information disclosure attempt (server-iis.rules) * 1:34091 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender misconfiguration MpCmdRun.exe system execution attempt (os-windows.rules) * 1:34092 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender misconfiguration MpCmdRun.exe system execution attempt (os-windows.rules) * 1:34095 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtCreateTransactionManager type confusion attempt (os-windows.rules) * 1:34096 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtCreateTransactionManager type confusion attempt (os-windows.rules) * 1:34097 <-> DISABLED <-> FILE-OTHER Multiple products external entity injection attempt (file-other.rules) * 1:34098 <-> DISABLED <-> FILE-OTHER Multiple products external entity injection attempt (file-other.rules) * 1:34099 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint projectdetails.aspx ret parameter XSS attempt (server-other.rules) * 1:34112 <-> DISABLED <-> SERVER-OTHER NTP mode 6 REQ_NONCE denial of service attempt (server-other.rules) * 1:34114 <-> DISABLED <-> SERVER-OTHER NTP mode 6 UNSETTRAP denial of service attempt (server-other.rules) * 1:34118 <-> DISABLED <-> INDICATOR-OBFUSCATION known malicious javascript packer detected (indicator-obfuscation.rules) * 1:34119 <-> DISABLED <-> PUA-ADWARE InstallMetrix precheck stage outbound connection (pua-adware.rules) * 1:34120 <-> DISABLED <-> PUA-ADWARE InstallMetrix fetch offers stage outbound connection (pua-adware.rules) * 1:34121 <-> DISABLED <-> PUA-ADWARE InstallMetrix reporting binary installation stage status (pua-adware.rules) * 1:34122 <-> DISABLED <-> PUA-ADWARE InstallMetrix reporting fetch offers stage status (pua-adware.rules) * 1:34125 <-> DISABLED <-> PUA-ADWARE User-Agent Vitruvian (pua-adware.rules) * 1:34126 <-> DISABLED <-> PUA-ADWARE Vitruvian outbound connection (pua-adware.rules) * 1:34127 <-> DISABLED <-> PUA-ADWARE Vitruvian outbound connection (pua-adware.rules) * 1:34131 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules) * 1:34137 <-> DISABLED <-> PUA-ADWARE SearchProtect user-agent detection (pua-adware.rules) * 1:34141 <-> DISABLED <-> SERVER-OTHER Oracle CorelDRAW file parser heap buffer overflow attempt (server-other.rules) * 1:34142 <-> DISABLED <-> SERVER-OTHER Oracle CorelDRAW file parser heap buffer overflow attempt (server-other.rules) * 1:34144 <-> DISABLED <-> PUA-ADWARE SuperOptimizer installation status (pua-adware.rules) * 1:34145 <-> DISABLED <-> PUA-ADWARE SuperOptimizer encrypted data transmission (pua-adware.rules) * 1:34146 <-> DISABLED <-> PUA-ADWARE SuperOptimizer geolocation request (pua-adware.rules) * 1:34147 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34148 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34149 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34150 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34160 <-> DISABLED <-> SERVER-OTHER Oracle Outside In Paradox database denial of service attempt (server-other.rules) * 1:34170 <-> DISABLED <-> BROWSER-OTHER Opera SVG use after free memory corruption attempt (browser-other.rules) * 1:34171 <-> DISABLED <-> BROWSER-OTHER Opera SVG use after free memory corruption attempt (browser-other.rules) * 1:34176 <-> DISABLED <-> FILE-FLASH Adobe Flash Player domain security bypass attempt (file-flash.rules) * 1:34177 <-> DISABLED <-> FILE-FLASH Adobe Flash Player domain security bypass attempt (file-flash.rules) * 1:34224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (indicator-shellcode.rules) * 1:34226 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple AV products evasion attempt (indicator-obfuscation.rules) * 1:34227 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple AV products evasion attempt (indicator-obfuscation.rules) * 1:34232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules) * 1:34233 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules) * 1:34234 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules) * 1:34235 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules) * 1:34236 <-> DISABLED <-> PUA-ADWARE Eorezo outbound connection (pua-adware.rules) * 1:34237 <-> DISABLED <-> PUA-ADWARE Eorezo get advertisement (pua-adware.rules) * 1:34238 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file upload attempt (server-other.rules) * 1:34239 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file upload attempt (server-other.rules) * 1:34253 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules) * 1:34254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules) * 1:34288 <-> DISABLED <-> SERVER-OTHER Windows iSCSI target login request Denial of Service attempt (server-other.rules) * 1:34295 <-> DISABLED <-> SQL Lblog possible sql injection attempt - GET parameter (sql.rules) * 1:34301 <-> DISABLED <-> SERVER-OTHER GNU Mailman listname directory traversal attempt (server-other.rules) * 1:34336 <-> ENABLED <-> MALWARE-OTHER Html.Phishing.Crea outbound connection attempt (malware-other.rules) * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (policy-other.rules) * 1:34343 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (file-multimedia.rules) * 1:34344 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (file-multimedia.rules) * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (policy-other.rules) * 1:34348 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit payload download (exploit-kit.rules) * 1:34373 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34374 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34375 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34376 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34377 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetComboBoxInfo information disclosure attempt (os-windows.rules) * 1:34378 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetComboBoxInfo information disclosure attempt (os-windows.rules) * 1:34395 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:34396 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:34397 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download request (file-identify.rules) * 1:34398 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download attempt (file-identify.rules) * 1:34413 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetScrollBarInfo information disclosure attempt (os-windows.rules) * 1:34414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetScrollBarInfo information disclosure attempt (os-windows.rules) * 1:34426 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:34427 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:34434 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET XML recursive call denial of service attempt (os-windows.rules) * 1:34435 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET XML recursive call denial of service attempt (os-windows.rules) * 1:34438 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .msc file stack overflow attempt (os-windows.rules) * 1:34439 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .msc file stack overflow attempt (os-windows.rules) * 1:34442 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTUserGetTitleBarInfo information disclosure attempt (os-windows.rules) * 1:34443 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTUserGetTitleBarInfo information disclosure attempt (os-windows.rules) * 1:34463 <-> DISABLED <-> APP-DETECT TeamViewer remote administration tool outbound connection attempt (app-detect.rules) * 1:34464 <-> DISABLED <-> SERVER-OTHER AsusWRT infosvr remote command execution attempt (server-other.rules) * 1:34465 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT28 Lisuife (indicator-compromise.rules) * 1:34479 <-> DISABLED <-> FILE-EXECUTABLE Adobe Flash Player Internet Explorer broker process directory traversal attempt (file-executable.rules) * 1:34480 <-> DISABLED <-> FILE-EXECUTABLE Adobe Flash Player Internet Explorer broker process directory traversal attempt (file-executable.rules) * 1:34481 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34482 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34483 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34484 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34485 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34486 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34487 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34488 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:34493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:34494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:34495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:34496 <-> DISABLED <-> APP-DETECT Your-Freedom DNS tunneling query attempt (app-detect.rules) * 1:34497 <-> DISABLED <-> APP-DETECT Your-Freedom DNS tunneling query response attempt (app-detect.rules) * 1:34498 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules) * 1:34499 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules) * 1:34500 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Wekby Torn variant outbound connection (malware-backdoor.rules) * 1:34528 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader AVDoc use-after-free attempt (file-pdf.rules) * 1:34529 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader AVDoc use-after-free attempt (file-pdf.rules) * 1:34530 <-> DISABLED <-> FILE-OTHER Microsoft CAB incorrect version multiple antivirus evasion attempt (file-other.rules) * 1:34531 <-> DISABLED <-> FILE-OTHER Microsoft CAB incorrect version multiple antivirus evasion attempt (file-other.rules) * 1:34532 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader customDictionaryExport information disclosure attempt (file-pdf.rules) * 1:34533 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader customDictionaryExport information disclosure attempt (file-pdf.rules) * 1:34534 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PRC invalid index attempt (file-pdf.rules) * 1:34535 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PRC invalid index attempt (file-pdf.rules) * 1:34536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:34537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:34566 <-> DISABLED <-> FILE-OTHER Microsoft Windows Font Library file buffer overflow attempt (file-other.rules) * 1:34573 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34574 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34575 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34576 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34577 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34578 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34579 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34580 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:34585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34587 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34588 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34595 <-> DISABLED <-> SERVER-OTHER OpenSSL handshake with potentially unseeded PRNG information disclosure attempt (server-other.rules) * 1:34629 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules) * 1:34630 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules) * 1:34631 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file download request (file-identify.rules) * 1:34649 <-> DISABLED <-> SERVER-OTHER OpenSSL zero-length ClientKeyExchange message denial of service attempt (server-other.rules) * 1:34709 <-> DISABLED <-> SERVER-OTHER MIT Kerberos MIT Kerberos 5 krb5_read_message denial of service attempt (server-other.rules) * 1:34710 <-> DISABLED <-> SERVER-OTHER PHP unserialize datetimezone object code execution attempt (server-other.rules) * 1:34714 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules) * 1:34715 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules) * 1:34761 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference privilege escalation attempt (os-windows.rules) * 1:34762 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference privilege escalation attempt (os-windows.rules) * 1:34769 <-> DISABLED <-> SERVER-IIS Microsoft Active Directory Federation Services wct parameter cross site scripting attempt (server-iis.rules) * 1:34770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows bitmap menu item use after free attempt (os-windows.rules) * 1:34771 <-> DISABLED <-> OS-WINDOWS Microsoft Windows bitmap menu item use after free attempt (os-windows.rules) * 1:34774 <-> DISABLED <-> OS-WINDOWS Microsoft Windows multiple linked fonts memory corruption attempt (os-windows.rules) * 1:34775 <-> DISABLED <-> OS-WINDOWS Microsoft Windows multiple linked fonts memory corruption attempt (os-windows.rules) * 1:34776 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserMessageCall information disclosure attempt (os-windows.rules) * 1:34777 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserMessageCall information disclosure attempt (os-windows.rules) * 1:34780 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context visible region memory corruption attempt (file-other.rules) * 1:34781 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context visible region memory corruption attempt (file-other.rules) * 1:34782 <-> DISABLED <-> OS-WINDOWS Microsoft Windows BrushAttributes use-after-free attempt (os-windows.rules) * 1:34783 <-> DISABLED <-> OS-WINDOWS Microsoft Windows BrushAttributes use-after-free attempt (os-windows.rules) * 1:34784 <-> DISABLED <-> OS-WINDOWS Microsoft Windows window placement invalid memory write attempt (os-windows.rules) * 1:34785 <-> DISABLED <-> OS-WINDOWS Microsoft Windows window placement invalid memory write attempt (os-windows.rules) * 1:34786 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context memory corruption attempt (file-other.rules) * 1:34787 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context memory corruption attempt (file-other.rules) * 1:34788 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 CreateWindowEx privilege escalation attempt (os-windows.rules) * 1:34789 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 CreateWindowEx privilege escalation attempt (os-windows.rules) * 1:34792 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules) * 1:34793 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules) * 1:34800 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:34801 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:34802 <-> DISABLED <-> OS-LINUX Linux kernel SCTP Unknown Chunk Types denial of service attempt (os-linux.rules) * 1:34811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player assumed trust URI reference to child file attempt (file-flash.rules) * 1:34812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34814 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34836 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34837 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34838 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34839 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34858 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34859 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34860 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34861 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34864 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (indicator-compromise.rules) * 1:34889 <-> DISABLED <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt (server-other.rules) * 1:34927 <-> DISABLED <-> PUA-ADWARE PullUpdate installer outbound connection (pua-adware.rules) * 1:34930 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy outbound traffic attempt (malware-other.rules) * 1:34933 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HSC DVD driver upgrade code execution attempt (os-windows.rules) * 1:34945 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.Dridex dropper message (malware-tools.rules) * 1:34946 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox automatic user click event attempt (browser-firefox.rules) * 1:34947 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox automatic user click event attempt (browser-firefox.rules) * 1:34951 <-> DISABLED <-> SERVER-OTHER PHP DateTimeZone object timezone unserialize type confusion attempt (server-other.rules) * 1:34952 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34953 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34954 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34955 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34956 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34964 <-> DISABLED <-> PUA-ADWARE Win.Adware.Sendori user-agent detection (pua-adware.rules) * 1:34969 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:34970 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:34973 <-> DISABLED <-> SERVER-OTHER Apache mod_include buffer overflow attempt (server-other.rules) * 1:34974 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio UML string object heap buffer overflow attempt (file-office.rules) * 1:34975 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio UML string object heap buffer overflow attempt (file-office.rules) * 1:34984 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (file-other.rules) * 1:34985 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (file-other.rules) * 1:34986 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (file-other.rules) * 1:34987 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (file-other.rules) * 1:35003 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Malumpos malware download attempt (malware-other.rules) * 1:35004 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Malumpos malware download attempt (malware-other.rules) * 1:35018 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules) * 1:35019 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules) * 1:35020 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules) * 1:35021 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules) * 1:35022 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime corrupt stbl atom out of bounds read attempt (file-multimedia.rules) * 1:35023 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime corrupt stbl atom out of bounds read attempt (file-multimedia.rules) * 1:35038 <-> DISABLED <-> SERVER-OTHER Trustwave ModSecurity chunked transfer encoding policy bypass attempt (server-other.rules) * 1:35042 <-> DISABLED <-> POLICY-OTHER Apple Cups cupsd.conf change attempt (policy-other.rules) * 1:35044 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari URI spoofing attempt (browser-webkit.rules) * 1:35045 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari URI spoofing attempt (browser-webkit.rules) * 1:35070 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (browser-firefox.rules) * 1:35071 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use after free attempt (browser-firefox.rules) * 1:35072 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (browser-firefox.rules) * 1:35073 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (browser-firefox.rules) * 1:35074 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use after free attempt (browser-firefox.rules) * 1:35075 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (browser-firefox.rules) * 1:35084 <-> DISABLED <-> EXPLOIT-KIT Null Hole exploit kit binary download request (exploit-kit.rules) * 1:35085 <-> DISABLED <-> EXPLOIT-KIT Null Hole exploit kit malicious swf request (exploit-kit.rules) * 1:35092 <-> DISABLED <-> SERVER-OTHER PHP core compressed file temp_len buffer overflow attempt (server-other.rules) * 1:35093 <-> DISABLED <-> SERVER-OTHER PHP core compressed file temp_len buffer overflow attempt (server-other.rules) * 1:35094 <-> DISABLED <-> FILE-OTHER Microsoft proxy autoconfig script system library import attempt (file-other.rules) * 1:35097 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35098 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35105 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (os-windows.rules) * 1:35106 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (os-windows.rules) * 1:35107 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (os-windows.rules) * 1:35108 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (os-windows.rules) * 1:35109 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit obfuscated Flash actionscript classname detected (exploit-kit.rules) * 1:35110 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit obfuscated Flash actionscript classname detected (exploit-kit.rules) * 1:35111 <-> DISABLED <-> SERVER-OTHER OpenSSL anomalous x509 certificate with default org name and certificate chain detected (server-other.rules) * 1:35112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference attempt (os-windows.rules) * 1:35113 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference attempt (os-windows.rules) * 1:35118 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos privilege escalation attempt (os-windows.rules) * 1:35129 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid table information disclosure attempt (file-office.rules) * 1:35130 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid table information disclosure attempt (file-office.rules) * 1:35131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserDisableProcessWindowFiltering information disclosure attempt (os-windows.rules) * 1:35132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserDisableProcessWindowFiltering information disclosure attempt (os-windows.rules) * 1:35135 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DeferWindowPos access after release code injection attempt (os-windows.rules) * 1:35136 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DeferWindowPos access after release code injection attempt (os-windows.rules) * 1:35143 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Viewer msostyle.dll dll-load exploit attempt (file-office.rules) * 1:35144 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Viewer request for msostyle.dll over SMB attempt (file-office.rules) * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:35149 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop reference use after free attempt (os-windows.rules) * 1:35150 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop reference use after free attempt (os-windows.rules) * 1:35160 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules) * 1:35161 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules) * 1:35162 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules) * 1:35163 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules) * 1:35166 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object remote code execution attempt (file-office.rules) * 1:35167 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object remote code execution attempt (file-office.rules) * 1:35168 <-> DISABLED <-> FILE-OFFICE Microsoft Office rapi.dll dll-load exploit attempt (file-office.rules) * 1:35169 <-> DISABLED <-> FILE-OFFICE Microsoft Office request for rapi.dll over SMB attempt (file-office.rules) * 1:35174 <-> DISABLED <-> OS-WINDOWS DCOM DCE/RPC NTLM reflection elevation of privilege attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:49943 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:49940 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules) * 1:49941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant outbound connection attempt (malware-cnc.rules) * 1:49942 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 3:49939 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed RecolorInfoAtom out of bounds read attempt (file-office.rules)
* 1:40094 <-> DISABLED <-> INDICATOR-SCAN Microsoft Internet Explorer AnchorElement information disclosure attempt (indicator-scan.rules) * 1:37648 <-> DISABLED <-> SQL Oracle e-Business Suite JTF_BISUTILITY_PUB SQL injection attempt (sql.rules) * 1:45356 <-> DISABLED <-> FILE-FLASH Adobe Flash Player null pointer dereference attempt (file-flash.rules) * 1:38686 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:45070 <-> DISABLED <-> SERVER-SAMBA Samba write and close command memory leak attempt (server-samba.rules) * 1:44158 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media Player malformed au denial of service attempt (file-other.rules) * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:41637 <-> DISABLED <-> INDICATOR-COMPROMISE Writable SQL directories discovery attempt (indicator-compromise.rules) * 1:43975 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Hermit variant malicious dropper download attempt (malware-other.rules) * 1:46420 <-> DISABLED <-> OS-WINDOWS Microsoft Windows XXE information disclosure attempt (os-windows.rules) * 1:38865 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:48922 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:44024 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:38657 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:36498 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:46903 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows SYSTEM token stealing attempt (indicator-compromise.rules) * 1:40893 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules) * 1:43955 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine integer overflow attempt (browser-chrome.rules) * 1:38551 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling splash_remove directory traversal attempt (server-other.rules) * 1:35413 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules) * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:41062 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Packed start events (protocol-scada.rules) * 1:36445 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 10 low integrity level NTFS mount reparse point bypass attempt (os-windows.rules) * 1:38692 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:37302 <-> DISABLED <-> APP-DETECT Hola VPN X-Hola-Version header nonstandard port attempt (app-detect.rules) * 1:46915 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:37862 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:36525 <-> DISABLED <-> FILE-JAVA Oracle Java TrueType font parsing mort table ligature subtable buffer overflow attempt (file-java.rules) * 1:43826 <-> DISABLED <-> BROWSER-OTHER Opera animation element denial of service attempt (browser-other.rules) * 1:43944 <-> DISABLED <-> FILE-OTHER multiple products malformed CUE file buffer overflow attempt (file-other.rules) * 1:43236 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43920 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:45619 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules) * 1:43795 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (file-other.rules) * 1:36422 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:47875 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (file-image.rules) * 1:41071 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Step point information (protocol-scada.rules) * 1:39926 <-> ENABLED <-> MALWARE-OTHER pisloader DNS drive command response attempt (malware-other.rules) * 1:42367 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:47328 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:48895 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - Web Open Font Format evasion attempt (policy-spam.rules) * 1:46399 <-> DISABLED <-> BROWSER-OTHER Mozilla Firefox table object integer underflow (browser-other.rules) * 1:38853 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules) * 1:45640 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:43105 <-> DISABLED <-> SERVER-OTHER Novus WS10 Data Server buffer overflow attempt (server-other.rules) * 1:35564 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime esds atom buffer overread attempt (file-multimedia.rules) * 1:38922 <-> DISABLED <-> INDICATOR-OBFUSCATION Brotli encoding evasion attempt (indicator-obfuscation.rules) * 1:44180 <-> DISABLED <-> FILE-OTHER Bluezone Desktop buffer overflow attempt (file-other.rules) * 1:40324 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion default credential login attempt (server-other.rules) * 1:35562 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules) * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules) * 1:47335 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out of bounds write attempt (file-pdf.rules) * 1:40875 <-> DISABLED <-> FILE-PDF Iceni Argus icnChainAlloc heap corruption attempt (file-pdf.rules) * 1:36376 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework lcfd endpoint daemon buffer overflow attempt (server-other.rules) * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (policy-other.rules) * 1:40186 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:43641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (file-office.rules) * 1:35806 <-> DISABLED <-> FILE-EXECUTABLE Adobe Reader NtSetInformationFile privilege escalation attempt (file-executable.rules) * 1:44370 <-> DISABLED <-> FILE-PDF Nitro Pro malformed object index buffer overflow attempt (file-pdf.rules) * 1:41056 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 File ready (protocol-scada.rules) * 1:49004 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Bits ASCII request (protocol-scada.rules) * 1:42458 <-> DISABLED <-> PROTOCOL-DNS ISC BIND unexpected DNAME CNAME ordering denial of service attempt (protocol-dns.rules) * 1:48912 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:43073 <-> DISABLED <-> SQL SysAid potential default credential login attempt (sql.rules) * 1:43229 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:47130 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules) * 1:45618 <-> DISABLED <-> PROTOCOL-SNMP Cambium ePMP SNMP request with read-only community string attempt (protocol-snmp.rules) * 1:44685 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules) * 1:45152 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft MsMpEng shrink compressed zip code execution attempt (indicator-compromise.rules) * 1:45745 <-> DISABLED <-> SERVER-OTHER CloudMe Sync Client stack buffer overflow attempt (server-other.rules) * 1:35307 <-> DISABLED <-> SERVER-OTHER OpenSSL alternative chains certificate forgery attempt (server-other.rules) * 1:41204 <-> DISABLED <-> FILE-PDF Adobe Reader XSL type confusion attempt (file-pdf.rules) * 1:46729 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS out of bounds read attempt (file-other.rules) * 1:36404 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SepReferenceLowBoxObjects privilege escalation attempt (os-windows.rules) * 1:42127 <-> DISABLED <-> PROTOCOL-SCADA Eaton Network Pi3Web DOS attempt (protocol-scada.rules) * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:43261 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:38712 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:42822 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (malware-other.rules) * 1:35527 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:40773 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules) * 1:40294 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (file-image.rules) * 1:43879 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF polygon heap buffer overflow attempt (file-other.rules) * 1:37299 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules) * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:47625 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (file-other.rules) * 1:48926 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:42262 <-> ENABLED <-> FILE-IDENTIFY ISO file download request (file-identify.rules) * 1:36405 <-> DISABLED <-> OS-WINDOWS Microsoft Windows sandbox policy bypass attempt (os-windows.rules) * 1:43988 <-> DISABLED <-> SERVER-OTHER Konqueror KDE ftp iframe denial of service attempt (server-other.rules) * 1:35487 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Notepad remote printer file access attempt (os-windows.rules) * 1:44303 <-> DISABLED <-> FILE-OFFICE Microsoft PowerPoint CString atom overflow attempt (file-office.rules) * 1:43247 <-> DISABLED <-> SERVER-APACHE Apache Rave information disclosure attempt (server-apache.rules) * 1:40979 <-> ENABLED <-> FILE-IDENTIFY ico file download request (file-identify.rules) * 1:38453 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:43676 <-> DISABLED <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt (file-pdf.rules) * 1:43138 <-> DISABLED <-> FILE-OTHER INSAT MasterSCADA malicious project command execution attempt (file-other.rules) * 1:38700 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:46123 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:36281 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:38854 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules) * 1:48914 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:47343 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:41603 <-> DISABLED <-> FILE-FLASH Adobe Flash player BitmapData class use after free attempt (file-flash.rules) * 1:40457 <-> DISABLED <-> PUA-ADWARE Win.Downloader.OpenCandy variant outbound connection (pua-adware.rules) * 1:36013 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel SettingsSyncDiagnostics privilege escalation attempt (os-windows.rules) * 1:43260 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:39799 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:41853 <-> DISABLED <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt (os-linux.rules) * 1:38711 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:49057 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:36734 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:42283 <-> DISABLED <-> OS-SOLARIS Solaris catflap telnet remote code execution attempt (os-solaris.rules) * 1:43954 <-> DISABLED <-> BROWSER-FIREFOX Mozilla PLUGINSPAGE javascript execution attempt (browser-firefox.rules) * 1:45030 <-> DISABLED <-> FILE-PDF JPEG2000 image coding style default information disclosure attempt (file-pdf.rules) * 1:37642 <-> ENABLED <-> PUA-ADWARE Win.Adware.Dealply outbound POST attempt (pua-adware.rules) * 1:36804 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet peerdistsvc.dll dll-load exploit attempt (os-windows.rules) * 1:44786 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (file-identify.rules) * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:45225 <-> DISABLED <-> FILE-FLASH Adobe Flash memory corruption exploit attempt (file-flash.rules) * 1:45348 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules) * 1:46726 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (file-image.rules) * 1:43144 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX arbitrary memory disclosure attempt (protocol-scada.rules) * 1:47908 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules) * 1:36651 <-> DISABLED <-> PROTOCOL-ICMP Squid Pinger IPv6 denial of service attempt (protocol-icmp.rules) * 1:42466 <-> DISABLED <-> SERVER-OTHER WinRadius long password denial of service attempt (server-other.rules) * 1:43926 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA javascript use after free exploitation attempt (file-pdf.rules) * 1:48911 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48864 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:41525 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41027 <-> DISABLED <-> OS-LINUX Linux net af_packet.c tpacket version race condition use after free attempt (os-linux.rules) * 1:48342 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:39746 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Apocalypse download attempt (malware-other.rules) * 1:42226 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:40184 <-> DISABLED <-> EXPLOIT-KIT Phoenix Exploit Kit inbound geoip.php bdr exploit attempt (exploit-kit.rules) * 1:46730 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS out of bounds read attempt (file-other.rules) * 1:42460 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Reader PDF embedded null JPEG image (indicator-compromise.rules) * 1:39109 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:44720 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (server-other.rules) * 1:38570 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (file-other.rules) * 1:43927 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA javascript use after free exploitation attempt (file-pdf.rules) * 1:47366 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:44474 <-> DISABLED <-> MALWARE-OTHER GHBkdr TLS Change Cipher spoof runtime detection (malware-other.rules) * 1:36360 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:41744 <-> DISABLED <-> POLICY-OTHER Cisco IOS configuration transfer via TFTP detected (policy-other.rules) * 1:38658 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:43564 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user creation detected (policy-other.rules) * 1:45164 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 3 dump request attempt (policy-other.rules) * 1:41462 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (file-executable.rules) * 1:47350 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:38822 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:39918 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt (file-executable.rules) * 1:41761 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:43602 <-> DISABLED <-> SERVER-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (server-other.rules) * 1:37291 <-> DISABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules) * 1:46495 <-> DISABLED <-> SERVER-OTHER HTTP request smuggling attempt (server-other.rules) * 1:48296 <-> DISABLED <-> FILE-OTHER out-of-bounds write attempt with malicious MAR file detected (file-other.rules) * 1:49009 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set UnitID ASCII reply (protocol-scada.rules) * 1:40912 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Flokibot variant download attempt (malware-other.rules) * 1:48135 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules) * 1:45227 <-> DISABLED <-> SERVER-OTHER Docker Rancher Server remote code execution attempt (server-other.rules) * 1:37421 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT download (malware-backdoor.rules) * 1:37222 <-> ENABLED <-> MALWARE-OTHER Win.Worm.Pixipos Outbound Connection Attempt (malware-other.rules) * 1:45579 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules) * 1:43514 <-> DISABLED <-> SERVER-OTHER Cisco IOS authentication proxy authentication request attempt (server-other.rules) * 1:46797 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:44020 <-> DISABLED <-> FILE-IMAGE malformed png missing IHDR (file-image.rules) * 1:36410 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (os-windows.rules) * 1:42341 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:37864 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf xref offset out of bounds read attempt (file-pdf.rules) * 1:48862 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:40484 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:35807 <-> DISABLED <-> FILE-PDF Adobe Reader validation bypass privilege escalation attempt (file-pdf.rules) * 1:41067 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Rest process command (protocol-scada.rules) * 1:41701 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DSGetNCChanges attempt (policy-other.rules) * 1:36409 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (os-windows.rules) * 1:42260 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:40525 <-> DISABLED <-> FILE-IMAGE LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt (file-image.rules) * 1:40845 <-> DISABLED <-> SERVER-OTHER OpenSSL Invalid CMS structure null pointer dereference attempt (server-other.rules) * 1:37649 <-> DISABLED <-> FILE-OTHER Sophos Anti-Virus reserved device name handling vulnerability attempt (file-other.rules) * 1:44004 <-> DISABLED <-> POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected (policy-other.rules) * 1:49021 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Ouputs ASCII reply (protocol-scada.rules) * 1:45429 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ResponsePDU (protocol-scada.rules) * 1:48927 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:45581 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules) * 1:40056 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:39048 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Internet Security kl1.sys out of bounds read attempt (file-executable.rules) * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:41738 <-> DISABLED <-> PROTOCOL-SCADA Sunway DOS attempt (protocol-scada.rules) * 1:40201 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:39664 <-> DISABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt (file-other.rules) * 1:39757 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:48127 <-> DISABLED <-> SERVER-OTHER Reliance SCADA Control Server Denial of Service attempt (server-other.rules) * 1:43971 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIER16 out of bounds access attempt (file-multimedia.rules) * 1:39676 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:46324 <-> ENABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:37843 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK possible DoS attempt (server-other.rules) * 1:46073 <-> DISABLED <-> FILE-OTHER Python lib wave.py wav zero channel denial of service attempt (file-other.rules) * 1:41604 <-> DISABLED <-> FILE-FLASH Adobe Flash player BitmapData class use after free attempt (file-flash.rules) * 1:38660 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:37310 <-> DISABLED <-> BROWSER-CHROME Google Chrome MOTW pageSerializer HTML injection attempt (browser-chrome.rules) * 1:42353 <-> DISABLED <-> FILE-PDF Poppler readProgressiveSOF out of bounds write attempt (file-pdf.rules) * 1:43816 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (os-windows.rules) * 1:47157 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (file-image.rules) * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules) * 1:38329 <-> ENABLED <-> MALWARE-BACKDOOR ReGeorg socks proxy initial connection attempt (malware-backdoor.rules) * 1:35849 <-> DISABLED <-> POLICY-OTHER EMC Documentum Content Server remote access attempt (policy-other.rules) * 1:38656 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:43516 <-> DISABLED <-> BROWSER-OTHER Apple Safari nested xml tag denial of service attempt (browser-other.rules) * 1:46375 <-> DISABLED <-> SERVER-OTHER DualDesk v20 Proxy.exe long string denial of service attempt (server-other.rules) * 1:44585 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx object type confusion attempt (file-office.rules) * 1:40328 <-> DISABLED <-> SERVER-OTHER Railo directory traversal attempt (server-other.rules) * 1:36062 <-> DISABLED <-> FILE-PDF Adobe Reader makeMeasurement information disclosure attempt (file-pdf.rules) * 1:42870 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:35630 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules) * 1:46906 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows malicious CONTEXT structure creation attempt (indicator-compromise.rules) * 1:47334 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out of bounds write attempt (file-pdf.rules) * 1:37842 <-> DISABLED <-> SERVER-OTHER ntpd reference clock impersonation attempt (server-other.rules) * 1:44674 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query integer overflow attempt (server-mysql.rules) * 1:39706 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (policy-other.rules) * 1:35784 <-> DISABLED <-> FILE-PDF Adobe Reader AcroForm null pointer dereference attempt (file-pdf.rules) * 1:37869 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:42304 <-> DISABLED <-> FILE-OTHER fwpuclnt dll-load exploit attempt (file-other.rules) * 1:44481 <-> DISABLED <-> SERVER-OTHER dnsmasq IPv6 heap overflow attempt (server-other.rules) * 1:49031 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get PLC Name binary reply (protocol-scada.rules) * 1:40872 <-> DISABLED <-> FILE-PDF Iceni Argus loadTrailer heap corruption attempt (file-pdf.rules) * 1:45432 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ResponsePDU (protocol-scada.rules) * 1:46382 <-> DISABLED <-> SERVER-OTHER Micro Focus Operations Orchestration denial of service attempt (server-other.rules) * 1:37330 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:41947 <-> DISABLED <-> FILE-IMAGE GDI+ malformed EMF description out of bounds read attempt (file-image.rules) * 1:43774 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:42918 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:40535 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:36456 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (file-multimedia.rules) * 1:40211 <-> DISABLED <-> PUA-ADWARE Win.Adware.EoRezo outbound connection (pua-adware.rules) * 1:40088 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineUnderline property use (indicator-compromise.rules) * 1:44202 <-> DISABLED <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt (server-other.rules) * 1:38338 <-> DISABLED <-> FILE-JAVA Oracle Java Class Loader namespace sandbox bypass attempt (file-java.rules) * 1:41527 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:45411 <-> DISABLED <-> POLICY-OTHER TrendMicro ServerProtect server configuration file download detected (policy-other.rules) * 1:35774 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35887 <-> DISABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules) * 1:46716 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader use after free attempt (file-pdf.rules) * 1:44050 <-> DISABLED <-> BROWSER-OTHER Apple Safari document.write buffer overflow attempt (browser-other.rules) * 1:47611 <-> DISABLED <-> FILE-OTHER Easy MPEG to DVD Burner buffer overflow attempt (file-other.rules) * 1:39452 <-> DISABLED <-> PROTOCOL-TFTP Comtrol RocketLinx factory reset request (protocol-tftp.rules) * 1:48144 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules) * 1:39034 <-> DISABLED <-> FILE-OTHER libarchive mtree parse_device stack buffer overflow attempt (file-other.rules) * 1:36856 <-> DISABLED <-> FILE-IMAGE Microsoft Windows malformed WMF meta escape record memory corruption attempt (file-image.rules) * 1:42459 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Reader PDF embedded null JPEG image (indicator-compromise.rules) * 1:36973 <-> DISABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules) * 1:49066 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules) * 1:47369 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (file-other.rules) * 1:45174 <-> DISABLED <-> BROWSER-FIREFOX Mozilla download directory file deletion attempt (browser-firefox.rules) * 1:44647 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB2 transfer attempt (malware-other.rules) * 1:47910 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules) * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:35282 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (file-flash.rules) * 1:45085 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:40595 <-> DISABLED <-> PUA-ADWARE Win.Adware.CoolMirage outbound ad download attempt (pua-adware.rules) * 1:37340 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:46674 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41076 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 double command issued (protocol-scada.rules) * 1:41090 <-> DISABLED <-> SERVER-OTHER Rockwell Factorytalk RNADiagReceiver denial of service attempt (server-other.rules) * 1:41812 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ fileserver broker service file move attempt (server-other.rules) * 1:35529 <-> DISABLED <-> FILE-OTHER Microsoft Windows malformed TTF table hmtx remote code execution attempt (file-other.rules) * 1:43751 <-> DISABLED <-> FILE-OTHER Sorensoft Media Player asz file buffer overflow attempt (file-other.rules) * 1:46781 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46879 <-> DISABLED <-> SERVER-OTHER BMC Server Automation RSCD Agent remote code execution attempt (server-other.rules) * 1:40052 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:44838 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF memory corruption attempt (file-office.rules) * 1:38951 <-> ENABLED <-> PUA-ADWARE Win.Adware.OpenSoftwareUpdater variant outbound connection attempt (pua-adware.rules) * 1:44743 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:39586 <-> DISABLED <-> PUA-ADWARE Win.Adware.Antivirus Container.exe referral link attempt (pua-adware.rules) * 1:48930 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:45631 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS privilege escalation attempt (file-other.rules) * 1:42872 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:47889 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:41563 <-> DISABLED <-> FILE-OFFICE Microsoft Office request for imjp12k.dll over SMB attempt (file-office.rules) * 1:37333 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:35876 <-> DISABLED <-> FILE-OTHER InduSoft Web Studio insecure visual basic code execution attempt (file-other.rules) * 1:45188 <-> DISABLED <-> SERVER-OTHER ElectraSoft 32bit FTP PASV reply stack buffer overflow attempt (server-other.rules) * 1:45435 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ResponsePDU (protocol-scada.rules) * 1:44151 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:37335 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:44172 <-> DISABLED <-> INDICATOR-OBFUSCATION suspicious dynamic http link creation attempt (indicator-obfuscation.rules) * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:44040 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Launch action buffer overflow attempt (file-pdf.rules) * 1:43965 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .doc file denial of service attempt (os-windows.rules) * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:45588 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:35640 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object after free attempt (file-flash.rules) * 1:42055 <-> DISABLED <-> PROTOCOL-SCADA Moxa password retrieval attempt (protocol-scada.rules) * 1:38858 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:43525 <-> DISABLED <-> SERVER-OTHER Cisco ASA malformed SCCP packet denial of service attempt (server-other.rules) * 1:44320 <-> DISABLED <-> SERVER-OTHER Symantec Firewalls DNS response denial of service attempt (server-other.rules) * 1:48556 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:40329 <-> DISABLED <-> SERVER-OTHER Axis2 directory traversal attempt (server-other.rules) * 1:44577 <-> DISABLED <-> SERVER-OTHER Samsung Security Manager ActiveMQ cross site scripting attempt (server-other.rules) * 1:36735 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:44586 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx object type confusion attempt (file-office.rules) * 1:39902 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (pua-adware.rules) * 1:43547 <-> DISABLED <-> SERVER-APACHE httpd mod_mime content-type buffer overflow attempt (server-apache.rules) * 1:42133 <-> DISABLED <-> SERVER-APACHE Apache mod_session_crypto padding oracle brute force attempt (server-apache.rules) * 1:43576 <-> DISABLED <-> INDICATOR-COMPROMISE possible Samsung DVR authentication bypass attempt (indicator-compromise.rules) * 1:39974 <-> ENABLED <-> MALWARE-OTHER Andr.Trojan.KungFu variant download (malware-other.rules) * 1:41925 <-> DISABLED <-> FILE-OTHER Notepad++ scilexer.dll dll-load exploit attempt (file-other.rules) * 1:20408 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:44441 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules) * 1:45166 <-> DISABLED <-> POLICY-OTHER RPC Portmapper getstat request attempt (policy-other.rules) * 1:48295 <-> DISABLED <-> FILE-OTHER out-of-bounds write attempt with malicious MAR file detected (file-other.rules) * 1:45351 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules) * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (policy-other.rules) * 1:48928 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:37453 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox location.hostname DOM modification bypass attempt (browser-firefox.rules) * 1:40187 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:36718 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel memory information disclosure attempt (os-windows.rules) * 1:43651 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox large window null pointer dereference attempt (browser-firefox.rules) * 1:47874 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (file-image.rules) * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:41758 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (indicator-compromise.rules) * 1:47362 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:44113 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:38372 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:40055 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41640 <-> DISABLED <-> FILE-EXECUTABLE QuickHeal Internet Security malformed Mach-O file buffer overflow attempt (file-executable.rules) * 1:44159 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media Player malformed au denial of service attempt (file-other.rules) * 1:43766 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL null menu memory corruption attempt (browser-firefox.rules) * 1:43128 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration overwrite attempt (policy-other.rules) * 1:35787 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader trusted function privilege escalation attempt (file-pdf.rules) * 1:49055 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:43919 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:41077 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 unknown ASDU type detected (protocol-scada.rules) * 1:46909 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows Interrupt Service Routine stack rollback attempt (indicator-compromise.rules) * 1:47019 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 __defineGetter__ memory corruption attempt (browser-chrome.rules) * 1:45684 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro BMP out of bounds read attempt (file-image.rules) * 1:36377 <-> DISABLED <-> BROWSER-OTHER Google Chrome invalid URI denial of service attempt (browser-other.rules) * 1:42316 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream tile height out of bounds read attempt (file-pdf.rules) * 1:40390 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules) * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (policy-other.rules) * 1:37155 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid RSASSA-PSS certificate denial of service attempt (server-other.rules) * 1:41205 <-> DISABLED <-> FILE-PDF Adobe Reader XSL type confusion attempt (file-pdf.rules) * 1:40202 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:45423 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU (protocol-scada.rules) * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:38500 <-> DISABLED <-> MALWARE-OTHER samsam delfiletype.exe file load attempt (malware-other.rules) * 1:42935 <-> DISABLED <-> FILE-OTHER Everest Software PeakHMI malicious .bsu file buffer overflow attempt (file-other.rules) * 1:45430 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ErrorPDU (protocol-scada.rules) * 1:40084 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationBlink property use (indicator-compromise.rules) * 1:47330 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:38862 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file download request (file-identify.rules) * 1:35286 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (file-flash.rules) * 1:46419 <-> DISABLED <-> OS-WINDOWS Microsoft Windows XXE information disclosure attempt (os-windows.rules) * 1:38135 <-> DISABLED <-> BROWSER-OTHER Apple iOS CoreGraphics library PDF embedded image handling information leak attempt (browser-other.rules) * 1:40325 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion default credential login attempt (server-other.rules) * 1:38953 <-> ENABLED <-> PUA-ADWARE Win.Adware.OpenSoftwareUpdater variant outbound connection attempt (pua-adware.rules) * 1:37863 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:37362 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 conversion library code execution attempt (file-office.rules) * 1:40089 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationBlink property use (indicator-compromise.rules) * 1:40188 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules) * 1:42065 <-> DISABLED <-> SERVER-OTHER kaskad SCADA daserver heap overflow exploitation attempt (server-other.rules) * 1:40174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:42995 <-> DISABLED <-> PROTOCOL-SCADA Weintek EB Pro denial of service attempt (protocol-scada.rules) * 1:42315 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream tile height out of bounds read attempt (file-pdf.rules) * 1:44907 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javscript use after free attempt (file-pdf.rules) * 1:38376 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:40356 <-> DISABLED <-> PUA-ADWARE Win.Trojan.InstantAccess variant outbound connection (pua-adware.rules) * 1:44374 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid hash algorithm (server-other.rules) * 1:40908 <-> ENABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules) * 1:43685 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod variant outbound connection (malware-other.rules) * 1:38390 <-> DISABLED <-> SERVER-OTHER HP JetDirect PJL path traversal attempt (server-other.rules) * 1:49025 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Integers ASCII reply (protocol-scada.rules) * 1:43806 <-> DISABLED <-> MALWARE-BACKDOOR HVL Rat inbound command (malware-backdoor.rules) * 1:40598 <-> DISABLED <-> INDICATOR-COMPROMISE shell script download with curl from external source (indicator-compromise.rules) * 1:48965 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:49013 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get UnitID ASCII reply (protocol-scada.rules) * 1:49019 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Longs ASCII reply (protocol-scada.rules) * 1:35917 <-> DISABLED <-> SERVER-OTHER Websense Triton Web Security untrusted remote file creation attempt (server-other.rules) * 1:36415 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel ALPC synchronous requests memory corruption attempt (os-windows.rules) * 1:35851 <-> DISABLED <-> SERVER-OTHER QEMU VNC set-pixel-format memory corruption attempt (server-other.rules) * 1:47274 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:43596 <-> DISABLED <-> SERVER-OTHER Oracle Demantra information disclosure attempt (server-other.rules) * 1:35688 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml file request (protocol-other.rules) * 1:45431 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-RequestPDU (protocol-scada.rules) * 1:44206 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules) * 1:40871 <-> DISABLED <-> MALWARE-OTHER Virut CnC command reply (malware-other.rules) * 1:45639 <-> DISABLED <-> SERVER-MAIL SqWebMail print_header_ua cross site scripting attempt (server-mail.rules) * 1:44103 <-> DISABLED <-> FILE-PDF Multiple products PDF JavaScript saveAs arbitrary file write attempt (file-pdf.rules) * 1:44756 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK denial of service attempt (server-other.rules) * 1:44051 <-> DISABLED <-> BROWSER-OTHER Apple Safari document.write buffer overflow attempt (browser-other.rules) * 1:42224 <-> DISABLED <-> SERVER-OTHER Moxa MX-AOPC XML external entity injection attempt (server-other.rules) * 1:37546 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules) * 1:47332 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (file-other.rules) * 1:39597 <-> DISABLED <-> FILE-MULTIMEDIA Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt (file-multimedia.rules) * 1:43871 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (file-image.rules) * 1:44039 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Launch action buffer overflow attempt (file-pdf.rules) * 1:42000 <-> DISABLED <-> SERVER-OTHER WolfSSL X509 parsing off-by-one code execution attempt (server-other.rules) * 1:45424 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ResponsePDU (protocol-scada.rules) * 1:37891 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS tunneling attempt (indicator-obfuscation.rules) * 1:47070 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:35829 <-> DISABLED <-> FILE-OTHER OpenOffice Starview metafile arbitrary read write attempt (file-other.rules) * 1:45072 <-> DISABLED <-> SERVER-SAMBA Samba write command memory leak attempt (server-samba.rules) * 1:38295 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:47379 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (file-pdf.rules) * 1:48863 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:35889 <-> DISABLED <-> PROTOCOL-SCADA Kaskad SCADA arbitrary command execution attempt (protocol-scada.rules) * 1:42261 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules) * 1:43798 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (file-other.rules) * 1:42284 <-> DISABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server DOS attempt (protocol-scada.rules) * 1:49006 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Longs ASCII request (protocol-scada.rules) * 1:42865 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS MIBEntryGet buffer overflow attempt (os-windows.rules) * 1:48327 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:38684 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:40564 <-> DISABLED <-> OS-LINUX Linux kernel madvise race condition attempt (os-linux.rules) * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules) * 1:46958 <-> DISABLED <-> OS-WINDOWS Microsoft Windows hidparse.sys privilege escalation attempt (os-windows.rules) * 1:37338 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:48346 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:44055 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules) * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules) * 1:48325 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:43177 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIPROTEC V4.24 crafted packet denial of service attempt (protocol-scada.rules) * 1:41784 <-> DISABLED <-> INDICATOR-COMPROMISE clorius controls information gathering attempt (indicator-compromise.rules) * 1:39666 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:38374 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:48332 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:45187 <-> DISABLED <-> SERVER-OTHER WinRadius long password denial of service attempt (server-other.rules) * 1:44476 <-> DISABLED <-> PUA-ADWARE Win.Adware.OutBrowse variant outbound connection detected (pua-adware.rules) * 1:35641 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:48343 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:38452 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38710 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:47378 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (file-pdf.rules) * 1:35831 <-> DISABLED <-> SERVER-OTHER multiple vendors NTP daemon integer overflow attempt (server-other.rules) * 1:47059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-image.rules) * 1:48344 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:43874 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (file-image.rules) * 1:48314 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:40874 <-> DISABLED <-> FILE-PDF Iceni Argus icnChainAlloc heap corruption attempt (file-pdf.rules) * 1:36912 <-> DISABLED <-> SERVER-OTHER Novell eDirectory dhost buffer overflow attempt (server-other.rules) * 1:45108 <-> DISABLED <-> PROTOCOL-RPC XDR string allocation denial of service attempt (protocol-rpc.rules) * 1:40485 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:39378 <-> DISABLED <-> PROTOCOL-FTP PUT overflow attempt (protocol-ftp.rules) * 1:37329 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:44369 <-> DISABLED <-> FILE-PDF Nitro Pro malformed object index buffer overflow attempt (file-pdf.rules) * 1:40165 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:42318 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream width out of bounds read attempt (file-pdf.rules) * 1:48169 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:43841 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:38661 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:41299 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:44066 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:47231 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules) * 1:47024 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (indicator-compromise.rules) * 1:45543 <-> DISABLED <-> FILE-OTHER WinAce RAR file directory traversal attempt (file-other.rules) * 1:37334 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:43517 <-> DISABLED <-> BROWSER-OTHER Apple Safari nested xml tag denial of service attempt (browser-other.rules) * 1:43633 <-> DISABLED <-> FILE-EXECUTABLE SandboxEscaper WER download attempt (file-executable.rules) * 1:39667 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:43773 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:38641 <-> DISABLED <-> INDICATOR-OBFUSCATION Invalid header line evasion attempt (indicator-obfuscation.rules) * 1:35797 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file download request (file-identify.rules) * 1:41072 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Test command with time tag (protocol-scada.rules) * 1:46398 <-> DISABLED <-> BROWSER-OTHER Mozilla Firefox table object integer underflow (browser-other.rules) * 1:47032 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:39110 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office HCell HncChart out of bounds write attempt (file-office.rules) * 1:39600 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image tile size heap buffer overflow attempt (file-image.rules) * 1:35248 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules) * 1:35974 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SURFACE objects kernel privilege escalation attempt (os-windows.rules) * 1:36251 <-> DISABLED <-> SERVER-OTHER ntpq atoascii memory corruption attempt (server-other.rules) * 1:48326 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48986 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set UnitID ASCII request (protocol-scada.rules) * 1:48918 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:47612 <-> DISABLED <-> FILE-OTHER Easy MPEG to DVD Burner buffer overflow attempt (file-other.rules) * 1:38659 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:44207 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules) * 1:44660 <-> DISABLED <-> SERVER-OTHER D-Link DIR-300 and DIR-600 command execution attempt (server-other.rules) * 1:47095 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules) * 1:39976 <-> DISABLED <-> SERVER-OTHER BGP bad marker strings (server-other.rules) * 1:39713 <-> ENABLED <-> MALWARE-OTHER MKVIS outbound communication attempt (malware-other.rules) * 1:37303 <-> DISABLED <-> APP-DETECT Hola VPN X-Hola-Version header attempt (app-detect.rules) * 1:37417 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT server file download (malware-backdoor.rules) * 1:45417 <-> DISABLED <-> POLICY-OTHER Stratum mining protocol outbound connection attempt (policy-other.rules) * 1:35546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:40192 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:37028 <-> DISABLED <-> PROTOCOL-OTHER Websocket upgrade request without a client key detected (protocol-other.rules) * 1:36535 <-> DISABLED <-> EXPLOIT-KIT Neutrino exploit kit landing page detected (exploit-kit.rules) * 1:38549 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_parse_cmd_extprofile out of bounds read attempt (server-other.rules) * 1:38441 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38989 <-> DISABLED <-> MALWARE-TOOLS TorStresser http DoS tool (malware-tools.rules) * 1:37432 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ExtGState use after free attempt (file-pdf.rules) * 1:35981 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules) * 1:49064 <-> DISABLED <-> SERVER-OTHER Westermo router default credential login attempt (server-other.rules) * 1:41061 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Measured value (protocol-scada.rules) * 1:48329 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:43002 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:37328 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:38292 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules) * 1:35405 <-> DISABLED <-> SERVER-OTHER HP Release Control authenticated privilege escalation attempt (server-other.rules) * 1:40377 <-> DISABLED <-> OS-WINDOWS Microsoft GDI local privilege escalation attempt (os-windows.rules) * 1:41531 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41794 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:43660 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Server information disclosure attempt (server-oracle.rules) * 1:42109 <-> DISABLED <-> PROTOCOL-SCADA invalid modbus protocol identifier (protocol-scada.rules) * 1:48570 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell commands sent in X-JEX headers (malware-tools.rules) * 1:36407 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (os-windows.rules) * 1:45380 <-> DISABLED <-> SERVER-OTHER Sixnet SixView Manager directory traversal attempt (server-other.rules) * 1:44286 <-> DISABLED <-> FILE-IMAGE Real-DRAW PRO malformed PNG denial of service attempt (file-image.rules) * 1:44878 <-> DISABLED <-> SERVER-OTHER Mako Web Server arbitrary file upload attempt (server-other.rules) * 1:35545 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:36446 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 10 low integrity level NTFS mount reparse point bypass attempt (os-windows.rules) * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:47626 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (file-other.rules) * 1:47187 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules) * 1:37403 <-> DISABLED <-> SERVER-OTHER Easy Chat server authentication request password parameter overflow attempt (server-other.rules) * 1:48919 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:40391 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file download request (file-identify.rules) * 1:42971 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (file-pdf.rules) * 1:47018 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 __defineGetter__ memory corruption attempt (browser-chrome.rules) * 1:42969 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (file-pdf.rules) * 1:43130 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:38373 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:40610 <-> DISABLED <-> INDICATOR-COMPROMISE DNS response points to sinkholed domain (indicator-compromise.rules) * 1:35563 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime esds atom buffer overread attempt (file-multimedia.rules) * 1:38375 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:43872 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (file-image.rules) * 1:47962 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules) * 1:43162 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:37583 <-> DISABLED <-> INDICATOR-SHELLCODE Javascript 0xCCCC unicode unescape (indicator-shellcode.rules) * 1:44796 <-> DISABLED <-> FILE-OFFICE Hewlett-Packard Autonomy KeyView library stack-based buffer overflow attempt (file-office.rules) * 1:40173 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player out of bounds memory access attempt (file-flash.rules) * 1:35739 <-> DISABLED <-> FILE-PDF Adobe Reader GoToE javascript execution attempt (file-pdf.rules) * 1:42919 <-> DISABLED <-> FILE-IDENTIFY ISO file attachment with executable detected (file-identify.rules) * 1:37861 <-> DISABLED <-> SERVER-OTHER SafeNEt SoftRemote IKE service buffer overflow attempt (server-other.rules) * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (policy-other.rules) * 1:41063 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Parameter value (protocol-scada.rules) * 1:43562 <-> DISABLED <-> POLICY-OTHER Teleopti WFM database information request detected (policy-other.rules) * 1:42282 <-> DISABLED <-> OS-SOLARIS Solaris catflap telnet remote code execution attempt (os-solaris.rules) * 1:38713 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38130 <-> DISABLED <-> POLICY-OTHER HTTP Request missing user-agent (policy-other.rules) * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:35980 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules) * 1:38690 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:44434 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server possible OPTIONS method memory leak attempt (server-apache.rules) * 1:35514 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtGdiGetTextMetricsW TEXTMETRICW kernel mode ASLR bypass attempt (os-windows.rules) * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:43922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:35777 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:47940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules) * 1:44479 <-> DISABLED <-> PROTOCOL-DNS dnsmasq overly large DNS query denial of service attempt (protocol-dns.rules) * 1:38703 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:43601 <-> DISABLED <-> FILE-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (file-other.rules) * 1:35988 <-> DISABLED <-> FILE-EXECUTABLE NtGdiStretchBlt buffer overflow privilege escalation attempt (file-executable.rules) * 1:35994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop window privilege escalation attempt (os-windows.rules) * 1:40199 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:44864 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer OLE auto-open attempt (indicator-compromise.rules) * 1:49030 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Operands binary reply (protocol-scada.rules) * 1:43262 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:45499 <-> DISABLED <-> SERVER-OTHER ISC DHCPD remote denial of service attempt (server-other.rules) * 1:45247 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox DOM event handler privilege escalation attempt (browser-firefox.rules) * 1:36607 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (file-flash.rules) * 1:43769 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:40321 <-> DISABLED <-> SERVER-APACHE Apache Tomcat credential disclosure attempt (server-apache.rules) * 1:42350 <-> DISABLED <-> PROTOCOL-SCADA InduSoft Web Studio CEServer buffer overflow attempt (protocol-scada.rules) * 1:35253 <-> DISABLED <-> SERVER-OTHER LibreOffice Impress socket manager Use After Free attempt (server-other.rules) * 1:49005 <-> DISABLED <-> PROTOCOL-SCADA PCOM Reset Device ASCII request (protocol-scada.rules) * 1:44680 <-> DISABLED <-> SERVER-OTHER Beetel Connection Manager username buffer overflow attempt (server-other.rules) * 1:36240 <-> ENABLED <-> FILE-JAVA Oracle Java System.arraycopy race condition attempt (file-java.rules) * 1:35770 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Cobrike outbound connection (malware-backdoor.rules) * 1:46336 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed User Manager service unauthorized API access attempt (server-apache.rules) * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules) * 1:35740 <-> DISABLED <-> FILE-PDF Adobe Reader GoToE javascript execution attempt (file-pdf.rules) * 1:39675 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:35763 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules) * 1:39907 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 SMTP upload attempt (malware-other.rules) * 1:41305 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:46980 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office Discovery User-Agent to a potential URL shortener service (indicator-compromise.rules) * 1:41659 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.MagicHound dropper document file detected (malware-other.rules) * 1:47268 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:42319 <-> DISABLED <-> FILE-PDF Poppler PDF library embedded jp2 COD levels integer overflow attempt (file-pdf.rules) * 1:39416 <-> DISABLED <-> PUA-OTHER RMS rmansys remote management tool cnc communication (pua-other.rules) * 1:43752 <-> DISABLED <-> SERVER-OTHER Sun Solaris dhcpd malformed bootp denial of service attempt (server-other.rules) * 1:47883 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (file-other.rules) * 1:36378 <-> DISABLED <-> BROWSER-OTHER Google Chrome invalid URI denial of service attempt (browser-other.rules) * 1:44759 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (file-other.rules) * 1:39787 <-> DISABLED <-> PUA-ADWARE Win.Dowadmin.Adware outbound connection detected (pua-adware.rules) * 1:46976 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (browser-chrome.rules) * 1:38263 <-> DISABLED <-> SERVER-OTHER CUPS Filters command injection attempt (server-other.rules) * 1:48040 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules) * 1:40087 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineThrough property use (indicator-compromise.rules) * 1:46381 <-> DISABLED <-> INDICATOR-COMPROMISE Potential data exfiltration through Google form submission (indicator-compromise.rules) * 1:44015 <-> DISABLED <-> PROTOCOL-OTHER STCP heartbeat chunk denial of service attempt (protocol-other.rules) * 1:48224 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox sandbox escape attempt (browser-firefox.rules) * 1:40313 <-> DISABLED <-> SQL PostgreSQL potential remote code execution attempt (sql.rules) * 1:37301 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:40840 <-> DISABLED <-> PUA-OTHER Bitcoin Mining subscribe Stratum protocol client request attempt (pua-other.rules) * 1:46326 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed PageManagementService persistent XSS attempt (server-apache.rules) * 1:42871 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:47639 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling (indicator-obfuscation.rules) * 1:36317 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URI loaded FLV potential information leak attempt (file-flash.rules) * 1:36253 <-> DISABLED <-> SERVER-OTHER ntpd saveconfig directory traversal attempt (server-other.rules) * 1:43132 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:41534 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy server method negotiation on non-standard port (indicator-compromise.rules) * 1:40046 <-> DISABLED <-> SERVER-OTHER PHP locale_accept_from_http out of bounds read attempt (server-other.rules) * 1:45311 <-> DISABLED <-> POLICY-OTHER Vicon Security and Infinova IP cameras IP filer state change (policy-other.rules) * 1:48328 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:41915 <-> DISABLED <-> POLICY-OTHER Carel PlantVisorPRO insecure SQL query transmission (policy-other.rules) * 1:44957 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed XObject use after free attempt (file-pdf.rules) * 1:39443 <-> DISABLED <-> PUA-ADWARE Win.Adware.InstallFaster variant outbound connection attempt (pua-adware.rules) * 1:39745 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.FakeRean outbound connection detection (malware-other.rules) * 1:36543 <-> ENABLED <-> EXPLOIT-KIT Hunter exploit kit landing page detected (exploit-kit.rules) * 1:44633 <-> DISABLED <-> SERVER-OTHER Colorado FTP Server directory traversal attempt (server-other.rules) * 1:40459 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:37500 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Basefont string overflow attempt (file-pdf.rules) * 1:43705 <-> DISABLED <-> SERVER-OTHER HPE LoadRunner buffer overflow exploitation attempt (server-other.rules) * 1:48920 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:36530 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:44368 <-> DISABLED <-> PROTOCOL-SCADA CoDeSys GatewayService heap overrun attempt (protocol-scada.rules) * 1:37337 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:44121 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (file-other.rules) * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (file-identify.rules) * 1:41091 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Crash Ethernet attempt (protocol-scada.rules) * 1:39356 <-> ENABLED <-> MALWARE-OTHER Lamer outbound communication attempt (malware-other.rules) * 1:49050 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC S7-1500 remote denial of service attempt (protocol-scada.rules) * 1:47232 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:37619 <-> DISABLED <-> SERVER-OTHER InterSystems Cache UtilConfigHome.csp buffer overflow attempt (server-other.rules) * 1:42970 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (file-pdf.rules) * 1:48995 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Bits ASCII request (protocol-scada.rules) * 1:46673 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:43116 <-> DISABLED <-> SERVER-OTHER Moore Industries NCS denial of service attempt (server-other.rules) * 1:36239 <-> ENABLED <-> FILE-JAVA Oracle Java System.arraycopy race condition attempt (file-java.rules) * 1:45535 <-> DISABLED <-> FILE-OTHER Ghostscript eqproc type confusion attempt (file-other.rules) * 1:35530 <-> DISABLED <-> FILE-OTHER Microsoft Windows malformed TTF table hmtx remote code execution attempt (file-other.rules) * 1:40195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:45434 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-RequestPDU (protocol-scada.rules) * 1:43640 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (file-office.rules) * 1:42263 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:48913 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:48934 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:38271 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt (server-other.rules) * 1:42349 <-> DISABLED <-> PROTOCOL-SCADA InduSoft Web Studio CEServer buffer overflow attempt (protocol-scada.rules) * 1:43880 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF polygon heap buffer overflow attempt (file-other.rules) * 1:39357 <-> ENABLED <-> MALWARE-OTHER Flopex outbound communication attempt (malware-other.rules) * 1:38501 <-> DISABLED <-> MALWARE-OTHER samsam samsam.exe file load attempt (malware-other.rules) * 1:39993 <-> DISABLED <-> SERVER-OTHER Netcore router backdoor access attempt (server-other.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:49062 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:36650 <-> DISABLED <-> PROTOCOL-ICMP Squid Pinger IPv6 denial of service attempt (protocol-icmp.rules) * 1:45919 <-> DISABLED <-> EXPLOIT-KIT Sundown/Terror EK landing page attempt (exploit-kit.rules) * 1:39863 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:40530 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (pua-adware.rules) * 1:45433 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ErrorPDU (protocol-scada.rules) * 1:38324 <-> DISABLED <-> FILE-OTHER 7zip HFS+ handling heap buffer overflow attempt (file-other.rules) * 1:43388 <-> DISABLED <-> OS-OTHER Apple OSX CFNetwork HTTP response denial of service attempt (os-other.rules) * 1:35469 <-> ENABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:46428 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:36585 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari user assisted applescript code execution attempt (browser-webkit.rules) * 1:38575 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS change cipher spec protocol denial of service attempt (server-other.rules) * 1:43672 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products obfuscated cross site scripting attempt (browser-firefox.rules) * 1:46670 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:42265 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:43566 <-> DISABLED <-> SERVER-OTHER LAN Messenger initiation request buffer overflow attempt (server-other.rules) * 1:47357 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:45071 <-> DISABLED <-> SERVER-SAMBA Samba write and unlock command memory leak attempt (server-samba.rules) * 1:36316 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URI loaded MP4 potential information leak attempt (file-flash.rules) * 1:37057 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:38360 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (malware-other.rules) * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:45780 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:44981 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Kristina encryption over SMB attempt (malware-other.rules) * 1:35287 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (file-flash.rules) * 1:38851 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file download request (file-identify.rules) * 1:39708 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:43892 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules) * 1:47896 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules) * 1:36545 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (server-other.rules) * 1:48400 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds read attempt (file-flash.rules) * 1:43139 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large data allocation denial of service attempt (protocol-scada.rules) * 1:36528 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:38327 <-> ENABLED <-> MALWARE-BACKDOOR ReGeorg proxy read attempt (malware-backdoor.rules) * 1:39922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:39768 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Alfa download attempt (malware-other.rules) * 1:43252 <-> DISABLED <-> PROTOCOL-SCADA IEC 61850 device connection enumeration attempt (protocol-scada.rules) * 1:40536 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:37452 <-> DISABLED <-> FILE-IDENTIFY PESpin v0.3 packer file magic detected (file-identify.rules) * 1:39923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:43301 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:42307 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF out of bounds memory access attempt (file-pdf.rules) * 1:43970 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIER16 out of bounds access attempt (file-multimedia.rules) * 1:42266 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:40170 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player use after free attempt (file-flash.rules) * 1:43753 <-> DISABLED <-> SERVER-OTHER Sami FTP RETR denial of service attempt (server-other.rules) * 1:38694 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:44665 <-> DISABLED <-> SERVER-OTHER Easy Chat Server buffer overflow attempt (server-other.rules) * 1:42320 <-> DISABLED <-> FILE-PDF Poppler PDF library embedded jp2 COD levels integer overflow attempt (file-pdf.rules) * 1:45583 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP SIP servers discovery attempt (protocol-voip.rules) * 1:38529 <-> DISABLED <-> MALWARE-OTHER XBot CC Social Engineering (malware-other.rules) * 1:36011 <-> DISABLED <-> OS-WINDOWS Microsoft Windows task scheduler race condition attempt (os-windows.rules) * 1:43581 <-> DISABLED <-> SERVER-OTHER Oracle DBMS AUTH_ALTER_SESSION SQL injection attempt (server-other.rules) * 1:35769 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Cobrike inbound connection (malware-backdoor.rules) * 1:43669 <-> DISABLED <-> FILE-OTHER Node.js JS-YAML js function tag code execution attempt (file-other.rules) * 1:38693 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:46373 <-> DISABLED <-> PROTOCOL-OTHER CLDAP potential reflected distributed denial of service attempt (protocol-other.rules) * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:47094 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules) * 1:42256 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB anonymous user session setup request detected (os-windows.rules) * 1:41057 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Integrated totals (protocol-scada.rules) * 1:46712 <-> DISABLED <-> FILE-OTHER Adobe Professional BMP embedded image heap overflow attempt (file-other.rules) * 1:48134 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules) * 1:45206 <-> DISABLED <-> BROWSER-FIREFOX Multiple browser pressure function denial of service attempt (browser-firefox.rules) * 1:44905 <-> DISABLED <-> FILE-PDF Adobe Acrobat untrusted pointer dereference attempt (file-pdf.rules) * 1:44666 <-> DISABLED <-> SERVER-OTHER Easy Chat Server buffer overflow attempt (server-other.rules) * 1:43923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:35766 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules) * 1:43952 <-> DISABLED <-> FILE-OTHER VLC Media Player malformed AMR buffer overflow attempt (file-other.rules) * 1:46931 <-> DISABLED <-> INDICATOR-COMPROMISE dynamic Excel web query file download attempt (indicator-compromise.rules) * 1:44721 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate Manager process arbitrary file execution attempt (server-other.rules) * 1:36803 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt (server-other.rules) * 1:47314 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (file-image.rules) * 1:44442 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules) * 1:42875 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:44194 <-> DISABLED <-> FILE-MULTIMEDIA multiple audio players playlist file handling heap overflow attempt (file-multimedia.rules) * 1:35995 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop window privilege escalation attempt (os-windows.rules) * 1:43770 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:46383 <-> DISABLED <-> SERVER-OTHER Micro Focus Operations Orchestration information disclosure attempt (server-other.rules) * 1:37339 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:48330 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:43784 <-> DISABLED <-> POLICY-OTHER D-Link DIR-645 router external authentication attempt (policy-other.rules) * 1:43845 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:44181 <-> DISABLED <-> FILE-OTHER Bluezone Desktop buffer overflow attempt (file-other.rules) * 1:43146 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:48998 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Bits ASCII request (protocol-scada.rules) * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:38706 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:45802 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:43840 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP response format string exploit attempt (file-other.rules) * 1:38731 <-> DISABLED <-> SERVER-OTHER Squid Proxy range header denial of service attempt (server-other.rules) * 1:43228 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 force on denial of service attempt (protocol-scada.rules) * 1:41058 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Interrogation command (protocol-scada.rules) * 1:36887 <-> DISABLED <-> POLICY-OTHER self-signed SSL certificate eDellRoot use attempt (policy-other.rules) * 1:43443 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Sorebrect download attempt (malware-other.rules) * 1:48212 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out-of-bounds write attempt (file-pdf.rules) * 1:48222 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantomPDF use after free exploitation attempt (file-pdf.rules) * 1:48555 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:41445 <-> DISABLED <-> SERVER-OTHER QNAP remote buffer overflow attempt (server-other.rules) * 1:49059 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:48029 <-> DISABLED <-> SERVER-MAIL PHPMailer information disclosure attempt (server-mail.rules) * 1:45403 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word memory corruption exploit attempt (file-office.rules) * 1:35242 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (file-pdf.rules) * 1:45491 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word PlfLfo use after free attempt (file-office.rules) * 1:44156 <-> DISABLED <-> SERVER-APACHE Apache Qpid AMQP denial of service attempt (server-apache.rules) * 1:37867 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf arbitrary pointer access attempt (file-pdf.rules) * 1:41308 <-> DISABLED <-> FILE-OTHER Dell Precision Optimizer dll-load exploit attempt (file-other.rules) * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:43767 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox floating layer denial of service attempt (browser-firefox.rules) * 1:38172 <-> DISABLED <-> FILE-OTHER Adobe Acrobat updaternotifications.dll dll-load exploit attempt (file-other.rules) * 1:45059 <-> DISABLED <-> FILE-OTHER Microsoft Windows UAC bypass attempt (file-other.rules) * 1:41648 <-> DISABLED <-> PROTOCOL-SCADA SCADA Trace Mode DoS attempt (protocol-scada.rules) * 1:38687 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:43764 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree node removal memory corruption attempt (browser-firefox.rules) * 1:41990 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Com Session Moniker pivilege escalation attempt (file-executable.rules) * 1:36408 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (os-windows.rules) * 1:38497 <-> DISABLED <-> MALWARE-OTHER samsam delfiletype.exe file load attempt (malware-other.rules) * 1:10088 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by smtp (malware-other.rules) * 1:45042 <-> DISABLED <-> BROWSER-OTHER Adobe Acrobat Pro WebCapture information disclosure attempt (browser-other.rules) * 1:40125 <-> DISABLED <-> FILE-OTHER Ichitaro Office Excel TxO record heap overflow attempt (file-other.rules) * 1:38859 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38716 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38545 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_update_contact out of bounds read attempt (server-other.rules) * 1:39805 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:38823 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:47315 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (file-image.rules) * 1:39265 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (file-flash.rules) * 1:38682 <-> ENABLED <-> EXPLOIT-KIT Angler Exploit Kit email gate (exploit-kit.rules) * 1:39778 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file download request (file-identify.rules) * 1:44695 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules) * 1:48988 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Inputs ASCII request (protocol-scada.rules) * 1:40162 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:46672 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:36565 <-> DISABLED <-> FILE-MULTIMEDIA libav LZO integer overflow attempt (file-multimedia.rules) * 1:43054 <-> DISABLED <-> OS-WINDOWS Microsoft Windows IIS buffer overflow attempt (os-windows.rules) * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:46957 <-> DISABLED <-> OS-WINDOWS Microsoft Windows hidparse.sys privilege escalation attempt (os-windows.rules) * 1:36457 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:35628 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime tkhd atom matrix integer overflow attempt (file-multimedia.rules) * 1:38666 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP header invalid entry evasion attempt (indicator-obfuscation.rules) * 1:36028 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys use after free attempt (os-windows.rules) * 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:43956 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine integer overflow attempt (browser-chrome.rules) * 1:36012 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel SettingsSyncDiagnostics privilege escalation attempt (os-windows.rules) * 1:37154 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid RSASSA-PSS certificate denial of service attempt (server-other.rules) * 1:43230 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:42064 <-> DISABLED <-> SERVER-OTHER kaskad SCADA daserver heap overflow exploitation attempt (server-other.rules) * 1:43987 <-> DISABLED <-> SERVER-OTHER Konqueror KDE ftp iframe denial of service attempt (server-other.rules) * 1:47686 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules) * 1:35411 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor Policy ByPass command injection attempt (browser-chrome.rules) * 1:37058 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:46766 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:36194 <-> DISABLED <-> POLICY-OTHER BitTorrent distributed reflected denial-of-service attempt (policy-other.rules) * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:40175 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:36419 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:45165 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 2 dump request attempt (policy-other.rules) * 1:42100 <-> DISABLED <-> FILE-EXECUTABLE AnC MMU side channel ASLR bypass attack (file-executable.rules) * 1:47146 <-> DISABLED <-> POLICY-OTHER Siemens SICAM PAS hard coded factory account usage attempt (policy-other.rules) * 1:39744 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:47279 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:35782 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (file-pdf.rules) * 1:35250 <-> ENABLED <-> FILE-IDENTIFY GNI file magic detected (file-identify.rules) * 1:38321 <-> DISABLED <-> NETBIOS SMB svcctl named pipe creation attempt (netbios.rules) * 1:46317 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules) * 1:45571 <-> DISABLED <-> SERVER-OTHER Commvault Communications Service command injection attempt (server-other.rules) * 1:45534 <-> DISABLED <-> FILE-OTHER Ghostscript rsdparams type confusion attempt (file-other.rules) * 1:46932 <-> DISABLED <-> INDICATOR-COMPROMISE dynamic Excel web query file download attempt (indicator-compromise.rules) * 1:47333 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (file-other.rules) * 1:39682 <-> DISABLED <-> PUA-ADWARE Win.Adware.EoRezo outbound ad download attempt (pua-adware.rules) * 1:41050 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STOPDT CON (protocol-scada.rules) * 1:49001 <-> DISABLED <-> PROTOCOL-SCADA PCOM Start Device ASCII request (protocol-scada.rules) * 1:43610 <-> DISABLED <-> SERVER-OTHER Piwigo LocalFiles editor cross-site request forgery attempt (server-other.rules) * 1:36479 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:43333 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules) * 1:42289 <-> DISABLED <-> INDICATOR-SCAN PHP info leak attempt (indicator-scan.rules) * 1:43843 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:43684 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod variant file download (malware-other.rules) * 1:44704 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:45533 <-> DISABLED <-> FILE-OTHER Ghostscript rsdparams type confusion attempt (file-other.rules) * 1:40486 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:40387 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules) * 1:36748 <-> ENABLED <-> FILE-IDENTIFY TTF file attachment detected (file-identify.rules) * 1:37055 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:46679 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (indicator-compromise.rules) * 1:36035 <-> DISABLED <-> FILE-FLASH Infinity popup toolkit detected (file-flash.rules) * 1:36309 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (file-image.rules) * 1:43075 <-> DISABLED <-> INDICATOR-COMPROMISE SysAid mssql potentially malicious user permissions creation (indicator-compromise.rules) * 1:38893 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:48337 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:40354 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Runtime malformed ASF codec memory corruption attempt (os-windows.rules) * 1:45879 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF listoverride memory corruption attempt (file-office.rules) * 1:49007 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Integers ASCII request (protocol-scada.rules) * 1:37331 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:46765 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:38663 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:45126 <-> DISABLED <-> FILE-OTHER Adobe Shockwave newModel memory disclosure attempt (file-other.rules) * 1:44114 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:43368 <-> DISABLED <-> FILE-OTHER Compface xbm long declaration buffer overflow attempt (file-other.rules) * 1:43231 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:37442 <-> ENABLED <-> FILE-OTHER Adobe Flash Player javascript parsing cross site scripting attempt (file-other.rules) * 1:40458 <-> DISABLED <-> BROWSER-OTHER Android browser file exfiltration attempt (browser-other.rules) * 1:36609 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (file-flash.rules) * 1:48571 <-> DISABLED <-> MALWARE-TOOLS JexBoss User-Agent detected (malware-tools.rules) * 1:49027 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Ouputs ASCII reply (protocol-scada.rules) * 1:38715 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules) * 1:36201 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit exfiltration attempt (exploit-kit.rules) * 1:43643 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox design mode deleted style memory corruption attempt (browser-firefox.rules) * 1:43873 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (file-image.rules) * 1:40197 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:41532 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:37281 <-> DISABLED <-> FILE-OTHER Microsoft Office MScomctl.ocx memory leak attempt (file-other.rules) * 1:48312 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:35665 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules) * 1:43673 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products obfuscated cross site scripting attempt (browser-firefox.rules) * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (policy-other.rules) * 1:37325 <-> DISABLED <-> BROWSER-CHROME Google Chrome same origin policy bypass attempt (browser-chrome.rules) * 1:38572 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (file-other.rules) * 1:45428 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-RequestPDU (protocol-scada.rules) * 1:40054 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:43818 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (os-windows.rules) * 1:42229 <-> DISABLED <-> INDICATOR-COMPROMISE RTF url moniker COM file download attempt (indicator-compromise.rules) * 1:44686 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules) * 1:41537 <-> DISABLED <-> SERVER-OTHER Siemens WinCC TIA Portal DOS attempt (server-other.rules) * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:39111 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office HCell HncChart out of bounds write attempt (file-office.rules) * 1:43683 <-> DISABLED <-> FILE-OTHER Xion Media Player AIFF denial of service attempt (file-other.rules) * 1:49017 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Inputs ASCII reply (protocol-scada.rules) * 1:45101 <-> DISABLED <-> PROTOCOL-SCADA vxworks rpc credential flavor integer overflow device crash attempt (protocol-scada.rules) * 1:39975 <-> ENABLED <-> MALWARE-OTHER Andr.Trojan.KungFu variant download (malware-other.rules) * 1:42264 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:45058 <-> DISABLED <-> FILE-OTHER Microsoft Windows UAC bypass attempt (file-other.rules) * 1:45153 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft MsMpEng shrink compressed zip code execution attempt (indicator-compromise.rules) * 1:35786 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader trusted function privilege escalation attempt (file-pdf.rules) * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:44358 <-> DISABLED <-> PUA-ADWARE DealPly Adware variant outbound connection (pua-adware.rules) * 1:47060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-image.rules) * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:46393 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file detected (file-identify.rules) * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules) * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:48967 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:42231 <-> DISABLED <-> FILE-OFFICE RTF url moniker COM file download attempt (file-office.rules) * 1:45069 <-> DISABLED <-> SERVER-SAMBA Samba write andx command memory leak attempt (server-samba.rules) * 1:36787 <-> DISABLED <-> FILE-OTHER Apple SceneKit qlmanage setelementname buffer overflow attempt (file-other.rules) * 1:44143 <-> DISABLED <-> SERVER-OTHER LCDproc test_func format string code execution attempt (server-other.rules) * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules) * 1:42281 <-> DISABLED <-> OS-SOLARIS Solaris catflap telnet remote code execution attempt (os-solaris.rules) * 1:43677 <-> DISABLED <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt (file-pdf.rules) * 1:35550 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:35973 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SURFACE objects kernel privilege escalation attempt (os-windows.rules) * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:39928 <-> ENABLED <-> MALWARE-OTHER pisloader DNS open command response attempt (malware-other.rules) * 1:39058 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:44038 <-> DISABLED <-> SERVER-OTHER LCDproc parse_all_client_messages buffer overflow attempt (server-other.rules) * 1:40333 <-> DISABLED <-> PROTOCOL-SCADA Rockwell firmware upload attempt (protocol-scada.rules) * 1:39045 <-> DISABLED <-> FILE-OTHER libarchive RAR RestartModel out of bounds write attempt (file-other.rules) * 1:48931 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:39904 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 download attempt (malware-other.rules) * 1:47267 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:40389 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules) * 1:44375 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid signature algorithm (server-other.rules) * 1:39151 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT message length overflow attempt (server-other.rules) * 1:47033 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:37868 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:46447 <-> DISABLED <-> POLICY-OTHER TP-Link device reboot attempt (policy-other.rules) * 1:47990 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:44623 <-> DISABLED <-> POLICY-OTHER EMC Autostart default domain login attempt (policy-other.rules) * 1:37495 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter compressed stream length code execution attempt (file-pdf.rules) * 1:44056 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules) * 1:43918 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:36250 <-> DISABLED <-> SERVER-OTHER ntpd keyfile buffer overflow attempt (server-other.rules) * 1:41464 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (file-executable.rules) * 1:37620 <-> DISABLED <-> PUA-ADWARE Genieo Adware framework variant outbound connection (pua-adware.rules) * 1:45934 <-> DISABLED <-> FILE-EXECUTABLE Binutils objdump integer overflow attempt (file-executable.rules) * 1:45476 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox HTTP index format out of bounds read attempt (browser-firefox.rules) * 1:47685 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules) * 1:39463 <-> DISABLED <-> FILE-EXECUTABLE McAfee LiveSafe malformed executable denial of service attempt (file-executable.rules) * 1:42271 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:44209 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules) * 1:47280 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:43259 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:42861 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon TM221CE16R password retrieval attempt (protocol-scada.rules) * 1:40355 <-> DISABLED <-> PROTOCOL-FTP z/OS FTP Job Entry Subsystem JCL execution attempt (protocol-ftp.rules) * 1:41043 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Ethernet Reset attempt (protocol-scada.rules) * 1:35858 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:43003 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:40297 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (file-image.rules) * 1:35629 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime tkhd atom matrix integer overflow attempt (file-multimedia.rules) * 1:48347 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:47353 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:38701 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:36420 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:43638 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (file-office.rules) * 1:36767 <-> DISABLED <-> FILE-OTHER Microsoft Outlook for Mac EML file http-equiv refresh url attempt (file-other.rules) * 1:39986 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt (indicator-compromise.rules) * 1:41132 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules) * 1:43750 <-> DISABLED <-> FILE-OTHER Sorensoft Media Player asz file buffer overflow attempt (file-other.rules) * 1:45246 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox DOM event handler privilege escalation attempt (browser-firefox.rules) * 1:40326 <-> DISABLED <-> SERVER-OTHER JBoss directory traversal attempt (server-other.rules) * 1:47943 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules) * 1:44931 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file embedded JPEG invalid SOS data memory corruption attempt (file-other.rules) * 1:37341 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:44691 <-> DISABLED <-> PUA-ADWARE Win.Adware.Clover outbound connection (pua-adware.rules) * 1:43976 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Hermit variant malicious dropper download attempt (malware-other.rules) * 1:43682 <-> DISABLED <-> FILE-OTHER Xion Media Player AIFF denial of service attempt (file-other.rules) * 1:48249 <-> DISABLED <-> SERVER-OTHER GP ProEX WinGP Runtime directory traversal attempt (server-other.rules) * 1:48925 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:45029 <-> DISABLED <-> FILE-PDF JPEG2000 image coding style default information disclosure attempt (file-pdf.rules) * 1:40913 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Flokibot variant download attempt (malware-other.rules) * 1:36711 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file attachment detected (file-identify.rules) * 1:46394 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file attachment detected (file-identify.rules) * 1:46725 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (file-image.rules) * 1:38546 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT table markup command out of bounds read attempt (server-other.rules) * 1:39798 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:38323 <-> DISABLED <-> FILE-OTHER 7zip HFS+ handling heap buffer overflow attempt (file-other.rules) * 1:43450 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file double free attempt (file-office.rules) * 1:38446 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:43297 <-> DISABLED <-> SERVER-OTHER Cisco ASA 5500 series denial of service attempt (server-other.rules) * 1:42057 <-> DISABLED <-> PROTOCOL-SCADA Moxa unlock function code attempt (protocol-scada.rules) * 1:39780 <-> DISABLED <-> FILE-OTHER Ubisoft Heroes of Might and Magic III .h3m map file buffer overflow attempt (file-other.rules) * 1:48996 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Longs ASCII request (protocol-scada.rules) * 1:38655 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:45228 <-> DISABLED <-> SERVER-OTHER Medal Of Honor Allied Assault getinfo buffer overflow attempt (server-other.rules) * 1:38767 <-> DISABLED <-> INDICATOR-COMPROMISE potential abuse of originating page privileges by new tab (indicator-compromise.rules) * 1:49063 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:45612 <-> DISABLED <-> PROTOCOL-TFTP WRITE long filename attempt (protocol-tftp.rules) * 1:47385 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:43298 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit WebCore CSSSelector denial of service attempt (browser-webkit.rules) * 1:43844 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:39987 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules) * 1:42267 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:40597 <-> DISABLED <-> INDICATOR-COMPROMISE shell script download with wget from external source (indicator-compromise.rules) * 1:37651 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.Downloader outbound connection attempt (malware-tools.rules) * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:39755 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Retefe variant malicious certificate installation page (malware-other.rules) * 1:36034 <-> DISABLED <-> FILE-FLASH Infinity popup toolkit detected (file-flash.rules) * 1:42086 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:41530 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:35805 <-> DISABLED <-> FILE-EXECUTABLE Adobe Reader NtSetInformationFile privilege escalation attempt (file-executable.rules) * 1:48991 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Bits ASCII request (protocol-scada.rules) * 1:44576 <-> DISABLED <-> SERVER-OTHER Samsung Security Manager ActiveMQ arbitrary file upload attempt (server-other.rules) * 1:39671 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (policy-other.rules) * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules) * 1:36306 <-> DISABLED <-> FILE-PDF Foxit Reader PNG to PDF conversion heap buffer overflow attempt (file-pdf.rules) * 1:43763 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree node removal memory corruption attempt (browser-firefox.rules) * 1:44758 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (file-other.rules) * 1:48318 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (policy-other.rules) * 1:37407 <-> DISABLED <-> FILE-OTHER librtmp invalid pointer dereference attempt (file-other.rules) * 1:42847 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF heap overflow attempt (file-image.rules) * 1:36789 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript large regex memory corruption attempt (browser-firefox.rules) * 1:46072 <-> DISABLED <-> FILE-OTHER Python lib wave.py wav zero channel denial of service attempt (file-other.rules) * 1:47382 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (file-image.rules) * 1:42352 <-> DISABLED <-> FILE-PDF Poppler readProgressiveSOF out of bounds write attempt (file-pdf.rules) * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:39049 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office NXDeleteLineObj memory corruption attempt (file-office.rules) * 1:39877 <-> DISABLED <-> PROTOCOL-SNMP Allen-Bradley MicroLogix PLC firmware update detected (protocol-snmp.rules) * 1:44932 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file embedded JPEG invalid SOS data memory corruption attempt (file-other.rules) * 1:43632 <-> DISABLED <-> FILE-EXECUTABLE SandboxEscaper WER download attempt (file-executable.rules) * 1:44676 <-> DISABLED <-> SERVER-OTHER Wireshark Sigcomp buffer overflow attempt (server-other.rules) * 1:43652 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox large window null pointer dereference attempt (browser-firefox.rules) * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:35543 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:38705 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:38289 <-> DISABLED <-> FILE-PDF Oracle IOT IX SDK libvs_pdf null pointer dereference attempt (file-pdf.rules) * 1:42101 <-> DISABLED <-> FILE-EXECUTABLE AnC MMU side channel ASLR bypass attack (file-executable.rules) * 1:47319 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds write attempt (file-pdf.rules) * 1:41118 <-> DISABLED <-> SERVER-OTHER OpenSSL ChaCha20 Poly1305 heap-buffer overflow attempt (server-other.rules) * 1:45349 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules) * 1:40320 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:36010 <-> DISABLED <-> OS-WINDOWS Microsoft Windows task scheduler race condition attempt (os-windows.rules) * 1:35314 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_proxy denial of service attempt (server-apache.rules) * 1:40194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:36403 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SepReferenceLowBoxObjects privilege escalation attempt (os-windows.rules) * 1:48923 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:45685 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro BMP out of bounds read attempt (file-image.rules) * 1:47897 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules) * 1:49015 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get PLC Name binary request (protocol-scada.rules) * 1:39046 <-> DISABLED <-> FILE-OTHER libarchive RAR RestartModel out of bounds write attempt (file-other.rules) * 1:42876 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:38365 <-> DISABLED <-> SERVER-OTHER TCPDUMP ISAKMP payload handling denial of service attempt (server-other.rules) * 1:45747 <-> DISABLED <-> SERVER-OTHER CloudMe Sync Client stack buffer overflow attempt (server-other.rules) * 1:46116 <-> DISABLED <-> SERVER-APACHE FrontPage privilege escalation attempt (server-apache.rules) * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:42054 <-> DISABLED <-> PROTOCOL-SCADA Moxa get SNMP read string attempt (protocol-scada.rules) * 1:45630 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS privilege escalation attempt (file-other.rules) * 1:38498 <-> DISABLED <-> MALWARE-OTHER samsam samsam.exe file load attempt (malware-other.rules) * 1:49060 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:41059 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Last section (protocol-scada.rules) * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules) * 1:35417 <-> DISABLED <-> SERVER-OTHER Fortinet Single Sign On hello message denial of service attempt (server-other.rules) * 1:39760 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:40091 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineOverline property use (indicator-compromise.rules) * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules) * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:39888 <-> DISABLED <-> PUA-ADWARE Dorv Adware variant outbound connection (pua-adware.rules) * 1:41207 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed PlaceObject3 memory corruption attempt (file-flash.rules) * 1:37342 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:48916 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48221 <-> DISABLED <-> SERVER-OTHER Oracle MySQL uninitialized variable remote code execution attempt (server-other.rules) * 1:45028 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules) * 1:44717 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate Collector process remote start attempt (server-other.rules) * 1:36071 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit browser version detection attempt (exploit-kit.rules) * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:44643 <-> DISABLED <-> SERVER-OTHER Mikrotik RouterOS denial of service attempt (server-other.rules) * 1:43943 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.DonaldDick variant outbound connection detection (malware-backdoor.rules) * 1:42378 <-> DISABLED <-> SERVER-OTHER Yealink VoIP phone remote code execution attempt (server-other.rules) * 1:38695 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:45880 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF listoverride memory corruption attempt (file-office.rules) * 1:36061 <-> DISABLED <-> SERVER-OTHER SAP SQL Anywhere .NET malformed integer buffer overflow attempt (server-other.rules) * 1:37431 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ExtGState use after free attempt (file-pdf.rules) * 1:44064 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:49012 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Data Table binary request (protocol-scada.rules) * 1:36315 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit relay traffic detected (exploit-kit.rules) * 1:45565 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant download attempt (malware-other.rules) * 1:46905 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows malicious CONTEXT structure creation attempt (indicator-compromise.rules) * 1:43620 <-> DISABLED <-> SERVER-OTHER Real Networks Helix Server RTSP denial of service attempt (server-other.rules) * 1:44112 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:43644 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox display moz-deck style memory corruption attempt (browser-firefox.rules) * 1:46121 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:48909 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:45550 <-> ENABLED <-> PUA-OTHER CPUMiner-Multi cryptocurrency mining pool connection attempt (pua-other.rules) * 1:48401 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds read attempt (file-flash.rules) * 1:43136 <-> DISABLED <-> SERVER-MAIL SysGauge SMTP response buffer overflow (server-mail.rules) * 1:39776 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules) * 1:36241 <-> ENABLED <-> MALWARE-OTHER self-signed SSL certificate transfer for EXEPROXY attempt (malware-other.rules) * 1:38454 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38867 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_chunk_parse_get_avatar out of bounds read attempt (server-other.rules) * 1:39108 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:44906 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javscript use after free attempt (file-pdf.rules) * 1:48915 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:39709 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:42342 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:45515 <-> ENABLED <-> NETBIOS SMB SESSION_SETUP subcommand detected (netbios.rules) * 1:47907 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules) * 1:38291 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules) * 1:44115 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:48352 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:40844 <-> DISABLED <-> SERVER-OTHER OpenSSL Invalid CMS structure null pointer dereference attempt (server-other.rules) * 1:41069 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Single command (protocol-scada.rules) * 1:38526 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Troll dropper document file detected (malware-other.rules) * 1:41044 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Crash CPU attempt (protocol-scada.rules) * 1:35384 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nicabown variant outbound connection (malware-backdoor.rules) * 1:45641 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:44208 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules) * 1:49018 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Bits ASCII reply (protocol-scada.rules) * 1:38691 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:47116 <-> DISABLED <-> SERVER-MAIL Zerofont phishing attempt (server-mail.rules) * 1:47043 <-> DISABLED <-> INDICATOR-COMPROMISE Atvise SCADA user enumeration attempt (indicator-compromise.rules) * 1:35987 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserSetWindowsHook memory disclosure attempt (os-windows.rules) * 1:47541 <-> DISABLED <-> SERVER-MAIL EHLO user overflow attempt (server-mail.rules) * 1:43385 <-> DISABLED <-> INDICATOR-COMPROMISE Wing FTP Server potentially malicious admin user creation attempt (indicator-compromise.rules) * 1:39741 <-> DISABLED <-> PUA-ADWARE Win.Adware.StartPage variant outbound connection (pua-adware.rules) * 1:48987 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get UnitID ASCII request (protocol-scada.rules) * 1:42223 <-> ENABLED <-> FILE-IDENTIFY AOP file download request (file-identify.rules) * 1:41533 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:43928 <-> DISABLED <-> PROTOCOL-OTHER NETBIOS Session Service header length field denial of service attempt (protocol-other.rules) * 1:49003 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get RTC ASCII request (protocol-scada.rules) * 1:48316 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:40492 <-> DISABLED <-> PUA-ADWARE Win.Adware.DownloadManager outbound connection (pua-adware.rules) * 1:38294 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:37367 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST hostname overflow attempt (os-windows.rules) * 1:41649 <-> DISABLED <-> POLICY-OTHER Wordpress Press-This page access detected (policy-other.rules) * 1:44979 <-> DISABLED <-> FILE-PDF Foxit Reader util printf information disclosure attempt (file-pdf.rules) * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules) * 1:40760 <-> DISABLED <-> SERVER-OTHER OpenLDAP deref control denial of service attempt (server-other.rules) * 1:40842 <-> DISABLED <-> PUA-OTHER Bitcoin Mining extranonce Stratum protocol subscribe client request attempt (pua-other.rules) * 1:39638 <-> DISABLED <-> MALWARE-TOOLS Win.Packer.ConfuserEx packed .NET executable attempt (malware-tools.rules) * 1:48315 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:45385 <-> DISABLED <-> OS-OTHER Mac OS X setuid privilege esclatation exploit attempt (os-other.rules) * 1:44889 <-> DISABLED <-> PUA-TOOLBARS WidgiToolbar toolbar runtime detection (pua-toolbars.rules) * 1:39977 <-> DISABLED <-> SERVER-OTHER BGP invalid length (server-other.rules) * 1:47129 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules) * 1:39047 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Internet Security kl1.sys out of bounds read attempt (file-executable.rules) * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules) * 1:44716 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (server-other.rules) * 1:36499 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:43728 <-> DISABLED <-> SERVER-OTHER XChat heap buffer overflow attempt (server-other.rules) * 1:40126 <-> DISABLED <-> FILE-OTHER Ichitaro Office Excel TxO record heap overflow attempt (file-other.rules) * 1:47885 <-> DISABLED <-> FILE-OTHER Microsoft Windows JET Database Engine out-of-bounds write attempt (file-other.rules) * 1:43103 <-> DISABLED <-> PROTOCOL-SCADA Weintek EasyBuilder Pro denial of service attempt (protocol-scada.rules) * 1:39781 <-> DISABLED <-> FILE-OTHER Ubisoft Heroes of Might and Magic III .h3m map file buffer overflow attempt (file-other.rules) * 1:39766 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Ogimant outbound connection detected (malware-other.rules) * 1:43126 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Username read or write attempt (indicator-compromise.rules) * 1:38699 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:47884 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (file-other.rules) * 1:38569 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (file-other.rules) * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:48861 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48146 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip variant runtime detection (malware-backdoor.rules) * 1:41074 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 clock sync command (protocol-scada.rules) * 1:42937 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules) * 1:38443 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:37497 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter encrypted stream code execution attempt (file-pdf.rules) * 1:40295 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (file-image.rules) * 1:35548 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:43662 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Servlet information disclosure attempt (server-oracle.rules) * 1:41042 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Dump Boot Code attempt (protocol-scada.rules) * 1:45686 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded JPEG out of bounds read attempt (file-other.rules) * 1:42773 <-> DISABLED <-> OS-WINDOWS Microsoft Windows COM privilege escalation attempt (os-windows.rules) * 1:36719 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel memory information disclosure attempt (os-windows.rules) * 1:45638 <-> DISABLED <-> SERVER-MAIL SqWebMail print_header_ua cross site scripting attempt (server-mail.rules) * 1:44662 <-> DISABLED <-> SERVER-OTHER D-Link DIR-300 and DIR-600 information disclosure attempt (server-other.rules) * 1:48553 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file download request (file-identify.rules) * 1:43760 <-> DISABLED <-> PROTOCOL-NNTP Control overflow attempt (protocol-nntp.rules) * 1:40533 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules) * 1:44057 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file EMR_ALPHABLEND record memory corruption attempt (file-other.rules) * 1:46387 <-> DISABLED <-> SERVER-OTHER Multiple Vendors NTP zero-origin timestamp denial of service attempt (server-other.rules) * 1:40190 <-> DISABLED <-> POLICY-OTHER SSH weak blowfish cipher suite use attempt (policy-other.rules) * 1:40086 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineOverline property use (indicator-compromise.rules) * 1:49058 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:39189 <-> ENABLED <-> PUA-TOOLBARS Win.Toolbar.Crossrider variant outbound connection (pua-toolbars.rules) * 1:38578 <-> DISABLED <-> SERVER-OTHER Pidgin multimx_message_received out of bounds read attempt (server-other.rules) * 1:43565 <-> DISABLED <-> APP-DETECT HTTPTunnel proxy outbound connection detected (app-detect.rules) * 1:44971 <-> DISABLED <-> SERVER-OTHER QNAP transcode server command injection attempt (server-other.rules) * 1:46124 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:40353 <-> DISABLED <-> SERVER-OTHER Linknat Vos Manager potential directory traversal attempt (server-other.rules) * 1:43623 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file HostList processing stack buffer overflow attempt (file-other.rules) * 1:44041 <-> DISABLED <-> SERVER-OTHER LCDproc test_func buffer overflow attempt (server-other.rules) * 1:39674 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:37496 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter compressed stream length code execution attempt (file-pdf.rules) * 1:41055 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 End of initialization (protocol-scada.rules) * 1:45719 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader OCG heap overflow attempt (file-pdf.rules) * 1:48933 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:45933 <-> DISABLED <-> FILE-EXECUTABLE Binutils objdump integer overflow attempt (file-executable.rules) * 1:39908 <-> DISABLED <-> SERVER-APACHE Apache Tomcat Commons FileUpload library denial of service attempt (server-apache.rules) * 1:44706 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:41068 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Set point command (protocol-scada.rules) * 1:42934 <-> DISABLED <-> PROTOCOL-SCADA GE Proficy Historian buffer overflow attempt (protocol-scada.rules) * 1:48932 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:35283 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (file-flash.rules) * 1:44109 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:37306 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:39673 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:44865 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer OLE auto-open attempt (indicator-compromise.rules) * 1:48121 <-> DISABLED <-> SERVER-OTHER LSIS wXP Denial of Service attempt (server-other.rules) * 1:48994 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Integers ASCII request (protocol-scada.rules) * 1:44416 <-> DISABLED <-> INDICATOR-COMPROMISE png file attachment without matching file magic (indicator-compromise.rules) * 1:45871 <-> DISABLED <-> PROTOCOL-SCADA IntegraXor 6x denial of service attempt (protocol-scada.rules) * 1:44124 <-> DISABLED <-> FILE-OTHER EMF EMR_EXTTEXTOUTW record memory corruption attempt (file-other.rules) * 1:41208 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed PlaceObject3 memory corruption attempt (file-flash.rules) * 1:42257 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules) * 1:39660 <-> DISABLED <-> FILE-OTHER Oracle OIT gem metafile n_integers heap buffer overflow attempt (file-other.rules) * 1:45784 <-> DISABLED <-> FILE-PDF Adobe Reader annotation object out of bounds read attempt (file-pdf.rules) * 1:49024 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Bits ASCII reply (protocol-scada.rules) * 1:43761 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox wyciwgy domain forgery attempt (browser-firefox.rules) * 1:45307 <-> DISABLED <-> SERVER-APACHE Apache SSI error page cross-site scripting attempt (server-apache.rules) * 1:42272 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:36435 <-> DISABLED <-> SERVER-OTHER Xerox Administrator Console password extraction attempt (server-other.rules) * 1:44703 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:45758 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View guest login attempt (policy-other.rules) * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:35552 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (server-mail.rules) * 1:38450 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38697 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:41658 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.MagicHound dropper document file detected (malware-other.rules) * 1:39595 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:41924 <-> DISABLED <-> FILE-OTHER Notepad++ request for scilexer.dll over SMB attempt (file-other.rules) * 1:38688 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:42824 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (malware-other.rules) * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (server-other.rules) * 1:36825 <-> DISABLED <-> PUA-ADWARE DealPly Adware variant outbound connection (pua-adware.rules) * 1:41081 <-> ENABLED <-> SERVER-OTHER Tarantool initial connection banner detected (server-other.rules) * 1:39594 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:37288 <-> DISABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules) * 1:41989 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Com Session Moniker pivilege escalation attempt (file-executable.rules) * 1:44581 <-> DISABLED <-> SERVER-OTHER TrendMicro OfficeScan LogonUser buffer overflow attempt (server-other.rules) * 1:39830 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrypMIC outbound connection detected (malware-other.rules) * 1:36611 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (indicator-compromise.rules) * 1:40015 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox about field spoofing attempt (browser-firefox.rules) * 1:40196 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:38952 <-> ENABLED <-> PUA-ADWARE Win.Adware.OpenSoftwareUpdater variant outbound connection attempt (pua-adware.rules) * 1:42936 <-> DISABLED <-> FILE-OTHER Everest Software PeakHMI malicious .bsu file buffer overflow attempt (file-other.rules) * 1:43621 <-> DISABLED <-> SERVER-OTHER Real Networks Helix Server RTSP denial of service attempt (server-other.rules) * 1:47351 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:40317 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:37300 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:43828 <-> DISABLED <-> FILE-OTHER Snackamp malformed AIFF buffer overflow attempt (file-other.rules) * 1:43264 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:43797 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (file-other.rules) * 1:37654 <-> DISABLED <-> OS-LINUX Linux kernel SCTP handshake COOKIE ECHO Chunks denial of service attempt (os-linux.rules) * 1:38290 <-> DISABLED <-> FILE-PDF Oracle IOT IX SDK libvs_pdf null pointer dereference attempt (file-pdf.rules) * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:43543 <-> DISABLED <-> FILE-OTHER multiple vulnerabilities malformed .m3u file buffer overflow attempt (file-other.rules) * 1:45578 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules) * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:36308 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (file-image.rules) * 1:39262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (file-flash.rules) * 1:41298 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:35765 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules) * 1:41047 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STARTDT ACT (protocol-scada.rules) * 1:37366 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST hostname overflow attempt (os-windows.rules) * 1:37643 <-> DISABLED <-> SQL Oracle e-Business Suite ORACLESSWA SQL injection attempt (sql.rules) * 1:42846 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF heap overflow attempt (file-image.rules) * 1:44719 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (server-other.rules) * 1:42280 <-> DISABLED <-> FILE-OTHER Adobe Acrobat RARfsClientNP.dll dll-load exploit attempt (file-other.rules) * 1:35989 <-> DISABLED <-> FILE-EXECUTABLE NtGdiStretchBlt buffer overflow privilege escalation attempt (file-executable.rules) * 1:43563 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user credentials request detected (policy-other.rules) * 1:48585 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript resolveNode use-after-free attempt (file-pdf.rules) * 1:43227 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 force off denial of service attempt (protocol-scada.rules) * 1:47360 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:40095 <-> DISABLED <-> INDICATOR-SCAN Microsoft Internet Explorer AnchorElement information disclosure attempt (indicator-scan.rules) * 1:40811 <-> DISABLED <-> SERVER-OTHER NTP origin timestamp denial of service attempt (server-other.rules) * 1:38449 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:45427 <-> DISABLED <-> PROTOCOL-SCADA MMS RejectPDU (protocol-scada.rules) * 1:47331 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:41739 <-> DISABLED <-> PROTOCOL-SCADA Moxa Mass Config Tool DOS attempt (protocol-scada.rules) * 1:40532 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (pua-adware.rules) * 1:39919 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt (file-executable.rules) * 1:47909 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules) * 1:44026 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44757 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (file-other.rules) * 1:40980 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:44935 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:37635 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SPNEGO ASN.1 library heap corruption overflow attempt (os-windows.rules) * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:35664 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules) * 1:39773 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:39665 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:35758 <-> DISABLED <-> FILE-PDF Adobe Reader exclGroup element null pointer dereference attempt (file-pdf.rules) * 1:41028 <-> DISABLED <-> OS-LINUX Linux net af_packet.c tpacket version race condition use after free attempt (os-linux.rules) * 1:45043 <-> DISABLED <-> BROWSER-OTHER Adobe Acrobat Pro WebCapture information disclosure attempt (browser-other.rules) * 1:35826 <-> DISABLED <-> FILE-OTHER TAR archive with absolute path detected (file-other.rules) * 1:35639 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:46074 <-> DISABLED <-> FILE-OTHER Microsoft Windows Remote Assistance external entity remote file download attempt (file-other.rules) * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:46342 <-> DISABLED <-> SERVER-OTHER QNAP QTS cross site request forgery attempt (server-other.rules) * 1:39669 <-> DISABLED <-> FILE-PDF Adobe Reader submitForm SOP bypass attempt (file-pdf.rules) * 1:39472 <-> DISABLED <-> SERVER-OTHER Jenkins server auto-discovery attempt (server-other.rules) * 1:38548 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling null pointer dereference attempt (server-other.rules) * 1:42928 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office with embedded EPS download attempt (indicator-compromise.rules) * 1:45157 <-> DISABLED <-> SERVER-OTHER SSDP M-SEARCH ssdp-all potential amplified distributed denial-of-service attempt (server-other.rules) * 1:35921 <-> DISABLED <-> SERVER-OTHER General Electric Proficy malicious log forwarding request attempt (server-other.rules) * 1:49020 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Integers ASCII reply (protocol-scada.rules) * 1:44941 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader FDF file security bypass attempt (file-other.rules) * 1:39756 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Retefe variant malicious certificate installation page (malware-other.rules) * 1:43604 <-> DISABLED <-> FILE-OTHER Schneider Electric ClearSCADA malicious OPF file (file-other.rules) * 1:42418 <-> DISABLED <-> FILE-EXECUTABLE Win.Trojan.DoubleAgent download attempt (file-executable.rules) * 1:38377 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:45776 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:40163 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:39593 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:35555 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (server-mail.rules) * 1:36492 <-> DISABLED <-> EXPLOIT-KIT Neutrino exploit kit gate detected (exploit-kit.rules) * 1:47886 <-> DISABLED <-> FILE-OTHER Microsoft Windows JET Database Engine out-of-bounds write attempt (file-other.rules) * 1:38444 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:36029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys use after free attempt (os-windows.rules) * 1:38651 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38652 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:43624 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file InformixServerList processing stack buffer overflow attempt (file-other.rules) * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:46663 <-> DISABLED <-> INDICATOR-COMPROMISE Outbound telize.com geo-IP location connection attempt (indicator-compromise.rules) * 1:39668 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39584 <-> DISABLED <-> SERVER-OTHER EasyCafe Server remote file access attempt (server-other.rules) * 1:38696 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:43397 <-> DISABLED <-> SERVER-OTHER Proface GP-Pro EX EX-ED BeginPreRead stack buffer overflow attempt (server-other.rules) * 1:43276 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:40330 <-> DISABLED <-> SERVER-OTHER JBoss directory traversal attempt (server-other.rules) * 1:39150 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT negative message length underflow attempt (server-other.rules) * 1:35256 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:36547 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (server-other.rules) * 1:39502 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:49023 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Integers ASCII reply (protocol-scada.rules) * 1:35547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:46418 <-> DISABLED <-> SERVER-OTHER X.509 IPAddressFamily extension buffer overread attempt (server-other.rules) * 1:43730 <-> DISABLED <-> SERVER-OTHER multiple vulnerabilities malformed mp3 buffer overflow attempt (server-other.rules) * 1:38689 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:48577 <-> DISABLED <-> PROTOCOL-SCADA PNIO-CM Connect Operation (protocol-scada.rules) * 1:38345 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT is operation null pointer dereference attempt (server-other.rules) * 1:43141 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large data allocation denial of service attempt (protocol-scada.rules) * 1:43092 <-> DISABLED <-> INDICATOR-COMPROMISE OLE attachment with embedded PICT attempt (indicator-compromise.rules) * 1:44155 <-> DISABLED <-> SERVER-APACHE Apache Qpid AMQP denial of service attempt (server-apache.rules) * 1:36805 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet request for peerdistsvc.dll over SMB attempt (os-windows.rules) * 1:36596 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos privilege escalation attempt (os-windows.rules) * 1:43541 <-> DISABLED <-> FILE-OTHER Aktiv Player wma file buffer overflow attempt (file-other.rules) * 1:49014 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Data Table binary request (protocol-scada.rules) * 1:44105 <-> DISABLED <-> SERVER-OTHER WebPageTests upload feature remote file upload attempt (server-other.rules) * 1:36546 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (server-other.rules) * 1:41736 <-> DISABLED <-> SERVER-OTHER Beck IPC CHIP DoS attempt (server-other.rules) * 1:37499 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Basefont string overflow attempt (file-pdf.rules) * 1:46484 <-> DISABLED <-> SERVER-MAIL Multiple IMAP servers DELETE command buffer overflow attempt (server-mail.rules) * 1:39587 <-> DISABLED <-> PUA-ADWARE Win.Adware.Antivirus Container.exe referral link attempt (pua-adware.rules) * 1:45402 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word memory corruption exploit attempt (file-office.rules) * 1:42420 <-> DISABLED <-> SERVER-OTHER HP Operations Agent for NonStop server HEALTH packet parsing stack buffer overflow attempt (server-other.rules) * 1:47251 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:48333 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:41651 <-> DISABLED <-> SERVER-OTHER Schneider Electric ETY Telnet DOS attempt (server-other.rules) * 1:41524 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy server method negotiation on non-standard port (indicator-compromise.rules) * 1:37319 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word request for rpawinet.dll over SMB attempt (file-office.rules) * 1:36854 <-> DISABLED <-> FILE-OTHER IDEAL Administration IPJ file handling stack overflow attempt (file-other.rules) * 1:40460 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:44304 <-> DISABLED <-> FILE-OFFICE Microsoft PowerPoint CString atom overflow attempt (file-office.rules) * 1:38447 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:48985 <-> DISABLED <-> PROTOCOL-SCADA PCOM Init Device ASCII request (protocol-scada.rules) * 1:39444 <-> DISABLED <-> INDICATOR-COMPROMISE Netgear D6000 or D3600 password recovery page access attempt (indicator-compromise.rules) * 1:38707 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:48311 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:36462 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost verifypwd buffer overflow attempt (server-other.rules) * 1:39804 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:43080 <-> ENABLED <-> BROWSER-OTHER Foscam IP Camera User-Agent string detected (browser-other.rules) * 1:44661 <-> DISABLED <-> SERVER-OTHER D-Link DIR-300 and DIR-600 information disclosure attempt (server-other.rules) * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:44475 <-> DISABLED <-> MALWARE-OTHER GHBkdr TLS Handshake spoof runtime detection (malware-other.rules) * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (policy-other.rules) * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (policy-other.rules) * 1:38719 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:36252 <-> DISABLED <-> SERVER-OTHER ntpd remote configuration denial of service attempt (server-other.rules) * 1:41526 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:35249 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules) * 1:43891 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules) * 1:39759 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:48039 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules) * 1:44982 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Kristina encryption over SMB attempt (malware-other.rules) * 1:40361 <-> DISABLED <-> BROWSER-OTHER Android Browser potential denial of service attempt (browser-other.rules) * 1:48992 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Integers ASCII request (protocol-scada.rules) * 1:47585 <-> DISABLED <-> SERVER-OTHER ntpq decode array buffer overflow attempt (server-other.rules) * 1:41737 <-> DISABLED <-> PROTOCOL-SCADA Sunway DOS attempt (protocol-scada.rules) * 1:45589 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:48114 <-> DISABLED <-> SERVER-OTHER Delta Industrial Automation Robot DRAStudio Arbitrary File Disclosure attempt (server-other.rules) * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:41049 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STOPDT ACT (protocol-scada.rules) * 1:40894 <-> DISABLED <-> FILE-OTHER R Project PDF encoding buffer overflow attempt (file-other.rules) * 1:49011 <-> DISABLED <-> PROTOCOL-SCADA PCOM Identification ASCII reply (protocol-scada.rules) * 1:37401 <-> DISABLED <-> FILE-OTHER librtmp invalid pointer dereference attempt (file-other.rules) * 1:47383 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (file-image.rules) * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:45577 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules) * 1:41304 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41484 <-> DISABLED <-> FILE-OTHER LexMark Perceptive Document Filters BZIP2 convert out of bounds write attempt (file-other.rules) * 1:37621 <-> DISABLED <-> PUA-ADWARE Genieo Adware framework User-Agent (pua-adware.rules) * 1:45386 <-> DISABLED <-> OS-OTHER Mac OS X setuid privilege esclatation exploit attempt (os-other.rules) * 1:39596 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:43387 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:38445 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:39995 <-> DISABLED <-> POLICY-SOCIAL IRC server connection (policy-social.rules) * 1:47196 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:43603 <-> DISABLED <-> FILE-OTHER Schneider Electric ClearSCADA malicious OPF file (file-other.rules) * 1:46098 <-> DISABLED <-> PROTOCOL-OTHER Routing Information Protocol version 1 potential amplified distributed denial of service attempt (protocol-other.rules) * 1:43094 <-> DISABLED <-> SERVER-OTHER Ecava IntegraXor SCADA information leak attempt (server-other.rules) * 1:45233 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon Quantum modbus stop command attempt (protocol-scada.rules) * 1:44058 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file EMR_ALPHABLEND record memory corruption attempt (file-other.rules) * 1:48168 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:38665 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38664 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:40065 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (os-windows.rules) * 1:46078 <-> DISABLED <-> FILE-IMAGE Gifsicle gifread double-free attempt (file-image.rules) * 1:46304 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ JMS ObjectMessage deserialization attempt (server-other.rules) * 1:42258 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:36524 <-> DISABLED <-> FILE-JAVA Oracle Java TrueType font parsing mort table ligature subtable buffer overflow attempt (file-java.rules) * 1:40198 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:43611 <-> DISABLED <-> SERVER-OTHER Piwigo LocalFiles editor cross-site request forgery attempt (server-other.rules) * 1:44468 <-> DISABLED <-> SERVER-OTHER SAP Netweaver Dynpro Engine denial of service attempt (server-other.rules) * 1:40891 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file download request (file-identify.rules) * 1:47688 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules) * 1:39707 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:43670 <-> DISABLED <-> FILE-OTHER Node.js JS-YAML js function tag code execution attempt (file-other.rules) * 1:43540 <-> DISABLED <-> FILE-OTHER Aktiv Player wma file buffer overflow attempt (file-other.rules) * 1:45256 <-> DISABLED <-> BROWSER-OTHER IBM Notes denial of service attempt (browser-other.rules) * 1:43765 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL null menu memory corruption attempt (browser-firefox.rules) * 1:40518 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Stop CPU attempt (protocol-scada.rules) * 1:46669 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:42396 <-> DISABLED <-> EXPLOIT-KIT Blacole inbound malformed pdf download attempt (exploit-kit.rules) * 1:35781 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (file-pdf.rules) * 1:35638 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:36361 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:38296 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:44111 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:41066 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Regulating step command (protocol-scada.rules) * 1:39771 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:46366 <-> ENABLED <-> PUA-OTHER CryptoNight webassembly download attempt (pua-other.rules) * 1:40200 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:44784 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (file-identify.rules) * 1:43074 <-> DISABLED <-> INDICATOR-COMPROMISE SysAid mssql potentially malicious new user creation attempt (indicator-compromise.rules) * 1:36500 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:43137 <-> DISABLED <-> FILE-OTHER INSAT MasterSCADA malicious project command execution attempt (file-other.rules) * 1:45759 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View built-in function WebGetFile usage attempt (policy-other.rules) * 1:40526 <-> DISABLED <-> FILE-IMAGE LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt (file-image.rules) * 1:48984 <-> DISABLED <-> PROTOCOL-SCADA PCOM Identification ASCII request (protocol-scada.rules) * 1:41070 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Single point information (protocol-scada.rules) * 1:44651 <-> DISABLED <-> NETBIOS SMB NTLMSSP authentication brute force attempt (netbios.rules) * 1:40876 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT file transfer length memory disclosure attempt (server-other.rules) * 1:38714 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:37501 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt (file-pdf.rules) * 1:40772 <-> DISABLED <-> PUA-ADWARE Win.Trojan.Miuref variant outbound connection (pua-adware.rules) * 1:39450 <-> DISABLED <-> PROTOCOL-TFTP Firmware upgrade request (protocol-tftp.rules) * 1:44985 <-> DISABLED <-> SERVER-OTHER Galil RIO-47100 denial of service attempt (server-other.rules) * 1:41065 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Read command (protocol-scada.rules) * 1:46908 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows processor modification return to user-mode attempt (indicator-compromise.rules) * 1:43106 <-> DISABLED <-> PROTOCOL-SCADA Optima PLC APIFTP denial of service attempt (protocol-scada.rules) * 1:38280 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (malware-other.rules) * 1:42056 <-> DISABLED <-> PROTOCOL-SCADA Moxa password retrieval attempt (protocol-scada.rules) * 1:40594 <-> DISABLED <-> PUA-ADWARE Win.Adware.CoolMirage outbound ad download attempt (pua-adware.rules) * 1:45397 <-> DISABLED <-> PUA-ADWARE Osx.Adware.SurfBuyer adware outbound connection detected (pua-adware.rules) * 1:47687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules) * 1:36406 <-> DISABLED <-> OS-WINDOWS Microsoft Windows sandbox policy bypass attempt (os-windows.rules) * 1:45257 <-> DISABLED <-> BROWSER-OTHER IBM Notes denial of service attempt (browser-other.rules) * 1:44808 <-> DISABLED <-> INDICATOR-COMPROMISE Apache HTTP Server possible mod_dav.c remote denial of service vulnerability attempt (indicator-compromise.rules) * 1:46711 <-> DISABLED <-> FILE-OTHER Adobe Professional BMP embedded image heap overflow attempt (file-other.rules) * 1:43842 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP response format string exploit attempt (file-other.rules) * 1:37364 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST client identifier overflow attempt (os-windows.rules) * 1:43302 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:43123 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Password read or write attempt (indicator-compromise.rules) * 1:35288 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (file-flash.rules) * 1:47153 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:42939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules) * 1:43582 <-> DISABLED <-> FILE-OTHER multiple vulnerabilities malformed .wav file buffer overflow attempt (file-other.rules) * 1:48350 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:42774 <-> DISABLED <-> OS-WINDOWS Microsoft Windows COM privilege escalation attempt (os-windows.rules) * 1:43389 <-> DISABLED <-> INDICATOR-COMPROMISE Symantec Endpoint Protection potential binary planting RCE attempt (indicator-compromise.rules) * 1:39050 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office NXDeleteLineObj memory corruption attempt (file-office.rules) * 1:37311 <-> DISABLED <-> BROWSER-CHROME Google Chrome MOTW pageSerializer HTML injection attempt (browser-chrome.rules) * 1:44936 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:49033 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Data Table binary reply (protocol-scada.rules) * 1:48894 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - Web Open Font Format evasion attempt (policy-spam.rules) * 1:45670 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:41417 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader image cache use after free attempt (file-pdf.rules) * 1:37017 <-> DISABLED <-> SERVER-OTHER Redis SSH authorized keys file overwrite attempt (server-other.rules) * 1:44825 <-> DISABLED <-> OS-WINDOWS Microsoft Edge out of bounds write attempt (os-windows.rules) * 1:36278 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:44019 <-> DISABLED <-> FILE-IMAGE malformed png missing IHDR (file-image.rules) * 1:43221 <-> ENABLED <-> MALWARE-OTHER Win.Trojan-Downloader.Jadtree GET request of RAR file to server (malware-other.rules) * 1:47233 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:49008 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Operands binary request (protocol-scada.rules) * 1:43953 <-> DISABLED <-> FILE-OTHER VLC Media Player malformed AMR buffer overflow attempt (file-other.rules) * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:36256 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:38307 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules) * 1:48317 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:45669 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:45580 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules) * 1:47312 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:43794 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (file-other.rules) * 1:48584 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript resolveNode use-after-free attempt (file-pdf.rules) * 1:42463 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:43749 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox BOM character cross site scripting attempt (browser-firefox.rules) * 1:43278 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:43124 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Username read or write attempt (indicator-compromise.rules) * 1:35795 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules) * 1:36501 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:35553 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (server-mail.rules) * 1:35828 <-> DISABLED <-> FILE-OTHER OpenOffice Starview metafile arbitrary read write attempt (file-other.rules) * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules) * 1:48334 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:42927 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office with embedded EPS download attempt (indicator-compromise.rules) * 1:40529 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (pua-adware.rules) * 1:41664 <-> DISABLED <-> PUA-ADWARE Win.Adware.Xiazai variant outbound connection (pua-adware.rules) * 1:48917 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:45544 <-> DISABLED <-> FILE-OTHER WinAce RAR file directory traversal attempt (file-other.rules) * 1:46075 <-> DISABLED <-> FILE-OTHER Microsoft Windows Remote Assistance external entity remote file download attempt (file-other.rules) * 1:37402 <-> DISABLED <-> FILE-OTHER librtmp invalid pointer dereference attempt (file-other.rules) * 1:36277 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:47269 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:40191 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:48924 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:36477 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:41946 <-> DISABLED <-> FILE-IMAGE Microsoft GDI+ malformed EMF description out of bounds read attempt (file-image.rules) * 1:45425 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ErrorPDU (protocol-scada.rules) * 1:35977 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateObjectTask privilege escalation attempt (os-windows.rules) * 1:44615 <-> DISABLED <-> INDICATOR-OBFUSCATION suspicious javascript deobfuscation calls attempt (indicator-obfuscation.rules) * 1:36067 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:37545 <-> DISABLED <-> POLICY-OTHER Netcore/Netis firmware hard-coded backdoor account access attempt (policy-other.rules) * 1:40841 <-> DISABLED <-> PUA-OTHER Bitcoin Mining authorize Stratum protocol client request attempt (pua-other.rules) * 1:42085 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:48338 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:38583 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_parse_cmd_suggestcontacts out of bounds read attempt (server-other.rules) * 1:48990 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Ouputs ASCII request (protocol-scada.rules) * 1:38685 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:49051 <-> DISABLED <-> SERVER-OTHER Ewon router default credential login attempt (server-other.rules) * 1:44650 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB transfer attempt (malware-other.rules) * 1:46848 <-> DISABLED <-> INDICATOR-COMPROMISE Possible Samba internal DNS forged response (indicator-compromise.rules) * 1:43542 <-> DISABLED <-> SERVER-OTHER CCProxy telnet ping buffer overflow attempt (server-other.rules) * 1:39633 <-> DISABLED <-> PUA-ADWARE Win.Adware.Mizenota outbound connection (pua-adware.rules) * 1:48223 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantomPDF use after free exploitation attempt (file-pdf.rules) * 1:46115 <-> DISABLED <-> SERVER-APACHE FrontPage privilege escalation attempt (server-apache.rules) * 1:37062 <-> DISABLED <-> APP-DETECT 12P DNS request attempt (app-detect.rules) * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules) * 1:41300 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:36823 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack Server buffer overflow attempt (server-other.rules) * 1:48935 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules) * 1:36332 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit relay traffic detected (exploit-kit.rules) * 1:40961 <-> DISABLED <-> FILE-OTHER Microsoft Office OLE DLL side load attempt (file-other.rules) * 1:35418 <-> DISABLED <-> SERVER-OTHER Fortinet Single Sign On hello message denial of service attempt (server-other.rules) * 1:48339 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:38898 <-> DISABLED <-> FILE-OTHER Adobe Illustrator CS4 aires.dll dll-load exploit attempt (file-other.rules) * 1:41529 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:38718 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:35978 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateObjectTask privilege escalation attempt (os-windows.rules) * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:36383 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:39772 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:36548 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (server-other.rules) * 1:47044 <-> DISABLED <-> INDICATOR-COMPROMISE Atvise SCADA privilege escalation attempt (indicator-compromise.rules) * 1:43348 <-> DISABLED <-> PROTOCOL-SCADA Advantech Studio DOS attempt (protocol-scada.rules) * 1:49054 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:48323 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:43143 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX arbitrary memory disclosure attempt (protocol-scada.rules) * 1:38698 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:48321 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:38650 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38717 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:35773 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:44705 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:38709 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:44394 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab variant outbound connection detected (pua-adware.rules) * 1:49061 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:42877 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:45224 <-> DISABLED <-> FILE-FLASH Adobe Flash memory corruption exploit attempt (file-flash.rules) * 1:40319 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:44974 <-> DISABLED <-> SERVER-OTHER Cisco IOS Smart Install identification attempt (server-other.rules) * 1:42164 <-> DISABLED <-> FILE-OTHER Microsoft Office OneNote 2007 dll-load exploit attempt (file-other.rules) * 1:46880 <-> DISABLED <-> SERVER-OTHER BMC Server Automation RSCD Agent remote code execution attempt (server-other.rules) * 1:43627 <-> DISABLED <-> FILE-OTHER Schneider Electric MaxStream Configuration X-CTU code execution attempt (file-other.rules) * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:43133 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:39929 <-> ENABLED <-> MALWARE-OTHER pisloader DNS sinfo command response attempt (malware-other.rules) * 1:46960 <-> DISABLED <-> FILE-OTHER Adobe Flash Player AMF0 Shared Object integer overflow attempt (file-other.rules) * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules) * 1:42082 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (indicator-compromise.rules) * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:42823 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (malware-other.rules) * 1:36310 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (file-image.rules) * 1:44152 <-> DISABLED <-> SERVER-OTHER Multmedia Builder MEF buffer overflow attempt (server-other.rules) * 1:43827 <-> DISABLED <-> BROWSER-OTHER Opera animation element denial of service attempt (browser-other.rules) * 1:44649 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB2 transfer attempt (malware-other.rules) * 1:44382 <-> DISABLED <-> SERVER-OTHER D-Link router remote reboot attempt (server-other.rules) * 1:45440 <-> DISABLED <-> SERVER-OTHER HP LoadRunner remote command execution attempt (server-other.rules) * 1:45584 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP SIP servers discovery attempt (protocol-voip.rules) * 1:40323 <-> ENABLED <-> SERVER-OTHER Adobe ColdFusion RDS admin bypass attempt (server-other.rules) * 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (server-other.rules) * 1:45777 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:35637 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid swf tag parsing buffer overflow attempt (file-flash.rules) * 1:39901 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (pua-adware.rules) * 1:48351 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48439 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address/location detected (indicator-compromise.rules) * 1:43815 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (os-windows.rules) * 1:39779 <-> DISABLED <-> FILE-OTHER Ubisoft Heroes of Might and Magic III .h3m map file buffer overflow attempt (file-other.rules) * 1:36888 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:43947 <-> DISABLED <-> FILE-OTHER Guitar Pro malformed GPX buffer overflow attempt (file-other.rules) * 1:48341 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:40537 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:41796 <-> DISABLED <-> POLICY-OTHER Cisco IOS privileged user configuration transfer via TFTP detected (policy-other.rules) * 1:36608 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (file-flash.rules) * 1:45024 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules) * 1:42270 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:43275 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:40051 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:38322 <-> DISABLED <-> NETBIOS SMB samr named pipe creation attempt (netbios.rules) * 1:38343 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf Root xref stack exhaustion attempt (file-pdf.rules) * 1:39637 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ranscam initial download attempt (malware-other.rules) * 1:40161 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:44991 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules) * 1:36523 <-> DISABLED <-> EXPLOIT-KIT Sundown exploit kit landing page detected (exploit-kit.rules) * 1:48921 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules) * 1:45687 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded JPEG out of bounds read attempt (file-other.rules) * 1:36338 <-> ENABLED <-> MALWARE-OTHER Apple iTunes Connect HTTP response phishing attempt (malware-other.rules) * 1:40839 <-> DISABLED <-> PUA-ADWARE Sokuxuan outbound connection attempt (pua-adware.rules) * 1:44108 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:43122 <-> DISABLED <-> PROTOCOL-SCADA Advantech WebAccess webvrpcs denial of service attempt (protocol-scada.rules) * 1:46978 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (browser-chrome.rules) * 1:39734 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Xtrat outbound connection detected (malware-other.rules) * 1:47329 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:43219 <-> DISABLED <-> PUA-ADWARE Win.Adware.Hotbar variant outbound connection (pua-adware.rules) * 1:47344 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:39900 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (pua-adware.rules) * 1:35776 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:46979 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office Discovery User-Agent to a potential URL shortener service (indicator-compromise.rules) * 1:49022 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Bits ASCII reply (protocol-scada.rules) * 1:45253 <-> DISABLED <-> SERVER-OTHER Dahua DVR hard-coded root login attempt (server-other.rules) * 1:39035 <-> DISABLED <-> FILE-OTHER libarchive mtree parse_device stack buffer overflow attempt (file-other.rules) * 1:10083 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:20410 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules) * 1:49067 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules) * 1:35247 <-> ENABLED <-> FILE-IDENTIFY GNI file download request (file-identify.rules) * 1:39501 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:41688 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_http2 denial of service attempt (server-apache.rules) * 1:35284 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (file-flash.rules) * 1:35241 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (file-pdf.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules) * 1:10064 <-> DISABLED <-> SERVER-OTHER Peercast URL Parameter overflow attempt (server-other.rules) * 1:10078 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10079 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10080 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10081 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10082 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:39927 <-> ENABLED <-> MALWARE-OTHER pisloader DNS list command response attempt (malware-other.rules) * 1:35528 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:37892 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS tunneling attempt (indicator-obfuscation.rules) * 1:38319 <-> DISABLED <-> NETBIOS SMB winreg named pipe creation attempt (netbios.rules) * 1:37418 <-> ENABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (malware-backdoor.rules) * 1:38864 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:48999 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Ouputs ASCII request (protocol-scada.rules) * 1:45173 <-> DISABLED <-> BROWSER-FIREFOX Mozilla download directory file deletion attempt (browser-firefox.rules) * 1:36307 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (file-image.rules) * 1:40376 <-> DISABLED <-> OS-WINDOWS Microsoft GDI local privilege escalation attempt (os-windows.rules) * 1:45587 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:43442 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Sorebrect download attempt (malware-other.rules) * 1:39598 <-> DISABLED <-> FILE-MULTIMEDIA Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt (file-multimedia.rules) * 1:40092 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineThrough property use (indicator-compromise.rules) * 1:45770 <-> DISABLED <-> POLICY-OTHER Polycom VoIP config download attempt (policy-other.rules) * 1:39672 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:37841 <-> DISABLED <-> SERVER-OTHER ntpd reference clock impersonation attempt (server-other.rules) * 1:44958 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed XObject use after free attempt (file-pdf.rules) * 1:41641 <-> DISABLED <-> FILE-EXECUTABLE QuickHeal Internet Security malformed Mach-O file buffer overflow attempt (file-executable.rules) * 1:40892 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules) * 1:45545 <-> DISABLED <-> PUA-ADWARE Osx.Adware.Mughthesec outbound connection attempt (pua-adware.rules) * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco WebEx explicit use of web plugin (policy-other.rules) * 1:35796 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules) * 1:41052 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 TESTFR CON (protocol-scada.rules) * 1:40318 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:41778 <-> ENABLED <-> PROTOCOL-SCADA Yokogawa CS3000 BKFSim_vhfd buffer overflow attempt (protocol-scada.rules) * 1:38136 <-> DISABLED <-> SERVER-MAIL excessive email recipients - potential spam attempt (server-mail.rules) * 1:49065 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner getSystemState attempt (server-other.rules) * 1:37355 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page detected (exploit-kit.rules) * 1:43235 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:41097 <-> DISABLED <-> SERVER-OTHER Moxa AWK-3131A serviceAgent information disclosure attempt (server-other.rules) * 1:35335 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:39736 <-> DISABLED <-> FILE-OTHER VideoCharge buffer overflow SEH attempt (file-other.rules) * 1:35785 <-> DISABLED <-> FILE-PDF Adobe Reader AcroForm null pointer dereference attempt (file-pdf.rules) * 1:48345 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:42825 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (malware-other.rules) * 1:43915 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode type confusion exploitation attempt (file-pdf.rules) * 1:46077 <-> DISABLED <-> FILE-IMAGE Gifsicle gifread double-free attempt (file-image.rules) * 1:48310 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:38870 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_chunk_parse_cr out of bounds read attempt (server-other.rules) * 1:49002 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Longs ASCII request (protocol-scada.rules) * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules) * 1:46289 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell transfer attempt (malware-backdoor.rules) * 1:41309 <-> DISABLED <-> FILE-OTHER Dell Precision Optimizer dll-load exploit attempt (file-other.rules) * 1:37368 <-> DISABLED <-> SERVER-OTHER Multiple Vendors SOAP large array information disclosure attempt (server-other.rules) * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:45125 <-> DISABLED <-> FILE-OTHER Adobe Shockwave newModel memory disclosure attempt (file-other.rules) * 1:37918 <-> ENABLED <-> EXPLOIT-KIT Magnitude exploit kit Internet Explorer exploit attempt (exploit-kit.rules) * 1:49010 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get RTC ASCII reply (protocol-scada.rules) * 1:43942 <-> DISABLED <-> FILE-OTHER Abbs Media Player LST buffer overflow attempt (file-other.rules) * 1:44915 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PrintParams out of bounds array index attempt (file-pdf.rules) * 1:38856 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:43661 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Servlet information disclosure attempt (server-oracle.rules) * 1:46798 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:40050 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:45720 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader OCG heap overflow attempt (file-pdf.rules) * 1:43065 <-> DISABLED <-> INDICATOR-COMPROMISE Trend Micro Control Manager WFINFOR cookie authentication bypass attempt (indicator-compromise.rules) * 1:45207 <-> DISABLED <-> PROTOCOL-SCADA WelinTech Kingview History Server denial of service attempt (protocol-scada.rules) * 1:40164 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:35916 <-> DISABLED <-> SERVER-OTHER Websense Triton Web Security untrusted remote file creation attempt (server-other.rules) * 1:43834 <-> DISABLED <-> FILE-OTHER Bmxplay malformed BMX buffer overflow attempt (file-other.rules) * 1:41507 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString denial of service attempt (server-other.rules) * 1:40296 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (file-image.rules) * 1:43921 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:41078 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 traffic to/from EXTERNAL_NET (protocol-scada.rules) * 1:37865 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf xref offset out of bounds read attempt (file-pdf.rules) * 1:37420 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT initial connection (malware-backdoor.rules) * 1:48324 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:40327 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion fckeditor arbitrary file upload (server-other.rules) * 1:39071 <-> DISABLED <-> SERVER-OTHER Aruba Networks IAP PAPI authentication bypass attempt (server-other.rules) * 1:41048 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STARTDT CON (protocol-scada.rules) * 1:41483 <-> DISABLED <-> FILE-OTHER LexMark Perceptive Document Filters BZIP2 convert out of bounds write attempt (file-other.rules) * 1:43225 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework CLI loader denial of service attempt (os-windows.rules) * 1:39670 <-> DISABLED <-> FILE-PDF Adobe Reader submitForm SOP bypass attempt (file-pdf.rules) * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:38594 <-> DISABLED <-> APP-DETECT Bloomberg web crawler outbound connection (app-detect.rules) * 1:36972 <-> DISABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules) * 1:44104 <-> DISABLED <-> FILE-PDF Multiple products PDF JavaScript saveAs arbitrary file write attempt (file-pdf.rules) * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (policy-other.rules) * 1:46258 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip out of bounds write attempt (file-flash.rules) * 1:43663 <-> DISABLED <-> SERVER-OTHER WSFTP IpSwitch custom SITE command execution attempt (server-other.rules) * 1:41528 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41757 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (indicator-compromise.rules) * 1:38857 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:43384 <-> DISABLED <-> INDICATOR-COMPROMISE Wing FTP Server potentially malicious admin user creation attempt (indicator-compromise.rules) * 1:43959 <-> DISABLED <-> SERVER-OTHER Sybase Open Server function pointer array code execution attempt (server-other.rules) * 1:45426 <-> DISABLED <-> PROTOCOL-SCADA MMS UnconfirmedPDU (protocol-scada.rules) * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:38306 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules) * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (app-detect.rules) * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:44694 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules) * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:40593 <-> DISABLED <-> PUA-ADWARE Win.Adware.CoolMirage outbound ad download attempt (pua-adware.rules) * 1:37866 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf arbitrary pointer access attempt (file-pdf.rules) * 1:48993 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Longs ASCII request (protocol-scada.rules) * 1:44009 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox empty lookupGetter dangling pointer attempt (browser-firefox.rules) * 1:37318 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rpawinet.dll dll-load exploit attempt (file-office.rules) * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:38442 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:46667 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:48336 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:41564 <-> DISABLED <-> FILE-OFFICE Microsoft Office imjp12k.dll dll-load exploit attempt (file-office.rules) * 1:37375 <-> DISABLED <-> SERVER-MAIL Multiple IMAP servers EXAMINE command buffer overflow attempt (server-mail.rules) * 1:39762 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt (file-office.rules) * 1:48576 <-> DISABLED <-> PROTOCOL-SCADA PNIO-CM Connect Operation (protocol-scada.rules) * 1:40090 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineNone property use (indicator-compromise.rules) * 1:38457 <-> DISABLED <-> POLICY-OTHER Suspicious typo squatting DNS query to .om TLD attempt (policy-other.rules) * 1:46975 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (browser-chrome.rules) * 1:39786 <-> DISABLED <-> PUA-ADWARE Win.Dowadmin.Adware outbound connection detected (pua-adware.rules) * 1:42259 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:36461 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost sadminpwd buffer overflow attempt (server-other.rules) * 1:49032 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Data Table binary reply (protocol-scada.rules) * 1:43573 <-> DISABLED <-> SERVER-OTHER Cisco IOS DHCP denial of service attempt (server-other.rules) * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:46122 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:48997 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Integers ASCII request (protocol-scada.rules) * 1:36786 <-> DISABLED <-> FILE-OTHER Apple SceneKit qlmanage setelementname buffer overflow attempt (file-other.rules) * 1:42087 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:48910 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:42230 <-> DISABLED <-> INDICATOR-COMPROMISE RTF url moniker COM file download attempt (indicator-compromise.rules) * 1:36016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows use after free kernel privilege escalation attempt (os-windows.rules) * 1:43771 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules) * 1:44326 <-> DISABLED <-> SERVER-OTHER Novell iPrint Client buffer overflow attempt (server-other.rules) * 1:46409 <-> DISABLED <-> OS-WINDOWS Attempted DNS overflow (os-windows.rules) * 1:45536 <-> DISABLED <-> FILE-OTHER Ghostscript eqproc type confusion attempt (file-other.rules) * 1:36562 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:43817 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (os-windows.rules) * 1:43234 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:38852 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules) * 1:38328 <-> ENABLED <-> MALWARE-BACKDOOR ReGeorg socks proxy connection attempt (malware-backdoor.rules) * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules) * 1:40990 <-> DISABLED <-> OS-WINDOWS empty PostScript Type 1 font pfb file null dereference attempt (os-windows.rules) * 1:46904 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows SYSTEM token stealing attempt (indicator-compromise.rules) * 1:35827 <-> DISABLED <-> FILE-OTHER TAR archive with absolute path detected (file-other.rules) * 1:43303 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:48823 <-> DISABLED <-> POLICY-OTHER C-More Programming Simulator denial of service attempt (policy-other.rules) * 1:45027 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules) * 1:40357 <-> DISABLED <-> PUA-ADWARE Win.Trojan.InstantAccess variant outbound connection (pua-adware.rules) * 1:35513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtGdiGetTextMetricsW TEXTMETRICW kernel mode ASLR bypass attempt (os-windows.rules) * 1:35460 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallWrapper error handling code execution attempt (browser-firefox.rules) * 1:40193 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:49016 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set RTC ASCII reply (protocol-scada.rules) * 1:44795 <-> DISABLED <-> FILE-OFFICE Hewlett-Packard Autonomy KeyView library stack-based buffer overflow attempt (file-office.rules) * 1:35775 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:42317 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream width out of bounds read attempt (file-pdf.rules) * 1:43370 <-> DISABLED <-> NETBIOS DCERPC possible wmi remote process launch (netbios.rules) * 1:39599 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image tile size heap buffer overflow attempt (file-image.rules) * 1:44942 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader FDF file security bypass attempt (file-other.rules) * 1:47961 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules) * 1:40064 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (os-windows.rules) * 1:42972 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (file-pdf.rules) * 1:35904 <-> DISABLED <-> SERVER-OTHER SCADA InduSoft Web Studio buffer overflow attempt (server-other.rules) * 1:39777 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules) * 1:46977 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (browser-chrome.rules) * 1:43772 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:47384 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:43127 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration enumeration attempt (policy-other.rules) * 1:44119 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record crash attempt (file-other.rules) * 1:43700 <-> DISABLED <-> SERVER-OTHER Monkey HTTPD null request denial of service attempt (server-other.rules) * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:47158 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (file-image.rules) * 1:36733 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:48936 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:44123 <-> DISABLED <-> FILE-OTHER EMF EMR_EXTTEXTOUTW record memory corruption attempt (file-other.rules) * 1:36612 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (indicator-compromise.rules) * 1:40305 <-> DISABLED <-> PUA-ADWARE Win.Adware.SupTab external connection attempt (pua-adware.rules) * 1:35636 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid swf tag parsing buffer overflow attempt (file-flash.rules) * 1:44078 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod file download (malware-other.rules) * 1:40093 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineUnderline property use (indicator-compromise.rules) * 1:47195 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:46374 <-> DISABLED <-> PROTOCOL-OTHER CLDAP potential reflected distributed denial of service attempt (protocol-other.rules) * 1:37314 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (file-pdf.rules) * 1:46715 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader use after free attempt (file-pdf.rules) * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:44010 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox empty lookupGetter dangling pointer attempt (browser-firefox.rules) * 1:40189 <-> DISABLED <-> POLICY-OTHER SSH weak 3DES cipher suite use attempt (policy-other.rules) * 1:41073 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 bitstring of 32 bits (protocol-scada.rules) * 1:39984 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules) * 1:39905 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 SMTP upload attempt (malware-other.rules) * 1:39663 <-> DISABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt (file-other.rules) * 1:36766 <-> DISABLED <-> FILE-OTHER Microsoft Outlook for Mac EML file http-equiv refresh url attempt (file-other.rules) * 1:38293 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:49029 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Longs ASCII reply (protocol-scada.rules) * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:47361 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:36476 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:38550 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling splash_remove directory traversal attempt (server-other.rules) * 1:36025 <-> DISABLED <-> SERVER-OTHER Digium Asterisk TLS Certificate Common Name null byte validation bypass attempt (server-other.rules) * 1:44839 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF memory corruption attempt (file-office.rules) * 1:38448 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:47313 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:40895 <-> DISABLED <-> FILE-OTHER R Project PDF encoding buffer overflow attempt (file-other.rules) * 1:36455 <-> DISABLED <-> SERVER-OTHER Schneider Electric InduSoft Web Studio Remote Agent remote code execution attempt (server-other.rules) * 1:36096 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake oversized fragment length denial of service attempt (server-other.rules) * 1:35568 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid mvhd atom size out of bounds read attempt (file-multimedia.rules) * 1:43626 <-> DISABLED <-> FILE-OTHER Schneider Electric MaxStream Configuration X-CTU code execution attempt (file-other.rules) * 1:39362 <-> DISABLED <-> INDICATOR-COMPROMISE User-Agent blank user-agent string (indicator-compromise.rules) * 1:35285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (file-flash.rules) * 1:35488 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Notepad remote printer file access attempt (os-windows.rules) * 1:41807 <-> DISABLED <-> POLICY-OTHER SSLv3 Client Hello attempt (policy-other.rules) * 1:45436 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ErrorPDU (protocol-scada.rules) * 1:46417 <-> DISABLED <-> SERVER-OTHER X.509 IPAddressFamily extension buffer overread attempt (server-other.rules) * 1:35554 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (server-mail.rules) * 1:35432 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:40316 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:40063 <-> DISABLED <-> OS-LINUX Linux Kernel Challenge ACK provocation attempt (os-linux.rules) * 1:38270 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt (server-other.rules) * 1:40827 <-> DISABLED <-> PUA-ADWARE MindSpark framework installer attempt (pua-adware.rules) * 1:45781 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:45746 <-> DISABLED <-> SERVER-OTHER CloudMe Sync Client stack buffer overflow attempt (server-other.rules) * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules) * 1:44574 <-> DISABLED <-> SERVER-OTHER Ipass Client control pipe remote code execution attempt (server-other.rules) * 1:41060 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 List directory (protocol-scada.rules) * 1:36563 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:48319 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:44201 <-> DISABLED <-> SERVER-OTHER Verso NetPerformer frame relay access device telnet buffer overflow attempt (server-other.rules) * 1:44325 <-> DISABLED <-> FILE-OTHER ZIP file malformed header antivirus evasion attempt (file-other.rules) * 1:38654 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38571 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (file-other.rules) * 1:42419 <-> DISABLED <-> FILE-EXECUTABLE Win.Trojan.DoubleAgent download attempt (file-executable.rules) * 1:38391 <-> DISABLED <-> SERVER-OTHER HP JetDirect PJL path traversal attempt (server-other.rules) * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:37061 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:41795 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:36606 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (file-flash.rules) * 1:37404 <-> DISABLED <-> SERVER-OTHER Easy Chat server authentication request username parameter overflow attempt (server-other.rules) * 1:36416 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel ALPC synchronous requests memory corruption attempt (os-windows.rules) * 1:38855 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules) * 1:38662 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:47318 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds write attempt (file-pdf.rules) * 1:48968 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:45582 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules) * 1:39449 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server sp_addsrvrolemember privilege escalation attempt (server-mssql.rules) * 1:44323 <-> DISABLED <-> FILE-OTHER RAR file malformed header antivirus evasion attempt (file-other.rules) * 1:40171 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player use after free attempt (file-flash.rules) * 1:43145 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:46335 <-> DISABLED <-> SERVER-OTHER QNAP QTS hard coded credential access attempt (server-other.rules) * 1:39761 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt (file-office.rules) * 1:35845 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules) * 1:35371 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Bimteni variant initial outbound connection (malware-backdoor.rules) * 1:45068 <-> DISABLED <-> SERVER-OTHER Oracle Identity Manager default login attempt (server-other.rules) * 1:35544 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36814 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO acceptor acc_ctx_cont denial of service attempt (server-other.rules) * 1:35334 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:41416 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader image cache use after free attempt (file-pdf.rules) * 1:39906 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 download attempt (malware-other.rules) * 1:47838 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules) * 1:40301 <-> DISABLED <-> SERVER-OTHER Redis CONFIG SET array index out of bounds attempt (server-other.rules) * 1:40562 <-> DISABLED <-> OS-LINUX Linux kernel madvise race condition attempt (os-linux.rules) * 1:38502 <-> DISABLED <-> MALWARE-OTHER samsam sqlsrvtmg1.exe file load attempt (malware-other.rules) * 1:42377 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader dll injection sandbox escape (file-pdf.rules) * 1:43960 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products element style change memory corruption code execution attempt (browser-firefox.rules) * 1:35631 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules) * 1:37087 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Metafile invalid header size integer overflow (os-windows.rules) * 1:36063 <-> DISABLED <-> FILE-PDF Adobe Reader makeMeasurement information disclosure attempt (file-pdf.rules) * 1:46664 <-> DISABLED <-> INDICATOR-COMPROMISE Outbound freegeoip.net geo-IP location connection attempt (indicator-compromise.rules) * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:43044 <-> DISABLED <-> SERVER-OTHER RaySharp DVR administrative interface access attempt (server-other.rules) * 1:38933 <-> DISABLED <-> INDICATOR-COMPROMISE IRC nick change on non-standard port (indicator-compromise.rules) * 1:35886 <-> DISABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules) * 1:44783 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (file-identify.rules) * 1:48335 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:43142 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large size value denial of service attempt (protocol-scada.rules) * 1:45590 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:47422 <-> DISABLED <-> FILE-OTHER SAP GUI ABAP code arbitrary dll-load attempt (file-other.rules) * 1:46767 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46878 <-> DISABLED <-> SERVER-OTHER BMC Server Automation RSCD Agent remote code execution attempt (server-other.rules) * 1:36478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:40172 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player out of bounds memory access attempt (file-flash.rules) * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (file-identify.rules) * 1:38060 <-> DISABLED <-> POLICY-OTHER SSLv2 Client Hello attempt (policy-other.rules) * 1:36248 <-> DISABLED <-> SERVER-OTHER IRC w3wt0rk pitbull perl bot remote command execution attempt (server-other.rules) * 1:41467 <-> DISABLED <-> SERVER-OTHER InsideSecure MatrixSSL x509 IssuerDomainPolicy remote code execution attempt (server-other.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules) * 1:40388 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules) * 1:43966 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .doc file denial of service attempt (os-windows.rules) * 1:38863 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:47370 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (file-other.rules) * 1:37446 <-> DISABLED <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt (server-other.rules) * 1:43300 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:41302 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:44395 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab variant outbound connection detected (pua-adware.rules) * 1:35979 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file download request (file-identify.rules) * 1:46916 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:37732 <-> DISABLED <-> POLICY-OTHER eicar test string download attempt (policy-other.rules) * 1:38342 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf Root xref stack exhaustion attempt (file-pdf.rules) * 1:41301 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:37305 <-> DISABLED <-> APP-DETECT Hola VPN tunnel keep alive (app-detect.rules) * 1:36564 <-> DISABLED <-> FILE-MULTIMEDIA libav LZO integer overflow attempt (file-multimedia.rules) * 1:36305 <-> DISABLED <-> FILE-PDF Foxit Reader PNG to PDF conversion heap buffer overflow attempt (file-pdf.rules) * 1:35461 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallWrapper error handling code execution attempt (browser-firefox.rules) * 1:43768 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox floating layer denial of service attempt (browser-firefox.rules) * 1:41440 <-> DISABLED <-> MALWARE-OTHER Dos.Tool.LOIC TCP default U dun goofed attack (malware-other.rules) * 1:37416 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT download (malware-backdoor.rules) * 1:36247 <-> DISABLED <-> SERVER-OTHER IRC w3wt0rk pitbull perl bot remote command execution attempt (server-other.rules) * 1:49053 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:44122 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (file-other.rules) * 1:40053 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:46412 <-> DISABLED <-> PUA-OTHER Javascript obfuscated by obfuscator.io download attempt (pua-other.rules) * 1:39983 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt (indicator-compromise.rules) * 1:36493 <-> DISABLED <-> SERVER-OTHER Squid snmphandleUDP off-by-one buffer overflow attempt (server-other.rules) * 1:37524 <-> DISABLED <-> FILE-OTHER ReGet Deluxe wjr file buffer overflow attempt (file-other.rules) * 1:48349 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:39899 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (pua-adware.rules) * 1:40517 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Network Policy Change attempt (protocol-scada.rules) * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:47356 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:36280 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows use after free kernel privilege escalation attempt (os-windows.rules) * 1:37502 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt (file-pdf.rules) * 1:39059 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:48167 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:48309 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:45785 <-> DISABLED <-> FILE-PDF Adobe Reader annotation object out of bounds read attempt (file-pdf.rules) * 1:45023 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules) * 1:39263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (file-flash.rules) * 1:44065 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:39264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (file-flash.rules) * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (policy-other.rules) * 1:44067 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:42084 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:41219 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric denial of service attempt (server-other.rules) * 1:38461 <-> ENABLED <-> OS-WINDOWS DCERPC Bind auth level packet privacy connection detected (os-windows.rules) * 1:44690 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:44648 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB transfer attempt (malware-other.rules) * 1:44715 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate Collector process remote start attempt (server-other.rules) * 1:46367 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file download detected (file-identify.rules) * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (file-identify.rules) * 1:46327 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed PageManagementService persistent XSS attempt (server-apache.rules) * 1:35333 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:37336 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:38525 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Troll dropper document file detected (malware-other.rules) * 1:40534 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:42874 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:44679 <-> DISABLED <-> SERVER-OTHER Beetel Connection Manager username buffer overflow attempt (server-other.rules) * 1:45983 <-> DISABLED <-> POLICY-OTHER Sandvine PacketLogic http redirection attempt (policy-other.rules) * 1:43945 <-> DISABLED <-> FILE-OTHER Magic Music Editor malformed CDA buffer overflow attempt (file-other.rules) * 1:48929 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:43161 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:38339 <-> DISABLED <-> FILE-JAVA Oracle Java Class Loader namespace sandbox bypass attempt (file-java.rules) * 1:47266 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:44904 <-> DISABLED <-> FILE-PDF Adobe Acrobat untrusted pointer dereference attempt (file-pdf.rules) * 1:41997 <-> DISABLED <-> OS-WINDOWS Microsoft GDI+ privilege escalation attempt (os-windows.rules) * 1:36279 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:47252 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:36855 <-> ENABLED <-> FILE-OTHER Wireshark DECT packet dissector overflow attempt (file-other.rules) * 1:37298 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules) * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:38653 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:48989 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set RTC ASCII request (protocol-scada.rules) * 1:45803 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:41054 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Double point information (protocol-scada.rules) * 1:43140 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large size value denial of service attempt (protocol-scada.rules) * 1:42015 <-> DISABLED <-> SERVER-OTHER Randombit Botan Library X509 DistinguishedName out of bounds read attempt (server-other.rules) * 1:40057 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:48554 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:37365 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST client identifier overflow attempt (os-windows.rules) * 1:41303 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:43914 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode type confusion exploitation attempt (file-pdf.rules) * 1:42268 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:40487 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:43239 <-> DISABLED <-> PROTOCOL-FTP WS-FTP REST command overly large file creation attempt (protocol-ftp.rules) * 1:43748 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox BOM character cross site scripting attempt (browser-firefox.rules) * 1:43277 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:43263 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:38704 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:43369 <-> DISABLED <-> FILE-OTHER Compface xbm long declaration buffer overflow attempt (file-other.rules) * 1:43639 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (file-office.rules) * 1:48348 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:39661 <-> DISABLED <-> FILE-OTHER Oracle OIT gem metafile n_integers heap buffer overflow attempt (file-other.rules) * 1:38499 <-> DISABLED <-> MALWARE-OTHER samsam sqlsrvtmg1.exe file load attempt (malware-other.rules) * 1:48211 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out-of-bounds write attempt (file-pdf.rules) * 1:47352 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:36375 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework Endpoint default HTTP password authentication attempt (server-other.rules) * 1:44204 <-> DISABLED <-> FILE-OTHER VideoLAN VLC Media Player Ogg/Vorbis denial of service attempt (file-other.rules) * 1:45611 <-> DISABLED <-> PROTOCOL-SNMP Cambium cnPilot SNMP request with read-only community string attempt (protocol-snmp.rules) * 1:41075 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 counter interrogation command (protocol-scada.rules) * 1:37422 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT server file download (malware-backdoor.rules) * 1:35689 <-> DISABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml buffer overflow attempt (protocol-other.rules) * 1:35764 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules) * 1:44663 <-> DISABLED <-> SERVER-OTHER Mikrotik RouterOS SNMP security bypass attempt (server-other.rules) * 1:40037 <-> DISABLED <-> PUA-ADWARE Google Chrome Google Contacts extension adware (pua-adware.rules) * 1:43386 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:44120 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record crash attempt (file-other.rules) * 1:37419 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (malware-backdoor.rules) * 1:44785 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (file-identify.rules) * 1:39464 <-> DISABLED <-> FILE-EXECUTABLE McAfee LiveSafe malformed executable denial of service attempt (file-executable.rules) * 1:42279 <-> DISABLED <-> FILE-OTHER Adobe Acrobat request for RARfsClientNP.dll over SMB attempt (file-other.rules) * 1:36454 <-> DISABLED <-> SERVER-OTHER multiple products WinExec function remote code execution attempt (server-other.rules) * 1:43253 <-> DISABLED <-> PROTOCOL-SCADA IEC 61850 virtual manufacturing device domain variable enumeration attempt (protocol-scada.rules) * 1:45398 <-> DISABLED <-> PUA-ADWARE Osx.Adware.SurfBuyer adware outbound connection detected (pua-adware.rules) * 1:47890 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:46403 <-> DISABLED <-> NETBIOS SMB NTLM Authentication with unknown authentication message type attempt (netbios.rules) * 1:43233 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:41064 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Query Log (protocol-scada.rules) * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules) * 1:45591 <-> DISABLED <-> PROTOCOL-FTP LabF nfsAxe FTP Client buffer overflow attempt (protocol-ftp.rules) * 1:43642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox multiple vulnerabilities memory corruption attempt (browser-firefox.rules) * 1:47365 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:37059 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:46448 <-> DISABLED <-> POLICY-OTHER TP-Link device enable remote management attempt (policy-other.rules) * 1:42308 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF out of bounds memory access attempt (file-pdf.rules) * 1:40774 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules) * 1:38344 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT is operation null pointer dereference attempt (server-other.rules) * 1:49028 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Integers ASCII reply (protocol-scada.rules) * 1:37315 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (file-pdf.rules) * 1:36362 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:40922 <-> DISABLED <-> FILE-PDF Iceni Argus loadLZWBuffer out of bounds write attempt (file-pdf.rules) * 1:40085 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineNone property use (indicator-compromise.rules) * 1:45492 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word PlfLfo use after free attempt (file-office.rules) * 1:43546 <-> DISABLED <-> INDICATOR-COMPROMISE Juniper vSRX Application Firewall IPv6 REJECT buffer overflow attempt (indicator-compromise.rules) * 1:44110 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:48320 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Filter Manager Elevation Of Privilege attempt (os-windows.rules) * 1:48569 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell download (malware-tools.rules) * 1:41755 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (indicator-compromise.rules) * 1:47359 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47989 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:39729 <-> DISABLED <-> INDICATOR-COMPROMISE Content-Type image containing Portable Executable data (indicator-compromise.rules) * 1:44324 <-> DISABLED <-> POLICY-OTHER vsFTPd denial of service attempt (policy-other.rules) * 1:35567 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid mvhd atom size out of bounds read attempt (file-multimedia.rules) * 1:41756 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (indicator-compromise.rules) * 1:41053 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Ack file (protocol-scada.rules) * 1:38320 <-> DISABLED <-> NETBIOS SMB srvsvc named pipe creation attempt (netbios.rules) * 1:43600 <-> DISABLED <-> FILE-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (file-other.rules) * 1:42397 <-> DISABLED <-> EXPLOIT-KIT Blacole inbound malformed pdf download attempt (exploit-kit.rules) * 1:43131 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:39747 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Apocalypse download attempt (malware-other.rules) * 1:37441 <-> ENABLED <-> FILE-OTHER Adobe Flash Player javascript parsing cross site scripting attempt (file-other.rules) * 1:48109 <-> DISABLED <-> SERVER-OTHER Aktakom oscilloscope denial of service attempt (server-other.rules) * 1:43125 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Password read or write attempt (indicator-compromise.rules) * 1:46907 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows processor modification return to user-mode attempt (indicator-compromise.rules) * 1:44718 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (server-other.rules) * 1:38892 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules) * 1:35757 <-> DISABLED <-> FILE-PDF Adobe Reader exclGroup element null pointer dereference attempt (file-pdf.rules) * 1:46259 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip out of bounds write attempt (file-flash.rules) * 1:44205 <-> DISABLED <-> FILE-OTHER VideoLAN VLC Media Player Ogg/Vorbis denial of service attempt (file-other.rules) * 1:38279 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (malware-other.rules) * 1:37354 <-> DISABLED <-> APP-DETECT Jenkins Groovy script access through script console attempt (app-detect.rules) * 1:39985 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules) * 1:44418 <-> DISABLED <-> SERVER-OTHER Tipping Point IPS reverse DNS lookup format string exploit attempt (server-other.rules) * 1:44948 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:43349 <-> DISABLED <-> SERVER-OTHER Karjasoft Sami HTTP Server denial of service attempt (server-other.rules) * 1:39451 <-> DISABLED <-> PROTOCOL-TFTP Comtrol RocketLinx switch reboot request (protocol-tftp.rules) * 1:42163 <-> DISABLED <-> FILE-OTHER Microsoft Office OneNote 2007 dll-load exploit attempt (file-other.rules) * 1:39769 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Alfa download attempt (malware-other.rules) * 1:35412 <-> DISABLED <-> BROWSER-CHROME Google Chrome xssauditor policy bypass command injection attempt (browser-chrome.rules) * 1:44947 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:47939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules) * 1:41762 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:37498 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter encrypted stream code execution attempt (file-pdf.rules) * 1:38268 <-> DISABLED <-> SERVER-APACHE 404 OK response (server-apache.rules) * 1:41465 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (file-executable.rules) * 1:48225 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox sandbox escape attempt (browser-firefox.rules) * 1:42786 <-> DISABLED <-> PROTOCOL-SCADA Moxa unlock function code attempt (protocol-scada.rules) * 1:39735 <-> DISABLED <-> FILE-OTHER VideoCharge buffer overflow SEH attempt (file-other.rules) * 1:10090 <-> DISABLED <-> PUA-ADWARE Trickler zango easymessenger outbound connection (pua-adware.rules) * 1:10092 <-> DISABLED <-> MALWARE-OTHER Trackware russian searchbar runtime detection (malware-other.rules) * 1:10089 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by ftp (malware-other.rules) * 1:10094 <-> DISABLED <-> PUA-ADWARE Adware borlan runtime detection (pua-adware.rules) * 1:10091 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool spylply.a runtime detection (malware-tools.rules) * 1:10096 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - keylog (malware-other.rules) * 1:10093 <-> DISABLED <-> PUA-TOOLBARS Hijacker kuaiso toolbar runtime detection (pua-toolbars.rules) * 1:10098 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - get system info (malware-other.rules) * 1:10095 <-> DISABLED <-> MALWARE-OTHER Trackware bydou runtime detection (malware-other.rules) * 1:10100 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - open website (malware-other.rules) * 1:10097 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules) * 1:10102 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - chat with victim (malware-backdoor.rules) * 1:10099 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules) * 1:10104 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules) * 1:10101 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - delete file (malware-backdoor.rules) * 1:10107 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pslist (malware-backdoor.rules) * 1:10103 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules) * 1:10109 <-> DISABLED <-> MALWARE-BACKDOOR k-msnrat 1.0.0 runtime detection - init connection (malware-backdoor.rules) * 1:10105 <-> DISABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection - retrieve pc info (malware-backdoor.rules) * 1:10111 <-> DISABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection - init connection (malware-backdoor.rules) * 1:10108 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pskill (malware-backdoor.rules) * 1:10115 <-> DISABLED <-> FILE-IMAGE Microsoft Windows WMF denial of service attempt (file-image.rules) * 1:10110 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection (malware-backdoor.rules) * 1:10124 <-> DISABLED <-> PROTOCOL-VOIP PA168 chipset based IP phone authentication bypass (protocol-voip.rules) * 1:10112 <-> DISABLED <-> MALWARE-BACKDOOR rix3 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:10131 <-> DISABLED <-> BROWSER-FIREFOX Mozilla compareTo arbitrary code execution attempt (browser-firefox.rules) * 1:10123 <-> DISABLED <-> PROTOCOL-VOIP PA168 chipset based IP phone default password attempt (protocol-voip.rules) * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules) * 1:10125 <-> DISABLED <-> SERVER-OTHER bomberclone buffer overflow attempt (server-other.rules) * 1:10165 <-> DISABLED <-> MALWARE-OTHER Keylogger mybr Keylogger runtime detection (malware-other.rules) * 1:10134 <-> DISABLED <-> SERVER-OTHER CA Brightstor discovery service buffer overflow attempt (server-other.rules) * 1:10167 <-> DISABLED <-> MALWARE-OTHER Keylogger radar spy 1.0 runtime detection - send html log (malware-other.rules) * 1:10164 <-> DISABLED <-> PUA-ADWARE Adware adclicker-ej runtime detection (pua-adware.rules) * 1:10169 <-> DISABLED <-> MALWARE-BACKDOOR matrix 1.03 by mtronic runtime detection - init connection (malware-backdoor.rules) * 1:10166 <-> DISABLED <-> MALWARE-OTHER Trackware baigoo runtime detection (malware-other.rules) * 1:10181 <-> DISABLED <-> MALWARE-OTHER Keylogger systemsleuth runtime detection (malware-other.rules) * 1:10168 <-> DISABLED <-> MALWARE-BACKDOOR one runtime detection (malware-backdoor.rules) * 1:10183 <-> DISABLED <-> MALWARE-OTHER Keylogger activity Keylogger runtime detection (malware-other.rules) * 1:10180 <-> DISABLED <-> PUA-TOOLBARS Adware eqiso runtime detection (pua-toolbars.rules) * 1:10185 <-> DISABLED <-> MALWARE-BACKDOOR x-door runtime detection (malware-backdoor.rules) * 1:10182 <-> DISABLED <-> PUA-ADWARE Adware newweb runtime detection (pua-adware.rules) * 1:10196 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor feed.php code execution (malware-backdoor.rules) * 1:10184 <-> DISABLED <-> MALWARE-BACKDOOR wow 23 runtime detection (malware-backdoor.rules) * 1:10285 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP svcctl ChangeServiceConfig2A attempt (netbios.rules) * 1:10186 <-> DISABLED <-> SERVER-MAIL ClamAV mime parsing directory traversal (server-mail.rules) * 1:10409 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD udp request (protocol-rpc.rules) * 1:10197 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor theme.php code execution (malware-backdoor.rules) * 1:10411 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD udp request (protocol-rpc.rules) * 1:10408 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD tcp request (protocol-rpc.rules) * 1:10435 <-> DISABLED <-> MALWARE-OTHER Trackware admedia runtime detection (malware-other.rules) * 1:10410 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD tcp request (protocol-rpc.rules) * 1:10437 <-> DISABLED <-> PUA-ADWARE Hijacker bazookabar outbound connection (pua-adware.rules) * 1:10418 <-> DISABLED <-> OS-SOLARIS Oracle Solaris lpd unlink file attempt (os-solaris.rules) * 1:10440 <-> DISABLED <-> MALWARE-OTHER Keylogger pc black box runtime detection (malware-other.rules) * 1:10436 <-> DISABLED <-> MALWARE-OTHER Keylogger keyspy runtime detection (malware-other.rules) * 1:10442 <-> DISABLED <-> MALWARE-BACKDOOR nirvana 2.0 runtime detection - explore c drive (malware-backdoor.rules) * 1:10439 <-> DISABLED <-> PUA-ADWARE Adware mokead runtime detection (pua-adware.rules) * 1:10444 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - open ftp serice (malware-backdoor.rules) * 1:10441 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool statwin runtime detection (malware-tools.rules) * 1:10446 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get server info (malware-backdoor.rules) * 1:10443 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - sniff info (malware-backdoor.rules) * 1:10449 <-> DISABLED <-> MALWARE-BACKDOOR acid shivers runtime detection - init telnet connection (malware-backdoor.rules) * 1:10445 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get password (malware-backdoor.rules) * 1:10451 <-> DISABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules) * 1:10448 <-> DISABLED <-> MALWARE-BACKDOOR acessor 2.0 runtime detection - init connection (malware-backdoor.rules) * 1:10454 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:10450 <-> ENABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules) * 1:10456 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules) * 1:10453 <-> DISABLED <-> MALWARE-BACKDOOR zalivator 1.4.2 pro runtime detection - smtp notification (malware-backdoor.rules) * 1:10458 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 or illusion runtime detection - open file manager (malware-backdoor.rules) * 1:10455 <-> ENABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules) * 1:10460 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules) * 1:10457 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - start keylogger (malware-backdoor.rules) * 1:10462 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules) * 1:10459 <-> DISABLED <-> MALWARE-BACKDOOR wineggdrop shell pro runtime detection - init connection (malware-backdoor.rules) * 1:10464 <-> DISABLED <-> PROTOCOL-TELNET kerberos login environment variable authentication bypass attempt (protocol-telnet.rules) * 1:10461 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules) * 1:11002 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.generate_refresh_operations buffer overflow attempt (server-oracle.rules) * 1:10463 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules) * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules) * 1:11001 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.delete_refresh_operations buffer overflow attempt (server-oracle.rules) * 1:11074 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss _RemoteGetClassObject attempt (os-windows.rules) * 1:11003 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.generate_refresh_operations buffer overflow attempt (server-oracle.rules) * 1:11191 <-> DISABLED <-> SERVER-IIS Microsoft Content Management Server memory corruption (server-iis.rules) * 1:11073 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss _RemoteGetClassObject attempt (os-windows.rules) * 1:11205 <-> DISABLED <-> SERVER-ORACLE sys.dbms_upgrade_internal access attempt (server-oracle.rules) * 1:11175 <-> DISABLED <-> SERVER-ORACLE dbms_cdc_ipublish.chgtab_cache buffer overflow attempt (server-oracle.rules) * 1:11264 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server 2000 Server hello buffer overflow attempt (server-mssql.rules) * 1:11203 <-> DISABLED <-> SERVER-ORACLE sys.dbms_apply_user_agent.set_registration_handler access attempt (server-oracle.rules) * 1:11266 <-> DISABLED <-> SERVER-OTHER Kerio Personal Firewall authentication buffer overflow attempt (server-other.rules) * 1:11263 <-> DISABLED <-> SERVER-APACHE Apache mod_ssl non-SSL connection to SSL port denial of service attempt (server-apache.rules) * 1:11273 <-> DISABLED <-> SERVER-APACHE Apache header parsing space saturation denial of service attempt (server-apache.rules) * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules) * 1:11306 <-> DISABLED <-> PUA-ADWARE Snoopware childwebguardian outbound connection - udp broadcast (pua-adware.rules) * 1:11272 <-> DISABLED <-> SERVER-APACHE Apache newline exploit attempt (server-apache.rules) * 1:11309 <-> DISABLED <-> MALWARE-OTHER Keylogger sskc v2.0 runtime detection (malware-other.rules) * 1:11305 <-> DISABLED <-> PUA-ADWARE Snoopware childwebguardian outbound connection - send log through smtp (pua-adware.rules) * 1:11311 <-> DISABLED <-> MALWARE-OTHER Keylogger pcsentinelsoftware Keylogger runtime detection - upload infor (malware-other.rules) * 1:11307 <-> DISABLED <-> MALWARE-OTHER Keylogger computer monitor Keylogger runtime detection (malware-other.rules) * 1:11314 <-> DISABLED <-> MALWARE-BACKDOOR shadownet remote spy 2.0 runtime detection (malware-backdoor.rules) * 1:11310 <-> DISABLED <-> PUA-ADWARE Trickler iowa webdownloader - icq notification (pua-adware.rules) * 1:11317 <-> DISABLED <-> MALWARE-BACKDOOR abremote pro 3.1 runtime detection - init connection (malware-backdoor.rules) * 1:11312 <-> DISABLED <-> MALWARE-OTHER Trackware uplink runtime detection (malware-other.rules) * 1:11319 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - init connection request (malware-backdoor.rules) * 1:11316 <-> DISABLED <-> MALWARE-BACKDOOR lurker 1.1 runtime detection - init connection (malware-backdoor.rules) * 1:11321 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - udp broadcast (malware-backdoor.rules) * 1:11318 <-> DISABLED <-> MALWARE-BACKDOOR boer runtime detection - init connection (malware-backdoor.rules) * 1:11323 <-> DISABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules) * 1:11320 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - reverse mode init connection request (malware-backdoor.rules) * 1:11682 <-> DISABLED <-> SERVER-OTHER niprint_lpd module attack attempt (server-other.rules) * 1:11322 <-> ENABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules) * 1:11816 <-> DISABLED <-> NETBIOS Session Service NetDDE attack (netbios.rules) * 1:11681 <-> DISABLED <-> SERVER-OTHER Openview Omni II command bypass attempt (server-other.rules) * 1:11843 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP spoolss AddPrinter overflow attempt (os-windows.rules) * 1:11684 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS overflow attempt (os-windows.rules) * 1:11946 <-> DISABLED <-> NETBIOS Datagram Service NetDDE attack (netbios.rules) * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:11949 <-> DISABLED <-> MALWARE-BACKDOOR lame rat v1.0 runtime detection (malware-backdoor.rules) * 1:11945 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11952 <-> DISABLED <-> MALWARE-BACKDOOR winshadow runtime detection - udp response (malware-backdoor.rules) * 1:11948 <-> DISABLED <-> PUA-TOOLBARS Hijacker snap toolbar runtime detection - cookie (pua-toolbars.rules) * 1:11954 <-> DISABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules) * 1:11951 <-> DISABLED <-> MALWARE-BACKDOOR winshadow runtime detection - init connection request (malware-backdoor.rules) * 1:11956 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:11953 <-> ENABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules) * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:11955 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11960 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11962 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:11959 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:11961 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11969 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules) * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11973 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules) * 1:11968 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules) * 1:11976 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules) * 1:11972 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules) * 1:11979 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules) * 1:11975 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules) * 1:11981 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules) * 1:11977 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules) * 1:11983 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules) * 1:11980 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules) * 1:11985 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules) * 1:11982 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules) * 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:11984 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules) * 1:11989 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:11986 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules) * 1:11991 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules) * 1:11988 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:11993 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules) * 1:11990 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules) * 1:11995 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules) * 1:11992 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules) * 1:11997 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules) * 1:11994 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules) * 1:11999 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules) * 1:11996 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules) * 1:12001 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules) * 1:11998 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules) * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:12000 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules) * 1:12005 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules) * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:12007 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules) * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:12031 <-> DISABLED <-> CONTENT-REPLACE MSN deny in-bound file transfer attempts (content-replace.rules) * 1:12006 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules) * 1:12033 <-> DISABLED <-> CONTENT-REPLACE Jabber deny in-bound file transfer attempts (content-replace.rules) * 1:12009 <-> DISABLED <-> SQL Firebird SQL Fbserver buffer overflow attempt (sql.rules) * 1:12035 <-> DISABLED <-> CONTENT-REPLACE IRC deny in-bound file transfer attempts (content-replace.rules) * 1:12032 <-> DISABLED <-> CONTENT-REPLACE MSN deny out-bound file transfer attempts (content-replace.rules) * 1:12037 <-> DISABLED <-> CONTENT-REPLACE AIM deny in-bound file transfer attempts (content-replace.rules) * 1:12034 <-> DISABLED <-> CONTENT-REPLACE Jabber deny out-bound file transfer attempts (content-replace.rules) * 1:12039 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny in-bound file transfer attempts (content-replace.rules) * 1:12036 <-> DISABLED <-> CONTENT-REPLACE IRC deny out-bound file transfer attempts (content-replace.rules) * 1:12041 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny in-bound file transfer attempts (content-replace.rules) * 1:12038 <-> DISABLED <-> CONTENT-REPLACE AIM deny out-bound file transfer attempts (content-replace.rules) * 1:12043 <-> DISABLED <-> SERVER-IIS Microsoft XML parser IIS WebDAV attack attempt (server-iis.rules) * 1:12040 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny out-bound file transfer attempts (content-replace.rules) * 1:12045 <-> DISABLED <-> SERVER-ORACLE Oracle Web Cache denial of service attempt (server-oracle.rules) * 1:12042 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny out-bound file transfer attempts (content-replace.rules) * 1:12048 <-> DISABLED <-> MALWARE-OTHER Keylogger computer Keylogger runtime detection (malware-other.rules) * 1:12044 <-> DISABLED <-> SERVER-ORACLE Oracle Web Cache denial of service attempt (server-oracle.rules) * 1:12050 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-greets toolbar runtime detection (pua-toolbars.rules) * 1:12047 <-> DISABLED <-> PUA-ADWARE Adware yayad runtime detection (pua-adware.rules) * 1:12052 <-> DISABLED <-> MALWARE-BACKDOOR the[x] 1.2 runtime detection - execute command (malware-backdoor.rules) * 1:12049 <-> DISABLED <-> MALWARE-OTHER Keylogger apophis spy 1.0 runtime detection (malware-other.rules) * 1:12054 <-> ENABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection - flowbit set (malware-backdoor.rules) * 1:12051 <-> DISABLED <-> MALWARE-BACKDOOR ultimate rat 2.1 runtime detection (malware-backdoor.rules) * 1:12058 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SPNEGO ASN.1 library heap corruption overflow attempt (os-windows.rules) * 1:12053 <-> DISABLED <-> MALWARE-BACKDOOR trail of destruction 2.0 runtime detection - get system info (malware-backdoor.rules) * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:12055 <-> DISABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection (malware-backdoor.rules) * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:12074 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules) * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:12082 <-> DISABLED <-> SERVER-ORACLE Oracle 9i TNS denial of service attempt (server-oracle.rules) * 1:12073 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules) * 1:12113 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules) * 1:12080 <-> DISABLED <-> OS-SOLARIS Oracle Solaris printd arbitrary file deletion vulnerability (os-solaris.rules) * 1:12121 <-> DISABLED <-> PUA-ADWARE Adware pprich runtime detection - udp info sent out (pua-adware.rules) * 1:12112 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules) * 1:12123 <-> DISABLED <-> PUA-ADWARE Hijacker lookquick outbound connection - hijack ie (pua-adware.rules) * 1:12120 <-> DISABLED <-> PUA-ADWARE Adware pprich runtime detection - version check (pua-adware.rules) * 1:12125 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - hijack ie search assistant (pua-toolbars.rules) * 1:12122 <-> DISABLED <-> PUA-TOOLBARS Trackware spynova runtime detection (pua-toolbars.rules) * 1:12127 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - ads (pua-toolbars.rules) * 1:12124 <-> DISABLED <-> PUA-ADWARE Hijacker lookquick outbound connection - monitor and collect user info (pua-adware.rules) * 1:12129 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules) * 1:12126 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - collect user information (pua-toolbars.rules) * 1:12131 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules) * 1:12128 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - init connection (malware-other.rules) * 1:12133 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules) * 1:12130 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules) * 1:12135 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules) * 1:12132 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules) * 1:12137 <-> DISABLED <-> MALWARE-OTHER Keylogger Keylogger king home 2.3 runtime detection (malware-other.rules) * 1:12134 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules) * 1:12139 <-> DISABLED <-> MALWARE-OTHER Trackware stealth website logger 3.4 runtime detection (malware-other.rules) * 1:12136 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules) * 1:12141 <-> DISABLED <-> MALWARE-OTHER Keylogger logit v1.0 runtime detection (malware-other.rules) * 1:12138 <-> DISABLED <-> PUA-ADWARE Adware zamingo runtime detection (pua-adware.rules) * 1:12143 <-> DISABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules) * 1:12140 <-> DISABLED <-> PUA-ADWARE Hijacker cnnic update outbound connection (pua-adware.rules) * 1:12145 <-> DISABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules) * 1:12142 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules) * 1:12147 <-> DISABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules) * 1:12144 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules) * 1:12149 <-> DISABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules) * 1:12146 <-> ENABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules) * 1:12151 <-> DISABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection (malware-backdoor.rules) * 1:12148 <-> ENABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules) * 1:12153 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12150 <-> ENABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:12155 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12152 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - init connection (malware-backdoor.rules) * 1:12157 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12154 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12159 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - keylogging (malware-backdoor.rules) * 1:12156 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12161 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12158 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12163 <-> ENABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules) * 1:12160 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12167 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules) * 1:12162 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12171 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules) * 1:12164 <-> DISABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules) * 1:12173 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules) * 1:12170 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules) * 1:12175 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:12172 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules) * 1:12177 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:12174 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:12179 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:12176 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:12181 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules) * 1:12178 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:12209 <-> ENABLED <-> PUA-P2P P2PTv TVAnt udp traffic detected (pua-p2p.rules) * 1:12180 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules) * 1:12211 <-> ENABLED <-> PUA-P2P P2PTv TVAnts TCP connection traffic detected (pua-p2p.rules) * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:12224 <-> DISABLED <-> PUA-ADWARE Adware enbrowser snackman runtime detection (pua-adware.rules) * 1:12210 <-> ENABLED <-> PUA-P2P P2PTv TVAnts TCP tracker connect traffic detected (pua-p2p.rules) * 1:12226 <-> DISABLED <-> MALWARE-OTHER Keylogger overspy runtime detection (malware-other.rules) * 1:12220 <-> DISABLED <-> SERVER-OTHER IBM Informix Dynamic Server long username buffer overflow attempt (server-other.rules) * 1:12228 <-> DISABLED <-> PUA-TOOLBARS Trackware snap ultrasearch/desktop toolbar runtime detection - cookie (pua-toolbars.rules) * 1:12225 <-> DISABLED <-> PUA-TOOLBARS Adware zango2007 toolbar runtime detection (pua-toolbars.rules) * 1:12230 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool hippynotify 2.0 runtime detection (malware-tools.rules) * 1:12227 <-> DISABLED <-> PUA-TOOLBARS Trackware snap ultrasearch/desktop toolbar runtime detection - search (pua-toolbars.rules) * 1:12232 <-> DISABLED <-> PUA-ADWARE Adware errorsafe runtime detection (pua-adware.rules) * 1:12229 <-> DISABLED <-> PUA-ADWARE Adware vroomsearch runtime detection (pua-adware.rules) * 1:12234 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules) * 1:12231 <-> DISABLED <-> PUA-ADWARE Adware vroomsearch runtime detection (pua-adware.rules) * 1:12236 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules) * 1:12233 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules) * 1:12238 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules) * 1:12235 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules) * 1:12240 <-> ENABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules) * 1:12237 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules) * 1:12242 <-> ENABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules) * 1:12239 <-> DISABLED <-> MALWARE-BACKDOOR webcenter v1.0 Backdoor - init connection (malware-backdoor.rules) * 1:12244 <-> DISABLED <-> MALWARE-BACKDOOR itadem trojan 3.0 runtime detection (malware-backdoor.rules) * 1:12241 <-> DISABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules) * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:12243 <-> DISABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules) * 1:12288 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - hijack ie searches (pua-toolbars.rules) * 1:12245 <-> DISABLED <-> MALWARE-BACKDOOR furax 1.0 b3 runtime detection (malware-backdoor.rules) * 1:12290 <-> DISABLED <-> PUA-ADWARE Hijacker newdotnet quick! search outbound connection (pua-adware.rules) * 1:12287 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - ebrss request (pua-toolbars.rules) * 1:12292 <-> DISABLED <-> PUA-TOOLBARS Hijacker morpheus toolbar runtime detection - hijack/search (pua-toolbars.rules) * 1:12289 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - get updates (pua-toolbars.rules) * 1:12294 <-> DISABLED <-> PUA-TOOLBARS Hijacker 3search runtime detection - counter (pua-toolbars.rules) * 1:12291 <-> DISABLED <-> PUA-TOOLBARS Trackware vmn toolbar runtime detection (pua-toolbars.rules) * 1:12296 <-> DISABLED <-> PUA-TOOLBARS Hijacker 3search runtime detection - update (pua-toolbars.rules) * 1:12293 <-> DISABLED <-> PUA-TOOLBARS Hijacker morpheus toolbar runtime detection - get cfg info (pua-toolbars.rules) * 1:12298 <-> DISABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules) * 1:12295 <-> DISABLED <-> PUA-ADWARE Hijacker 3search outbound connection - hijacking (pua-adware.rules) * 1:12300 <-> DISABLED <-> OS-OTHER Cisco NHRP incorrect packet size (os-other.rules) * 1:12297 <-> ENABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules) * 1:12304 <-> DISABLED <-> POLICY-SOCIAL AOL Instant Messenger web client connection (policy-social.rules) * 1:12299 <-> DISABLED <-> OS-OTHER Cisco NHRP incorrect packet size (os-other.rules) * 1:12306 <-> DISABLED <-> POLICY-SOCIAL Microsoft Messenger web client connection (policy-social.rules) * 1:12303 <-> DISABLED <-> POLICY-SOCIAL Google Chat web client connection (policy-social.rules) * 1:12359 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk data length field overflow attempt (protocol-voip.rules) * 1:12305 <-> DISABLED <-> POLICY-SOCIAL Yahoo Messenger web client connection (policy-social.rules) * 1:12363 <-> DISABLED <-> PUA-ADWARE Other-Technologies malware-stopper outbound connection (pua-adware.rules) * 1:12357 <-> DISABLED <-> SERVER-OTHER Apple mDNSresponder excessive HTTP headers (server-other.rules) * 1:12365 <-> DISABLED <-> PUA-ADWARE Hijacker proventactics 3.5 outbound connection - redirect searches (pua-adware.rules) * 1:12361 <-> DISABLED <-> PUA-ADWARE Infostealer.Monstres outbound connection (pua-adware.rules) * 1:12367 <-> DISABLED <-> PUA-ADWARE Hijacker imesh mediabar outbound connection - hijack ie searches (pua-adware.rules) * 1:12364 <-> DISABLED <-> PUA-TOOLBARS Hijacker proventactics 3.5 runtime detection - get cfg information (pua-toolbars.rules) * 1:12369 <-> DISABLED <-> PUA-ADWARE Hijacker imesh mediabar outbound connection - collect user information (pua-adware.rules) * 1:12366 <-> DISABLED <-> PUA-TOOLBARS Hijacker proventactics 3.5 runtime detection - toolbar search function (pua-toolbars.rules) * 1:12372 <-> DISABLED <-> MALWARE-OTHER Keylogger mg-shadow 2.0 runtime detection (malware-other.rules) * 1:12368 <-> DISABLED <-> PUA-ADWARE Hijacker imesh mediabar outbound connection - hijack ie side search (pua-adware.rules) * 1:12374 <-> DISABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules) * 1:12370 <-> DISABLED <-> PUA-TOOLBARS Hijacker imesh mediabar runtime detection - auto update (pua-toolbars.rules) * 1:12376 <-> DISABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules) * 1:12373 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules) * 1:12378 <-> DISABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules) * 1:12375 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules) * 1:12390 <-> DISABLED <-> POLICY-SOCIAL Yahoo Webmail client chat applet (policy-social.rules) * 1:12377 <-> ENABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules) * 1:12421 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long transport header (server-other.rules) * 1:12379 <-> DISABLED <-> MALWARE-OTHER Keylogger PaqKeylogger 5.1 runtime detection - ftp (malware-other.rules) * 1:12425 <-> DISABLED <-> PUA-P2P Ruckus P2P client activity (pua-p2p.rules) * 1:12391 <-> DISABLED <-> POLICY-SOCIAL Google Webmail client chat applet (policy-social.rules) * 1:12427 <-> DISABLED <-> PUA-P2P Ruckus P2P encrypted authentication connection (pua-p2p.rules) * 1:12422 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long describe request exploit attempt (server-other.rules) * 1:12437 <-> DISABLED <-> POLICY-MULTIMEDIA Google video player request (policy-multimedia.rules) * 1:12426 <-> DISABLED <-> PUA-P2P Ruckus P2P broadcast domain probe (pua-p2p.rules) * 1:12455 <-> ENABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules) * 1:12436 <-> DISABLED <-> POLICY-MULTIMEDIA Youtube video player file request (policy-multimedia.rules) * 1:12458 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt (protocol-rpc.rules) * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:12465 <-> DISABLED <-> SERVER-APACHE Apache APR memory corruption attempt (server-apache.rules) * 1:12457 <-> DISABLED <-> POLICY-SOCIAL Microsoft Live chat video feed initiation (policy-social.rules) * 1:12481 <-> DISABLED <-> PUA-TOOLBARS Hijacker 411web toolbar runtime detection (pua-toolbars.rules) * 1:12464 <-> DISABLED <-> PROTOCOL-NNTP cancel overflow attempt (protocol-nntp.rules) * 1:12484 <-> DISABLED <-> PUA-ADWARE Adware instant buzz runtime detection - ads for members (pua-adware.rules) * 1:12480 <-> ENABLED <-> MALWARE-OTHER Keylogger inside website logger 2.4 runtime detection (malware-other.rules) * 1:12486 <-> DISABLED <-> PUA-TOOLBARS Hijacker soso toolbar runtime detection - get weather information (pua-toolbars.rules) * 1:12483 <-> DISABLED <-> PUA-ADWARE Other-Technologies virusprotectpro 3.7 outbound connection (pua-adware.rules) * 1:12593 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Apple Quicktime chrome exploit (browser-firefox.rules) * 1:12485 <-> DISABLED <-> PUA-ADWARE Adware instant buzz runtime detection - random text ads (pua-adware.rules) * 1:12597 <-> DISABLED <-> SERVER-OTHER utf8 filename transfer attempt (server-other.rules) * 1:12487 <-> DISABLED <-> PUA-TOOLBARS Hijacker soso toolbar runtime detection - hijack ie auto searches / soso toolbar searches requests (pua-toolbars.rules) * 1:12609 <-> DISABLED <-> PROTOCOL-RPC portmap walld udp format string attack attempt (protocol-rpc.rules) * 1:12594 <-> DISABLED <-> SERVER-OTHER Oracle TNS Service_CurLoad command (server-other.rules) * 1:12619 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange ical/vcal malformed property (server-mail.rules) * 1:12608 <-> DISABLED <-> PROTOCOL-RPC portmap walld udp request (protocol-rpc.rules) * 1:12621 <-> DISABLED <-> PUA-TOOLBARS Trackware extra toolbar 1.0 runtime detection (pua-toolbars.rules) * 1:12611 <-> DISABLED <-> POLICY-SOCIAL ebuddy.com login attempt (policy-social.rules) * 1:12623 <-> DISABLED <-> PUA-ADWARE Hijacker onestepsearch 1.0.118 outbound connection (pua-adware.rules) * 1:12620 <-> DISABLED <-> PUA-ADWARE Adware drive cleaner 1.0.111 runtime detection (pua-adware.rules) * 1:12625 <-> DISABLED <-> MALWARE-OTHER Keylogger windows family safety 2.0 runtime detection (malware-other.rules) * 1:12622 <-> DISABLED <-> PUA-TOOLBARS Trackware extra toolbar 1.0 runtime detection - file download (pua-toolbars.rules) * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules) * 1:12624 <-> DISABLED <-> PUA-ADWARE Hijacker onestepsearch 1.0.118 outbound connection - upgrade (pua-adware.rules) * 1:12652 <-> DISABLED <-> PUA-ADWARE Hijacker new.net domain 7.2.2 outbound connection - hijack browser (pua-adware.rules) * 1:12626 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmap sadmin port query request attempt (protocol-rpc.rules) * 1:12654 <-> DISABLED <-> PUA-ADWARE Hijacker rabio 4.2 outbound connection - hijack browser (pua-adware.rules) * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules) * 1:12656 <-> DISABLED <-> PUA-ADWARE Adware icoo loader 2.5 runtime detection 1 (pua-adware.rules) * 1:12653 <-> DISABLED <-> PUA-ADWARE Hijacker new.net domain 7.2.2 outbound connection - download code (pua-adware.rules) * 1:12658 <-> DISABLED <-> PUA-ADWARE Adware winantivirus pro 2007 runtime detection (pua-adware.rules) * 1:12655 <-> DISABLED <-> PUA-ADWARE Hijacker rabio 4.2 outbound connection - download updates (pua-adware.rules) * 1:12660 <-> DISABLED <-> PUA-ADWARE Trickler zlob media codec outbound connection - download redirect domains (pua-adware.rules) * 1:12657 <-> DISABLED <-> PUA-ADWARE Adware icoo loader 2.5 runtime detection 2 (pua-adware.rules) * 1:12675 <-> DISABLED <-> MALWARE-BACKDOOR Versi TheTheef Detection (malware-backdoor.rules) * 1:12659 <-> DISABLED <-> PUA-ADWARE Trickler zlob media codec outbound connection - automatic updates (pua-adware.rules) * 1:12677 <-> DISABLED <-> PUA-ADWARE Adware ISTBar runtime detection - softwares (pua-adware.rules) * 1:12672 <-> DISABLED <-> PUA-TOOLBARS Trackware searchmiracle elitebar runtime detection - get ads (pua-toolbars.rules) * 1:12679 <-> DISABLED <-> PUA-TOOLBARS Trackware myway speedbar / mywebsearch toolbar user-agent detection (pua-toolbars.rules) * 1:12676 <-> DISABLED <-> PUA-ADWARE Conspy Update Checking Detected (pua-adware.rules) * 1:12681 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules) * 1:12678 <-> DISABLED <-> PUA-ADWARE SpyTech Realtime Spy Detection (pua-adware.rules) * 1:12683 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules) * 1:12680 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules) * 1:12686 <-> DISABLED <-> POLICY-SOCIAL AIM Express usage (policy-social.rules) * 1:12682 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules) * 1:12693 <-> DISABLED <-> PUA-ADWARE Hijacker personalweb outbound connection (pua-adware.rules) * 1:12684 <-> DISABLED <-> MALWARE-BACKDOOR Sygate Remote Administration Engine (malware-backdoor.rules) * 1:12695 <-> DISABLED <-> PUA-ADWARE Adware coopen 3.6.1 runtime detection - initial connection (pua-adware.rules) * 1:12691 <-> DISABLED <-> PUA-P2P Outbound Joltid PeerEnabler traffic detected (pua-p2p.rules) * 1:12697 <-> DISABLED <-> MALWARE-OTHER Trackware browser accelerator runtime detection - pass user information to server (malware-other.rules) * 1:12694 <-> DISABLED <-> PUA-ADWARE Adware avsystemcare runtime detection (pua-adware.rules) * 1:12699 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules) * 1:12696 <-> DISABLED <-> PUA-ADWARE Adware coopen 3.6.1 runtime detection - automatic upgrade (pua-adware.rules) * 1:12704 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer MIFFILE comment overflow (server-mail.rules) * 1:12698 <-> DISABLED <-> MALWARE-OTHER Keylogger net vizo 5.2 runtime detection (malware-other.rules) * 1:12710 <-> DISABLED <-> SERVER-OTHER ASN.1 constructed bit string (server-other.rules) * 1:12700 <-> DISABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules) * 1:12712 <-> DISABLED <-> PROTOCOL-SNMP oversized sysName set request (protocol-snmp.rules) * 1:12705 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer statement overflow (server-mail.rules) * 1:12719 <-> DISABLED <-> PUA-ADWARE Hijacker side find 1.0 outbound connection - hijacks search engine (pua-adware.rules) * 1:12711 <-> DISABLED <-> SERVER-APACHE Apache Tomcat WebDAV system tag remote file disclosure attempt (server-apache.rules) * 1:12721 <-> DISABLED <-> PUA-ADWARE Adware pestbot runtime detection - purchase (pua-adware.rules) * 1:12718 <-> DISABLED <-> PUA-ADWARE Hijacker side find 1.0 outbound connection - initial connection (pua-adware.rules) * 1:12724 <-> ENABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules) * 1:12720 <-> DISABLED <-> PUA-ADWARE Adware pestbot runtime detection - update (pua-adware.rules) * 1:12726 <-> ENABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules) * 1:12722 <-> DISABLED <-> PUA-ADWARE Hijacker sexyvideoscreensaver outbound connection (pua-adware.rules) * 1:12758 <-> ENABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules) * 1:12725 <-> DISABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules) * 1:12760 <-> ENABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules) * 1:12727 <-> DISABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules) * 1:12789 <-> DISABLED <-> PUA-ADWARE Adware sunshine spy 1.0 runtime detection - check update (pua-adware.rules) * 1:12759 <-> DISABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules) * 1:12791 <-> DISABLED <-> PUA-TOOLBARS Adware gophoria toolbar runtime detection (pua-toolbars.rules) * 1:12761 <-> DISABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules) * 1:12793 <-> DISABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules) * 1:12790 <-> DISABLED <-> MALWARE-OTHER Trackware partypoker runtime detection (malware-other.rules) * 1:12795 <-> DISABLED <-> PUA-ADWARE Hijacker gralicwrap outbound connection - display frauddb information (pua-adware.rules) * 1:12792 <-> ENABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules) * 1:12797 <-> DISABLED <-> PUA-ADWARE Adware x-con spyware destroyer eh 3.2.8 runtime detection (pua-adware.rules) * 1:12794 <-> DISABLED <-> PUA-ADWARE Hijacker gralicwrap outbound connection - search frauddb process (pua-adware.rules) * 1:12808 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss OpenPrinter overflow attempt (netbios.rules) * 1:12796 <-> DISABLED <-> PUA-TOOLBARS Trackware happytofind toolbar runtime detection (pua-toolbars.rules) * 1:12947 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB SMBv2 protocol negotiation attempt (os-windows.rules) * 1:12801 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules) * 1:13236 <-> ENABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules) * 1:12946 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS SMBv2 protocol negotiation attempt (os-windows.rules) * 1:13238 <-> DISABLED <-> PUA-ADWARE Adware adult p2p 1.5 runtime detection (pua-adware.rules) * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules) * 1:13240 <-> DISABLED <-> PUA-ADWARE Adware live protection 2.1 runtime detection - redirects to purchase page (pua-adware.rules) * 1:13237 <-> DISABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules) * 1:13242 <-> DISABLED <-> PUA-ADWARE Adware netpumper 1.26 runtime detection (pua-adware.rules) * 1:13239 <-> DISABLED <-> PUA-TOOLBARS Hijacker blue wave adult links toolbar runtime detection (pua-toolbars.rules) * 1:13244 <-> DISABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules) * 1:13241 <-> DISABLED <-> PUA-ADWARE Adware live protection 2.1 runtime detection - application updates (pua-adware.rules) * 1:13247 <-> ENABLED <-> MALWARE-BACKDOOR yuri 1.2 runtime detection - init connection (malware-backdoor.rules) * 1:13243 <-> ENABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules) * 1:13278 <-> ENABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules) * 1:13246 <-> DISABLED <-> MALWARE-BACKDOOR troya 1.4 inbound connection (malware-backdoor.rules) * 1:13280 <-> ENABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules) * 1:13277 <-> DISABLED <-> PUA-ADWARE Adware netword agent runtime detection (pua-adware.rules) * 1:13282 <-> DISABLED <-> PUA-TOOLBARS Adware jily ie toolbar runtime detection (pua-toolbars.rules) * 1:13279 <-> DISABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules) * 1:13284 <-> DISABLED <-> PUA-ADWARE Adware netguarder web cleaner runtime detection (pua-adware.rules) * 1:13281 <-> DISABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules) * 1:13286 <-> DISABLED <-> PUA-ADWARE Adware 3wplayer 1.7 runtime detection (pua-adware.rules) * 1:13283 <-> DISABLED <-> PUA-ADWARE Hijacker dreambar outbound connection (pua-adware.rules) * 1:13340 <-> DISABLED <-> PUA-ADWARE Hijacker search4top outbound connection - hijack ie searches and error pages (pua-adware.rules) * 1:13285 <-> DISABLED <-> PUA-ADWARE Hijacker phazebar outbound connection (pua-adware.rules) * 1:13342 <-> DISABLED <-> PUA-TOOLBARS Hijacker ditto toolbar runtime detection (pua-toolbars.rules) * 1:13339 <-> DISABLED <-> PUA-TOOLBARS Hijacker direct toolbar runtime detection (pua-toolbars.rules) * 1:13344 <-> DISABLED <-> PUA-ADWARE Adware yourprivacyguard runtime detection - presale request (pua-adware.rules) * 1:13341 <-> DISABLED <-> PUA-ADWARE Hijacker search4top outbound connection - popup ads (pua-adware.rules) * 1:13346 <-> ENABLED <-> PUA-ADWARE Snoopware remote desktop inspector outbound connection - init connection (pua-adware.rules) * 1:13343 <-> DISABLED <-> PUA-ADWARE Adware 2005-search loader runtime detection (pua-adware.rules) * 1:13357 <-> DISABLED <-> SERVER-MYSQL failed Oracle Mysql login attempt (server-mysql.rules) * 1:13345 <-> DISABLED <-> PUA-ADWARE Adware yourprivacyguard runtime detection - update (pua-adware.rules) * 1:13359 <-> DISABLED <-> APP-DETECT failed IMAP login attempt - invalid username/password (app-detect.rules) * 1:13347 <-> DISABLED <-> PUA-ADWARE Snoopware remote desktop inspector runtime detection - init connection (pua-adware.rules) * 1:13367 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss GetPrinterData attempt (netbios.rules) * 1:13358 <-> DISABLED <-> SERVER-MYSQL Oracle Mysql login attempt from unauthorized location (server-mysql.rules) * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules) * 1:13360 <-> DISABLED <-> APP-DETECT failed FTP login attempt (app-detect.rules) * 1:13477 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.collectEmailInfo exploit attempt - compressed (file-pdf.rules) * 1:13415 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules) * 1:13479 <-> ENABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules) * 1:13471 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher invalid pathname overwrite attempt (file-office.rules) * 1:13481 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - hijacks search engine (pua-toolbars.rules) * 1:13478 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.collectEmailInfo exploit attempt (file-pdf.rules) * 1:13483 <-> ENABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules) * 1:13480 <-> DISABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules) * 1:13485 <-> DISABLED <-> PUA-TOOLBARS Hijacker sofa toolbar runtime detection - hijacks search engine (pua-toolbars.rules) * 1:13482 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - discloses information (pua-toolbars.rules) * 1:13487 <-> DISABLED <-> PUA-ADWARE Adware elite protector runtime detection (pua-adware.rules) * 1:13484 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules) * 1:13489 <-> DISABLED <-> PUA-TOOLBARS Hijacker people pal toolbar runtime detection - traffic for searching (pua-toolbars.rules) * 1:13486 <-> DISABLED <-> PUA-TOOLBARS Hijacker sofa toolbar runtime detection - records search information (pua-toolbars.rules) * 1:13491 <-> DISABLED <-> PUA-ADWARE Adware spy shredder 2.1 runtime detection - update (pua-adware.rules) * 1:13488 <-> DISABLED <-> PUA-TOOLBARS Hijacker people pal toolbar runtime detection - automatic upgrade (pua-toolbars.rules) * 1:13493 <-> DISABLED <-> PUA-TOOLBARS Hijacker deepdo toolbar runtime detection - automatic update (pua-toolbars.rules) * 1:13490 <-> DISABLED <-> PUA-ADWARE Adware spy shredder 2.1 runtime detection - presale request (pua-adware.rules) * 1:13495 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - initial traffic 1 (pua-toolbars.rules) * 1:13492 <-> DISABLED <-> PUA-TOOLBARS Hijacker deepdo toolbar runtime detection - redirects search engine (pua-toolbars.rules) * 1:13497 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - tracking traffic (pua-toolbars.rules) * 1:13494 <-> DISABLED <-> MALWARE-OTHER Keylogger smart pc Keylogger runtime detection (malware-other.rules) * 1:13499 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - search traffic 2 (pua-adware.rules) * 1:13496 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - initial traffic 2 (pua-toolbars.rules) * 1:13501 <-> DISABLED <-> PUA-ADWARE Adware contravirus runtime detection - presale request (pua-adware.rules) * 1:13498 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - search traffic 1 (pua-adware.rules) * 1:13503 <-> DISABLED <-> PUA-TOOLBARS Hijacker dealio toolbar runtime detection user-agent detected (pua-toolbars.rules) * 1:13500 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - log information (pua-adware.rules) * 1:13505 <-> DISABLED <-> PUA-ADWARE Adware iedefender runtime detection - update (pua-adware.rules) * 1:13502 <-> DISABLED <-> PUA-ADWARE Adware contravirus runtime detection - update (pua-adware.rules) * 1:13515 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules) * 1:13504 <-> DISABLED <-> PUA-ADWARE Adware iedefender runtime detection - presale request (pua-adware.rules) * 1:13557 <-> DISABLED <-> PUA-ADWARE Hijacker kword interkey outbound connection - search traffic 2 (pua-adware.rules) * 1:13506 <-> ENABLED <-> MALWARE-BACKDOOR evilotus 1.3.2 runtime detection - init connection (malware-backdoor.rules) * 1:13559 <-> DISABLED <-> PUA-TOOLBARS Hijacker kompass toolbar runtime detection - initial connection (pua-toolbars.rules) * 1:13556 <-> DISABLED <-> PUA-ADWARE Hijacker kword interkey outbound connection - search traffic 1 (pua-adware.rules) * 1:13561 <-> DISABLED <-> PUA-ADWARE Adware malware alarm runtime detection - presale request (pua-adware.rules) * 1:13558 <-> DISABLED <-> PUA-ADWARE Hijacker kword interkey outbound connection - log user info (pua-adware.rules) * 1:13563 <-> DISABLED <-> PUA-ADWARE Adware system doctor runtime detection - presale request (pua-adware.rules) * 1:13560 <-> DISABLED <-> PUA-TOOLBARS Hijacker kompass toolbar runtime detection - search traffic (pua-toolbars.rules) * 1:13565 <-> DISABLED <-> PUA-ADWARE Trickler iecodec outbound connection - initial traffic (pua-adware.rules) * 1:13562 <-> DISABLED <-> PUA-ADWARE Adware malware alarm runtime detection - update request (pua-adware.rules) * 1:13567 <-> DISABLED <-> MALWARE-OTHER Keylogger msn spy monitor runtime detection (malware-other.rules) * 1:13564 <-> DISABLED <-> PUA-ADWARE Adware system doctor runtime detection - update status (pua-adware.rules) * 1:13586 <-> DISABLED <-> APP-DETECT SSH server detected on non-standard port (app-detect.rules) * 1:13566 <-> DISABLED <-> PUA-ADWARE Trickler iecodec outbound connection - message dialog (pua-adware.rules) * 1:13590 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules) * 1:13568 <-> DISABLED <-> MALWARE-OTHER Keylogger sys keylog 1.3 advanced runtime detection (malware-other.rules) * 1:13613 <-> DISABLED <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt (os-solaris.rules) * 1:13589 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via header request misplaced - after terminating newline (protocol-voip.rules) * 1:13615 <-> DISABLED <-> SERVER-OTHER CVS Argument overflow attempt (server-other.rules) * 1:13594 <-> DISABLED <-> OS-WINDOWS Microsoft Windows print spooler little endian DoS attempt (os-windows.rules) * 1:13617 <-> DISABLED <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt (server-oracle.rules) * 1:13614 <-> DISABLED <-> SERVER-OTHER CVS Argument overflow attempt (server-other.rules) * 1:13620 <-> DISABLED <-> SERVER-OTHER CA Brightstor discovery service alternate buffer overflow attempt (server-other.rules) * 1:13616 <-> DISABLED <-> SERVER-OTHER CVS Argument overflow (server-other.rules) * 1:13635 <-> DISABLED <-> PUA-ADWARE Trickler downloader trojan.gen outbound connection - get malicious link (pua-adware.rules) * 1:13618 <-> DISABLED <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt (server-oracle.rules) * 1:13637 <-> DISABLED <-> PUA-ADWARE Adware virus heat runtime detection - presale request (pua-adware.rules) * 1:13632 <-> DISABLED <-> SERVER-OTHER Zango adware installation request (server-other.rules) * 1:13640 <-> DISABLED <-> PUA-TOOLBARS Hijacker locmag toolbar runtime detection - hijacks address bar (pua-toolbars.rules) * 1:13636 <-> DISABLED <-> PUA-ADWARE Trickler downloader trojan.gen outbound connection - download malicious link (pua-adware.rules) * 1:13642 <-> DISABLED <-> MALWARE-OTHER Keylogger easy Keylogger runtime detection (malware-other.rules) * 1:13639 <-> DISABLED <-> PUA-TOOLBARS Hijacker locmag toolbar runtime detection - connection to toolbar (pua-toolbars.rules) * 1:13644 <-> DISABLED <-> PUA-TOOLBARS Hijacker zztoolbar runtime detection - search traffic (pua-toolbars.rules) * 1:13641 <-> DISABLED <-> PUA-TOOLBARS Hijacker eclickz toolbar runtime detection - search traffic (pua-toolbars.rules) * 1:13646 <-> DISABLED <-> PUA-ADWARE Adware registry defender runtime detection - presale request (pua-adware.rules) * 1:13643 <-> DISABLED <-> PUA-TOOLBARS Hijacker zztoolbar runtime detection - toolbar traffic (pua-toolbars.rules) * 1:13648 <-> DISABLED <-> PUA-ADWARE Hijacker mysearch bar 2.0.2.28 runtime detection (pua-adware.rules) * 1:13645 <-> DISABLED <-> PUA-TOOLBARS Hijacker mxs toolbar runtime detection (pua-toolbars.rules) * 1:13650 <-> DISABLED <-> PUA-ADWARE Adware spyware stop runtime detection - auto updates (pua-adware.rules) * 1:13647 <-> DISABLED <-> PUA-ADWARE Adware registry defender runtime detection - error report request (pua-adware.rules) * 1:13652 <-> DISABLED <-> PUA-ADWARE Keylogger all in one Keylogger runtime detection (pua-adware.rules) * 1:13649 <-> DISABLED <-> PUA-ADWARE Adware spyware stop runtime detection - presale request (pua-adware.rules) * 1:13694 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long get request exploit attempt (server-other.rules) * 1:13651 <-> DISABLED <-> MALWARE-OTHER Keylogger family cyber alert runtime detection - smtp traffic for recorded activities (malware-other.rules) * 1:13697 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation - alternate port (policy-other.rules) * 1:13653 <-> DISABLED <-> PUA-ADWARE Adware cashfiesta adbar runtime detection - updates traffic (pua-adware.rules) * 1:13719 <-> DISABLED <-> SERVER-ORACLE database username buffer overflow (server-oracle.rules) * 1:13695 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long setup request exploit attempt (server-other.rules) * 1:13764 <-> DISABLED <-> PUA-ADWARE Snoopware xpress remote outbound connection - init connection (pua-adware.rules) * 1:13698 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation - second alternate port (policy-other.rules) * 1:13766 <-> DISABLED <-> PUA-ADWARE Adware winxdefender runtime detection - auto update (pua-adware.rules) * 1:13762 <-> DISABLED <-> PUA-ADWARE Adware system defender runtime detection (pua-adware.rules) * 1:13768 <-> DISABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules) * 1:13765 <-> DISABLED <-> PUA-ADWARE Adware winxdefender runtime detection - presale request (pua-adware.rules) * 1:13770 <-> DISABLED <-> PUA-TOOLBARS Hijacker searchnine toolbar runtime detection - redirects search function (pua-toolbars.rules) * 1:13767 <-> ENABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules) * 1:13772 <-> DISABLED <-> PUA-TOOLBARS Hijacker music of faith toolbar runtime detection - hijacks search engine traffic #2 (pua-toolbars.rules) * 1:13769 <-> DISABLED <-> PUA-TOOLBARS Hijacker searchnine toolbar runtime detection - hijacks address bar (pua-toolbars.rules) * 1:13775 <-> DISABLED <-> PUA-ADWARE Trickler trojan ecodec outbound connection - initial server connection #2 (pua-adware.rules) * 1:13771 <-> DISABLED <-> PUA-TOOLBARS Hijacker music of faith toolbar runtime detection - hijacks search engine traffic #1 (pua-toolbars.rules) * 1:13778 <-> DISABLED <-> MALWARE-OTHER Keylogger kgb employee monitor runtime detection (malware-other.rules) * 1:13774 <-> DISABLED <-> PUA-ADWARE Trickler trojan ecodec outbound connection - initial server connection #1 (pua-adware.rules) * 1:13780 <-> DISABLED <-> PUA-TOOLBARS Hijacker find.fm toolbar runtime detection - automatic updates (pua-toolbars.rules) * 1:13776 <-> DISABLED <-> MALWARE-OTHER Trackware syscleaner runtime detection - presale traffic (malware-other.rules) * 1:13791 <-> DISABLED <-> INDICATOR-OBFUSCATION oversized cast statement - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:13779 <-> DISABLED <-> PUA-TOOLBARS Trackware proofile toolbar runtime detection (pua-toolbars.rules) * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules) * 1:13781 <-> DISABLED <-> PUA-TOOLBARS Hijacker find.fm toolbar runtime detection - hijacks address bar (pua-toolbars.rules) * 1:13809 <-> DISABLED <-> PUA-ADWARE Adware ie antivirus runtime detection - update request (pua-adware.rules) * 1:13797 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules) * 1:13811 <-> DISABLED <-> PUA-ADWARE Adware xp antivirus runtime detection (pua-adware.rules) * 1:13808 <-> DISABLED <-> PUA-ADWARE Adware ie antivirus runtime detection - presale request (pua-adware.rules) * 1:13813 <-> DISABLED <-> PUA-ADWARE Trickler mm.exe outbound connection (pua-adware.rules) * 1:13810 <-> DISABLED <-> PUA-ADWARE Trickler Adware.Win32.Ejik runtime detection - udp payload (pua-adware.rules) * 1:13841 <-> DISABLED <-> SERVER-OTHER Borland Interbase create operation buffer overflow (server-other.rules) * 1:13812 <-> DISABLED <-> MALWARE-OTHER Keylogger refog Keylogger runtime detection (malware-other.rules) * 1:13844 <-> DISABLED <-> SERVER-MAIL BDAT size longer than contents exploit attempt (server-mail.rules) * 1:13840 <-> DISABLED <-> SERVER-OTHER Borland Interbase service attach operation buffer overflow (server-other.rules) * 1:13847 <-> DISABLED <-> PUA-ADWARE Adware phoenician casino runtime detection (pua-adware.rules) * 1:13842 <-> DISABLED <-> SERVER-OTHER Borland Interbase operation buffer overflow (server-other.rules) * 1:13849 <-> DISABLED <-> PUA-ADWARE Hijacker rcse 4.4 outbound connection - hijack ie browser (pua-adware.rules) * 1:13845 <-> DISABLED <-> SERVER-MAIL BDAT size public exploit attempt (server-mail.rules) * 1:13851 <-> DISABLED <-> PUA-ADWARE Adware roogoo 2.0 runtime detection - upgrade (pua-adware.rules) * 1:13848 <-> DISABLED <-> PUA-ADWARE Trickler zwinky runtime detection (pua-adware.rules) * 1:13853 <-> DISABLED <-> PUA-TOOLBARS Hijacker alot toolbar runtime detection - weather request (pua-toolbars.rules) * 1:13850 <-> DISABLED <-> PUA-ADWARE Adware roogoo 2.0 runtime detection - popup ads (pua-adware.rules) * 1:13861 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client avatar control (policy-social.rules) * 1:13852 <-> DISABLED <-> PUA-ADWARE Hijacker bitroll 5.0 outbound connection (pua-adware.rules) * 1:13863 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client successful login (policy-social.rules) * 1:13854 <-> DISABLED <-> PUA-TOOLBARS Hijacker alot toolbar runtime detection - auto update (pua-toolbars.rules) * 1:13866 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker-fc.gen.a runtime detection - popup ads (malware-other.rules) * 1:13862 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client item information download (policy-social.rules) * 1:13868 <-> DISABLED <-> PUA-ADWARE Adware antispywaremaster runtime detection - start fake scanning (pua-adware.rules) * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Dr. Watson error reporting attempt (policy-other.rules) * 1:13870 <-> DISABLED <-> PUA-ADWARE Adware coopen 5.0.0.87 runtime detection - init conn (pua-adware.rules) * 1:13867 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker-fc.gen.a runtime detection (malware-other.rules) * 1:13872 <-> DISABLED <-> PUA-ADWARE Trickler fushion 1.2.4.17 outbound connection - notice (pua-adware.rules) * 1:13869 <-> DISABLED <-> PUA-ADWARE Adware antispywaremaster runtime detection - sale/register request (pua-adware.rules) * 1:13874 <-> DISABLED <-> PUA-ADWARE Adware malware destructor 4.5 runtime detection - order request (pua-adware.rules) * 1:13871 <-> DISABLED <-> PUA-ADWARE Adware coopen 5.0.0.87 runtime detection - ads (pua-adware.rules) * 1:13898 <-> ENABLED <-> APP-DETECT Apple iTunes client request for server info (app-detect.rules) * 1:13873 <-> DISABLED <-> PUA-ADWARE Trickler fushion 1.2.4.17 outbound connection - underground traffic (pua-adware.rules) * 1:13900 <-> DISABLED <-> APP-DETECT Apple iTunes server multicast DNS response (app-detect.rules) * 1:13875 <-> DISABLED <-> PUA-ADWARE Adware malware destructor 4.5 runtime detection - auto update (pua-adware.rules) * 1:13923 <-> DISABLED <-> SERVER-MAIL MailEnable SMTP HELO command denial of service attempt (server-mail.rules) * 1:13899 <-> DISABLED <-> APP-DETECT Apple iTunes client login attempt (app-detect.rules) * 1:13933 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - ads (malware-other.rules) * 1:13915 <-> ENABLED <-> FILE-IDENTIFY BAK file download request (file-identify.rules) * 1:13938 <-> ENABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant outbound connection (pua-adware.rules) * 1:13930 <-> DISABLED <-> PUA-ADWARE Trickler pc privacy cleaner outbound connection - order/register request (pua-adware.rules) * 1:13940 <-> DISABLED <-> PUA-ADWARE Hijacker win32.bho.bgf outbound connection (pua-adware.rules) * 1:13937 <-> DISABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant runtime detection - call home (pua-adware.rules) * 1:13970 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules) * 1:13939 <-> DISABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant runtime detection - auto update (pua-adware.rules) * 1:13983 <-> ENABLED <-> FILE-IDENTIFY EPS file download request (file-identify.rules) * 1:13943 <-> ENABLED <-> PUA-ADWARE Trickler dropper agent.rqg outbound connection (pua-adware.rules) * 1:13988 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to ascii function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:13979 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Event System Subscription VBScript access (os-windows.rules) * 1:13991 <-> DISABLED <-> SQL xp_regaddmultistring attempt (sql.rules) * 1:13987 <-> DISABLED <-> INDICATOR-OBFUSCATION oversized convert statement - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:13993 <-> DISABLED <-> SQL xp_regenumkeys attempt (sql.rules) * 1:13989 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to char function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:13995 <-> DISABLED <-> SQL xp_regremovemultistring attempt (sql.rules) * 1:13992 <-> DISABLED <-> SQL xp_regdeletevalue attempt (sql.rules) * 1:13997 <-> DISABLED <-> SQL xp_loginconfig attempt (sql.rules) * 1:13994 <-> DISABLED <-> SQL xp_regenumvalues attempt (sql.rules) * 1:14008 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to concat function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:13996 <-> DISABLED <-> SQL xp_servicecontrol attempt (sql.rules) * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules) * 1:13998 <-> DISABLED <-> SQL xp_terminate_process attempt (sql.rules) * 1:14020 <-> DISABLED <-> FILE-MULTIMEDIA CyberLink PowerDVD playlist file handling stack overflow attempt (file-multimedia.rules) * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules) * 1:14055 <-> DISABLED <-> PUA-TOOLBARS Hijacker rediff toolbar runtime detection - hijack ie auto search (pua-toolbars.rules) * 1:14019 <-> DISABLED <-> FILE-MULTIMEDIA CyberLink PowerDVD playlist file handling stack overflow attempt (file-multimedia.rules) * 1:14058 <-> DISABLED <-> PUA-ADWARE Hijacker cpush 2 outbound connection - pass info to controlling server (pua-adware.rules) * 1:14054 <-> DISABLED <-> PUA-ADWARE Adware AdwareALERT runtime detection - auto update (pua-adware.rules) * 1:14062 <-> DISABLED <-> PUA-ADWARE Trickler antimalware guard runtime detection - auto update (pua-adware.rules) * 1:14056 <-> DISABLED <-> PUA-TOOLBARS Hijacker rediff toolbar runtime detection - get news info (pua-toolbars.rules) * 1:14064 <-> DISABLED <-> PUA-ADWARE Hijacker cashon outbound connection - auto update (pua-adware.rules) * 1:14061 <-> DISABLED <-> PUA-ADWARE Trickler antimalware guard runtime detection - order/register request (pua-adware.rules) * 1:14066 <-> DISABLED <-> PUA-ADWARE Adware winsecuredisc runtime detection (pua-adware.rules) * 1:14063 <-> DISABLED <-> PUA-ADWARE Hijacker cashon outbound connection - hijack ie searches (pua-adware.rules) * 1:14068 <-> DISABLED <-> PUA-ADWARE Adware rond runtime detection (pua-adware.rules) * 1:14065 <-> DISABLED <-> MALWARE-OTHER Keylogger emptybase j runtime detection (malware-other.rules) * 1:14070 <-> DISABLED <-> PUA-ADWARE Adware brave sentry runtime detection - self update (pua-adware.rules) * 1:14067 <-> DISABLED <-> PUA-ADWARE Adware swizzor runtime detection (pua-adware.rules) * 1:14072 <-> DISABLED <-> PUA-ADWARE Hijacker Adware bho.gen runtime detection - pop-up window traffic #2 (pua-adware.rules) * 1:14069 <-> DISABLED <-> PUA-ADWARE Adware brave sentry runtime detection - order request (pua-adware.rules) * 1:14074 <-> DISABLED <-> MALWARE-OTHER Keylogger spybosspro 4.2 runtime detection (malware-other.rules) * 1:14071 <-> DISABLED <-> PUA-ADWARE Hijacker Adware bho.gen runtime detection - pop-up window traffic #1 (pua-adware.rules) * 1:14076 <-> DISABLED <-> PUA-ADWARE Hijacker Adware win32 mostofate runtime detection - hijack search (pua-adware.rules) * 1:14073 <-> DISABLED <-> PUA-ADWARE Hijacker Adware bho.gen runtime detection - prompt download page (pua-adware.rules) * 1:14078 <-> DISABLED <-> PUA-ADWARE Adware winspywareprotect runtime detection - download malicous code (pua-adware.rules) * 1:14075 <-> DISABLED <-> MALWARE-OTHER Keylogger ultimate Keylogger pro runtime detection (malware-other.rules) * 1:14080 <-> DISABLED <-> PUA-ADWARE Adware winspywareprotect runtime detection - connection to malicious server (pua-adware.rules) * 1:14077 <-> DISABLED <-> PUA-ADWARE Hijacker Adware win32 mostofate runtime detection - redirect search results (pua-adware.rules) * 1:14265 <-> DISABLED <-> PROTOCOL-SCADA Multiple Schneider Electric SCADA products buffer overflow attempt (protocol-scada.rules) * 1:14079 <-> DISABLED <-> PUA-ADWARE Adware winspywareprotect runtime detection - connection to malicious sites (pua-adware.rules) * 1:14602 <-> DISABLED <-> SERVER-OTHER Borland Interbase open_marker_file overflow attempt (server-other.rules) * 1:14264 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (file-identify.rules) * 1:14609 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt (protocol-voip.rules) * 1:14600 <-> DISABLED <-> SERVER-OTHER SAP Message Server Heap buffer overflow attempt (server-other.rules) * 1:14741 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Foundation Service NULL service authentication attempt (server-other.rules) * 1:14608 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt (protocol-voip.rules) * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules) * 1:14615 <-> DISABLED <-> SERVER-OTHER Oracle Java web console format string attempt (server-other.rules) * 1:15074 <-> DISABLED <-> PROTOCOL-SCADA Modbus user-defined function code - 65 to 72 (protocol-scada.rules) * 1:14777 <-> DISABLED <-> PROTOCOL-DNS single byte encoded name response (protocol-dns.rules) * 1:15076 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple coils - too many outputs (protocol-scada.rules) * 1:15071 <-> DISABLED <-> PROTOCOL-SCADA Modbus exception returned (protocol-scada.rules) * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules) * 1:15075 <-> DISABLED <-> PROTOCOL-SCADA Modbus user-defined function code - 100 to 110 (protocol-scada.rules) * 1:15115 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt (os-windows.rules) * 1:15077 <-> DISABLED <-> PROTOCOL-SCADA Modbus read multiple coils - too many inputs (protocol-scada.rules) * 1:15128 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (os-windows.rules) * 1:15083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file double free attempt (file-office.rules) * 1:15130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (os-windows.rules) * 1:15127 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (os-windows.rules) * 1:15132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function attempt (os-windows.rules) * 1:15129 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (os-windows.rules) * 1:15134 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode attempt (os-windows.rules) * 1:15131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function andx attempt (os-windows.rules) * 1:15136 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (os-windows.rules) * 1:15133 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode andx attempt (os-windows.rules) * 1:15138 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (os-windows.rules) * 1:15135 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (os-windows.rules) * 1:15140 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function attempt (os-windows.rules) * 1:15137 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (os-windows.rules) * 1:15142 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode attempt (os-windows.rules) * 1:15139 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function andx attempt (os-windows.rules) * 1:15150 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server login Authentication bypass attempt (pua-other.rules) * 1:15141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode andx attempt (os-windows.rules) * 1:15152 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server setup-index Authentication bypass attempt (pua-other.rules) * 1:15144 <-> DISABLED <-> SERVER-MSSQL sp_replwritetovarbin vulnerable function attempt (server-mssql.rules) * 1:15155 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server png Authentication bypass attempt (pua-other.rules) * 1:15151 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server logout Authentication bypass attempt (pua-other.rules) * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules) * 1:15154 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server gif Authentication bypass attempt (pua-other.rules) * 1:15168 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .ru dns query (indicator-compromise.rules) * 1:15156 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server serverdown Authentication bypass attempt (pua-other.rules) * 1:15170 <-> DISABLED <-> POLICY-SOCIAL XBOX Netflix client activity (policy-social.rules) * 1:15167 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cn dns query (indicator-compromise.rules) * 1:15172 <-> DISABLED <-> POLICY-SOCIAL XBOX avatar retrieval request (policy-social.rules) * 1:15169 <-> DISABLED <-> POLICY-SOCIAL XBOX Live Kerberos authentication request (policy-social.rules) * 1:15184 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN messenger http link transmission attempt (policy-social.rules) * 1:15171 <-> DISABLED <-> POLICY-SOCIAL XBOX Marketplace http request (policy-social.rules) * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules) * 1:15183 <-> DISABLED <-> POLICY-SOCIAL Yahoo messenger http link transmission attempt (policy-social.rules) * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15185 <-> DISABLED <-> APP-DETECT Nintendo Wii SSL Server Hello (app-detect.rules) * 1:15260 <-> DISABLED <-> PROTOCOL-DNS DNS root query response traffic amplification attempt (protocol-dns.rules) * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15293 <-> DISABLED <-> POLICY-SOCIAL QQ protocol detected - version 2008 (policy-social.rules) * 1:15259 <-> DISABLED <-> PROTOCOL-DNS DNS root query traffic amplification attempt (protocol-dns.rules) * 1:15319 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules) * 1:15292 <-> DISABLED <-> POLICY-SOCIAL QQ protocol detected - version 2006 (policy-social.rules) * 1:15321 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules) * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules) * 1:15323 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules) * 1:15320 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules) * 1:15325 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules) * 1:15322 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules) * 1:15361 <-> ENABLED <-> FILE-PDF pdf file sent via email (file-pdf.rules) * 1:15324 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules) * 1:15385 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules) * 1:15326 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules) * 1:15390 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area fill attempt (protocol-scada.rules) * 1:15363 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential obfuscated javascript eval unescape attack attempt (indicator-obfuscation.rules) * 1:15392 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS parameter area write attempt (protocol-scada.rules) * 1:15389 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area write attempt (protocol-scada.rules) * 1:15394 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect attempt (protocol-scada.rules) * 1:15391 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area transfer attempt (protocol-scada.rules) * 1:15396 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area write attempt (protocol-scada.rules) * 1:15393 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS parameter area clear attempt (protocol-scada.rules) * 1:15398 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS RUN attempt (protocol-scada.rules) * 1:15395 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect clear attempt (protocol-scada.rules) * 1:15400 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS clock write attempt (protocol-scada.rules) * 1:15397 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area clear attempt (protocol-scada.rules) * 1:15402 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS access right forced acquire attempt (protocol-scada.rules) * 1:15399 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS STOP attempt (protocol-scada.rules) * 1:15404 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS file delete attempt (protocol-scada.rules) * 1:15401 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS access right acquire attempt (protocol-scada.rules) * 1:15406 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS forced set/reset cancel attempt (protocol-scada.rules) * 1:15403 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS single file write attempt (protocol-scada.rules) * 1:15408 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS data link table write attempt (protocol-scada.rules) * 1:15405 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS forced set/reset attempt (protocol-scada.rules) * 1:15410 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS name delete attempt (protocol-scada.rules) * 1:15407 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS file memory write attempt (protocol-scada.rules) * 1:15412 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area write overflow attempt (protocol-scada.rules) * 1:15409 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS RESET attempt (protocol-scada.rules) * 1:15414 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect clear brute force attempt (protocol-scada.rules) * 1:15411 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory card format attempt (protocol-scada.rules) * 1:15416 <-> DISABLED <-> CONTENT-REPLACE ICQ deny http proxy login (content-replace.rules) * 1:15413 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area fill overflow attempt (protocol-scada.rules) * 1:15418 <-> DISABLED <-> POLICY-SOCIAL AIM server certificate for encrypted login (policy-social.rules) * 1:15415 <-> DISABLED <-> CONTENT-REPLACE AIM or ICQ deny unencrypted login connection (content-replace.rules) * 1:15426 <-> ENABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules) * 1:15417 <-> DISABLED <-> CONTENT-REPLACE AIM deny server certificate for encrypted login (content-replace.rules) * 1:15429 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny outbound login attempt (content-replace.rules) * 1:15420 <-> DISABLED <-> CONTENT-REPLACE MSN deny login (content-replace.rules) * 1:15438 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny udp login (content-replace.rules) * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules) * 1:15440 <-> DISABLED <-> CONTENT-REPLACE QQ 2008 deny udp login (content-replace.rules) * 1:15435 <-> DISABLED <-> SERVER-OTHER IBM Director CIM server consumer name handling denial of service attempt (server-other.rules) * 1:15442 <-> DISABLED <-> SERVER-MYSQL XML Functions ExtractValue Scalar XPath denial of service attempt (server-mysql.rules) * 1:15439 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:15448 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrShareEnum null policy handle attempt (netbios.rules) * 1:15441 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15444 <-> ENABLED <-> FILE-IDENTIFY Core Audio Format file download request (file-identify.rules) * 1:15470 <-> DISABLED <-> FILE-EXECUTABLE IIS ASP/ASP.NET potentially malicious file upload attempt (file-executable.rules) * 1:15456 <-> DISABLED <-> SERVER-OTHER WinHTTP SSL/TLS impersonation attempt (server-other.rules) * 1:15476 <-> DISABLED <-> PUA-ADWARE Waledac spam bot HTTP POST request (pua-adware.rules) * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:15475 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ISA Server cross-site scripting attempt (os-windows.rules) * 1:15501 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint ParaBuildAtom memory corruption attempt (file-office.rules) * 1:15480 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie record invalid version number exploit attempt (file-multimedia.rules) * 1:15512 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:15487 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime SMIL qtnext redirect file execution attempt (file-multimedia.rules) * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules) * 1:15502 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint DiagramBuildContainer memory corruption attempt (file-office.rules) * 1:15522 <-> DISABLED <-> SERVER-OTHER Active Directory invalid OID denial of service attempt (server-other.rules) * 1:15513 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:15560 <-> DISABLED <-> POLICY-SOCIAL Yahoo Messenger web client activity (policy-social.rules) * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules) * 1:15562 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt (file-pdf.rules) * 1:15528 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DCERPC NCACN-IP-TCP spoolss RpcSetPrinterDataEx attempt (os-windows.rules) * 1:15567 <-> DISABLED <-> PUA-ADWARE Martuz HTTP GET request attempt (pua-adware.rules) * 1:15561 <-> DISABLED <-> POLICY-SOCIAL AOL Aimexpress web client login (policy-social.rules) * 1:15569 <-> DISABLED <-> POLICY-SOCIAL Yahoo encrypted login attempt (policy-social.rules) * 1:15566 <-> DISABLED <-> PUA-ADWARE Gumblar HTTP GET request attempt (pua-adware.rules) * 1:15572 <-> DISABLED <-> SERVER-OTHER Curse of Silence Nokia SMS DoS attempt (server-other.rules) * 1:15568 <-> DISABLED <-> POLICY-SOCIAL AIM encrypted login attempt (policy-social.rules) * 1:15576 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web client login (policy-social.rules) * 1:15570 <-> DISABLED <-> CONTENT-REPLACE Google Talk deny login (content-replace.rules) * 1:15578 <-> DISABLED <-> MALWARE-TOOLS Slowloris http DoS tool (malware-tools.rules) * 1:15574 <-> DISABLED <-> SERVER-MAIL MAIL FROM command overflow attempt (server-mail.rules) * 1:15581 <-> DISABLED <-> SERVER-SAMBA Samba wildcard filename matching denial of service attempt (server-samba.rules) * 1:15577 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web client activity (policy-social.rules) * 1:15583 <-> DISABLED <-> FILE-OTHER F-Secure AntiVirus library heap overflow attempt (file-other.rules) * 1:15579 <-> DISABLED <-> SERVER-OTHER Squid NTLM fakeauth_auth Helper denial of service attempt (server-other.rules) * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:15582 <-> ENABLED <-> FILE-IDENTIFY ARJ format file download request (file-identify.rules) * 1:15683 <-> DISABLED <-> SERVER-OTHER ISA Server OTP-based Forms-authorization fallback policy bypass attempt (server-other.rules) * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules) * 1:15680 <-> DISABLED <-> OS-WINDOWS Microsoft DirectShow QuickTime file atom size parsing heap corruption attempt (os-windows.rules) * 1:15714 <-> DISABLED <-> PROTOCOL-SCADA DNP3 corrupt configuration (protocol-scada.rules) * 1:15699 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3.5 unicode stack overflow attempt (browser-firefox.rules) * 1:15716 <-> DISABLED <-> PROTOCOL-SCADA DNP3 parameter error (protocol-scada.rules) * 1:15713 <-> DISABLED <-> PROTOCOL-SCADA DNP3 device trouble (protocol-scada.rules) * 1:15718 <-> DISABLED <-> PROTOCOL-SCADA DNP3 unsupported function code error (protocol-scada.rules) * 1:15715 <-> DISABLED <-> PROTOCOL-SCADA DNP3 event buffer overflow error (protocol-scada.rules) * 1:15728 <-> DISABLED <-> FILE-PDF Possible Adobe Acrobat Reader ActionScript byte_array heap spray attempt (file-pdf.rules) * 1:15717 <-> DISABLED <-> PROTOCOL-SCADA DNP3 unknown object error (protocol-scada.rules) * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules) * 1:15719 <-> DISABLED <-> PROTOCOL-SCADA DNP3 link service not supported (protocol-scada.rules) * 1:15873 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox location spoofing attempt via invalid window.open characters (browser-firefox.rules) * 1:15729 <-> DISABLED <-> FILE-FLASH Possible Adobe Flash Player ActionScript byte_array heap spray attempt (file-flash.rules) * 1:15883 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x01 command buffer overflow attempt (server-other.rules) * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules) * 1:15885 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x03 command buffer overflow attempt (server-other.rules) * 1:15882 <-> DISABLED <-> SERVER-OTHER McAfee E-Business Server remote preauth code execution attempt (server-other.rules) * 1:15887 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x05 command buffer overflow attempt (server-other.rules) * 1:15884 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x02 command buffer overflow attempt (server-other.rules) * 1:15889 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x32 command buffer overflow attempt (server-other.rules) * 1:15886 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x04 command buffer overflow attempt (server-other.rules) * 1:15891 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x34 command buffer overflow attempt (server-other.rules) * 1:15888 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x31 command buffer overflow attempt (server-other.rules) * 1:15893 <-> DISABLED <-> FILE-OTHER fCreateShellLink function use - potential attack (file-other.rules) * 1:15890 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x33 command buffer overflow attempt (server-other.rules) * 1:15903 <-> DISABLED <-> INDICATOR-SHELLCODE x86 PoC CVE-2003-0605 (indicator-shellcode.rules) * 1:15892 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x53 command denial of service attempt (server-other.rules) * 1:15921 <-> ENABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules) * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules) * 1:15932 <-> DISABLED <-> PROTOCOL-FTP LIST globbing denial of service attack (protocol-ftp.rules) * 1:15913 <-> DISABLED <-> OS-WINDOWS Microsoft Windows javascript arguments keyword override rce attempt (os-windows.rules) * 1:15935 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 192.168/16 address detected (protocol-dns.rules) * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:15937 <-> DISABLED <-> SERVER-OTHER protos h323 buffer overflow (server-other.rules) * 1:15934 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 172.16/12 address detected (protocol-dns.rules) * 1:15945 <-> ENABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules) * 1:15936 <-> DISABLED <-> SERVER-MAIL Sendmail identd command parsing vulnerability (server-mail.rules) * 1:15964 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange OWA XSS and spoofing attempt (server-mail.rules) * 1:15939 <-> DISABLED <-> SERVER-OTHER MSN Messenger IRC bot calling home attempt (server-other.rules) * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules) * 1:15963 <-> DISABLED <-> OS-LINUX Red Hat Enterprise Linux DNS resolver buffer overflow attempt (os-linux.rules) * 1:15969 <-> DISABLED <-> SERVER-OTHER Symantec Multiple Products ISAKMPd denial of service attempt (server-other.rules) * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules) * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules) * 1:15967 <-> DISABLED <-> SERVER-OTHER ICQ SRV_MULTI/SRV_META_USER overflow attempt (server-other.rules) * 1:15979 <-> DISABLED <-> SERVER-OTHER Check Point VPN-1 ASN.1 Decoding heap overflow attempt (server-other.rules) * 1:15970 <-> DISABLED <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt (server-other.rules) * 1:15981 <-> DISABLED <-> FILE-OTHER zlib Denial of Service (file-other.rules) * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules) * 1:15984 <-> DISABLED <-> SERVER-SAMBA Samba Printer Change Notification Request DoS attempt (server-samba.rules) * 1:15980 <-> DISABLED <-> SERVER-APACHE Apache mod_ssl hook functions format string attempt (server-apache.rules) * 1:15986 <-> DISABLED <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt (server-samba.rules) * 1:15983 <-> DISABLED <-> SERVER-SAMBA Samba arbitrary file access exploit attempt (server-samba.rules) * 1:15988 <-> DISABLED <-> OS-WINDOWS Microsoft ISA Server DNS spoofing attempt (os-windows.rules) * 1:15985 <-> DISABLED <-> OS-WINDOWS Microsoft ASP.NET canonicalization exploit attempt (os-windows.rules) * 1:15996 <-> DISABLED <-> OS-WINDOWS Microsoft Negotiate SSP buffer overflow attempt (os-windows.rules) * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules) * 1:16025 <-> DISABLED <-> SERVER-MAIL MailEnable SMTP service SPF lookup buffer overflow attempt (server-mail.rules) * 1:15989 <-> DISABLED <-> SERVER-OTHER Squid ASN.1 header parsing denial of service attempt (server-other.rules) * 1:16040 <-> DISABLED <-> SERVER-OTHER SpamAssassin spamd vpopmail and paranoid options code execution attempt (server-other.rules) * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules) * 1:16051 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 conversion library code execution attempt (file-office.rules) * 1:16038 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Thunderbird WYSIWYG engine filtering IFRAME JavaScript execution attempt (browser-firefox.rules) * 1:16057 <-> DISABLED <-> SERVER-MAIL Sendmail smtp timeout buffer overflow attempt (server-mail.rules) * 1:16044 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox CSS Letter-Spacing overflow attempt (browser-firefox.rules) * 1:16062 <-> DISABLED <-> FILE-OTHER ACD Systems ACDSee Products XPM values section buffer overflow attempt (file-other.rules) * 1:16053 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules) * 1:16077 <-> DISABLED <-> SERVER-OTHER Tripwire format string vulnerability ftp exploit attempt (server-other.rules) * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules) * 1:16092 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.delf.jwh runtime detection (malware-backdoor.rules) * 1:16076 <-> DISABLED <-> SERVER-OTHER Tripwire format string vulnerability nfs exploit attempt (server-other.rules) * 1:16115 <-> DISABLED <-> PUA-TOOLBARS Hijacker cramtoolbar runtime detection - search (pua-toolbars.rules) * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules) * 1:16117 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - ads (malware-other.rules) * 1:16114 <-> DISABLED <-> PUA-TOOLBARS Hijacker cramtoolbar runtime detection - hijack (pua-toolbars.rules) * 1:16119 <-> DISABLED <-> PUA-ADWARE Adware winreanimator runtime detection - daily update (pua-adware.rules) * 1:16116 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - pass user info to remote server (malware-other.rules) * 1:16121 <-> DISABLED <-> PUA-ADWARE Hijacker weatherstudio outbound connection (pua-adware.rules) * 1:16118 <-> DISABLED <-> PUA-ADWARE Adware winreanimator runtime detection - register request (pua-adware.rules) * 1:16123 <-> DISABLED <-> PUA-ADWARE rogue antivirus xp 2008 runtime detection - update (pua-adware.rules) * 1:16120 <-> DISABLED <-> PUA-TOOLBARS Trackware 6sq toolbar runtime detection (pua-toolbars.rules) * 1:16126 <-> DISABLED <-> PUA-ADWARE Trickler virusremover 2008 outbound connection (pua-adware.rules) * 1:16122 <-> DISABLED <-> PUA-ADWARE rogue antivirus xp 2008 runtime detection - buy (pua-adware.rules) * 1:16129 <-> DISABLED <-> MALWARE-OTHER Keylogger kamyab Keylogger v.3 runtime detection (malware-other.rules) * 1:16125 <-> DISABLED <-> MALWARE-OTHER Keylogger spyyahoo v2.2 runtime detection (malware-other.rules) * 1:16131 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker trojan zlob.dnz runtime detection - ads (malware-other.rules) * 1:16127 <-> DISABLED <-> PUA-ADWARE Adware superiorads runtime detection (pua-adware.rules) * 1:16133 <-> DISABLED <-> MALWARE-OTHER Trackware owlforce runtime detection - remote server #2 (malware-other.rules) * 1:16130 <-> DISABLED <-> MALWARE-OTHER Keylogger lord spy pro 1.4 runtime detection (malware-other.rules) * 1:16135 <-> DISABLED <-> PUA-ADWARE Adware spyware guard 2008 runtime detection - purchase page (pua-adware.rules) * 1:16132 <-> DISABLED <-> MALWARE-OTHER Trackware owlforce runtime detection - remote server #1 (malware-other.rules) * 1:16137 <-> DISABLED <-> MALWARE-OTHER Keylogger cheat monitor runtime detection (malware-other.rules) * 1:16134 <-> DISABLED <-> PUA-ADWARE Adware spyware guard 2008 runtime detection - contacts remote server (pua-adware.rules) * 1:16141 <-> DISABLED <-> SERVER-OTHER Kaspersky Online Scanner trojaned Dll download attempt (server-other.rules) * 1:16136 <-> DISABLED <-> PUA-ADWARE Hijacker xp antispyware 2009 runtime detection - pre-sale webpage (pua-adware.rules) * 1:16153 <-> DISABLED <-> FILE-IMAGE Microsoft Windows malformed WMF meta escape record memory corruption attempt (file-image.rules) * 1:16138 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool 0desa msn pass stealer 8.5 runtime detection (malware-tools.rules) * 1:16156 <-> DISABLED <-> FILE-MULTIMEDIA Windows Media Player ASF marker object memory corruption attempt (file-multimedia.rules) * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:16158 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Runtime malformed ASF codec memory corruption attempt (os-windows.rules) * 1:16154 <-> DISABLED <-> FILE-EXECUTABLE GDI+ .NET image property parsing memory corruption (file-executable.rules) * 1:16168 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 integer overflow denial of service attempt (os-windows.rules) * 1:16157 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed ASF voice codec memory corruption attempt (os-windows.rules) * 1:16174 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D progressive mesh continuation off by one index attempt (file-pdf.rules) * 1:16167 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSASS integer wrap denial of service attempt (os-windows.rules) * 1:16176 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.addStateModel remote corruption attempt (file-pdf.rules) * 1:16173 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D progressive mesh continuation pointer overwrite attempt (file-pdf.rules) * 1:16178 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel GDI+ Office Art Property Table remote code execution attempt (file-office.rules) * 1:16175 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.removeStateModel denial of service attempt (file-pdf.rules) * 1:16181 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI ASN.1 integer overflow attempt (os-windows.rules) * 1:16177 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word GDI+ Office Art Property Table remote code execution attempt (file-office.rules) * 1:16183 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows .NET MSIL CombineImpl suspicious usage attempt (file-executable.rules) * 1:16179 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET MSIL CLR interface multiple instantiation attempt (file-executable.rules) * 1:16185 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ compressed TIFF file parsing remote code execution attempt (os-windows.rules) * 1:16182 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET MSIL stack corruption attempt (file-executable.rules) * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules) * 1:16184 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:16220 <-> DISABLED <-> FILE-OTHER Adobe Shockwave director file malformed lcsr block memory corruption attempt (file-other.rules) * 1:16186 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ interlaced PNG file parsing heap overflow attempt (file-image.rules) * 1:16224 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes invalid tref box exploit attempt (file-multimedia.rules) * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:16226 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel integer field in row record improper validation remote code execution attempt (file-office.rules) * 1:16223 <-> DISABLED <-> FILE-OTHER Adobe Shockwave tSAC pointer overwrite attempt (file-other.rules) * 1:16228 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed StartObject record arbitrary code execution attempt (file-office.rules) * 1:16225 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Flash arbitrary memory access attempt (file-other.rules) * 1:16233 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel oversized ptgFuncVar cparams value buffer overflow attempt (file-office.rules) * 1:16227 <-> DISABLED <-> SERVER-OTHER Web Service on Devices API WSDAPI URL processing buffer corruption attempt (server-other.rules) * 1:16235 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SXDB record exploit attempt (file-office.rules) * 1:16229 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel oversized ib memory corruption attempt (file-office.rules) * 1:16237 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory NTDSA stack space exhaustion attempt (server-other.rules) * 1:16234 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules) * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules) * 1:16236 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SxView record exploit attempt (file-office.rules) * 1:16241 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FeatHdr BIFF record remote code execution attempt (file-office.rules) * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules) * 1:16245 <-> DISABLED <-> PUA-ADWARE rogue software xp police antivirus install-timedetection (pua-adware.rules) * 1:16240 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file Window/Pane record exploit attempt (file-office.rules) * 1:16247 <-> DISABLED <-> PUA-ADWARE rogue software spyware protect 2009 outbound connection - block (pua-adware.rules) * 1:16244 <-> DISABLED <-> PUA-ADWARE rogue software xp police antivirus runtime detection - purchase (pua-adware.rules) * 1:16249 <-> DISABLED <-> PUA-ADWARE rogue software ms antispyware 2009 runtime detection - pay (pua-adware.rules) * 1:16246 <-> DISABLED <-> PUA-ADWARE rogue software spyware protect 2009 outbound connection - purchase request (pua-adware.rules) * 1:16251 <-> DISABLED <-> PUA-ADWARE rogue software win pc defender outbound connection (pua-adware.rules) * 1:16248 <-> DISABLED <-> PUA-ADWARE rogue software ms antispyware 2009 runtime detection - start (pua-adware.rules) * 1:16253 <-> DISABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules) * 1:16250 <-> DISABLED <-> PUA-ADWARE rogue software win pc defender outbound connection (pua-adware.rules) * 1:16255 <-> DISABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules) * 1:16252 <-> DISABLED <-> PUA-ADWARE rogue software pro antispyware 2009 runtime detection - purchase (pua-adware.rules) * 1:16257 <-> DISABLED <-> PUA-ADWARE rogue software perfect defender 2009 outbound connection - update (pua-adware.rules) * 1:16254 <-> ENABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules) * 1:16259 <-> DISABLED <-> PUA-ADWARE rogue software antivirusdoktor2009 runtime detection (pua-adware.rules) * 1:16256 <-> DISABLED <-> PUA-ADWARE rogue software coreguard antivirus 2009 runtime detection (pua-adware.rules) * 1:16261 <-> DISABLED <-> PUA-ADWARE rogue software xp antivirus protection runtime detection - runtime (pua-adware.rules) * 1:16258 <-> DISABLED <-> PUA-ADWARE rogue software perfect defender 2009 outbound connection - purchase (pua-adware.rules) * 1:16263 <-> DISABLED <-> PUA-ADWARE rogue software xp-shield outbound connection - installation (pua-adware.rules) * 1:16260 <-> DISABLED <-> PUA-ADWARE rogue software xp antivirus protection runtime detection - installation (pua-adware.rules) * 1:16265 <-> DISABLED <-> PUA-ADWARE rogue software 007 anti-spyware runtime detection - register (pua-adware.rules) * 1:16262 <-> DISABLED <-> PUA-ADWARE rogue software xp-shield outbound connection (pua-adware.rules) * 1:16267 <-> DISABLED <-> PUA-ADWARE rogue software pc antispyware 2010 runtime detection - files (pua-adware.rules) * 1:16264 <-> DISABLED <-> PUA-ADWARE rogue software 007 anti-spyware runtime detection - update (pua-adware.rules) * 1:16277 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl outbound connection - downloads malicious files (pua-adware.rules) * 1:16266 <-> DISABLED <-> PUA-ADWARE rogue software pc antispyware 2010 runtime detection - buy (pua-adware.rules) * 1:16279 <-> DISABLED <-> PUA-ADWARE rogue-software windows antivirus 2008 runtime detection - pre-sale page (pua-adware.rules) * 1:16276 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl outbound connection (pua-adware.rules) * 1:16281 <-> DISABLED <-> PUA-P2P BitTorrent scrape request (pua-p2p.rules) * 1:16278 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl installime detection - updates remote server (pua-adware.rules) * 1:16285 <-> DISABLED <-> PROTOCOL-RPC AIX ttdbserv function 15 buffer overflow attempt (protocol-rpc.rules) * 1:16280 <-> DISABLED <-> PUA-ADWARE rogue-software windows antivirus 2008 runtime detection - registration and payment page (pua-adware.rules) * 1:16287 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt (os-windows.rules) * 1:16282 <-> DISABLED <-> PUA-P2P Bittorrent uTP peer request (pua-p2p.rules) * 1:16293 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Flash memory corruption attempt (file-other.rules) * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules) * 1:16309 <-> DISABLED <-> SERVER-ORACLE auth_sesskey buffer overflow attempt (server-oracle.rules) * 1:16290 <-> DISABLED <-> SERVER-ORACLE Oracle database server CREATE_TABLES SQL injection attempt (server-oracle.rules) * 1:16313 <-> DISABLED <-> FILE-EXECUTABLE download of executable content (file-executable.rules) * 1:16294 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP stack zero window size exploit attempt (os-windows.rules) * 1:16315 <-> DISABLED <-> FILE-FLASH Adobe Flash PlugIn check if file exists attempt (file-flash.rules) * 1:16312 <-> DISABLED <-> SERVER-IIS ADFS custom header arbitrary code execution attempt (server-iis.rules) * 1:16320 <-> DISABLED <-> FILE-IMAGE Adobe PNG empty sPLT exploit attempt (file-image.rules) * 1:16314 <-> DISABLED <-> FILE-OFFICE Microsoft Windows WordPad and Office text converter integer overflow attempt (file-office.rules) * 1:16322 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader oversized object width attempt (file-pdf.rules) * 1:16316 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed getPropertyLate actioncode attempt (file-flash.rules) * 1:16324 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader doc.export arbitrary file write attempt (file-pdf.rules) * 1:16321 <-> DISABLED <-> FILE-IMAGE Adobe tiff oversized image length attempt (file-image.rules) * 1:16327 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ TIFF RLE compressed data buffer overflow attempt (os-windows.rules) * 1:16323 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2k uninitialized QCC memory corruption attempt (file-pdf.rules) * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt (server-other.rules) * 1:16325 <-> DISABLED <-> FILE-PDF Adobe JPEG2k uninitialized QCC memory corruption attempt (file-pdf.rules) * 1:16336 <-> DISABLED <-> FILE-PDF Blackberry Server PDF JBIG2 numnewsyms remote code execution attempt (file-pdf.rules) * 1:16328 <-> DISABLED <-> FILE-OFFICE Microsoft Office Project file parsing arbitrary memory access attempt (file-office.rules) * 1:16345 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file HostList processing stack buffer overflow attempt (file-other.rules) * 1:16335 <-> DISABLED <-> FILE-PDF XPDF ObjectStream integer overflow (file-pdf.rules) * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:16337 <-> DISABLED <-> FILE-FLASH Adobe Flash Player directory traversal attempt (file-flash.rules) * 1:16349 <-> DISABLED <-> SERVER-MYSQL database Procedure Analyse denial of service attempt - 2 (server-mysql.rules) * 1:16346 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file InformixServerList processing stack buffer overflow attempt (file-other.rules) * 1:16354 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader start-of-file alternate header obfuscation (file-pdf.rules) * 1:16348 <-> DISABLED <-> SERVER-MYSQL database PROCEDURE ANALYSE denial of service attempt - 1 (server-mysql.rules) * 1:16356 <-> DISABLED <-> SERVER-IIS multiple extension code execution attempt (server-iis.rules) * 1:16350 <-> DISABLED <-> SERVER-OTHER ntp mode 7 denial of service attempt (server-other.rules) * 1:16361 <-> DISABLED <-> FILE-OFFICE Microsoft Office BMP header biClrUsed integer overflow attempt (file-office.rules) * 1:16355 <-> DISABLED <-> FILE-PDF Xpdf Splash DrawImage integer overflow attempt (file-pdf.rules) * 1:16365 <-> DISABLED <-> PUA-ADWARE OnlineGames download attempt (pua-adware.rules) * 1:16357 <-> DISABLED <-> PROTOCOL-FTP multiple extension code execution attempt (protocol-ftp.rules) * 1:16374 <-> DISABLED <-> SERVER-OTHER Oracle Internet Directory heap corruption attempt (server-other.rules) * 1:16363 <-> DISABLED <-> FILE-EXECUTABLE potentially executable file upload via FTP (file-executable.rules) * 1:16385 <-> DISABLED <-> SERVER-MYSQL yaSSL library cert parsing stack overflow attempt (server-mysql.rules) * 1:16366 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded OpenType font engine LZX decompression buffer overflow attempt (os-windows.rules) * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16381 <-> ENABLED <-> NETBIOS SMB session negotiation request (netbios.rules) * 1:16410 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint file LinkedSlide10Atom record parsing heap corruption attempt (file-office.rules) * 1:16390 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader alternate file magic obfuscation (file-pdf.rules) * 1:16436 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v2.90 v2.93-v3.00 packed file magic detected (file-identify.rules) * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16443 <-> DISABLED <-> POLICY-SOCIAL deny Gmail chat DNS request (policy-social.rules) * 1:16434 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.51-v0.61 packed file magic detected (file-identify.rules) * 1:16455 <-> DISABLED <-> MALWARE-OTHER Keylogger egyspy keylogger 1.13 runtime detection (malware-other.rules) * 1:16437 <-> DISABLED <-> SERVER-OTHER CVS Entry line flag remote heap overflow attempt (server-other.rules) * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules) * 1:16454 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt - empty SMB 2 (os-windows.rules) * 1:16476 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (file-identify.rules) * 1:16456 <-> DISABLED <-> PUA-ADWARE Rogue-Software ang antivirus 09 runtime detection (pua-adware.rules) * 1:16478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (file-identify.rules) * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:16480 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer exploit attempt (server-apache.rules) * 1:16477 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (file-identify.rules) * 1:16487 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - yes command attempt (malware-backdoor.rules) * 1:16479 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer exploit attempt - public shell code (server-apache.rules) * 1:16494 <-> DISABLED <-> PUA-ADWARE Cutwail spambot server communication attempt (pua-adware.rules) * 1:16486 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - command execution attempt (malware-backdoor.rules) * 1:16513 <-> DISABLED <-> SQL Jive Software Openfire Jabber Server SQL injection attempt (sql.rules) * 1:16488 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - write file attempt (malware-backdoor.rules) * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16498 <-> DISABLED <-> PUA-ADWARE PC Antispyware 2010 FakeAV download/update attempt (pua-adware.rules) * 1:16536 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio off-by-one in array index code execution attempt (file-office.rules) * 1:16525 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web login attempt (policy-social.rules) * 1:16539 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 BytesNeeded ring0 buffer overflow attempt (os-windows.rules) * 1:16535 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio improper attribute code execution attempt (file-office.rules) * 1:16550 <-> DISABLED <-> FILE-OTHER Oracle JRE Java Platform SE and Java Deployment Toolkit plugins code execution attempt - java-deployment-toolkit (file-other.rules) * 1:16538 <-> ENABLED <-> NETBIOS NT QUERY SECURITY DESC flowbit (netbios.rules) * 1:16553 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ptg index parsing code execution attempt (file-office.rules) * 1:16546 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader/Acrobat Pro CFF font parsing heap overflow attempt (file-pdf.rules) * 1:16557 <-> DISABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm inbound communication attempt (file-other.rules) * 1:16552 <-> DISABLED <-> FILE-IDENTIFY Adobe .pfb file download request (file-identify.rules) * 1:16563 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 3 (file-image.rules) * 1:16556 <-> ENABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm get request attempt (file-other.rules) * 1:16577 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 compound request DoS attempt (os-windows.rules) * 1:16562 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 2 (file-image.rules) * 1:16582 <-> DISABLED <-> FILE-OTHER Un4seen Developments XMPlay crafted ASX file buffer overflow attempt (file-other.rules) * 1:16564 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 4 (file-image.rules) * 1:16592 <-> DISABLED <-> BROWSER-OTHER Opera asynchronous document modifications attempted memory corruption (browser-other.rules) * 1:16579 <-> DISABLED <-> PUA-OTHER mIRC IRC URL buffer overflow attempt (pua-other.rules) * 1:16598 <-> DISABLED <-> SERVER-OTHER Green Dam URL handling overflow attempt (server-other.rules) * 1:16586 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules) * 1:16611 <-> DISABLED <-> SERVER-APACHE Apache 413 error HTTP request method cross-site scripting attack (server-apache.rules) * 1:16594 <-> ENABLED <-> PROTOCOL-POP STAT command (protocol-pop.rules) * 1:16613 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - cmd (indicator-compromise.rules) * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules) * 1:16615 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - upload (indicator-compromise.rules) * 1:16612 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox oversized SOCKS5 DNS reply memory corruption attempt (browser-firefox.rules) * 1:16617 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - encoder (indicator-compromise.rules) * 1:16614 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - search (indicator-compromise.rules) * 1:16619 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ps_aux (indicator-compromise.rules) * 1:16616 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - about (indicator-compromise.rules) * 1:16621 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - security (indicator-compromise.rules) * 1:16618 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - bind (indicator-compromise.rules) * 1:16623 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - eval (indicator-compromise.rules) * 1:16620 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ftpquickbrute (indicator-compromise.rules) * 1:16625 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - selfremove (indicator-compromise.rules) * 1:16622 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - sql (indicator-compromise.rules) * 1:16627 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ls (indicator-compromise.rules) * 1:16624 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - feedback (indicator-compromise.rules) * 1:16630 <-> ENABLED <-> FILE-IDENTIFY DAT file download request (file-identify.rules) * 1:16626 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - fsbuff (indicator-compromise.rules) * 1:16680 <-> DISABLED <-> APP-DETECT Tandberg VCS SSH default key (app-detect.rules) * 1:16628 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - phpinfo (indicator-compromise.rules) * 1:16689 <-> DISABLED <-> SERVER-OTHER Palo Alto Networks Firewall editUser.esp XSS attempt (server-other.rules) * 1:16655 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lbl record stack overflow attempt (file-office.rules) * 1:16696 <-> DISABLED <-> FILE-OTHER Astonsoft Deepburner db file path buffer overflow attempt (file-other.rules) * 1:16686 <-> DISABLED <-> SERVER-OTHER IBM WebSphere application server cross site scripting attempt (server-other.rules) * 1:16698 <-> DISABLED <-> PROTOCOL-FTP httpdx PASS null byte denial of service (protocol-ftp.rules) * 1:16691 <-> ENABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules) * 1:16708 <-> DISABLED <-> SERVER-MYSQL mysql_log COM_DROP_DB format string vulnerability exploit attempt (server-mysql.rules) * 1:16697 <-> DISABLED <-> PROTOCOL-FTP httpdx USER null byte denial of service (protocol-ftp.rules) * 1:16726 <-> DISABLED <-> FILE-OTHER gAlan malformed file stack overflow attempt (file-other.rules) * 1:16707 <-> DISABLED <-> SERVER-MYSQL mysql_log COM_CREATE_DB format string vulnerability exploit attempt (server-mysql.rules) * 1:16730 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules) * 1:16718 <-> DISABLED <-> PUA-OTHER Skype URI handler input validation exploit attempt (pua-other.rules) * 1:16732 <-> DISABLED <-> FILE-OTHER SafeNet SoftRemote multiple policy file local overflow attempt (file-other.rules) * 1:16727 <-> DISABLED <-> FILE-OTHER IDEAL Administration IPJ file handling stack overflow attempt (file-other.rules) * 1:16734 <-> DISABLED <-> FILE-OTHER multiple products malformed CUE file buffer overflow attempt (file-other.rules) * 1:16731 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules) * 1:16736 <-> DISABLED <-> FILE-OTHER VariCAD multiple products DWB file handling overflow attempt (file-other.rules) * 1:16733 <-> DISABLED <-> FILE-OTHER UltraISO CCD file handling overflow attempt (file-other.rules) * 1:16738 <-> DISABLED <-> FILE-MULTIMEDIA Xenorate Media Player XPL file handling overflow attempt - 2 (file-multimedia.rules) * 1:16735 <-> DISABLED <-> FILE-OTHER URSoft W32Dasm Import/Export function buffer overflow attempt (file-other.rules) * 1:16742 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file download request (file-identify.rules) * 1:16737 <-> DISABLED <-> FILE-MULTIMEDIA Xenorate Media Player XPL file handling overflow attempt - 1 (file-multimedia.rules) * 1:16744 <-> DISABLED <-> FILE-MULTIMEDIA Worldweaver DX Studio Player plug-in command injection attempt (file-multimedia.rules) * 1:16739 <-> DISABLED <-> FILE-MULTIMEDIA Multiple audio players playlist file handling heap overflow attempt (file-multimedia.rules) * 1:16795 <-> DISABLED <-> BROWSER-CHROME Google Chrome FTP handling out-of-bounds array index denial of service attempt (browser-chrome.rules) * 1:16743 <-> DISABLED <-> FILE-OTHER Cain & Abel Remote Desktop Protocol file handling buffer overflow attempt (file-other.rules) * 1:16801 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll remote memory corruption denial of service attempt (file-pdf.rules) * 1:16787 <-> DISABLED <-> FILE-OTHER Symantec multiple products AeXNSConsoleUtilities RunCMD buffer overflow attempt (file-other.rules) * 1:16935 <-> DISABLED <-> POLICY-SPAM sjtu-edp.cn known spam email attempt (policy-spam.rules) * 1:16799 <-> DISABLED <-> SERVER-MAIL Eureka Mail 2.2q server error response overflow attempt (server-mail.rules) * 1:16937 <-> DISABLED <-> POLICY-SPAM bestdrug-store.com known spam email attempt (policy-spam.rules) * 1:16934 <-> DISABLED <-> POLICY-SPAM pku-edp.cn known spam email attempt (policy-spam.rules) * 1:16939 <-> DISABLED <-> POLICY-SPAM refillleonardo59y.ru known spam email attempt (policy-spam.rules) * 1:16936 <-> DISABLED <-> POLICY-SPAM xoposuhop.cn xoposuhop.cn known spam email attempt (policy-spam.rules) * 1:16941 <-> DISABLED <-> POLICY-SPAM drugshershel38w.ru known spam email attempt (policy-spam.rules) * 1:16938 <-> DISABLED <-> POLICY-SPAM pharmrik66y.ru known spam email attempt (policy-spam.rules) * 1:16943 <-> DISABLED <-> POLICY-SPAM erectguthry99c.ru known spam email attempt (policy-spam.rules) * 1:16940 <-> DISABLED <-> POLICY-SPAM medfreddie55a.ru known spam email attempt (policy-spam.rules) * 1:16945 <-> DISABLED <-> POLICY-SPAM tabwinn77t.ru known spam email attempt (policy-spam.rules) * 1:16942 <-> DISABLED <-> POLICY-SPAM drugshayyim77n.ru known spam email attempt (policy-spam.rules) * 1:16947 <-> DISABLED <-> POLICY-SPAM pharmrolland95h.ru known spam email attempt (policy-spam.rules) * 1:16944 <-> DISABLED <-> POLICY-SPAM pilldory92n.ru known spam email attempt (policy-spam.rules) * 1:16949 <-> DISABLED <-> POLICY-SPAM erectnormie71a.ru known spam email attempt (policy-spam.rules) * 1:16946 <-> DISABLED <-> POLICY-SPAM pillrenault15j.ru known spam email attempt (policy-spam.rules) * 1:16951 <-> DISABLED <-> POLICY-SPAM drugsjudd45f.ru known spam email attempt (policy-spam.rules) * 1:16948 <-> DISABLED <-> POLICY-SPAM onlineheindrick60i.ru known spam email attempt (policy-spam.rules) * 1:16953 <-> DISABLED <-> POLICY-SPAM medgaultiero11e.ru known spam email attempt (policy-spam.rules) * 1:16950 <-> DISABLED <-> POLICY-SPAM tabscotti71i.ru known spam email attempt (policy-spam.rules) * 1:16955 <-> DISABLED <-> POLICY-SPAM drugspenn84f.ru known spam email attempt (policy-spam.rules) * 1:16952 <-> DISABLED <-> POLICY-SPAM pharmharman55y.ru known spam email attempt (policy-spam.rules) * 1:16957 <-> DISABLED <-> POLICY-SPAM tabmario94r.ru known spam email attempt (policy-spam.rules) * 1:16954 <-> DISABLED <-> POLICY-SPAM pillgaylor21n.ru known spam email attempt (policy-spam.rules) * 1:16959 <-> DISABLED <-> POLICY-SPAM medforster79j.ru known spam email attempt (policy-spam.rules) * 1:16956 <-> DISABLED <-> POLICY-SPAM medebeneser68c.ru known spam email attempt (policy-spam.rules) * 1:16961 <-> DISABLED <-> POLICY-SPAM drugsdemott21o.ru known spam email attempt (policy-spam.rules) * 1:16958 <-> DISABLED <-> POLICY-SPAM tablennard88q.ru known spam email attempt (policy-spam.rules) * 1:16963 <-> DISABLED <-> POLICY-SPAM erecttaylor49i.ru known spam email attempt (policy-spam.rules) * 1:16960 <-> DISABLED <-> POLICY-SPAM erectvincent21v.ru known spam email attempt (policy-spam.rules) * 1:16965 <-> DISABLED <-> POLICY-SPAM givehome.ru known spam email attempt (policy-spam.rules) * 1:16962 <-> DISABLED <-> POLICY-SPAM onlinelovell30p.ru known spam email attempt (policy-spam.rules) * 1:16967 <-> DISABLED <-> POLICY-SPAM wereif.ru known spam email attempt (policy-spam.rules) * 1:16964 <-> DISABLED <-> POLICY-SPAM smellexact.ru known spam email attempt (policy-spam.rules) * 1:16969 <-> DISABLED <-> POLICY-SPAM steadfig.ru known spam email attempt (policy-spam.rules) * 1:16966 <-> DISABLED <-> POLICY-SPAM thingpath.ru known spam email attempt (policy-spam.rules) * 1:16971 <-> DISABLED <-> POLICY-SPAM mystick.ru known spam email attempt (policy-spam.rules) * 1:16968 <-> DISABLED <-> POLICY-SPAM bassmax.ru known spam email attempt (policy-spam.rules) * 1:16973 <-> DISABLED <-> POLICY-SPAM milklowly.ru known spam email attempt (policy-spam.rules) * 1:16970 <-> DISABLED <-> POLICY-SPAM drugsmayne5a.ru known spam email attempt (policy-spam.rules) * 1:16975 <-> DISABLED <-> POLICY-SPAM oldsheer.ru known spam email attempt (policy-spam.rules) * 1:16972 <-> DISABLED <-> POLICY-SPAM drugsrey95a.ru known spam email attempt (policy-spam.rules) * 1:16977 <-> DISABLED <-> POLICY-SPAM energypotent.ru known spam email attempt (policy-spam.rules) * 1:16974 <-> DISABLED <-> POLICY-SPAM numberenough.ru known spam email attempt (policy-spam.rules) * 1:16979 <-> DISABLED <-> POLICY-SPAM solvecalm.ru known spam email attempt (policy-spam.rules) * 1:16976 <-> DISABLED <-> POLICY-SPAM logzest.ru known spam email attempt (policy-spam.rules) * 1:16981 <-> DISABLED <-> POLICY-SPAM livelycall.ru known spam email attempt (policy-spam.rules) * 1:16978 <-> DISABLED <-> POLICY-SPAM outhave.ru known spam email attempt (policy-spam.rules) * 1:16983 <-> DISABLED <-> POLICY-SPAM heatsettle.ru known spam email attempt (policy-spam.rules) * 1:16980 <-> DISABLED <-> POLICY-SPAM stillvisit.ru known spam email attempt (policy-spam.rules) * 1:16985 <-> DISABLED <-> POLICY-SPAM extoleye.ru known spam email attempt (policy-spam.rules) * 1:16982 <-> DISABLED <-> POLICY-SPAM 64.com1.ru known spam email attempt (policy-spam.rules) * 1:16988 <-> DISABLED <-> POLICY-SPAM moderneight.ru known spam email attempt (policy-spam.rules) * 1:16984 <-> DISABLED <-> POLICY-SPAM freshmuch.ru known spam email attempt (policy-spam.rules) * 1:16990 <-> DISABLED <-> POLICY-SPAM nextmail.ru known spam email attempt (policy-spam.rules) * 1:16987 <-> DISABLED <-> POLICY-SPAM tabemmerich86b.ru known spam email attempt (policy-spam.rules) * 1:16992 <-> DISABLED <-> POLICY-SPAM liquideat.ru known spam email attempt (policy-spam.rules) * 1:16989 <-> DISABLED <-> POLICY-SPAM tabferd49a.ru known spam email attempt (policy-spam.rules) * 1:16994 <-> DISABLED <-> POLICY-SPAM abletool.ru known spam email attempt (policy-spam.rules) * 1:16991 <-> DISABLED <-> POLICY-SPAM fruitone.ru known spam email attempt (policy-spam.rules) * 1:16996 <-> DISABLED <-> POLICY-SPAM quincytab.ru known spam email attempt (policy-spam.rules) * 1:16993 <-> DISABLED <-> POLICY-SPAM tabwinn2a.ru known spam email attempt (policy-spam.rules) * 1:16998 <-> DISABLED <-> POLICY-SPAM drugsnevile.ru known spam email attempt (policy-spam.rules) * 1:16995 <-> DISABLED <-> POLICY-SPAM miltyrefil.ru known spam email attempt (policy-spam.rules) * 1:17000 <-> DISABLED <-> POLICY-SPAM ximenezdrug.ru known spam email attempt (policy-spam.rules) * 1:16997 <-> DISABLED <-> POLICY-SPAM giacoporx.ru known spam email attempt (policy-spam.rules) * 1:17002 <-> DISABLED <-> POLICY-SPAM swellliquid.ru known spam email attempt (policy-spam.rules) * 1:16999 <-> DISABLED <-> POLICY-SPAM jasemed.ru known spam email attempt (policy-spam.rules) * 1:17004 <-> DISABLED <-> POLICY-SPAM 2047757.kaskad-travel.ru known spam email attempt (policy-spam.rules) * 1:17001 <-> DISABLED <-> POLICY-SPAM dillonline.ru known spam email attempt (policy-spam.rules) * 1:17006 <-> DISABLED <-> POLICY-SPAM lovingover.ru known spam email attempt (policy-spam.rules) * 1:17003 <-> DISABLED <-> POLICY-SPAM younglaugh.ru known spam email attempt (policy-spam.rules) * 1:17008 <-> DISABLED <-> POLICY-SPAM hisoffer.ru known spam email attempt (policy-spam.rules) * 1:17005 <-> DISABLED <-> POLICY-SPAM paintwater.ru known spam email attempt (policy-spam.rules) * 1:17010 <-> DISABLED <-> POLICY-SPAM starknow.ru known spam email attempt (policy-spam.rules) * 1:17007 <-> DISABLED <-> POLICY-SPAM pharmerastus.ru known spam email attempt (policy-spam.rules) * 1:17012 <-> DISABLED <-> POLICY-SPAM oneus.ru known spam email attempt (policy-spam.rules) * 1:17009 <-> DISABLED <-> POLICY-SPAM butleft.ru known spam email attempt (policy-spam.rules) * 1:17014 <-> DISABLED <-> POLICY-SPAM rowsay.ru known spam email attempt (policy-spam.rules) * 1:17011 <-> DISABLED <-> POLICY-SPAM beginwisdom.ru known spam email attempt (policy-spam.rules) * 1:17016 <-> DISABLED <-> POLICY-SPAM boxdouble.ru known spam email attempt (policy-spam.rules) * 1:17013 <-> DISABLED <-> POLICY-SPAM reapcomfy.ru known spam email attempt (policy-spam.rules) * 1:17018 <-> DISABLED <-> POLICY-SPAM ensureequate.ru known spam email attempt (policy-spam.rules) * 1:17015 <-> DISABLED <-> POLICY-SPAM pamperletter.ru known spam email attempt (policy-spam.rules) * 1:17021 <-> DISABLED <-> POLICY-SPAM nearpass.ru known spam email attempt (policy-spam.rules) * 1:17017 <-> DISABLED <-> POLICY-SPAM beatmoon.ru known spam email attempt (policy-spam.rules) * 1:17023 <-> DISABLED <-> POLICY-SPAM hillfoot.ru known spam email attempt (policy-spam.rules) * 1:17020 <-> DISABLED <-> POLICY-SPAM sheerwheel.ru known spam email attempt (policy-spam.rules) * 1:17025 <-> DISABLED <-> POLICY-SPAM thoughthese.ru known spam email attempt (policy-spam.rules) * 1:17022 <-> DISABLED <-> POLICY-SPAM thatmile.ru known spam email attempt (policy-spam.rules) * 1:17027 <-> DISABLED <-> POLICY-SPAM scoreenjoy.ru known spam email attempt (policy-spam.rules) * 1:17024 <-> DISABLED <-> POLICY-SPAM writeobject.ru known spam email attempt (policy-spam.rules) * 1:17030 <-> DISABLED <-> POLICY-SPAM fewvalley.ru known spam email attempt (policy-spam.rules) * 1:17026 <-> DISABLED <-> POLICY-SPAM redlead.ru known spam email attempt (policy-spam.rules) * 1:17032 <-> DISABLED <-> POLICY-SPAM centtry.ru known spam email attempt (policy-spam.rules) * 1:17029 <-> DISABLED <-> POLICY-SPAM tenderpower.ru known spam email attempt (policy-spam.rules) * 1:17041 <-> DISABLED <-> SERVER-OTHER ISA Server OTP-based Forms-authorization fallback policy bypass attempt (server-other.rules) * 1:17031 <-> DISABLED <-> POLICY-SPAM burnshy.ru known spam email attempt (policy-spam.rules) * 1:17059 <-> DISABLED <-> PROTOCOL-FTP Vermillion 1.31 vftpd port command memory corruption (protocol-ftp.rules) * 1:17033 <-> DISABLED <-> POLICY-SPAM signpearl.ru known spam email attempt (policy-spam.rules) * 1:17105 <-> DISABLED <-> FILE-OTHER FeedDemon unicode OPML file handling buffer overflow attempt (file-other.rules) * 1:17044 <-> ENABLED <-> SQL WinCC DB default password security bypass attempt (sql.rules) * 1:17110 <-> DISABLED <-> APP-DETECT VxWorks remote debugging agent login attempt (app-detect.rules) * 1:17104 <-> DISABLED <-> FILE-OTHER FeedDemon OPML file handling buffer overflow attempt (file-other.rules) * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules) * 1:17109 <-> DISABLED <-> SERVER-ORACLE Oracle Java Web Console logging functionality format string exploit attempt (server-oracle.rules) * 1:17125 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 MaxDataCount overflow attempt (os-windows.rules) * 1:17112 <-> DISABLED <-> OS-WINDOWS DCERPC rpcss2 _RemoteGetClassObject attempt (os-windows.rules) * 1:17141 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid data precision arbitrary code execution exploit attempt (file-flash.rules) * 1:17118 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET CreateDelegate method arbitrary code execution attempt (file-executable.rules) * 1:17151 <-> ENABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (netbios.rules) * 1:17126 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB large session length with small packet (os-windows.rules) * 1:17181 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM record exploit attempt (file-other.rules) * 1:17142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF ActionScript exploit attempt (file-flash.rules) * 1:17183 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC record exploit attempt (file-other.rules) * 1:17180 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM record exploit attempt (file-other.rules) * 1:17185 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17182 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC record exploit attempt (file-other.rules) * 1:17187 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17184 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC record exploit attempt (file-other.rules) * 1:17189 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17186 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17192 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:17188 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17196 <-> DISABLED <-> FILE-OTHER Adobe Director file exploit attempt (file-other.rules) * 1:17190 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:17198 <-> DISABLED <-> FILE-OTHER Adobe Director file exploit attempt (file-other.rules) * 1:17193 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:17200 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM overflow attempt (file-other.rules) * 1:17197 <-> DISABLED <-> FILE-OTHER Adobe Director file exploit attempt (file-other.rules) * 1:17203 <-> DISABLED <-> FILE-OTHER Adobe Director file file rcsL overflow attempt (file-other.rules) * 1:17199 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director file lRTX overflow attempt (file-other.rules) * 1:17216 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari TABLE tag with large CELLSPACING attribute exploit attempt (browser-webkit.rules) * 1:17201 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director file LsCM overflow attempt (file-other.rules) * 1:17218 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari LI tag with large VALUE attribute exploit attempt (browser-webkit.rules) * 1:17204 <-> DISABLED <-> FILE-OTHER Adobe Director file mmap overflow attempt (file-other.rules) * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:17217 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari invalid FRAME tag remote code execution attempt (browser-webkit.rules) * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules) * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:17257 <-> DISABLED <-> FILE-FLASH Adobe Flash Player and Reader remote code execution attempt (file-flash.rules) * 1:17240 <-> DISABLED <-> SERVER-MAIL Multiple IMAP server literal CREATE command buffer overflow attempt (server-mail.rules) * 1:17267 <-> DISABLED <-> FILE-OTHER Multiple vendor malformed ZIP archive Antivirus detection bypass attempt (file-other.rules) * 1:17249 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSASS integer overflow attempt (os-windows.rules) * 1:17278 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (file-other.rules) * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules) * 1:17319 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MCAtom remote code execution attempt (file-office.rules) * 1:17277 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (file-other.rules) * 1:17327 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules) * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules) * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules) * 1:17320 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MCAtom remote code execution attempt (file-office.rules) * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules) * 1:17332 <-> ENABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules) * 1:17396 <-> ENABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules) * 1:17364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules) * 1:17418 <-> ENABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules) * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules) * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules) * 1:17417 <-> DISABLED <-> SERVER-ORACLE Database Intermedia Denial of Service Attempt (server-oracle.rules) * 1:17503 <-> DISABLED <-> SERVER-MAIL MailEnable IMAP Service Invalid Command Buffer Overlow LOGIN (server-mail.rules) * 1:17426 <-> ENABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules) * 1:17537 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel unspecified memory corruption attempt (file-office.rules) * 1:17445 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules) * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules) * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules) * 1:17539 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel unspecified memory corruption attempt (file-office.rules) * 1:17667 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Pragmatic General Multicast Protocol memory consumption denial of service attempt (os-windows.rules) * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules) * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules) * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules) * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules) * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules) * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules) * 1:17755 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unchecked index value remote code execution attempt (file-office.rules) * 1:17745 <-> ENABLED <-> NETBIOS SMB TRANS2 Find_First2 request attempt (netbios.rules) * 1:17773 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player Firefox plugin memory corruption attempt (file-multimedia.rules) * 1:17754 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word bookmark bound check remote code execution attempt (file-office.rules) * 1:17782 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple registers from external source (protocol-scada.rules) * 1:17763 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel GhostRw record exploit attempt (file-office.rules) * 1:17784 <-> DISABLED <-> PROTOCOL-SCADA Modbus write single coil from external source (protocol-scada.rules) * 1:17776 <-> DISABLED <-> FILE-JAVA Oracle Java HsbParser.getSoundBank stack buffer overflow attempt (file-java.rules) * 1:17786 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record from external source (protocol-scada.rules) * 1:17783 <-> DISABLED <-> PROTOCOL-SCADA Modbus write single register from external source (protocol-scada.rules) * 1:17788 <-> DISABLED <-> PROTOCOL-SCADA Modbus read coils from external source (protocol-scada.rules) * 1:17785 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple coils from external source (protocol-scada.rules) * 1:17790 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding registers from external source (protocol-scada.rules) * 1:17787 <-> DISABLED <-> PROTOCOL-SCADA Modbus read discrete inputs from external source (protocol-scada.rules) * 1:17792 <-> DISABLED <-> PROTOCOL-SCADA Modbus read fifo queue from external source (protocol-scada.rules) * 1:17789 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input register from external source (protocol-scada.rules) * 1:17794 <-> DISABLED <-> PROTOCOL-SCADA Modbus read exception status from external source (protocol-scada.rules) * 1:17791 <-> DISABLED <-> PROTOCOL-SCADA Modbus read/write multiple registers from external source (protocol-scada.rules) * 1:17796 <-> DISABLED <-> PROTOCOL-SCADA Modbus get com event counter from external source (protocol-scada.rules) * 1:17793 <-> DISABLED <-> PROTOCOL-SCADA Modbus read file record from external source (protocol-scada.rules) * 1:17798 <-> DISABLED <-> PROTOCOL-SCADA Modbus report slave id from external source (protocol-scada.rules) * 1:17795 <-> DISABLED <-> PROTOCOL-SCADA Modbus initiate diagnostic from external source (protocol-scada.rules) * 1:17800 <-> DISABLED <-> PROTOCOL-SCADA Modbus mask write register from external source (protocol-scada.rules) * 1:17797 <-> DISABLED <-> PROTOCOL-SCADA Modbus get com event log from external source (protocol-scada.rules) * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:17799 <-> DISABLED <-> PROTOCOL-SCADA Modbus read device identification from external source (protocol-scada.rules) * 1:17810 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of server32.exe (indicator-compromise.rules) * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:17813 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of iprinp.dll (indicator-compromise.rules) * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules) * 1:17817 <-> DISABLED <-> SERVER-OTHER Thinkpoint fake antivirus binary download (server-other.rules) * 1:17812 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of iexplore.exe (indicator-compromise.rules) * 1:17919 <-> DISABLED <-> POLICY-SPAM akiq.onlinetommie54y.ru known spam email attempt (policy-spam.rules) * 1:17814 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of winzf32.dll (indicator-compromise.rules) * 1:17921 <-> DISABLED <-> POLICY-SPAM argue.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:17918 <-> DISABLED <-> POLICY-SPAM aaof.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17923 <-> DISABLED <-> POLICY-SPAM axoseb.medicdrugsxck.ru known spam email attempt (policy-spam.rules) * 1:17920 <-> DISABLED <-> POLICY-SPAM aobuii.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17925 <-> DISABLED <-> POLICY-SPAM back.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:17922 <-> DISABLED <-> POLICY-SPAM ava.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17927 <-> DISABLED <-> POLICY-SPAM cardinals.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:17924 <-> DISABLED <-> POLICY-SPAM azo.onlinetommie54y.ru known spam email attempt (policy-spam.rules) * 1:17929 <-> DISABLED <-> POLICY-SPAM chula.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:17926 <-> DISABLED <-> POLICY-SPAM by.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:17931 <-> DISABLED <-> POLICY-SPAM compensate.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:17928 <-> DISABLED <-> POLICY-SPAM chemist.onlineruggiero33q.ru known spam email attempt (policy-spam.rules) * 1:17933 <-> DISABLED <-> POLICY-SPAM current.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17930 <-> DISABLED <-> POLICY-SPAM classification.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17935 <-> DISABLED <-> POLICY-SPAM deepcenter.ru known spam email attempt (policy-spam.rules) * 1:17932 <-> DISABLED <-> POLICY-SPAM cswjlxey.ru known spam email attempt (policy-spam.rules) * 1:17937 <-> DISABLED <-> POLICY-SPAM diet.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:17934 <-> DISABLED <-> POLICY-SPAM cyacaz.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17939 <-> DISABLED <-> POLICY-SPAM divyo.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:17936 <-> DISABLED <-> POLICY-SPAM delegate.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17941 <-> DISABLED <-> POLICY-SPAM dux.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17938 <-> DISABLED <-> POLICY-SPAM direct.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17943 <-> DISABLED <-> POLICY-SPAM eaihar.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17940 <-> DISABLED <-> POLICY-SPAM drugsgeorge65g.ru known spam email attempt (policy-spam.rules) * 1:17945 <-> DISABLED <-> POLICY-SPAM egi.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17942 <-> DISABLED <-> POLICY-SPAM dypoh.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:17947 <-> DISABLED <-> POLICY-SPAM eka.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:17944 <-> DISABLED <-> POLICY-SPAM eeez.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:17949 <-> DISABLED <-> POLICY-SPAM elik.drugslevy46b.ru known spam email attempt (policy-spam.rules) * 1:17946 <-> DISABLED <-> POLICY-SPAM ehyw.cumedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:17951 <-> DISABLED <-> POLICY-SPAM erectgodart30s.ru known spam email attempt (policy-spam.rules) * 1:17948 <-> DISABLED <-> POLICY-SPAM election.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17953 <-> DISABLED <-> POLICY-SPAM exa.drugslevy46b.ru known spam email attempt (policy-spam.rules) * 1:17950 <-> DISABLED <-> POLICY-SPAM epeno.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17955 <-> DISABLED <-> POLICY-SPAM fashionchannel.ru known spam email attempt (policy-spam.rules) * 1:17952 <-> DISABLED <-> POLICY-SPAM erol.camedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:17957 <-> DISABLED <-> POLICY-SPAM food.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17954 <-> DISABLED <-> POLICY-SPAM eyu.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:17959 <-> DISABLED <-> POLICY-SPAM goyry.ramedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:17956 <-> DISABLED <-> POLICY-SPAM fauxy.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:17961 <-> DISABLED <-> POLICY-SPAM has.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17958 <-> DISABLED <-> POLICY-SPAM generality.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:17963 <-> DISABLED <-> POLICY-SPAM headtest.ru known spam email attempt (policy-spam.rules) * 1:17960 <-> DISABLED <-> POLICY-SPAM gueepa.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17965 <-> DISABLED <-> POLICY-SPAM hyem.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17962 <-> DISABLED <-> POLICY-SPAM have.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:17967 <-> DISABLED <-> POLICY-SPAM iiy.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17964 <-> DISABLED <-> POLICY-SPAM huhuh.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17969 <-> DISABLED <-> POLICY-SPAM iner.medicdrugsxdl.ru known spam email attempt (policy-spam.rules) * 1:17966 <-> DISABLED <-> POLICY-SPAM icysa.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17971 <-> DISABLED <-> POLICY-SPAM intelpost.ru known spam email attempt (policy-spam.rules) * 1:17968 <-> DISABLED <-> POLICY-SPAM iki.onlinetommie54y.ru known spam email attempt (policy-spam.rules) * 1:17973 <-> DISABLED <-> POLICY-SPAM ipiig.drugslevy46b.ru known spam email attempt (policy-spam.rules) * 1:17970 <-> DISABLED <-> POLICY-SPAM in.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:17975 <-> DISABLED <-> POLICY-SPAM is.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:17972 <-> DISABLED <-> POLICY-SPAM inunuw.medicdrugsxpo.ru known spam email attempt (policy-spam.rules) * 1:17977 <-> DISABLED <-> POLICY-SPAM ive.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17974 <-> DISABLED <-> POLICY-SPAM iqor.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17979 <-> DISABLED <-> POLICY-SPAM iycyde.medicdrugsxco.ru known spam email attempt (policy-spam.rules) * 1:17976 <-> DISABLED <-> POLICY-SPAM itaca.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17981 <-> DISABLED <-> POLICY-SPAM jaecoh.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17978 <-> DISABLED <-> POLICY-SPAM iweqyz.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:17983 <-> DISABLED <-> POLICY-SPAM jex.remedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:17980 <-> DISABLED <-> POLICY-SPAM iyw.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17985 <-> DISABLED <-> POLICY-SPAM joseph.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17982 <-> DISABLED <-> POLICY-SPAM jael.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:17987 <-> DISABLED <-> POLICY-SPAM jyzyv.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17984 <-> DISABLED <-> POLICY-SPAM john.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:17989 <-> DISABLED <-> POLICY-SPAM lybah.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17986 <-> DISABLED <-> POLICY-SPAM jyn.medicdrugsxdl.ru known spam email attempt (policy-spam.rules) * 1:17991 <-> DISABLED <-> POLICY-SPAM masa.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:17988 <-> DISABLED <-> POLICY-SPAM koosaf.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17993 <-> DISABLED <-> POLICY-SPAM minionspre.ru known spam email attempt (policy-spam.rules) * 1:17990 <-> DISABLED <-> POLICY-SPAM manila.onlinephilbert42f.ru known spam email attempt (policy-spam.rules) * 1:17995 <-> DISABLED <-> POLICY-SPAM negotiations.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:17992 <-> DISABLED <-> POLICY-SPAM medpenny17j.ru known spam email attempt (policy-spam.rules) * 1:17997 <-> DISABLED <-> POLICY-SPAM odimys.medicdrugsxlb.ru known spam email attempt (policy-spam.rules) * 1:17994 <-> DISABLED <-> POLICY-SPAM nazuwu.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17999 <-> DISABLED <-> POLICY-SPAM oekaka.aimedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:17996 <-> DISABLED <-> POLICY-SPAM niqiv.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:18001 <-> DISABLED <-> POLICY-SPAM of.onlinephilbert42f.ru known spam email attempt (policy-spam.rules) * 1:17998 <-> DISABLED <-> POLICY-SPAM odoog.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:18003 <-> DISABLED <-> POLICY-SPAM of.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:18000 <-> DISABLED <-> POLICY-SPAM oeqio.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:18005 <-> DISABLED <-> POLICY-SPAM oji.medicdrugsxto.ru known spam email attempt (policy-spam.rules) * 1:18002 <-> DISABLED <-> POLICY-SPAM of.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:18007 <-> DISABLED <-> POLICY-SPAM opy.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:18004 <-> DISABLED <-> POLICY-SPAM oipek.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18009 <-> DISABLED <-> POLICY-SPAM ouu.almedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:18006 <-> DISABLED <-> POLICY-SPAM onotye.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:18011 <-> DISABLED <-> POLICY-SPAM pillrolfe64l.ru known spam email attempt (policy-spam.rules) * 1:18008 <-> DISABLED <-> POLICY-SPAM orderbuzz.ru known spam email attempt (policy-spam.rules) * 1:18013 <-> DISABLED <-> POLICY-SPAM records.onlinephilbert42f.ru known spam email attempt (policy-spam.rules) * 1:18010 <-> DISABLED <-> POLICY-SPAM oxuc.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18015 <-> DISABLED <-> POLICY-SPAM research.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:18012 <-> DISABLED <-> POLICY-SPAM recently.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:18017 <-> DISABLED <-> POLICY-SPAM right.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:18014 <-> DISABLED <-> POLICY-SPAM reobaj.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18019 <-> DISABLED <-> POLICY-SPAM ruuav.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:18016 <-> DISABLED <-> POLICY-SPAM returning.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:18021 <-> DISABLED <-> POLICY-SPAM software-buyshop-7.ru known spam email attempt (policy-spam.rules) * 1:18018 <-> DISABLED <-> POLICY-SPAM riwaro.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:18023 <-> DISABLED <-> POLICY-SPAM starring.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:18020 <-> DISABLED <-> POLICY-SPAM ryhux.medicdrugsxpa.ru known spam email attempt (policy-spam.rules) * 1:18025 <-> DISABLED <-> POLICY-SPAM sya.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18022 <-> DISABLED <-> POLICY-SPAM specialyou.ru known spam email attempt (policy-spam.rules) * 1:18027 <-> DISABLED <-> POLICY-SPAM tabgordan13n.ru known spam email attempt (policy-spam.rules) * 1:18024 <-> DISABLED <-> POLICY-SPAM store-softwarebuy-7.ru known spam email attempt (policy-spam.rules) * 1:18029 <-> DISABLED <-> POLICY-SPAM tabwebster77c.ru known spam email attempt (policy-spam.rules) * 1:18026 <-> DISABLED <-> POLICY-SPAM tabdarin80s.ru known spam email attempt (policy-spam.rules) * 1:18031 <-> DISABLED <-> POLICY-SPAM the.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:18028 <-> DISABLED <-> POLICY-SPAM tablangston19a.ru known spam email attempt (policy-spam.rules) * 1:18033 <-> DISABLED <-> POLICY-SPAM to.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:18030 <-> DISABLED <-> POLICY-SPAM tanuen.dimedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:18035 <-> DISABLED <-> POLICY-SPAM trusting-me.ru known spam email attempt (policy-spam.rules) * 1:18032 <-> DISABLED <-> POLICY-SPAM the.onlineruggiero33q.ru known spam email attempt (policy-spam.rules) * 1:18037 <-> DISABLED <-> POLICY-SPAM tyqaja.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:18034 <-> DISABLED <-> POLICY-SPAM trails.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:18039 <-> DISABLED <-> POLICY-SPAM uf.drugslevy46b.ru known spam email attempt (policy-spam.rules) * 1:18036 <-> DISABLED <-> POLICY-SPAM twodays.ru known spam email attempt (policy-spam.rules) * 1:18041 <-> DISABLED <-> POLICY-SPAM unasu.medicdrugsxto.ru known spam email attempt (policy-spam.rules) * 1:18038 <-> DISABLED <-> POLICY-SPAM uboi.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18043 <-> DISABLED <-> POLICY-SPAM utuqaj.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18040 <-> DISABLED <-> POLICY-SPAM uielij.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18045 <-> DISABLED <-> POLICY-SPAM variation.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:18042 <-> DISABLED <-> POLICY-SPAM upazo.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:18047 <-> DISABLED <-> POLICY-SPAM voiceless.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:18044 <-> DISABLED <-> POLICY-SPAM uuji.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:18049 <-> DISABLED <-> POLICY-SPAM word.onlinephilbert42f.ru known spam email attempt (policy-spam.rules) * 1:18046 <-> DISABLED <-> POLICY-SPAM via.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:18051 <-> DISABLED <-> POLICY-SPAM www.buhni.ru known spam email attempt (policy-spam.rules) * 1:18048 <-> DISABLED <-> POLICY-SPAM was.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:18053 <-> DISABLED <-> POLICY-SPAM xob.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:18050 <-> DISABLED <-> POLICY-SPAM world.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:18055 <-> DISABLED <-> POLICY-SPAM yit.medicdrugsxor.ru known spam email attempt (policy-spam.rules) * 1:18052 <-> DISABLED <-> POLICY-SPAM www.visitcover.ru known spam email attempt (policy-spam.rules) * 1:18057 <-> DISABLED <-> POLICY-SPAM ymyuto.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:18054 <-> DISABLED <-> POLICY-SPAM ygy.onlinetommie54y.ru known spam email attempt (policy-spam.rules) * 1:18059 <-> DISABLED <-> POLICY-SPAM yzugez.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18056 <-> DISABLED <-> POLICY-SPAM ylum.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:18061 <-> DISABLED <-> POLICY-SPAM zueuz.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18058 <-> DISABLED <-> POLICY-SPAM yomy.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18071 <-> DISABLED <-> FILE-OFFICE Microsoft Office pptimpconv.dll dll-load exploit attempt (file-office.rules) * 1:18060 <-> DISABLED <-> POLICY-SPAM zeroprices.ru known spam email attempt (policy-spam.rules) * 1:18073 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG arbitrary embedded scripting attempt (os-windows.rules) * 1:18070 <-> DISABLED <-> FILE-OFFICE Microsoft Office pptimpconv.dll dll-load exploit attempt (file-office.rules) * 1:18077 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules) * 1:18072 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG external redirect attempt (os-windows.rules) * 1:18096 <-> DISABLED <-> SERVER-APACHE Apache Tomcat username enumeration attempt (server-apache.rules) * 1:18074 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Forefront UAG URL XSS attempt (os-windows.rules) * 1:18170 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox and SeaMonkey onUnload event handler memory corruption attempt (browser-firefox.rules) * 1:18078 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules) * 1:18177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (browser-firefox.rules) * 1:18132 <-> DISABLED <-> INDICATOR-OBFUSCATION malware-associated JavaScript obfuscation function (indicator-obfuscation.rules) * 1:18179 <-> DISABLED <-> INDICATOR-SCAN Proxyfire.net anonymous proxy scan (indicator-scan.rules) * 1:18176 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (browser-firefox.rules) * 1:18181 <-> DISABLED <-> PROTOCOL-FTP ProFTPd 1.3.3c backdoor activity (protocol-ftp.rules) * 1:18178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (browser-firefox.rules) * 1:18186 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products -moz-grid and -moz-grid-group display styles code execution attempt (browser-firefox.rules) * 1:18180 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript remote code execution attempt (file-flash.rules) * 1:18188 <-> DISABLED <-> BROWSER-FIREFOX Multiple browser marquee tag denial of service attempt (browser-firefox.rules) * 1:18182 <-> DISABLED <-> PROTOCOL-FTP ProFTPd 1.3.3c backdoor help access attempt (protocol-ftp.rules) * 1:18202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Address Book smmscrpt.dll malicious DLL load (os-windows.rules) * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules) * 1:18208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet peerdist.dll dll-load exploit attempt (os-windows.rules) * 1:18195 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt (os-windows.rules) * 1:18210 <-> DISABLED <-> OS-WINDOWS Microsoft Movie Maker hhctrl.ocx dll-load attempt (os-windows.rules) * 1:18203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Address Book smmscrpt.dll malicious DLL load (os-windows.rules) * 1:18213 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher column and row remote code execution attempt (file-office.rules) * 1:18209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet peerdist.dll dll-load exploit attempt (os-windows.rules) * 1:18215 <-> DISABLED <-> OS-WINDOWS NETAPI RPC interface reboot attempt (os-windows.rules) * 1:18211 <-> DISABLED <-> OS-WINDOWS Microsoft Movie Maker hhctrl.ocx dll-load attempt (os-windows.rules) * 1:18222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18214 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 97 conversion remote code execution attempt (file-office.rules) * 1:18224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malformed character glyph remote code execution attempt (os-windows.rules) * 1:18226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (os-windows.rules) * 1:18223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (os-windows.rules) * 1:18229 <-> DISABLED <-> FILE-IMAGE Microsoft FlashPix tile length overflow attempt (file-image.rules) * 1:18225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18231 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher oversized oti length attempt (file-office.rules) * 1:18227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18236 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFFIM32.FLT filter memory corruption attempt (file-office.rules) * 1:18230 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules) * 1:18249 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Route Information stack buffer overflow attempt (protocol-icmp.rules) * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:18262 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript engine function arguments memory corruption attempt (browser-firefox.rules) * 1:18246 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Fax Services Cover Page Editor overflow attempt (os-windows.rules) * 1:18264 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript deleted frame or window reference attempt (browser-firefox.rules) * 1:18261 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript engine String.toSource memory corruption attempt (browser-firefox.rules) * 1:18267 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:18263 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript deleted frame or window reference attempt (browser-firefox.rules) * 1:18274 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules) * 1:18266 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:18286 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products element style change memory corruption code execution attempt (browser-firefox.rules) * 1:18273 <-> ENABLED <-> FILE-IDENTIFY BAT file download request (file-identify.rules) * 1:18301 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox GeckoActiveXObject memory corruption attempt (browser-firefox.rules) * 1:18276 <-> DISABLED <-> FILE-OTHER Microsoft Data Access Components library attempt (file-other.rules) * 1:18312 <-> DISABLED <-> SERVER-OTHER Subversion 1.0.2 get-dated-rev buffer overflow attempt (server-other.rules) * 1:18298 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript large regex memory corruption attempt (browser-firefox.rules) * 1:18320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt (os-windows.rules) * 1:18302 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox new function garbage collection remote code execution attempt (browser-firefox.rules) * 1:18327 <-> DISABLED <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt (protocol-scada.rules) * 1:18315 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrValidateName2 overflow attempt (os-windows.rules) * 1:18396 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hypervisor OS-WINDOWS vfd download attempt (os-windows.rules) * 1:18326 <-> DISABLED <-> PROTOCOL-FTP ProFTPD mod_site_misc module directory traversal attempt (protocol-ftp.rules) * 1:18400 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CRSS local process allowed to persist through logon or logoff attempt (os-windows.rules) * 1:18332 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JS Web Worker arbitrary code execution attempt (browser-firefox.rules) * 1:18406 <-> DISABLED <-> FILE-OTHER Microsoft Windows Server 2003 update service principal name spn dos executable attempt (file-other.rules) * 1:18397 <-> DISABLED <-> SERVER-OTHER HP DDMI Agent spoofing - command execution (server-other.rules) * 1:18408 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WMI tracing api integer truncation attempt (os-windows.rules) * 1:18405 <-> ENABLED <-> OS-WINDOWS Microsoft Windows LSASS domain name buffer overflow attempt (os-windows.rules) * 1:18410 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys write message to dead thread code execution attempt (os-windows.rules) * 1:18407 <-> DISABLED <-> FILE-OTHER Microsoft Windows Server 2003 update service principal name spn dos attempt (file-other.rules) * 1:18412 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules) * 1:18409 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys write message to dead thread code execution attempt (os-windows.rules) * 1:18414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos auth downgrade to DES MITM attempt (os-windows.rules) * 1:18411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules) * 1:18418 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript apply function memory corruption attempt (file-flash.rules) * 1:18413 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WMI tracing api integer truncation attempt (os-windows.rules) * 1:18420 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript ASnative function remote code execution attempt (file-flash.rules) * 1:18415 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio deserialization double free attempt (file-office.rules) * 1:18426 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin sqlite.dll dll-load exploit attempt (file-other.rules) * 1:18419 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader field flags exploit attempt (file-pdf.rules) * 1:18432 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader d3dref9.dll dll-load exploit attempt (file-pdf.rules) * 1:18421 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript beginGradientFill memory corruption attempt (file-flash.rules) * 1:18434 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin ace.dll dll-load exploit attempt (file-other.rules) * 1:18431 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin sqlite.dll dll-load exploit attempt (file-pdf.rules) * 1:18436 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin bibutils.dll dll-load exploit attempt (file-other.rules) * 1:18433 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader d3dref9.dll dll-load exploit attempt (file-other.rules) * 1:18438 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin cryptocme2.dll dll-load exploit attempt (file-other.rules) * 1:18435 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin agm.dll dll-load exploit attempt (file-other.rules) * 1:18440 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin agm.dll dll-load exploit attempt (file-pdf.rules) * 1:18437 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin cooltype.dll dll-load exploit attempt (file-other.rules) * 1:18442 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin cooltype.dll dll-load exploit attempt (file-pdf.rules) * 1:18439 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin ace.dll dll-load exploit attempt (file-pdf.rules) * 1:18444 <-> DISABLED <-> FILE-FLASH Adobe Flash Player forged atom type attempt (file-flash.rules) * 1:18441 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin bibutils.dll dll-load exploit attempt (file-pdf.rules) * 1:18446 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player nvapi.dll dll-load exploit attempt (file-flash.rules) * 1:18443 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin cryptocme2.dll dll-load exploit attempt (file-pdf.rules) * 1:18449 <-> DISABLED <-> FILE-OTHER Adobe Acrobat font definition memory corruption attempt (file-other.rules) * 1:18445 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player nvapi.dll dll-load exploit attempt (file-flash.rules) * 1:18455 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed jpeg2000 superbox attempt (file-pdf.rules) * 1:18447 <-> DISABLED <-> FILE-FLASH Adobe OpenAction crafted URI action thru Firefox attempt (file-flash.rules) * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules) * 1:18452 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:18474 <-> DISABLED <-> PROTOCOL-ICMP ICMPv6 Echo Request (protocol-icmp.rules) * 1:18456 <-> DISABLED <-> FILE-PDF Adobe Acrobat XML entity escape attempt (file-pdf.rules) * 1:18485 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript handler race condition memory corruption attempt (browser-firefox.rules) * 1:18473 <-> DISABLED <-> PROTOCOL-ICMP ICMPv6 Echo Reply (protocol-icmp.rules) * 1:18488 <-> DISABLED <-> FILE-OTHER Adobe Photoshop wintab32.dll dll-load exploit attempt (file-other.rules) * 1:18477 <-> DISABLED <-> SERVER-MAIL Lotus Notes MIF viewer statement data overflow 2 (server-mail.rules) * 1:18493 <-> DISABLED <-> INDICATOR-OBFUSCATION generic PHP code obfuscation attempt (indicator-obfuscation.rules) * 1:18486 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript handler race condition memory corruption attempt (browser-firefox.rules) * 1:18502 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Actionlf out of range negative offset attempt (file-flash.rules) * 1:18489 <-> DISABLED <-> FILE-OTHER Adobe Photoshop request for wintab32.dll over SMB attempt (file-other.rules) * 1:18504 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionConstantPool overflow attempt (file-flash.rules) * 1:18501 <-> DISABLED <-> OS-WINDOWS Microsoft Malware Protection Engine elevation of privilege attempt (os-windows.rules) * 1:18508 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit ParentStyleSheet exploit attempt (browser-webkit.rules) * 1:18503 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript flash.geom.Point constructor memory corruption attempt (file-flash.rules) * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:18505 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionPush overflow attempt (file-flash.rules) * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:18509 <-> DISABLED <-> SERVER-OTHER PeerCast format string exploit attempt (server-other.rules) * 1:18530 <-> DISABLED <-> FILE-OTHER Adobe Premier Pro ibfs32.dll dll-load exploit attempt (file-other.rules) * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:18565 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for mail.google.com detected (indicator-compromise.rules) * 1:18529 <-> DISABLED <-> FILE-OTHER Adobe Premiere Pro ibfs32.dll dll-load exploit attempt (file-other.rules) * 1:18567 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (indicator-compromise.rules) * 1:18550 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint with embedded Flash file attachment (file-office.rules) * 1:18569 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (indicator-compromise.rules) * 1:18566 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for www.google.com detected (indicator-compromise.rules) * 1:18571 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for addons.mozilla.org detected (indicator-compromise.rules) * 1:18568 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (indicator-compromise.rules) * 1:18573 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for global trustee detected (indicator-compromise.rules) * 1:18570 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.skype.com detected (indicator-compromise.rules) * 1:18580 <-> DISABLED <-> PROTOCOL-FTP ACCT overflow attempt (protocol-ftp.rules) * 1:18572 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.live.com detected (indicator-compromise.rules) * 1:18598 <-> DISABLED <-> SERVER-OTHER GoodTech SSH Server SFTP Processing Buffer Overflow (server-other.rules) * 1:18576 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate from usertrust.com detected (indicator-compromise.rules) * 1:18605 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService path overflow attempt (protocol-scada.rules) * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules) * 1:18607 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService file information access attempt (protocol-scada.rules) * 1:18604 <-> DISABLED <-> MALWARE-OTHER lizamoon script injection (malware-other.rules) * 1:18609 <-> DISABLED <-> APP-DETECT Dropbox desktop software in use (app-detect.rules) * 1:18606 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService file access attempt (protocol-scada.rules) * 1:18614 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink vrn.exe file access attempt (protocol-scada.rules) * 1:18608 <-> DISABLED <-> APP-DETECT Dropbox desktop software in use (app-detect.rules) * 1:18619 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc40.dll dll-load exploit attempt (os-windows.rules) * 1:18610 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink vrn.exe opcode 9 or 10 string parsing overflow attempt (protocol-scada.rules) * 1:18621 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc80.dll dll-load exploit attempt (os-windows.rules) * 1:18617 <-> DISABLED <-> SERVER-OTHER Tecnomatix FactoryLink CSService null pointer attempt (server-other.rules) * 1:18623 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc100.dll dll-load exploit attempt (os-windows.rules) * 1:18620 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc42.dll dll-load exploit attempt (os-windows.rules) * 1:18625 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc40.dll dll-load exploit attempt (os-windows.rules) * 1:18622 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc90.dll dll-load exploit attempt (os-windows.rules) * 1:18627 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc80.dll dll-load exploit attempt (os-windows.rules) * 1:18624 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET framework optimizer escalation attempt (os-windows.rules) * 1:18629 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc100.dll dll-load exploit attempt (os-windows.rules) * 1:18626 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc42.dll dll-load exploit attempt (os-windows.rules) * 1:18633 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules) * 1:18628 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc90.dll dll-load exploit attempt (os-windows.rules) * 1:18636 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint SlideAtom record exploit attempt (file-office.rules) * 1:18631 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:18641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record invalid cmo.ot exploit attempt (file-office.rules) * 1:18634 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Workspace file FontCount record memory corruption attempt (file-office.rules) * 1:18644 <-> DISABLED <-> FILE-OTHER Microsoft Windows OpenType Fonts CompactFontFormat FontMatrix tranform memory corruption attempt (file-other.rules) * 1:18637 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint OfficeArt atom memory corruption attempt (file-office.rules) * 1:18652 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template operation overflow attempt (protocol-scada.rules) * 1:18642 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules) * 1:18660 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 write packet buffer overflow attempt (os-windows.rules) * 1:18645 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ arbitrary code execution attempt (file-image.rules) * 1:18662 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18658 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CONNECT_FCS_LOGIN overflow attempt (protocol-scada.rules) * 1:18664 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18661 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18666 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18663 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:18665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18685 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules) * 1:18667 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18721 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1C84 integer overflow attempt (protocol-scada.rules) * 1:18684 <-> DISABLED <-> FILE-PDF PDF file with embedded PDF object (file-pdf.rules) * 1:18725 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 heap overflow attempt (protocol-scada.rules) * 1:18691 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AFD.SYS null write attempt (os-windows.rules) * 1:18727 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 heap overflow attempt (protocol-scada.rules) * 1:18722 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1C84 integer overflow attempt (protocol-scada.rules) * 1:18729 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBC heap overflow attempt (protocol-scada.rules) * 1:18726 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B2 heap overflow attempt (protocol-scada.rules) * 1:18731 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0453 integer overflow attempt (protocol-scada.rules) * 1:18728 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DAE heap overflow attempt (protocol-scada.rules) * 1:18733 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18730 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x089A integer overflow attempt (protocol-scada.rules) * 1:18735 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18732 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18737 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18734 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18744 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN vlc player subtitle buffer overflow attempt (file-multimedia.rules) * 1:18736 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18747 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_BINFILE_FCS_xFILE overflow attempt (protocol-scada.rules) * 1:18738 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B2 integer overflow attempt (protocol-scada.rules) * 1:18749 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CTAGLIST_FCS_XTAG overflow attempt (protocol-scada.rules) * 1:18746 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CTAGLIST_FCS_XTAG overflow attempt (protocol-scada.rules) * 1:18752 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_INFOTAG_SET_CONTROL overflow attempt (protocol-scada.rules) * 1:18748 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_MISC_FCS_MSGx overflow attempt (protocol-scada.rules) * 1:18763 <-> DISABLED <-> SERVER-OTHER ActFax Server LPD/LPR Remote Buffer Overflow (server-other.rules) * 1:18750 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_SCRIPT_FCS_STARTPROG overflow attempt (protocol-scada.rules) * 1:18778 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 integer overflow attempt (protocol-scada.rules) * 1:18758 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Visual Basic script file download request (file-identify.rules) * 1:18780 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x07D0 integer overflow attempt (protocol-scada.rules) * 1:18765 <-> DISABLED <-> SERVER-MAIL Majordomo2 smtp directory traversal attempt (server-mail.rules) * 1:18783 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DAE integer overflow attempt (protocol-scada.rules) * 1:18779 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 integer overflow attempt (protocol-scada.rules) * 1:18785 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0FA4 integer overflow attempt (protocol-scada.rules) * 1:18781 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x07D0 integer overflow attempt (protocol-scada.rules) * 1:18787 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBC integer overflow attempt (protocol-scada.rules) * 1:18784 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DB0 integer overflow attempt (protocol-scada.rules) * 1:18789 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x26AC integer overflow attempt (protocol-scada.rules) * 1:18786 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0FA7 integer overflow attempt (protocol-scada.rules) * 1:18811 <-> DISABLED <-> FILE-IDENTIFY .ade attachment file type blocked by Outlook detected (file-identify.rules) * 1:18788 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBD integer overflow attempt (protocol-scada.rules) * 1:18813 <-> DISABLED <-> FILE-IDENTIFY .app attachment file type blocked by Outlook detected (file-identify.rules) * 1:18805 <-> DISABLED <-> FILE-FLASH Adobe Flash Player undefined tag exploit attempt (file-flash.rules) * 1:18815 <-> DISABLED <-> FILE-IDENTIFY .bas attachment file type blocked by Outlook detected (file-identify.rules) * 1:18812 <-> DISABLED <-> FILE-IDENTIFY .adp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18817 <-> DISABLED <-> FILE-IDENTIFY .cer attachment file type blocked by Outlook detected (file-identify.rules) * 1:18814 <-> DISABLED <-> FILE-IDENTIFY .asp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18819 <-> DISABLED <-> FILE-IDENTIFY .cmd attachment file type blocked by Outlook detected (file-identify.rules) * 1:18816 <-> DISABLED <-> FILE-IDENTIFY .bat attachment file type blocked by Outlook detected (file-identify.rules) * 1:18821 <-> DISABLED <-> FILE-IDENTIFY .com attachment file type blocked by Outlook detected (file-identify.rules) * 1:18818 <-> DISABLED <-> FILE-IDENTIFY .chm attachment file type blocked by Outlook detected (file-identify.rules) * 1:18823 <-> DISABLED <-> FILE-IDENTIFY .crt attachment file type blocked by Outlook detected (file-identify.rules) * 1:18820 <-> DISABLED <-> FILE-IDENTIFY .cnt attachment file type blocked by Outlook detected (file-identify.rules) * 1:18825 <-> DISABLED <-> FILE-IDENTIFY .der attachment file type blocked by Outlook detected (file-identify.rules) * 1:18822 <-> DISABLED <-> FILE-IDENTIFY .cpl attachment file type blocked by Outlook detected (file-identify.rules) * 1:18827 <-> DISABLED <-> FILE-IDENTIFY .fxp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18824 <-> DISABLED <-> FILE-IDENTIFY .csh attachment file type blocked by Outlook detected (file-identify.rules) * 1:18829 <-> DISABLED <-> FILE-IDENTIFY .hlp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18826 <-> DISABLED <-> FILE-IDENTIFY .exe attachment file type blocked by Outlook detected (file-identify.rules) * 1:18831 <-> DISABLED <-> FILE-IDENTIFY .hta attachment file type blocked by Outlook detected (file-identify.rules) * 1:18828 <-> DISABLED <-> FILE-IDENTIFY .gadget attachment file type blocked by Outlook detected (file-identify.rules) * 1:18833 <-> DISABLED <-> FILE-IDENTIFY .ins attachment file type blocked by Outlook detected (file-identify.rules) * 1:18830 <-> DISABLED <-> FILE-IDENTIFY .hpj attachment file type blocked by Outlook detected (file-identify.rules) * 1:18835 <-> DISABLED <-> FILE-IDENTIFY .its attachment file type blocked by Outlook detected (file-identify.rules) * 1:18832 <-> DISABLED <-> FILE-IDENTIFY .inf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18837 <-> DISABLED <-> FILE-IDENTIFY .jse attachment file type blocked by Outlook detected (file-identify.rules) * 1:18834 <-> DISABLED <-> FILE-IDENTIFY .isp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18839 <-> DISABLED <-> FILE-IDENTIFY .lnk attachment file type blocked by Outlook detected (file-identify.rules) * 1:18836 <-> DISABLED <-> FILE-IDENTIFY .js attachment file type blocked by Outlook detected (file-identify.rules) * 1:18841 <-> DISABLED <-> FILE-IDENTIFY .maf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18838 <-> DISABLED <-> FILE-IDENTIFY .ksh attachment file type blocked by Outlook detected (file-identify.rules) * 1:18843 <-> DISABLED <-> FILE-IDENTIFY .mam attachment file type blocked by Outlook detected (file-identify.rules) * 1:18840 <-> DISABLED <-> FILE-IDENTIFY .mad attachment file type blocked by Outlook detected (file-identify.rules) * 1:18845 <-> DISABLED <-> FILE-IDENTIFY .mar attachment file type blocked by Outlook detected (file-identify.rules) * 1:18842 <-> DISABLED <-> FILE-IDENTIFY .mag attachment file type blocked by Outlook detected (file-identify.rules) * 1:18847 <-> DISABLED <-> FILE-IDENTIFY .mat attachment file type blocked by Outlook detected (file-identify.rules) * 1:18844 <-> DISABLED <-> FILE-IDENTIFY .maq attachment file type blocked by Outlook detected (file-identify.rules) * 1:18849 <-> DISABLED <-> FILE-IDENTIFY .mav attachment file type blocked by Outlook detected (file-identify.rules) * 1:18846 <-> DISABLED <-> FILE-IDENTIFY .mas attachment file type blocked by Outlook detected (file-identify.rules) * 1:18851 <-> DISABLED <-> FILE-IDENTIFY .mda attachment file type blocked by Outlook detected (file-identify.rules) * 1:18848 <-> DISABLED <-> FILE-IDENTIFY .mau attachment file type blocked by Outlook detected (file-identify.rules) * 1:18853 <-> DISABLED <-> FILE-IDENTIFY .mde attachment file type blocked by Outlook detected (file-identify.rules) * 1:18850 <-> DISABLED <-> FILE-IDENTIFY .maw attachment file type blocked by Outlook detected (file-identify.rules) * 1:18855 <-> DISABLED <-> FILE-IDENTIFY .mdw attachment file type blocked by Outlook detected (file-identify.rules) * 1:18852 <-> DISABLED <-> FILE-IDENTIFY .mdb attachment file type blocked by Outlook detected (file-identify.rules) * 1:18857 <-> DISABLED <-> FILE-IDENTIFY .msc attachment file type blocked by Outlook detected (file-identify.rules) * 1:18854 <-> DISABLED <-> FILE-IDENTIFY .mdt attachment file type blocked by Outlook detected (file-identify.rules) * 1:18859 <-> DISABLED <-> FILE-IDENTIFY .msh1 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18856 <-> DISABLED <-> FILE-IDENTIFY .mdz attachment file type blocked by Outlook detected (file-identify.rules) * 1:18861 <-> DISABLED <-> FILE-IDENTIFY .mshxml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18858 <-> DISABLED <-> FILE-IDENTIFY .msh attachment file type blocked by Outlook detected (file-identify.rules) * 1:18863 <-> DISABLED <-> FILE-IDENTIFY .msh2xml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18860 <-> DISABLED <-> FILE-IDENTIFY .msh2 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18865 <-> DISABLED <-> FILE-IDENTIFY .msp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18862 <-> DISABLED <-> FILE-IDENTIFY .msh1xml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18867 <-> DISABLED <-> FILE-IDENTIFY .ops attachment file type blocked by Outlook detected (file-identify.rules) * 1:18864 <-> DISABLED <-> FILE-IDENTIFY .msi attachment file type blocked by Outlook detected (file-identify.rules) * 1:18869 <-> DISABLED <-> FILE-IDENTIFY .pcd attachment file type blocked by Outlook detected (file-identify.rules) * 1:18866 <-> DISABLED <-> FILE-IDENTIFY .mst attachment file type blocked by Outlook detected (file-identify.rules) * 1:18871 <-> DISABLED <-> FILE-IDENTIFY .plg attachment file type blocked by Outlook detected (file-identify.rules) * 1:18868 <-> DISABLED <-> FILE-IDENTIFY .osd attachment file type blocked by Outlook detected (file-identify.rules) * 1:18873 <-> DISABLED <-> FILE-IDENTIFY .prg attachment file type blocked by Outlook detected (file-identify.rules) * 1:18870 <-> DISABLED <-> FILE-IDENTIFY .pif attachment file type blocked by Outlook detected (file-identify.rules) * 1:18875 <-> DISABLED <-> FILE-IDENTIFY .reg attachment file type blocked by Outlook detected (file-identify.rules) * 1:18872 <-> DISABLED <-> FILE-IDENTIFY .prf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18877 <-> DISABLED <-> FILE-IDENTIFY .scr attachment file type blocked by Outlook detected (file-identify.rules) * 1:18874 <-> DISABLED <-> FILE-IDENTIFY .pst attachment file type blocked by Outlook detected (file-identify.rules) * 1:18879 <-> DISABLED <-> FILE-IDENTIFY .shb attachment file type blocked by Outlook detected (file-identify.rules) * 1:18876 <-> DISABLED <-> FILE-IDENTIFY .scf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18881 <-> DISABLED <-> FILE-IDENTIFY .ps1 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18878 <-> DISABLED <-> FILE-IDENTIFY .sct attachment file type blocked by Outlook detected (file-identify.rules) * 1:18883 <-> DISABLED <-> FILE-IDENTIFY .ps2 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18880 <-> DISABLED <-> FILE-IDENTIFY .shs attachment file type blocked by Outlook detected (file-identify.rules) * 1:18885 <-> DISABLED <-> FILE-IDENTIFY .psc1 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18882 <-> DISABLED <-> FILE-IDENTIFY .ps1xml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18887 <-> DISABLED <-> FILE-IDENTIFY .tmp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18884 <-> DISABLED <-> FILE-IDENTIFY .ps2xml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18889 <-> DISABLED <-> FILE-IDENTIFY .vb attachment file type blocked by Outlook detected (file-identify.rules) * 1:18886 <-> DISABLED <-> FILE-IDENTIFY .psc2 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18891 <-> DISABLED <-> FILE-IDENTIFY .vbp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18888 <-> DISABLED <-> FILE-IDENTIFY .url attachment file type blocked by Outlook detected (file-identify.rules) * 1:18893 <-> DISABLED <-> FILE-IDENTIFY .vsmacros attachment file type blocked by Outlook detected (file-identify.rules) * 1:18890 <-> DISABLED <-> FILE-IDENTIFY .vbe attachment file type blocked by Outlook detected (file-identify.rules) * 1:18895 <-> DISABLED <-> FILE-IDENTIFY .ws attachment file type blocked by Outlook detected (file-identify.rules) * 1:18892 <-> DISABLED <-> FILE-IDENTIFY .vbs attachment file type blocked by Outlook detected (file-identify.rules) * 1:18897 <-> DISABLED <-> FILE-IDENTIFY .wsf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18894 <-> DISABLED <-> FILE-IDENTIFY .vsw attachment file type blocked by Outlook detected (file-identify.rules) * 1:18899 <-> DISABLED <-> FILE-IDENTIFY .xnk attachment file type blocked by Outlook detected (file-identify.rules) * 1:18896 <-> DISABLED <-> FILE-IDENTIFY .wsc attachment file type blocked by Outlook detected (file-identify.rules) * 1:18933 <-> DISABLED <-> SERVER-OTHER SolarWinds TFTP Server Read request denial of service attempt (server-other.rules) * 1:18898 <-> DISABLED <-> FILE-IDENTIFY .wsh attachment file type blocked by Outlook detected (file-identify.rules) * 1:18963 <-> DISABLED <-> FILE-FLASH Adobe ActionScript 3 addEventListener exploit attempt (file-flash.rules) * 1:18931 <-> DISABLED <-> SERVER-APACHE Apache Struts OGNL parameter interception bypass command execution attempt (server-apache.rules) * 1:18965 <-> DISABLED <-> FILE-FLASH Adobe Flash file ActionScript 2 ActionJump remote code execution attempt (file-flash.rules) * 1:18950 <-> DISABLED <-> OS-WINDOWS Microsoft WINS service oversize payload exploit attempt (os-windows.rules) * 1:18967 <-> DISABLED <-> FILE-FLASH Adobe ActionScript argumentCount download attempt (file-flash.rules) * 1:18964 <-> DISABLED <-> FILE-FLASH Adobe Flash file DefineFont4 remote code execution attempt (file-flash.rules) * 1:18969 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript ActionIf integer overflow attempt (file-flash.rules) * 1:18966 <-> DISABLED <-> FILE-FLASH Adobe Flash file DefineFont4 remote code execution attempt (file-flash.rules) * 1:18971 <-> DISABLED <-> FILE-FLASH Adobe Flash beginGradientfill improper color validation attempt (file-flash.rules) * 1:18968 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript3 stack integer overflow attempt (file-flash.rules) * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules) * 1:18970 <-> DISABLED <-> FILE-FLASH Adobe Flash Player null pointer dereference attempt (file-flash.rules) * 1:19020 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cc dns query (indicator-compromise.rules) * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules) * 1:19043 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.BestBoan outbound connection (pua-adware.rules) * 1:19015 <-> DISABLED <-> POLICY-SPAM visiopharm-3d.eu known spam email attempt (policy-spam.rules) * 1:19046 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.Winwebsec outbound connection (pua-adware.rules) * 1:19026 <-> DISABLED <-> PUA-ADWARE Smart Protector outbound connection (pua-adware.rules) * 1:19061 <-> DISABLED <-> PUA-ADWARE Adware.Win32.Cashtitan contact to server attempt (pua-adware.rules) * 1:19044 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.ThinkPoint outbound connection (pua-adware.rules) * 1:19068 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19059 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.SystemDefragmenter outbound connection (pua-adware.rules) * 1:19070 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19067 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19106 <-> DISABLED <-> MALWARE-OTHER Keylogger Ardamax keylogger runtime detection - http (malware-other.rules) * 1:19069 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19125 <-> DISABLED <-> PROTOCOL-DNS ISC BIND DNSSEC authority response record overflow attempt (protocol-dns.rules) * 1:19075 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript uuencoded eval statement (indicator-obfuscation.rules) * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:19122 <-> DISABLED <-> POLICY-SPAM appledownload.com known spam email attempt (policy-spam.rules) * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:19179 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site request forgery attempt (file-flash.rules) * 1:19135 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Buterat Checkin (malware-backdoor.rules) * 1:19188 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (os-windows.rules) * 1:19178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site request forgery attempt (file-flash.rules) * 1:19190 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System GET_DFS_REFERRAL request (netbios.rules) * 1:19185 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET ArraySegment escape exploit attempt (os-windows.rules) * 1:19199 <-> DISABLED <-> OS-WINDOWS Smb2Create_Finalize malformed EndOfFile field exploit attempt (os-windows.rules) * 1:19189 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans2 Distributed File System response PathConsumed integer overflow attempt (os-windows.rules) * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules) * 1:19191 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 zero length write attempt (os-windows.rules) * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:19200 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff exploit attempt (file-office.rules) * 1:19229 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules) * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules) * 1:19231 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Series record exploit attempt (file-office.rules) * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules) * 1:19233 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Visual Studio DISCO file download request (file-identify.rules) * 1:19230 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules) * 1:19247 <-> DISABLED <-> FILE-IMAGE Adobe jpeg 2000 image exploit attempt (file-image.rules) * 1:19232 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel XF record exploit attempt (file-office.rules) * 1:19249 <-> DISABLED <-> FILE-FLASH Adobe Universal3D meshes.removeItem exploit attempt (file-flash.rules) * 1:19234 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio information disclosure attempt (os-windows.rules) * 1:19251 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CIDFont dictionary glyph width corruption attempt (file-pdf.rules) * 1:19248 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D texture continuation integer overflow attempt (file-pdf.rules) * 1:19253 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious language.engtesselate.ln file download attempt (file-pdf.rules) * 1:19250 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D file include overflow attempt (file-pdf.rules) * 1:19255 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC ProfileDescriptionTag overflow attempt (file-pdf.rules) * 1:19252 <-> ENABLED <-> FILE-IDENTIFY language.engtesselate.ln file download request (file-identify.rules) * 1:19261 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF8 invalid Selection.cref exploit attempt (file-office.rules) * 1:19254 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript in PDF go-to actions exploit attempt (file-pdf.rules) * 1:19297 <-> ENABLED <-> SERVER-OTHER sidename.js script injection (server-other.rules) * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:19299 <-> ENABLED <-> SERVER-OTHER banner.txt access - possible compromised multi-mesh injection server (server-other.rules) * 1:19289 <-> ENABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules) * 1:19301 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules) * 1:19298 <-> ENABLED <-> SERVER-OTHER cssminibar.js script injection (server-other.rules) * 1:19309 <-> DISABLED <-> PUA-ADWARE hijacker starware videos outbound connection (pua-adware.rules) * 1:19300 <-> DISABLED <-> FILE-OTHER probable multi-mesh injection attack (file-other.rules) * 1:19318 <-> DISABLED <-> MALWARE-OTHER Dos.Tool.LOIC UDP default U dun goofed attack (malware-other.rules) * 1:19302 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules) * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:19311 <-> DISABLED <-> PUA-ADWARE Keylogger aspy v2.12 runtime detection (pua-adware.rules) * 1:19325 <-> DISABLED <-> MALWARE-OTHER Keylogger WL-Keylogger outbound connection (malware-other.rules) * 1:19319 <-> DISABLED <-> MALWARE-OTHER Dos.Tool.LOIC TCP default U dun goofed attack (malware-other.rules) * 1:19327 <-> DISABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules) * 1:19324 <-> ENABLED <-> MALWARE-OTHER Keylogger WL-Keylogger inbound connection (malware-other.rules) * 1:19334 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules) * 1:19326 <-> ENABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules) * 1:19336 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules) * 1:19333 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules) * 1:19338 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules) * 1:19335 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules) * 1:19362 <-> DISABLED <-> MALWARE-OTHER generic IRC botnet connection (malware-other.rules) * 1:19337 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules) * 1:19365 <-> DISABLED <-> PROTOCOL-VOIP Time Stop Header invalid value (protocol-voip.rules) * 1:19354 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Agent.bhxn variant outbound connection (malware-backdoor.rules) * 1:19374 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules) * 1:19364 <-> DISABLED <-> PROTOCOL-VOIP Time Stop header invalid value (protocol-voip.rules) * 1:19376 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules) * 1:19373 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules) * 1:19378 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules) * 1:19375 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules) * 1:19380 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules) * 1:19377 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules) * 1:19382 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules) * 1:19379 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules) * 1:19384 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules) * 1:19381 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules) * 1:19386 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules) * 1:19383 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules) * 1:19388 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules) * 1:19385 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules) * 1:19392 <-> ENABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules) * 1:19387 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules) * 1:19409 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules) * 1:19391 <-> DISABLED <-> PUA-ADWARE Lost Door v3.0 (pua-adware.rules) * 1:19416 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPad download attempt (os-mobile.rules) * 1:19393 <-> DISABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules) * 1:19418 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPhone download attempt (os-mobile.rules) * 1:19410 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules) * 1:19422 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:19417 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPad download attempt (os-mobile.rules) * 1:19424 <-> ENABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules) * 1:19419 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPod download attempt (os-mobile.rules) * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules) * 1:19423 <-> ENABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules) * 1:19460 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRSS multiple consoles on a single process attempt (os-windows.rules) * 1:19425 <-> ENABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules) * 1:19462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRSS negative array index code execution attempt (os-windows.rules) * 1:19453 <-> DISABLED <-> PUA-ADWARE Sus.BancDI-B trojan outbound connection (pua-adware.rules) * 1:19464 <-> DISABLED <-> OS-WINDOWS Microsoft CSRSS integer overflow attempt (os-windows.rules) * 1:19461 <-> DISABLED <-> OS-WINDOWS Microsoft CSRSS NULL Fontface pointer attempt (os-windows.rules) * 1:19466 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio mfc71 dll-load exploit attempt (file-office.rules) * 1:19463 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRSS double free attempt (os-windows.rules) * 1:19468 <-> DISABLED <-> OS-WINDOWS Microsoft stale data code execution attempt (os-windows.rules) * 1:19465 <-> DISABLED <-> OS-WINDOWS Visio mfc71 dll-load attempt (os-windows.rules) * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:19467 <-> DISABLED <-> OS-WINDOWS Microsoft CSRSS NULL Fontface pointer attempt (os-windows.rules) * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (policy-other.rules) * 1:19469 <-> DISABLED <-> OS-WINDOWS Microsoft invalid message kernel-mode memory disclosure attempt (os-windows.rules) * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (policy-other.rules) * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (policy-other.rules) * 1:19551 <-> DISABLED <-> MALWARE-OTHER self-signed SSL certificate with default Internet Widgits Pty Ltd organization name (malware-other.rules) * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (policy-other.rules) * 1:19567 <-> DISABLED <-> PUA-ADWARE W32.Ackantta.C.mm mass-mailer outbound connection (pua-adware.rules) * 1:19486 <-> DISABLED <-> PUA-ADWARE W32.Fiala.A outbound connection (pua-adware.rules) * 1:19576 <-> DISABLED <-> PUA-ADWARE Antivirus Pro 2010 outbound connection (pua-adware.rules) * 1:19566 <-> DISABLED <-> PUA-ADWARE W32.Ackantta.C.mm mass-mailer outbound connection (pua-adware.rules) * 1:19594 <-> DISABLED <-> PUA-ADWARE Win32.Fruspam outbound connection (pua-adware.rules) * 1:19571 <-> DISABLED <-> PUA-ADWARE Antivirus Agent Pro outbound connection (pua-adware.rules) * 1:19598 <-> DISABLED <-> PUA-ADWARE Infostealer.Gampass outbound connection (pua-adware.rules) * 1:19578 <-> DISABLED <-> PUA-ADWARE Personal Guard 2009 outbound connection (pua-adware.rules) * 1:19602 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (server-other.rules) * 1:19595 <-> DISABLED <-> MALWARE-OTHER known malicious email string - You have received a Hallmark E-Card (malware-other.rules) * 1:19604 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (file-java.rules) * 1:19601 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspotrc file load exploit attempt (server-other.rules) * 1:19606 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word STSH record parsing memory corruption (file-office.rules) * 1:19603 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment .hotspotrc file load exploit attempt (file-java.rules) * 1:19609 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management upload directory traversal attempt (server-other.rules) * 1:19605 <-> DISABLED <-> SERVER-ORACLE Glass Fish Server malformed username cross site scripting attempt (server-oracle.rules) * 1:19619 <-> DISABLED <-> FILE-OTHER Adobe Audition assist.dll dll-load exploit attempt (file-other.rules) * 1:19607 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word STSH record parsing memory corruption (file-office.rules) * 1:19646 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:19617 <-> DISABLED <-> FILE-OTHER Adobe Audition assist.dll dll-load exploit attempt (file-other.rules) * 1:19648 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:19621 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (file-multimedia.rules) * 1:19665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop web access cross site scripting attempt - GET request (os-windows.rules) * 1:19647 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:19673 <-> DISABLED <-> OS-WINDOWS Microsoft Data Access Components bidlab.dll dll-load exploit attempt (os-windows.rules) * 1:19661 <-> DISABLED <-> SERVER-OTHER Alucar php shell download attempt (server-other.rules) * 1:19676 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid UMLDTOptions object exploit attempt (file-office.rules) * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules) * 1:19678 <-> DISABLED <-> SERVER-OTHER multiple products blacknurse ICMP denial of service attempt (server-other.rules) * 1:19674 <-> DISABLED <-> OS-WINDOWS Microsoft Data Access Components bidlab.dll dll-load exploit attempt (os-windows.rules) * 1:19680 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows CSRSS SrvDeviceEvent exploit attempt (file-executable.rules) * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules) * 1:19683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 buffer overflow attempt (file-flash.rules) * 1:19679 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows NDISTAPI Driver code execution attempt (file-executable.rules) * 1:19685 <-> DISABLED <-> FILE-FLASH Adobe Flash regular expression grouping depth buffer overflow attempt (file-flash.rules) * 1:19681 <-> DISABLED <-> OS-WINDOWS Microsoft Report Viewer reflect XSS attempt (os-windows.rules) * 1:19688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript BitmapData buffer overflow attempt (file-flash.rules) * 1:19684 <-> DISABLED <-> FILE-OTHER Adobe CFF font storage memory corruption attempt (file-other.rules) * 1:19690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript duplicateDoorInputArguments stack overwrite (file-flash.rules) * 1:19686 <-> DISABLED <-> FILE-FLASH Adobe Flash uninitialized bitmap structure memory corruption attempt (file-flash.rules) * 1:19692 <-> DISABLED <-> FILE-FLASH Adobe Flash cross-site request forgery attempt (file-flash.rules) * 1:19689 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript dynamic calculation double-free attempt (file-flash.rules) * 1:19717 <-> DISABLED <-> PUA-ADWARE Virus.Win32.Virut.ce outbound connection (pua-adware.rules) * 1:19691 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript File reference buffer overflow attempt (file-flash.rules) * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (policy-other.rules) * 1:19709 <-> DISABLED <-> SERVER-APACHE Apache APR apr_fn match infinite loop denial of service attempt (server-apache.rules) * 1:19741 <-> DISABLED <-> MALWARE-OTHER PWS.Win32.Scofted keylogger runtime detection (malware-other.rules) * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (policy-other.rules) * 1:19775 <-> DISABLED <-> PUA-ADWARE PWS.Win32.Ldpinch.gen outbound connection (pua-adware.rules) * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (policy-other.rules) * 1:19779 <-> DISABLED <-> INDICATOR-SCAN sqlmap SQL injection scan attempt (indicator-scan.rules) * 1:19747 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.GGDoor.22 variant outbound connection (malware-backdoor.rules) * 1:19806 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit SVG memory corruption attempt (browser-webkit.rules) * 1:19777 <-> DISABLED <-> PUA-ADWARE Fast Antivirus 2009 outbound connection (pua-adware.rules) * 1:19816 <-> ENABLED <-> NETBIOS Juniper NeoterisSetupService named pipe access attempt (netbios.rules) * 1:19780 <-> DISABLED <-> POLICY-OTHER logmein.com connection attempt (policy-other.rules) * 1:19823 <-> DISABLED <-> PUA-ADWARE Downloader.Banload.AKBB outbound connection (pua-adware.rules) * 1:19807 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit SVG memory corruption attempt (browser-webkit.rules) * 1:19835 <-> DISABLED <-> PUA-ADWARE Delphi-Piette Windows (pua-adware.rules) * 1:19817 <-> DISABLED <-> NETBIOS Juniper Odyssey Access Client DSSETUPSERVICE_CMD_UNINSTALL overflow attempt (netbios.rules) * 1:19838 <-> DISABLED <-> PUA-ADWARE Spyware Guard 2008 outbound connection (pua-adware.rules) * 1:19827 <-> DISABLED <-> PUA-ADWARE PWS-QQGame outbound connection (pua-adware.rules) * 1:19840 <-> DISABLED <-> PUA-ADWARE XP Antispyware 2009 outbound connection (pua-adware.rules) * 1:19837 <-> DISABLED <-> PUA-ADWARE Spyware Guard 2008 outbound connection (pua-adware.rules) * 1:19842 <-> DISABLED <-> PUA-ADWARE Windows Antivirus 2008 (pua-adware.rules) * 1:19839 <-> DISABLED <-> PUA-ADWARE Antivirus XP 2008 runtime detection (pua-adware.rules) * 1:19848 <-> DISABLED <-> PUA-ADWARE Adware.Virtumonde runtime detection (pua-adware.rules) * 1:19841 <-> DISABLED <-> PUA-ADWARE 0desa MSN password stealer (pua-adware.rules) * 1:19853 <-> DISABLED <-> PUA-ADWARE Wowpa KI outbound connection (pua-adware.rules) * 1:19843 <-> DISABLED <-> PUA-ADWARE Windows Antivirus 2008 (pua-adware.rules) * 1:19860 <-> DISABLED <-> PUA-ADWARE Trust Warrior outbound connection (pua-adware.rules) * 1:19849 <-> DISABLED <-> PUA-ADWARE Adware.Virtumonde runtime detection (pua-adware.rules) * 1:19869 <-> DISABLED <-> MALWARE-TOOLS Anonymous PHP RefRef DoS tool (malware-tools.rules) * 1:19859 <-> DISABLED <-> PUA-ADWARE XP Deluxe Protector outbound connection (pua-adware.rules) * 1:19883 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player libdirectx_plugin.dll AMV parsing buffer overflow attempt (file-multimedia.rules) * 1:19868 <-> DISABLED <-> INDICATOR-OBFUSCATION hidden 1x1 div tag - potential malware obfuscation (indicator-obfuscation.rules) * 1:19897 <-> DISABLED <-> PUA-TOOLBARS Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 Runtime Detection (pua-toolbars.rules) * 1:19870 <-> DISABLED <-> MALWARE-TOOLS Anonymous Perl RefRef DoS tool (malware-tools.rules) * 1:19900 <-> DISABLED <-> MALWARE-OTHER Tong Keylogger outbound connection (malware-other.rules) * 1:19896 <-> DISABLED <-> PUA-ADWARE Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 Install Detection (pua-adware.rules) * 1:19902 <-> DISABLED <-> PUA-ADWARE Targetedbanner.biz Adrotator outbound connection (pua-adware.rules) * 1:19899 <-> ENABLED <-> MALWARE-OTHER Tong Keylogger outbound connectiooutbound connection (malware-other.rules) * 1:19904 <-> DISABLED <-> PUA-ADWARE WinReanimator outbound connection (pua-adware.rules) * 1:19901 <-> DISABLED <-> MALWARE-OTHER Tong Keylogger outbound connection (malware-other.rules) * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:19903 <-> DISABLED <-> PUA-ADWARE Win32.Agent.vvm outbound connection (pua-adware.rules) * 1:19928 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19906 <-> DISABLED <-> PUA-TOOLBARS 6SQ Toolbar runtime detection (pua-toolbars.rules) * 1:19930 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19927 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19939 <-> DISABLED <-> PUA-ADWARE WeatherStudio outbound connection (pua-adware.rules) * 1:19929 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19985 <-> DISABLED <-> PUA-ADWARE AntivirusPC2009 runtime traffic detected (pua-adware.rules) * 1:19933 <-> DISABLED <-> INDICATOR-SCAN DirBuster brute forcing tool detected (indicator-scan.rules) * 1:19987 <-> DISABLED <-> PUA-ADWARE PCLiveGuard outbound connection (pua-adware.rules) * 1:19984 <-> DISABLED <-> PUA-ADWARE Antivirus 2010 outbound connection (pua-adware.rules) * 1:19990 <-> DISABLED <-> PUA-ADWARE Total Protect 2009 outbound connection (pua-adware.rules) * 1:19986 <-> DISABLED <-> PUA-ADWARE AntivirusPC2009 install-time traffic detected (pua-adware.rules) * 1:19998 <-> ENABLED <-> PUA-ADWARE IP address disclosure to advertisement sites attempt (pua-adware.rules) * 1:19989 <-> DISABLED <-> PUA-ADWARE Total Protect 2009 outbound connection (pua-adware.rules) * 1:20000 <-> DISABLED <-> POLICY-OTHER Achievement Unlocked (Billion Dollar Company -- policy-other.rules) * 1:19994 <-> DISABLED <-> PUA-ADWARE Antivirus 360 outbound connection (pua-adware.rules) * 1:20025 <-> DISABLED <-> PUA-ADWARE VirusBye outbound connection (pua-adware.rules) * 1:19999 <-> DISABLED <-> PUA-ADWARE ThreatNuker outbound connection (pua-adware.rules) * 1:20041 <-> DISABLED <-> PUA-ADWARE Adware.BB outbound connection (pua-adware.rules) * 1:20007 <-> DISABLED <-> PUA-ADWARE Cinmus.asaq outbound connection (pua-adware.rules) * 1:20046 <-> DISABLED <-> SQL PHPSESSID SQL injection attempt (sql.rules) * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules) * 1:20048 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager CasLogDirectInsertHandler.cs cross site request forgery attempt (server-other.rules) * 1:20045 <-> DISABLED <-> SQL PHPSESSID SQL injection attempt (sql.rules) * 1:20050 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory consumption vulnerability (file-flash.rules) * 1:20047 <-> DISABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules) * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules) * 1:20049 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules) * 1:20054 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager denial of service attempt (server-other.rules) * 1:20051 <-> DISABLED <-> SERVER-OTHER SAP MaxDB malformed handshake request buffer overflow attempt (server-other.rules) * 1:20058 <-> DISABLED <-> SERVER-OTHER VMWare authorization service user credential parsing DoS attempt (server-other.rules) * 1:20053 <-> DISABLED <-> SERVER-MYSQL Database SELECT subquery denial of service attempt (server-mysql.rules) * 1:20060 <-> DISABLED <-> SERVER-OTHER CVS annotate command buffer overflow attempt (server-other.rules) * 1:20055 <-> DISABLED <-> FILE-JAVA Oracle Java runtime JPEGImageReader overflow attempt (file-java.rules) * 1:20084 <-> DISABLED <-> SERVER-OTHER ALTAP Salamander PE Viewer PDB Filename Buffer Overflow (server-other.rules) * 1:20059 <-> DISABLED <-> FILE-IMAGE Apple Quicktime PictureViewer GIF rendering vulnerability (file-image.rules) * 1:20090 <-> DISABLED <-> INDICATOR-COMPROMISE IRC DCC file transfer request on non-standard port (indicator-compromise.rules) * 1:20063 <-> DISABLED <-> PUA-ADWARE SecurityTool outbound connection (pua-adware.rules) * 1:20092 <-> DISABLED <-> INDICATOR-COMPROMISE IRC channel join on non-standard port (indicator-compromise.rules) * 1:20089 <-> DISABLED <-> INDICATOR-COMPROMISE IRC nick change on non-standard port (indicator-compromise.rules) * 1:20094 <-> DISABLED <-> INDICATOR-COMPROMISE IRC message on non-standard port (indicator-compromise.rules) * 1:20091 <-> DISABLED <-> INDICATOR-COMPROMISE IRC DCC chat request on non-standard port (indicator-compromise.rules) * 1:20100 <-> DISABLED <-> PUA-ADWARE Adware Arcade Web - installation/update (pua-adware.rules) * 1:20093 <-> DISABLED <-> INDICATOR-COMPROMISE IRC channel notice on non-standard port (indicator-compromise.rules) * 1:20102 <-> DISABLED <-> PUA-ADWARE Adware Arcade Web - X-Arcadeweb header (pua-adware.rules) * 1:20095 <-> DISABLED <-> INDICATOR-COMPROMISE IRC dns request on non-standard port (indicator-compromise.rules) * 1:20118 <-> DISABLED <-> OS-WINDOWS Microsoft Windows shell extensions deskpan.dll dll-load exploit attempt (os-windows.rules) * 1:20101 <-> DISABLED <-> PUA-ADWARE Adware Arcade Web - User-Agent (pua-adware.rules) * 1:20120 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS internal communications on network exploit attempt (os-windows.rules) * 1:20103 <-> DISABLED <-> PUA-ADWARE Adware playsushi - User-Agent (pua-adware.rules) * 1:20125 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:20119 <-> DISABLED <-> OS-WINDOWS Microsoft Windows shell extensions deskpan.dll dll-load exploit attempt (os-windows.rules) * 1:20129 <-> DISABLED <-> FILE-OFFICE Microsoft Office BpscBulletProof uninitialized pointer dereference attempt (file-office.rules) * 1:20123 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ShrFmla record use after free attempt (file-office.rules) * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (policy-other.rules) * 1:20126 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:20142 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader app.openDoc path vulnerability (file-pdf.rules) * 1:20132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vista SMB2 zero length write attempt (os-windows.rules) * 1:20144 <-> DISABLED <-> FILE-PDF Adobe Acrobat embedded TIFF DotRange structure memory corruption attempt (file-pdf.rules) * 1:20138 <-> DISABLED <-> SERVER-OTHER Nortel Networks Multiple UNIStim VoIP Products Remote Eavesdrop Attempt (server-other.rules) * 1:20146 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded PICT image (file-pdf.rules) * 1:20143 <-> DISABLED <-> PUA-ADWARE Adware mightymagoo/playpickle/livingplay - User-Agent (pua-adware.rules) * 1:20148 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PICT parsing corruption attempt (file-pdf.rules) * 1:20145 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PICT parsing corruption attempt (file-pdf.rules) * 1:20150 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PCX parsing corruption attempt (file-pdf.rules) * 1:20147 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PICT parsing corruption attempt (file-pdf.rules) * 1:20152 <-> DISABLED <-> FILE-PDF Adobe Acrobat GDI object leak memory corruption attempt (file-pdf.rules) * 1:20149 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded IFF file RGBA chunk memory corruption attempt (file-pdf.rules) * 1:20156 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getCosObj file overwrite attempt (file-pdf.rules) * 1:20151 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded PCX image (file-pdf.rules) * 1:20162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader sandbox disable attempt (file-pdf.rules) * 1:20153 <-> DISABLED <-> FILE-PDF Adobe Acrobat embedded JPEG file APP0 chunk memory corruption attempt (file-pdf.rules) * 1:20170 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP parsing corruption attempt (file-pdf.rules) * 1:20157 <-> DISABLED <-> SERVER-ORACLE Oracle GlassFish Server war file upload attempt (server-oracle.rules) * 1:20172 <-> DISABLED <-> FILE-IDENTIFY Metastock mwl file magic detected (file-identify.rules) * 1:20169 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP parsing corruption attempt (file-pdf.rules) * 1:20174 <-> DISABLED <-> PROTOCOL-SCADA Cogent DataHub server-side information disclosure (protocol-scada.rules) * 1:20171 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP parsing corruption attempt (file-pdf.rules) * 1:20178 <-> DISABLED <-> PROTOCOL-SCADA RSLogix rna protocol denial of service attempt (protocol-scada.rules) * 1:20173 <-> DISABLED <-> PROTOCOL-SCADA Cogent DataHub server-side information disclosure (protocol-scada.rules) * 1:20182 <-> DISABLED <-> FILE-FLASH Adobe Flash Player viewSource blacklist exclusion attempt (file-flash.rules) * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules) * 1:20184 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit php meterpreter stub .php file upload (indicator-shellcode.rules) * 1:20181 <-> DISABLED <-> FILE-FLASH Adobe Flash Speex-encoded audio buffer underflow attempt (file-flash.rules) * 1:20186 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_sys_process_method request/response attempt (indicator-shellcode.rules) * 1:20183 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setInterval use attempt (file-flash.rules) * 1:20189 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_ui_method request/response attempt (indicator-shellcode.rules) * 1:20185 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_fs_method request/response attempt (indicator-shellcode.rules) * 1:20192 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter incognito_method request/response attempt (indicator-shellcode.rules) * 1:20187 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_sys_eventlog_method request/response attempt (indicator-shellcode.rules) * 1:20194 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter sniffer_method request/response attempt (indicator-shellcode.rules) * 1:20190 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_registry_method request/response attempt (indicator-shellcode.rules) * 1:20196 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter lanattacks_method request/response attempt (indicator-shellcode.rules) * 1:20193 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter webcam_method request/response attempt (indicator-shellcode.rules) * 1:20198 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter networkpug_method request/response attempt (indicator-shellcode.rules) * 1:20195 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter priv_method request/response attempt (indicator-shellcode.rules) * 1:20206 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcre ActionScript under allocation (file-flash.rules) * 1:20197 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter espia_method request/response attempt (indicator-shellcode.rules) * 1:20208 <-> DISABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules) * 1:20199 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_railgun_method request/response attempt (indicator-shellcode.rules) * 1:20211 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursive stack overflow attempt (file-flash.rules) * 1:20207 <-> DISABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules) * 1:20220 <-> DISABLED <-> PUA-ADWARE Adware.Wizpop outbound connection (pua-adware.rules) * 1:20209 <-> DISABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules) * 1:20224 <-> DISABLED <-> FILE-MULTIMEDIA MPlayer SMI file buffer overflow attempt (file-multimedia.rules) * 1:20212 <-> DISABLED <-> SERVER-OTHER SSL CBC encryption mode weakness brute force attempt (server-other.rules) * 1:20226 <-> DISABLED <-> FILE-OTHER MPlayer SMI file buffer overflow attempt (file-other.rules) * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules) * 1:20237 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Jukebox playlist file handling heap overflow attempt (file-multimedia.rules) * 1:20225 <-> ENABLED <-> FILE-OTHER SMI file download request (file-other.rules) * 1:20239 <-> DISABLED <-> FILE-JAVA Oracle Java GIF LZW minimum code size overflow attempt (file-java.rules) * 1:20227 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC webm memory corruption attempt (file-multimedia.rules) * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (policy-other.rules) * 1:20238 <-> DISABLED <-> SERVER-OTHER Oracle Java calendar deserialize vulnerability (server-other.rules) * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (policy-other.rules) * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules) * 1:20249 <-> DISABLED <-> SERVER-OTHER Oracle Java Web Start BasicService arbitrary command execution attempt (server-other.rules) * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (policy-other.rules) * 1:20253 <-> DISABLED <-> OS-WINDOWS Microsoft products oleacc.dll dll-load exploit attempt (os-windows.rules) * 1:20248 <-> DISABLED <-> PROTOCOL-RPC IBM AIX and Oracle Solaris nfsd v4 nfs_portmon security bypass attempt (protocol-rpc.rules) * 1:20256 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG http response splitting attempt (os-windows.rules) * 1:20251 <-> DISABLED <-> SERVER-OTHER PointBase 4.6 database DoS (server-other.rules) * 1:20260 <-> ENABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules) * 1:20254 <-> DISABLED <-> OS-WINDOWS Microsoft products oleacc.dll dll-load exploit attempt (os-windows.rules) * 1:20270 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows afd.sys kernel-mode memory corruption attempt (file-executable.rules) * 1:20257 <-> DISABLED <-> OS-WINDOWS Microsoft ForeFront UAG ExcelTable.asp XSS attempt (os-windows.rules) * 1:20272 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Forefront UAG NLSessionS cookie overflow attempt (os-windows.rules) * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules) * 1:20282 <-> ENABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules) * 1:20271 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Host Integration Server SNA length dos attempt (os-windows.rules) * 1:20296 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules) * 1:20274 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP NetShareEnumAll request (netbios.rules) * 1:20298 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules) * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules) * 1:20300 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules) * 1:20297 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules) * 1:20302 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules) * 1:20299 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules) * 1:20304 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules) * 1:20301 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules) * 1:20306 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules) * 1:20303 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules) * 1:20308 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules) * 1:20305 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules) * 1:20310 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules) * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules) * 1:20312 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules) * 1:20309 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules) * 1:20314 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:20311 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules) * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules) * 1:20313 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules) * 1:20318 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:20315 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules) * 1:20320 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules) * 1:20317 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules) * 1:20323 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:20319 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules) * 1:20325 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules) * 1:20321 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules) * 1:20327 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules) * 1:20324 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules) * 1:20329 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules) * 1:20326 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules) * 1:20331 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules) * 1:20328 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules) * 1:20333 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules) * 1:20330 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules) * 1:20335 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules) * 1:20332 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules) * 1:20337 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules) * 1:20334 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules) * 1:20339 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules) * 1:20336 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules) * 1:20341 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules) * 1:20338 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules) * 1:20343 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules) * 1:20340 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules) * 1:20345 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules) * 1:20342 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules) * 1:20347 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules) * 1:20344 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules) * 1:20349 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules) * 1:20346 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules) * 1:20351 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules) * 1:20348 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules) * 1:20353 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules) * 1:20350 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules) * 1:20355 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules) * 1:20352 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules) * 1:20357 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules) * 1:20354 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20359 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20356 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules) * 1:20361 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules) * 1:20358 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20363 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules) * 1:20360 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules) * 1:20365 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules) * 1:20362 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules) * 1:20367 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules) * 1:20364 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules) * 1:20371 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules) * 1:20366 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules) * 1:20373 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules) * 1:20370 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules) * 1:20375 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules) * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules) * 1:20377 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules) * 1:20374 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules) * 1:20379 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules) * 1:20376 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules) * 1:20382 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules) * 1:20378 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules) * 1:20384 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules) * 1:20380 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules) * 1:20386 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules) * 1:20383 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules) * 1:20388 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt (protocol-voip.rules) * 1:20385 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules) * 1:20393 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:20387 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt (protocol-voip.rules) * 1:20396 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood attempt (protocol-voip.rules) * 1:20389 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules) * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:20394 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:20397 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood (protocol-voip.rules) * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:20399 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:20404 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules) * 1:20401 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:20406 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules) * 1:20403 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:20409 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:20405 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules) * 1:20412 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules) * 1:20407 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:20414 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules) * 1:20411 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules) * 1:20416 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:20413 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules) * 1:20418 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:20415 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules) * 1:20420 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules) * 1:20417 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:20422 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via field request misplaced - after terminating newline (protocol-voip.rules) * 1:20419 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules) * 1:20424 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules) * 1:20421 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:20427 <-> DISABLED <-> PROTOCOL-VOIP OpenSBC VIA header denial of service attempt (protocol-voip.rules) * 1:20423 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules) * 1:20431 <-> DISABLED <-> FILE-OTHER Wireshark DECT packet dissector overflow attempt (file-other.rules) * 1:20426 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules) * 1:20434 <-> DISABLED <-> PUA-ADWARE XP Guardian 2010 proantivirus21 host runtime traffic detection (pua-adware.rules) * 1:20430 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start BasicServiceImpl security policy bypass attempt (file-java.rules) * 1:20437 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (malware-tools.rules) * 1:20433 <-> DISABLED <-> PUA-ADWARE XP Guardian 2010 anutayadokalug host outbound connection (pua-adware.rules) * 1:20439 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (malware-tools.rules) * 1:20436 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (malware-tools.rules) * 1:20441 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules) * 1:20438 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (malware-tools.rules) * 1:20443 <-> DISABLED <-> APP-DETECT Apple OSX Remote Mouse usage (app-detect.rules) * 1:20440 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules) * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:20442 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules) * 1:20453 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules) * 1:20445 <-> DISABLED <-> FILE-PDF Foxit Reader title overflow attempt (file-pdf.rules) * 1:20455 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules) * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:20458 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules) * 1:20454 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules) * 1:20460 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:20462 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules) * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20461 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules) * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20474 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules) * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20476 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:20478 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:20475 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules) * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:20477 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:20479 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules) * 1:20485 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules) * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20487 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules) * 1:20484 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules) * 1:20489 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:20491 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules) * 1:20488 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules) * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:20490 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules) * 1:20495 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20511 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules) * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20513 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules) * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20515 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules) * 1:20512 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules) * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules) * 1:20514 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:20520 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules) * 1:20516 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules) * 1:20522 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:20519 <-> ENABLED <-> FILE-IDENTIFY vmd file download request (file-identify.rules) * 1:20534 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:20521 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:20540 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document with embedded TrueType font (file-office.rules) * 1:20529 <-> DISABLED <-> FILE-JAVA Oracle Java trusted method chaining attempt (file-java.rules) * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules) * 1:20535 <-> DISABLED <-> BROWSER-OTHER Opera Config File script access attempt (browser-other.rules) * 1:20547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overlapping record overflow attempt (file-flash.rules) * 1:20543 <-> DISABLED <-> OS-WINDOWS Microsoft Windows IppRateLimitIcmp integer overflow exploit attempt (os-windows.rules) * 1:20549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion attempt (file-flash.rules) * 1:20545 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF embedded font null pointer attempt (file-flash.rules) * 1:20551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Stage 3D texture format overflow attempt (file-flash.rules) * 1:20548 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursive doaction stack exhaustion (file-flash.rules) * 1:20556 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PlaceObjectX null pointer dereference attempt (file-flash.rules) * 1:20550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Mover3D clipping exploit (file-flash.rules) * 1:20558 <-> ENABLED <-> EXPLOIT-KIT URI request for known malicious URI /stat2.php (exploit-kit.rules) * 1:20553 <-> DISABLED <-> FILE-MULTIMEDIA Un4seen Developments XMPlay crafted ASX file buffer overflow attempt (file-multimedia.rules) * 1:20560 <-> DISABLED <-> FILE-FLASH Adobe Flash Player salign null javascript access attempt (file-flash.rules) * 1:20557 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionDefineFunction2 length overflow attempt (file-flash.rules) * 1:20564 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules) * 1:20559 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp MIDI file buffer overflow attempt (file-multimedia.rules) * 1:20566 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp AMF file buffer overflow attempt (file-other.rules) * 1:20563 <-> ENABLED <-> FILE-IDENTIFY amf file download request (file-identify.rules) * 1:20568 <-> DISABLED <-> FILE-FLASH Adobe Flash SWF ActionScript 3 ByteArray class vulnerability (file-flash.rules) * 1:20565 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp AMF file buffer overflow attempt (file-other.rules) * 1:20578 <-> DISABLED <-> SERVER-MAIL Qualcomm Eudora url buffer overflow attempt (server-mail.rules) * 1:20567 <-> DISABLED <-> FILE-FLASH Adobe Flash SWF AVM2 namespace lookup deref exploit (file-flash.rules) * 1:20582 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:20572 <-> DISABLED <-> FILE-OTHER Microsoft Windows Font Library file buffer overflow attempt (file-other.rules) * 1:20584 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple content-type headers malicious redirect attempt (browser-firefox.rules) * 1:20581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:20586 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple content-disposition headers malicious redirect attempt (browser-firefox.rules) * 1:20583 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple location headers malicious redirect attempt (browser-firefox.rules) * 1:20589 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules) * 1:20585 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple content-length headers malicious redirect attempt (browser-firefox.rules) * 1:20601 <-> DISABLED <-> PROTOCOL-SERVICES rlogin nobody (protocol-services.rules) * 1:20588 <-> ENABLED <-> FILE-IDENTIFY CDR file download request (file-identify.rules) * 1:20603 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RSH daemon buffer overflow attempt (os-windows.rules) * 1:20594 <-> DISABLED <-> SERVER-ORACLE Outside In CorelDRAW file parser integer overflow attempt (server-oracle.rules) * 1:20609 <-> DISABLED <-> SERVER-OTHER Sunway ForceControl SNMP NetDBServer stack buffer overflow attempt (server-other.rules) * 1:20602 <-> DISABLED <-> PROTOCOL-SERVICES rlogin guest (protocol-services.rules) * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules) * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules) * 1:20610 <-> DISABLED <-> FILE-FLASH Adobe Shockwave Flash Flex authoring tool XSS exploit attempt (file-flash.rules) * 1:20618 <-> DISABLED <-> SERVER-OTHER Sage SalesLogix database credential disclosure attempt (server-other.rules) * 1:20612 <-> DISABLED <-> SERVER-APACHE Apache Tomcat Java AJP connector invalid header timeout DOS attempt (server-apache.rules) * 1:20638 <-> DISABLED <-> PROTOCOL-SCADA Progea Movicon/PowerHMI EIDP over HTTP memory corruption attempt (protocol-scada.rules) * 1:20616 <-> DISABLED <-> SERVER-OTHER Peercast Basic HTTP authentication buffer overflow attempt (server-other.rules) * 1:20655 <-> DISABLED <-> PUA-OTHER Yahoo Messenger iframe injection status change attempt (pua-other.rules) * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules) * 1:20660 <-> DISABLED <-> SERVER-OTHER sl.php script injection (server-other.rules) * 1:20653 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player ASX file ref href buffer overflow attempt (file-multimedia.rules) * 1:20664 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (server-iis.rules) * 1:20658 <-> DISABLED <-> POLICY-OTHER HP Printer firmware update attempt (policy-other.rules) * 1:20666 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Thunderbird / SeaMonkey Content-Type header buffer overflow attempt (browser-firefox.rules) * 1:20662 <-> DISABLED <-> SERVER-OTHER Dameware Mini Remote Control username buffer overflow (server-other.rules) * 1:20668 <-> DISABLED <-> EXPLOIT-KIT URI request for known malicious URI - /content/v1.jar (exploit-kit.rules) * 1:20665 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (server-iis.rules) * 1:20670 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk data length field overflow attempt (protocol-voip.rules) * 1:20667 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Thunderbird / SeaMonkey Content-Type header buffer overflow attempt (browser-firefox.rules) * 1:20675 <-> DISABLED <-> SERVER-IIS Microsoft Active Directory Federation Services code execution attempt (server-iis.rules) * 1:20669 <-> DISABLED <-> EXPLOIT-KIT URI request for known malicious URI - w.php?f= (exploit-kit.rules) * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules) * 1:20673 <-> DISABLED <-> FILE-MULTIMEDIA invalid VLC media player SMB URI download attempt (file-multimedia.rules) * 1:20717 <-> DISABLED <-> FILE-OFFICE Microsoft Windows OLE versioned stream missing data stream (file-office.rules) * 1:20690 <-> DISABLED <-> SERVER-OTHER Quest NetVault SmartDisk libnvbasics.dll denial of service attempt (server-other.rules) * 1:20719 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Opltc memory corruption attempt (file-office.rules) * 1:20698 <-> DISABLED <-> FILE-OTHER Telnet protocol specifier command injection attempt (file-other.rules) * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules) * 1:20718 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules) * 1:20727 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox user interface event dispatcher dos attempt (browser-firefox.rules) * 1:20721 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher PLC object memory corruption attempt (file-office.rules) * 1:20730 <-> DISABLED <-> BROWSER-FIREFOX Mozilla XBL.method memory corruption attempt (browser-firefox.rules) * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (os-solaris.rules) * 1:20735 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (file-other.rules) * 1:20729 <-> DISABLED <-> BROWSER-FIREFOX Mozilla XBL object init code execution attempt (browser-firefox.rules) * 1:20738 <-> DISABLED <-> SERVER-OTHER Check Point vpn-1 ISAKMP buffer overflow attempt (server-other.rules) * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules) * 1:20741 <-> DISABLED <-> SERVER-OTHER SpamAssassin GTube string denial of service attempt (server-other.rules) * 1:20736 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari x-man-page URI terminal escape attempt (browser-webkit.rules) * 1:20743 <-> DISABLED <-> BROWSER-OTHER Multiple web browser window injection attempt (browser-other.rules) * 1:20739 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Object.watch parent access attempt (browser-firefox.rules) * 1:20746 <-> DISABLED <-> SERVER-OTHER Ethereal IGAP Dissector Buffer Overflow attempt (server-other.rules) * 1:20742 <-> DISABLED <-> BROWSER-FIREFOX Mozilla PLUGINSPAGE javascript execution attempt (browser-firefox.rules) * 1:20748 <-> DISABLED <-> SERVER-OTHER Yahoo Messenger possible file transfer spoofing (server-other.rules) * 1:20745 <-> DISABLED <-> SERVER-OTHER Ethereal Netflow dissector buffer overflow attempt (server-other.rules) * 1:20751 <-> ENABLED <-> FILE-IDENTIFY webm file download request (file-identify.rules) * 1:20747 <-> DISABLED <-> SERVER-OTHER Ethereal IGAP Dissector Buffer Overflow attempt (server-other.rules) * 1:20753 <-> DISABLED <-> PUA-ADWARE Win32.GamePlayLabs outbound connection (pua-adware.rules) * 1:20750 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules) * 1:20761 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:20752 <-> DISABLED <-> PUA-ADWARE Win32.GameVance outbound connection (pua-adware.rules) * 1:20769 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20758 <-> DISABLED <-> POLICY-OTHER Progrea Movicon TCPUploadServer.exe unauthenticated access attempt (policy-other.rules) * 1:20771 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20768 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20773 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20770 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20775 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20772 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20774 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20776 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20802 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PRC file MarkupLinkedItem arbitrary code execution attempt (file-pdf.rules) * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules) * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules) * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules) * 1:20831 <-> ENABLED <-> FILE-JAVA Oracle Java Applet Rhino script engine remote code execution attempt (file-java.rules) * 1:20814 <-> DISABLED <-> BROWSER-FIREFOX Mozilla favicon href javascript execution attempt (browser-firefox.rules) * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules) * 1:20821 <-> DISABLED <-> SERVER-APACHE Apache APR header memory corruption attempt (server-apache.rules) * 1:20848 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules) * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules) * 1:20852 <-> ENABLED <-> FILE-IDENTIFY DAZ Studio script download request (file-identify.rules) * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules) * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20849 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules) * 1:20856 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20853 <-> DISABLED <-> FILE-OTHER DAZ Studio dangerous scripting method attempt (file-other.rules) * 1:20858 <-> DISABLED <-> FILE-JAVA Oracle Java getSoundBank overflow Attempt malicious jar file (file-java.rules) * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20860 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules) * 1:20857 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20869 <-> ENABLED <-> FILE-IDENTIFY Autodesk 3D Studio Maxscript download request (file-identify.rules) * 1:20859 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya embedded language script download request (file-identify.rules) * 1:20873 <-> DISABLED <-> POLICY-OTHER TRACE attempt (policy-other.rules) * 1:20861 <-> DISABLED <-> FILE-OTHER Autodesk Maya dangerous scripting method attempt (file-other.rules) * 1:20876 <-> DISABLED <-> SERVER-OTHER IBM solidDB solid.exe authentication bypass attempt (server-other.rules) * 1:20870 <-> DISABLED <-> FILE-OTHER Autodesk 3D Studio Maxscript dangerous scripting method attempt (file-other.rules) * 1:20885 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (file-office.rules) * 1:20874 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (server-other.rules) * 1:20887 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (file-office.rules) * 1:20880 <-> DISABLED <-> FILE-OFFICE Microsoft DirectShow Line 21 decoder exploit attempt (file-office.rules) * 1:20889 <-> DISABLED <-> FILE-OTHER Video Spirit visprj buffer overflow (file-other.rules) * 1:20886 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (file-office.rules) * 1:20894 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules) * 1:20888 <-> ENABLED <-> FILE-IDENTIFY Video Spirit visprj download attempt (file-identify.rules) * 1:20896 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules) * 1:20893 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules) * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20895 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules) * 1:20902 <-> DISABLED <-> FILE-OTHER Microsoft Windows OpenType font parsing stack overflow attempt (file-other.rules) * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20904 <-> DISABLED <-> FILE-OTHER Microsoft Windows OpenType font parsing stack overflow attempt (file-other.rules) * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20911 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules) * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20915 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules) * 1:20912 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules) * 1:20917 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules) * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20919 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader BMP color unused corruption (file-pdf.rules) * 1:20916 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules) * 1:20921 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP colors used integer overflow attempt (file-pdf.rules) * 1:20918 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules) * 1:20923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP bit count integer overflow attempt (file-pdf.rules) * 1:20920 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DCT dequantizer memory corruption attempt (file-pdf.rules) * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP bit count integer overflow attempt (file-pdf.rules) * 1:20928 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:20924 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules) * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules) * 1:20960 <-> ENABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules) * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules) * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20964 <-> ENABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules) * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules) * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules) * 1:20968 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules) * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules) * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules) * 1:20972 <-> ENABLED <-> FILE-IDENTIFY M4V file magic request (file-identify.rules) * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules) * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules) * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules) * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20990 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic avoid_utf8_tolower encoder (indicator-shellcode.rules) * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20992 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:20989 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic single_static_bit encoder (indicator-shellcode.rules) * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:20998 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript submitform memory corruption attempt (file-pdf.rules) * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:21001 <-> DISABLED <-> PROTOCOL-SCADA Microsys PROMOTIC ActiveX function call access (protocol-scada.rules) * 1:20997 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit Display box rendering corruption attempt (browser-webkit.rules) * 1:21008 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file download request (file-identify.rules) * 1:21000 <-> DISABLED <-> PROTOCOL-SCADA Microsys PROMOTIC ActiveX clsid access (protocol-scada.rules) * 1:21010 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules) * 1:21007 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:21012 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules) * 1:21009 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules) * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21011 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:21016 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules) * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21018 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules) * 1:21015 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21017 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules) * 1:21052 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file download request (file-identify.rules) * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21054 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules) * 1:21040 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules) * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules) * 1:21053 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules) * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21056 <-> DISABLED <-> FILE-JAVA Oracle Java attempt to write in system32 (file-java.rules) * 1:21075 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor (server-apache.rules) * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:21079 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC HMI Administrator cookie detected (protocol-scada.rules) * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel window2 record use after free attempt (file-office.rules) * 1:21078 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow GraphEdt closed captioning memory corruption (file-multimedia.rules) * 1:21089 <-> DISABLED <-> OS-WINDOWS Microsoft Windows remote desktop oversized cookie attempt (os-windows.rules) * 1:21082 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel window2 record use after free attempt (file-office.rules) * 1:21091 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp player mp4 memory corruption attempt (file-multimedia.rules) * 1:21088 <-> DISABLED <-> OS-WINDOWS Microsoft Windows remote desktop denial of service attempt (os-windows.rules) * 1:21093 <-> DISABLED <-> FILE-MULTIMEDIA A-PDF Wav to mp3 converter buffer overfow (file-multimedia.rules) * 1:21090 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp player mp4 memory corruption attempt (file-multimedia.rules) * 1:21102 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:21092 <-> ENABLED <-> MALWARE-TOOLS JavaScript LOIC attack (malware-tools.rules) * 1:21104 <-> ENABLED <-> MALWARE-TOOLS slowhttptest DoS tool (malware-tools.rules) * 1:21095 <-> DISABLED <-> FILE-PDF Foxit Reader malicious pdf file write access (file-pdf.rules) * 1:21107 <-> DISABLED <-> FILE-MULTIMEDIA MJM Quickplayer s3m buffer overflow (file-multimedia.rules) * 1:21103 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules) * 1:21105 <-> DISABLED <-> SERVER-OTHER Avaya WinPDM Unite host router buffer overflow attempt (server-other.rules) * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21108 <-> DISABLED <-> EXPLOIT-KIT unknown exploit kit obfuscated landing page (exploit-kit.rules) * 1:21117 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell (indicator-compromise.rules) * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21119 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell interactive file system information display (indicator-compromise.rules) * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:21121 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell interactive SQL display (indicator-compromise.rules) * 1:21118 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell security information display (indicator-compromise.rules) * 1:21130 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell enumeration page (indicator-compromise.rules) * 1:21120 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell interactive console display (indicator-compromise.rules) * 1:21132 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell sql interaction page (indicator-compromise.rules) * 1:21129 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell (indicator-compromise.rules) * 1:21134 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell security information page (indicator-compromise.rules) * 1:21131 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell domain lookup page (indicator-compromise.rules) * 1:21136 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell security bypass page (indicator-compromise.rules) * 1:21133 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell encoder page (indicator-compromise.rules) * 1:21138 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell database parsing page (indicator-compromise.rules) * 1:21135 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell password cracking page (indicator-compromise.rules) * 1:21140 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell kill shell page (indicator-compromise.rules) * 1:21137 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell tools page (indicator-compromise.rules) * 1:21147 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules) * 1:21139 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell spread shell page (indicator-compromise.rules) * 1:21149 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules) * 1:21146 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules) * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21148 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules) * 1:21154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products floating point buffer overflow attempt (browser-firefox.rules) * 1:21150 <-> DISABLED <-> PROTOCOL-VOIP Grandstream networks denial of service (protocol-voip.rules) * 1:21160 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21162 <-> DISABLED <-> FILE-PDF Adobe Acrobat file extension overflow attempt (file-pdf.rules) * 1:21155 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products floating point buffer overflow attempt (browser-firefox.rules) * 1:21165 <-> DISABLED <-> FILE-OTHER multiple products GeckoActiveX COM object recon attempt (file-other.rules) * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (server-iis.rules) * 1:21168 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:21164 <-> DISABLED <-> SERVER-SAMBA Samba username map script command injection attempt (server-samba.rules) * 1:21171 <-> DISABLED <-> APP-DETECT Thunder p2p application activity detection (app-detect.rules) * 1:21166 <-> DISABLED <-> BROWSER-CHROME Google Chrome https spoofing attempt (browser-chrome.rules) * 1:21173 <-> DISABLED <-> FILE-EXECUTABLE APP-CONTROL Thunder p2p application download detection (file-executable.rules) * 1:21169 <-> DISABLED <-> PUA-ADWARE Apperhand SDK advertising data request - Counterclank (pua-adware.rules) * 1:21176 <-> DISABLED <-> PUA-ADWARE Win32.WindowsOptimizationAndSecurity outbound connection (pua-adware.rules) * 1:21172 <-> DISABLED <-> APP-DETECT Thunder p2p application activity detection (app-detect.rules) * 1:21189 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari innerHTML use after free exploit attempt (browser-webkit.rules) * 1:21174 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules) * 1:21244 <-> DISABLED <-> FILE-IDENTIFY New Executable binary file magic detected (file-identify.rules) * 1:21184 <-> DISABLED <-> PUA-ADWARE Internet Security 2010 outbound connection (pua-adware.rules) * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules) * 1:21232 <-> DISABLED <-> SERVER-OTHER Remote Desktop Protocol brute force attempt (server-other.rules) * 1:21255 <-> ENABLED <-> MALWARE-OTHER known malicious FTP login banner - 0wns j0 (malware-other.rules) * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules) * 1:21261 <-> DISABLED <-> SERVER-OTHER Xitami if-modified-since header buffer overflow attempt (server-other.rules) * 1:21254 <-> DISABLED <-> FILE-PDF Foxit Reader createDataObject file write attempt (file-pdf.rules) * 1:21263 <-> DISABLED <-> SERVER-OTHER Embarcadero Interbase connect request buffer overflow attempt (server-other.rules) * 1:21256 <-> ENABLED <-> MALWARE-OTHER known malicious FTP quit banner - Goodbye happy r00ting (malware-other.rules) * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (policy-other.rules) * 1:21262 <-> DISABLED <-> OS-WINDOWS DCERPC ISystemActivate flood attempt (os-windows.rules) * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules) * 1:21265 <-> DISABLED <-> INDICATOR-SHELLCODE Piecemeal exploit and shellcode construction (indicator-shellcode.rules) * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21281 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (os-windows.rules) * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules) * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules) * 1:21293 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio corrupted compressed data memory corruption attempt (file-office.rules) * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21296 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules) * 1:21291 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid row option attempt (file-office.rules) * 1:21317 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:21295 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules) * 1:21320 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player request for atl.dll over SMB attempt (file-flash.rules) * 1:21315 <-> DISABLED <-> SERVER-OTHER Quest NetVault SmartDisk libnvbasics.dll DOS attempt (server-other.rules) * 1:21322 <-> DISABLED <-> FILE-OTHER Multiple products version.dll dll-load exploit attempt (file-other.rules) * 1:21319 <-> DISABLED <-> FILE-OTHER Multiple products request for version.dll over SMB attempt (file-other.rules) * 1:21324 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player uxtheme.dll dll-load exploit attempt (file-flash.rules) * 1:21321 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player request for uxtheme.dll over SMB attempt (file-flash.rules) * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (file-flash.rules) * 1:21323 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player atl.dll dll-load exploit attempt (file-flash.rules) * 1:21329 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format client integer overflow attempt (server-other.rules) * 1:21325 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross site request forgery attempt (file-flash.rules) * 1:21331 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format client integer overflow attempt (server-other.rules) * 1:21328 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format server integer overflow attempt (server-other.rules) * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (file-flash.rules) * 1:21330 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format server integer overflow attempt (server-other.rules) * 1:21349 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:21332 <-> ENABLED <-> APP-DETECT Synergy network kvm usage detected (app-detect.rules) * 1:21356 <-> DISABLED <-> SERVER-APACHE Apache URI directory traversal attempt (server-apache.rules) * 1:21337 <-> DISABLED <-> SERVER-APACHE Apache XML HMAC truncation authentication bypass attempt (server-apache.rules) * 1:21370 <-> DISABLED <-> SERVER-SAMBA Samba name mangling buffer overflow attempt (server-samba.rules) * 1:21350 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:21393 <-> DISABLED <-> FILE-MULTIMEDIA Magix Musik Maker 16 buffer overflow attempt (file-multimedia.rules) * 1:21357 <-> DISABLED <-> OS-WINDOWS Microsoft Windows OLEAUT32.DLL malicious WMF file remote code execution attempt (os-windows.rules) * 1:21395 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:21387 <-> DISABLED <-> FILE-JAVA Oracle Java runtime RMIConnectionImpl deserialization execution attempt (file-java.rules) * 1:21397 <-> DISABLED <-> FILE-MULTIMEDIA MicroP mppl stack buffer overflow (file-multimedia.rules) * 1:21394 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox null byte file remote code execution attempt (browser-firefox.rules) * 1:21399 <-> DISABLED <-> BROWSER-OTHER Opera Web Browser History Search Input validation vulnerability (browser-other.rules) * 1:21396 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules) * 1:21398 <-> ENABLED <-> FILE-IDENTIFY MPPL file download request (file-identify.rules) * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules) * 1:21417 <-> DISABLED <-> FILE-PDF hostile PDF associated with Laik exploit kit (file-pdf.rules) * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21431 <-> DISABLED <-> FILE-PDF Possible malicious pdf - new pdf exploit (file-pdf.rules) * 1:21413 <-> DISABLED <-> FILE-OTHER PeaZip command injection attempt (file-other.rules) * 1:21433 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules) * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules) * 1:21439 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ arbitrary code execution attempt (file-image.rules) * 1:21432 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules) * 1:21446 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileSystemObject clsid access (browser-chrome.rules) * 1:21437 <-> DISABLED <-> FILE-OTHER WordPerfect WP3TablesGroup heap overflow attempt (file-other.rules) * 1:21480 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21445 <-> DISABLED <-> SERVER-OTHER vsFTPd denial of service attempt (server-other.rules) * 1:21485 <-> DISABLED <-> SERVER-OTHER EMC RepliStor denial of service attempt (server-other.rules) * 1:21459 <-> ENABLED <-> MALWARE-TOOLS Havij advanced SQL injection tool user-agent string (malware-tools.rules) * 1:21489 <-> DISABLED <-> FILE-OTHER Microsoft Windows chm file malware related exploit (file-other.rules) * 1:21483 <-> DISABLED <-> PROTOCOL-SCADA Moxa Device Manager buffer overflow attempt (protocol-scada.rules) * 1:21491 <-> DISABLED <-> PROTOCOL-SCADA Sielco Sistemi Winlog Pro stack buffer overflow attempt (protocol-scada.rules) * 1:21488 <-> DISABLED <-> APP-DETECT User-Agent known user agent - GetRight (app-detect.rules) * 1:21498 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21490 <-> DISABLED <-> PROTOCOL-SCADA General Electric d20me configuration retrieval attempt (protocol-scada.rules) * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21494 <-> DISABLED <-> PROTOCOL-SCADA General Electric D20ME backdoor attempt (protocol-scada.rules) * 1:21503 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB memory corruption (file-office.rules) * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21510 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit logo transfer (exploit-kit.rules) * 1:21501 <-> DISABLED <-> FILE-JAVA Oracle JavaScript file upload keystroke hijack attempt (file-java.rules) * 1:21513 <-> ENABLED <-> MALWARE-TOOLS HOIC http denial of service attack (malware-tools.rules) * 1:21509 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit rhino jar request (exploit-kit.rules) * 1:21519 <-> DISABLED <-> INDICATOR-OBFUSCATION Dadongs obfuscated javascript (indicator-obfuscation.rules) * 1:21512 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zegost.B runtime detection (malware-backdoor.rules) * 1:21530 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action script 3 bitmap malicious rectangle attempt (file-flash.rules) * 1:21515 <-> DISABLED <-> SERVER-APACHE Apache Tomcat Web Application Manager access (server-apache.rules) * 1:21532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action script 3 bitmap malicious rectangle attempt (file-flash.rules) * 1:21524 <-> DISABLED <-> FILE-OFFICE Microsoft Windows object packager dialogue code execution attempt (file-office.rules) * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action script 3 bitmap malicious rectangle attempt (file-flash.rules) * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21555 <-> DISABLED <-> MALWARE-OTHER Horde javascript.php href backdoor (malware-other.rules) * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21557 <-> DISABLED <-> FILE-OTHER Apple OSX ZIP archive shell script execution attempt (file-other.rules) * 1:21550 <-> ENABLED <-> MALWARE-BACKDOOR ToolsPack PHP Backdoor access (malware-backdoor.rules) * 1:21574 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules) * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (policy-other.rules) * 1:21576 <-> DISABLED <-> FILE-OTHER Microsoft Windows Visual Studio .addin file access (file-other.rules) * 1:21573 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file download request (file-identify.rules) * 1:21578 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - eval (indicator-obfuscation.rules) * 1:21575 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules) * 1:21580 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - fromCharCode (indicator-obfuscation.rules) * 1:21577 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - charcode (indicator-obfuscation.rules) * 1:21583 <-> DISABLED <-> FILE-PDF Possible malicious pdf detection - qwe123 (file-pdf.rules) * 1:21579 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - fromCharCode (indicator-obfuscation.rules) * 1:21585 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules) * 1:21582 <-> DISABLED <-> FILE-PDF PDF obfuscation attempt (file-pdf.rules) * 1:21587 <-> DISABLED <-> FILE-OTHER VisiWave VWR file parsing code execution attempt (file-other.rules) * 1:21584 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file download request (file-identify.rules) * 1:21596 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D initialization response detection (os-mobile.rules) * 1:21586 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules) * 1:21598 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D sms logging response detection (os-mobile.rules) * 1:21595 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D initialization request detection (os-mobile.rules) * 1:21600 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21597 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D sms logging request detection (os-mobile.rules) * 1:21602 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21599 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21604 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21601 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21606 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21603 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21608 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 call number denial of service (protocol-voip.rules) * 1:21605 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21607 <-> DISABLED <-> FILE-OTHER IBM Installation Manager iim uri code execution attempt (file-other.rules) * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21630 <-> DISABLED <-> FILE-OTHER ELF file parsing in different antivirus evasion attempt (file-other.rules) * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21641 <-> DISABLED <-> MALWARE-OTHER Possible banking trojan with known banking strings (malware-other.rules) * 1:21629 <-> DISABLED <-> FILE-OTHER ELF file parsing in different antivirus evasion attempt (file-other.rules) * 1:21644 <-> DISABLED <-> PUA-ADWARE Adware.MediaGetInstaller inbound connection - destination ip infected (pua-adware.rules) * 1:21637 <-> DISABLED <-> POLICY-SPAM local user attempted to fill out paypal phishing form (policy-spam.rules) * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21642 <-> DISABLED <-> MALWARE-OTHER Possible malicious jar file download page (malware-other.rules) * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:21645 <-> DISABLED <-> PUA-ADWARE Adware.MediaGetInstaller outbound connection - source ip infected (pua-adware.rules) * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21662 <-> DISABLED <-> SERVER-OTHER Blue Coat Systems WinProxy telnet denial of service attempt (server-other.rules) * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules) * 1:21669 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk missing SIP version denial of service attempt (protocol-voip.rules) * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:21673 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP overly large mem copy attempt (protocol-voip.rules) * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (exploit-kit.rules) * 1:21675 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules) * 1:21672 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP capabilities response message capabilities count overflow attempt (protocol-voip.rules) * 1:21677 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules) * 1:21674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules) * 1:21679 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call attempt (exploit-kit.rules) * 1:21676 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules) * 1:21681 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21678 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21683 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21680 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21685 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21682 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21684 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21686 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21711 <-> ENABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules) * 1:21708 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21715 <-> ENABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules) * 1:21712 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21721 <-> ENABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules) * 1:21718 <-> ENABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules) * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21727 <-> ENABLED <-> FILE-IDENTIFY ANI file magic detection (file-identify.rules) * 1:21724 <-> ENABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules) * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21751 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:21748 <-> ENABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules) * 1:21763 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve Backup denial of service attempt (server-other.rules) * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21765 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF subroutine pointer attempt (file-pdf.rules) * 1:21759 <-> DISABLED <-> FILE-OTHER Ultra Shareware Office HttpUpload buffer overflow attempt (file-other.rules) * 1:21768 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 Channel Driver DoS attempt (protocol-voip.rules) * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules) * 1:21779 <-> DISABLED <-> SQL parameter ending in encoded comment characters - possible sql injection attempt - POST (sql.rules) * 1:21767 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 Channel Driver DoS attempt (protocol-voip.rules) * 1:21781 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded union select function in POST - possible sql injection attempt (indicator-obfuscation.rules) * 1:21777 <-> DISABLED <-> SQL waitfor delay function in POST - possible SQL injection attempt (sql.rules) * 1:21783 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded script tag in POST parameters - likely cross-site scripting (indicator-obfuscation.rules) * 1:21780 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded waitfor delay function in POST - possible sql injection attempt (indicator-obfuscation.rules) * 1:21785 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript escape function in POST parameters - likely javascript injection (indicator-obfuscation.rules) * 1:21782 <-> DISABLED <-> INDICATOR-OBFUSCATION script tag in POST parameters - likely cross-site scripting (indicator-obfuscation.rules) * 1:21787 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded javascript escape function in POST parameters - likely javascript injection (indicator-obfuscation.rules) * 1:21784 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded script tag in POST parameters - likely cross-site scripting (indicator-obfuscation.rules) * 1:21789 <-> DISABLED <-> SQL or kic = kic - known SQL injection routine (sql.rules) * 1:21786 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded javascript escape function in POST parameters - likely javascript injection (indicator-obfuscation.rules) * 1:21803 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules) * 1:21788 <-> DISABLED <-> SQL or kic = kic - known SQL injection routine (sql.rules) * 1:21805 <-> DISABLED <-> FILE-MULTIMEDIA HT-MP3Player file parsing boundary buffer overflow attempt (file-multimedia.rules) * 1:21802 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file download request (file-identify.rules) * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21804 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules) * 1:21810 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:21807 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules) * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21814 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:21811 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules) * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21845 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - redirect received (malware-other.rules) * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21849 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - HTTP header redirecting to a SutraTDS (malware-other.rules) * 1:21817 <-> DISABLED <-> PROTOCOL-DNS excessive queries of type ANY - potential DoS (protocol-dns.rules) * 1:21851 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - redirect received (malware-other.rules) * 1:21848 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - page redirecting to a SutraTDS (malware-other.rules) * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21850 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - request hi.cgi (malware-other.rules) * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21853 <-> DISABLED <-> APP-DETECT ptunnel icmp proxy (app-detect.rules) * 1:21858 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader msiexec.exe file load exploit attempt (file-pdf.rules) * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21863 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21859 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader msiexec.exe file load exploit attempt (file-pdf.rules) * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21864 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21881 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21920 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In CorelDRAW file parser buffer overflow attempt (server-oracle.rules) * 1:21907 <-> DISABLED <-> FILE-OFFICE Microsoft Office rtf document generic exploit indicator (file-office.rules) * 1:21923 <-> DISABLED <-> SERVER-APACHE Apache Tomcat PUT request remote file deployment attempt (server-apache.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21929 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules) * 1:21921 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In CorelDRAW file parser buffer overflow attempt (server-oracle.rules) * 1:21934 <-> DISABLED <-> PUA-ADWARE 888Poker install outbound connection attempt (pua-adware.rules) * 1:21924 <-> DISABLED <-> PUA-ADWARE Adware.Downware variant outbound connection attempt (pua-adware.rules) * 1:21939 <-> ENABLED <-> PROTOCOL-TELNET RuggedCom telnet initial banner (protocol-telnet.rules) * 1:21930 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules) * 1:21949 <-> ENABLED <-> MALWARE-OTHER nikjju script injection (malware-other.rules) * 1:21938 <-> DISABLED <-> PROTOCOL-TELNET RuggedCom default backdoor login attempt (protocol-telnet.rules) * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules) * 1:21941 <-> DISABLED <-> INDICATOR-COMPROMISE Wordpress Request for php file in fgallery directory (indicator-compromise.rules) * 1:21968 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Rebhip.A variant outbound connection type A (malware-backdoor.rules) * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules) * 1:21970 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zlob.P variant outbound connection (malware-backdoor.rules) * 1:21967 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip.A runtime detection (malware-backdoor.rules) * 1:21972 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.ZZSlash variant outbound connection (malware-backdoor.rules) * 1:21969 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Rebhip.A variant outbound connection type B (malware-backdoor.rules) * 1:21977 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Pinit variant outbound connection (malware-backdoor.rules) * 1:21971 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zlob.P variant inbound connection (malware-backdoor.rules) * 1:21979 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nervos variant inbound connection (malware-backdoor.rules) * 1:21973 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.ZZSlash runtime detection (malware-backdoor.rules) * 1:22002 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Basic v6.0 - additional file magic detected (file-identify.rules) * 1:21978 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nervos variant outbound connection (malware-backdoor.rules) * 1:22014 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules) * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (file-identify.rules) * 1:22016 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules) * 1:22013 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file download request (file-identify.rules) * 1:22018 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules) * 1:22015 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules) * 1:22020 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules) * 1:22017 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file download request (file-identify.rules) * 1:22022 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules) * 1:22019 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules) * 1:22024 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules) * 1:22021 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file download request (file-identify.rules) * 1:22026 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules) * 1:22023 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules) * 1:22028 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules) * 1:22025 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file download request (file-identify.rules) * 1:22030 <-> DISABLED <-> FILE-OTHER Visual Studio PKP file handling buffer overflow attempt (file-other.rules) * 1:22027 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules) * 1:22032 <-> DISABLED <-> FILE-OTHER Visual Studio VAP file handling buffer overflow attempt (file-other.rules) * 1:22029 <-> DISABLED <-> FILE-OTHER Visual Studio DBP file handling buffer overflow attempt (file-other.rules) * 1:22044 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules) * 1:22031 <-> DISABLED <-> FILE-OTHER Visual Studio SLN file handling buffer overflow attempt (file-other.rules) * 1:22046 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules) * 1:22043 <-> ENABLED <-> FILE-IDENTIFY XM file download request (file-identify.rules) * 1:22071 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - eval (indicator-obfuscation.rules) * 1:22045 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules) * 1:22073 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - unescape (indicator-obfuscation.rules) * 1:22061 <-> ENABLED <-> MALWARE-OTHER Alureon - Malicious IFRAME load attempt (malware-other.rules) * 1:22079 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework EvidenceBase class remote code execution attempt (os-windows.rules) * 1:22072 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - fromCharCode (indicator-obfuscation.rules) * 1:22086 <-> DISABLED <-> FILE-OFFICE Microsoft Office GDI+ incorrect index validation of malformed EMF image attempt (file-office.rules) * 1:22074 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - charCode (indicator-obfuscation.rules) * 1:22090 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework malicious XBAP attempt (os-windows.rules) * 1:22085 <-> DISABLED <-> FILE-OFFICE Microsoft Office GDI+ incorrect index validation of malformed EMF image attempt (file-office.rules) * 1:22098 <-> DISABLED <-> INDICATOR-COMPROMISE hex-encoded create_function detected (indicator-compromise.rules) * 1:22087 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font maxComponentPoints overflow attempt (file-other.rules) * 1:22111 <-> DISABLED <-> SERVER-MAIL Metamail format string exploit attempt (server-mail.rules) * 1:22095 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Agent variant outbound connection (malware-backdoor.rules) * 1:22113 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (server-mail.rules) * 1:22110 <-> DISABLED <-> SERVER-MAIL Metamail format string exploit attempt (server-mail.rules) * 1:22115 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (server-mail.rules) * 1:22112 <-> DISABLED <-> SERVER-MAIL Metamail format string exploit attempt (server-mail.rules) * 1:22918 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - search (indicator-compromise.rules) * 1:22114 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (server-mail.rules) * 1:22920 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - about (indicator-compromise.rules) * 1:22917 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - cmd (indicator-compromise.rules) * 1:22922 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - bind (indicator-compromise.rules) * 1:22919 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - upload (indicator-compromise.rules) * 1:22924 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ftpquickbrute (indicator-compromise.rules) * 1:22921 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - encoder (indicator-compromise.rules) * 1:22926 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - sql (indicator-compromise.rules) * 1:22923 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ps_aux (indicator-compromise.rules) * 1:22928 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - feedback (indicator-compromise.rules) * 1:22925 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - security (indicator-compromise.rules) * 1:22930 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - fsbuff (indicator-compromise.rules) * 1:22927 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - eval (indicator-compromise.rules) * 1:22932 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - phpinfo (indicator-compromise.rules) * 1:22929 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - selfremove (indicator-compromise.rules) * 1:22940 <-> DISABLED <-> INDICATOR-COMPROMISE Win32.Virut web propagation detection (indicator-compromise.rules) * 1:22931 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ls (indicator-compromise.rules) * 1:22943 <-> ENABLED <-> FILE-IDENTIFY NAB file download request (file-identify.rules) * 1:22933 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - tools (indicator-compromise.rules) * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22941 <-> DISABLED <-> FILE-PDF Possible malicious PDF detection - qweqwe= (file-pdf.rules) * 1:22948 <-> DISABLED <-> PROTOCOL-VOIP Avaya WinPDM header buffer overflow attempt (protocol-voip.rules) * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22955 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules) * 1:22946 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22953 <-> DISABLED <-> MALWARE-TOOLS Hulk denial of service attempt (malware-tools.rules) * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22956 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules) * 1:22967 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules) * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22969 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules) * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (file-identify.rules) * 1:22968 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules) * 1:22973 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules) * 1:22970 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules) * 1:22975 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules) * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (file-identify.rules) * 1:22977 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules) * 1:22974 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules) * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22976 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules) * 1:22981 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules) * 1:22978 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules) * 1:22983 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules) * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22985 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:22982 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules) * 1:22987 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules) * 1:22984 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules) * 1:22989 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules) * 1:22986 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:22991 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules) * 1:22988 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules) * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22990 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules) * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22992 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules) * 1:22997 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22999 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:22998 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:23003 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules) * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23005 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:23002 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules) * 1:23007 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:23004 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:23011 <-> ENABLED <-> FILE-IDENTIFY Collada file download request (file-identify.rules) * 1:23006 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:23017 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell comment (indicator-compromise.rules) * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23044 <-> DISABLED <-> FILE-PDF Unknown malicious PDF - CreationDate (file-pdf.rules) * 1:23016 <-> DISABLED <-> INDICATOR-COMPROMISE base64-encoded c99shell download (indicator-compromise.rules) * 1:23054 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nSSVGValue memory corruption attempt (browser-firefox.rules) * 1:23043 <-> DISABLED <-> FILE-PDF Unknown malicious PDF - CreationDate (file-pdf.rules) * 1:23058 <-> ENABLED <-> MALWARE-OTHER NeoSploit Malvertising - URI Requested (malware-other.rules) * 1:23045 <-> DISABLED <-> FILE-PDF Unknown malicious PDF - Title (file-pdf.rules) * 1:23086 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - push (indicator-obfuscation.rules) * 1:23055 <-> DISABLED <-> PROTOCOL-FTP Multiple Products FTP MKD buffer overflow attempt (protocol-ftp.rules) * 1:23088 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - qweqwe (indicator-obfuscation.rules) * 1:23085 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - join (indicator-obfuscation.rules) * 1:23090 <-> DISABLED <-> SERVER-OTHER known malicious SSL certificate derived from Microsoft CA detected (server-other.rules) * 1:23087 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - xval (indicator-obfuscation.rules) * 1:23106 <-> ENABLED <-> EXPLOIT-KIT SET java applet load attempt (exploit-kit.rules) * 1:23089 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript strings - obfuscation pattern (indicator-obfuscation.rules) * 1:23110 <-> DISABLED <-> FILE-IMAGE Microsoft Windows graphics rendering engine buffer overflow attempt (file-image.rules) * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (policy-other.rules) * 1:23114 <-> DISABLED <-> INDICATOR-OBFUSCATION GIF header with PHP tags - likely malicious (indicator-obfuscation.rules) * 1:23107 <-> DISABLED <-> INDICATOR-COMPROMISE BeEF javascript hook.js download attempt (indicator-compromise.rules) * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (file-flash.rules) * 1:23113 <-> DISABLED <-> INDICATOR-OBFUSCATION eval gzinflate base64_decode call - likely malicious (indicator-obfuscation.rules) * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (file-flash.rules) * 1:23115 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB client authentication bypass attempt (server-mysql.rules) * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (file-flash.rules) * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (file-flash.rules) * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (file-flash.rules) * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (file-flash.rules) * 1:23141 <-> ENABLED <-> EXPLOIT-KIT Fake transaction redirect page to exploit kit (exploit-kit.rules) * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (file-flash.rules) * 1:23148 <-> ENABLED <-> EXPLOIT-KIT Suspicious StrReverse - Shell (exploit-kit.rules) * 1:23140 <-> DISABLED <-> FILE-PDF Unknown Malicious PDF - CreationDate (file-pdf.rules) * 1:23160 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - fromCharCode (indicator-obfuscation.rules) * 1:23147 <-> ENABLED <-> EXPLOIT-KIT Suspicious taskkill script - StrReverse (exploit-kit.rules) * 1:23166 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XDP encoded download attempt (file-pdf.rules) * 1:23149 <-> ENABLED <-> EXPLOIT-KIT Suspicious StrReverse - Scripting.FileSystemObject (exploit-kit.rules) * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23161 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - eval (indicator-obfuscation.rules) * 1:23171 <-> DISABLED <-> INDICATOR-COMPROMISE Wordpress Request for html file in fgallery directory (indicator-compromise.rules) * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules) * 1:23178 <-> DISABLED <-> PROTOCOL-ICMP IPv6 router advertisement flood attempt (protocol-icmp.rules) * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23188 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23173 <-> DISABLED <-> OS-MOBILE Android Zitmo trojan command and control channel traffic (os-mobile.rules) * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23179 <-> DISABLED <-> INDICATOR-COMPROMISE script before DOCTYPE possible malicious redirect attempt (indicator-compromise.rules) * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23189 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23204 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23203 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23208 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (protocol-voip.rules) * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23226 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript error suppression routine (indicator-obfuscation.rules) * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23231 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST hostname overflow attempt (os-windows.rules) * 1:23217 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic avoid_utf8_tolower javascript encoder (indicator-shellcode.rules) * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules) * 1:23230 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST client identifier overflow attempt (os-windows.rules) * 1:23246 <-> DISABLED <-> PUA-ADWARE Wajam Monitizer url outbound connection - post install (pua-adware.rules) * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules) * 1:23309 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:23239 <-> DISABLED <-> SERVER-OTHER Wireshark console.lua file load exploit attempt (server-other.rules) * 1:23311 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:23247 <-> DISABLED <-> PUA-ADWARE Wajam Monitizer outbound connection - post install (pua-adware.rules) * 1:23313 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:23310 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:23316 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word imeshare.dll dll-load exploit attempt (file-office.rules) * 1:23312 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:23319 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules) * 1:23315 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word request for imeshare.dll over SMB attempt (file-office.rules) * 1:23321 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules) * 1:23318 <-> DISABLED <-> FILE-OTHER ELF multiple antivirus evasion attempts (file-other.rules) * 1:23323 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23320 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules) * 1:23325 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23322 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules) * 1:23327 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23324 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23329 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23326 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23338 <-> DISABLED <-> MALWARE-BACKDOOR Spindest.A runtime detection - initial connection (malware-backdoor.rules) * 1:23328 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23330 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:23350 <-> DISABLED <-> MALWARE-OTHER potential clickjacking via css pointer-events attempt (malware-other.rules) * 1:23347 <-> ENABLED <-> FILE-IDENTIFY Lotus file download request (file-identify.rules) * 1:23356 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office text converters integer underflow attempt (file-office.rules) * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23358 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23351 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23360 <-> DISABLED <-> SERVER-IIS tilde character file name discovery attempt (server-iis.rules) * 1:23357 <-> DISABLED <-> FILE-OTHER ELF multiple antivirus evasion attempts (file-other.rules) * 1:23362 <-> DISABLED <-> SERVER-IIS tilde character file name discovery attempt (server-iis.rules) * 1:23359 <-> DISABLED <-> SERVER-OTHER Multiple Vendors SOAP large array parameter DoS attempt (server-other.rules) * 1:23381 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Thoper.C runtime detection (malware-backdoor.rules) * 1:23361 <-> DISABLED <-> SERVER-IIS tilde character file name discovery attempt (server-iis.rules) * 1:23397 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services stack buffer overflow attempt (server-other.rules) * 1:23369 <-> DISABLED <-> PUA-ADWARE Adware.Phono post infection download attempt (pua-adware.rules) * 1:23408 <-> DISABLED <-> OS-WINDOWS Microsoft Windows large image resize denial of service attempt (os-windows.rules) * 1:23393 <-> ENABLED <-> SQL IBM SolidDB initial banner (sql.rules) * 1:23436 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX IDirectPlay4 denial of service attempt (os-windows.rules) * 1:23404 <-> DISABLED <-> SERVER-MAIL Mortal Universe POP Peeper date header overflow attempt (server-mail.rules) * 1:23438 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell initialization attempt (indicator-compromise.rules) * 1:23435 <-> DISABLED <-> SERVER-MAIL Alt-N MDaemon file attachment directory traversal attempt (server-mail.rules) * 1:23440 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell upload attempt (indicator-compromise.rules) * 1:23437 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX IDirectPlay4 denial of service attempt (os-windows.rules) * 1:23442 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command injection attempt (indicator-compromise.rules) * 1:23439 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell upload attempt (indicator-compromise.rules) * 1:23445 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox use-after free remote code execution attempt (browser-firefox.rules) * 1:23441 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell upload attempt (indicator-compromise.rules) * 1:23472 <-> DISABLED <-> PUA-ADWARE FakeAV landing page request (pua-adware.rules) * 1:23443 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell failed remote command injection attempt (indicator-compromise.rules) * 1:23475 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules) * 1:23471 <-> DISABLED <-> BROWSER-CHROME Google Chrome net-internals uri fragment identifier XSS attempt (browser-chrome.rules) * 1:23477 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules) * 1:23474 <-> ENABLED <-> FILE-IDENTIFY PLP file download request (file-identify.rules) * 1:23479 <-> DISABLED <-> FILE-OTHER ACDSee FotoSlate PLP file buffer overflow attempt (file-other.rules) * 1:23476 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules) * 1:23482 <-> DISABLED <-> INDICATOR-OBFUSCATION hex escaped characters in addEventListener call (indicator-obfuscation.rules) * 1:23478 <-> DISABLED <-> FILE-OTHER ACDSee FotoSlate PLP file buffer overflow attempt (file-other.rules) * 1:23484 <-> DISABLED <-> INDICATOR-COMPROMISE Wordpress Invit0r plugin non-image file upload attempt (indicator-compromise.rules) * 1:23481 <-> DISABLED <-> INDICATOR-OBFUSCATION hex escaped characters in setTimeout call (indicator-obfuscation.rules) * 1:23487 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:23483 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Georbot file download (malware-backdoor.rules) * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (file-other.rules) * 1:23486 <-> ENABLED <-> FILE-IDENTIFY JOB file download request (file-identify.rules) * 1:23496 <-> ENABLED <-> FILE-IDENTIFY CUR file download request (file-identify.rules) * 1:23488 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:23498 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23490 <-> DISABLED <-> FILE-MULTIMEDIA Oracle Java MixerSequencer RMF MIDI structure handling exploit attempt (file-multimedia.rules) * 1:23514 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:23497 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23516 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:23513 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:23531 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:23515 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:23533 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:23525 <-> DISABLED <-> FILE-OFFICE Microsoft Office BMP header biClrUsed integer overflow attempt (file-office.rules) * 1:23541 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel GDI+ Office Art Property Table remote code execution attempt (file-office.rules) * 1:23532 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:23543 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SxView record exploit attempt (file-office.rules) * 1:23540 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word GDI+ Office Art Property Table remote code execution attempt (file-office.rules) * 1:23564 <-> DISABLED <-> FILE-OTHER Adobe Illustrator DSC comment overflow attempt (file-other.rules) * 1:23542 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel integer field in row record improper validation remote code execution attempt (file-office.rules) * 1:23589 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:23557 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office text converters integer underflow attempt (file-office.rules) * 1:23596 <-> DISABLED <-> INDICATOR-COMPROMISE iframe before DOCTYPE possible malicious redirect attempt (indicator-compromise.rules) * 1:23578 <-> DISABLED <-> FILE-OTHER Microsoft Windows malformed ASF voice codec memory corruption attempt (file-other.rules) * 1:23602 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan Firefox agent string (indicator-scan.rules) * 1:23590 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:23604 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan iPhone agent string (indicator-scan.rules) * 1:23601 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan default agent string (indicator-scan.rules) * 1:23617 <-> DISABLED <-> APP-DETECT Amazon Kindle chrome-scriptable-plugin attempt (app-detect.rules) * 1:23603 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan MSIE agent string (indicator-scan.rules) * 1:23620 <-> ENABLED <-> MALWARE-OTHER Malvertising network attempted redirect (malware-other.rules) * 1:23616 <-> ENABLED <-> APP-DETECT Amazon Kindle 3.0 User-Agent string requested (app-detect.rules) * 1:23624 <-> DISABLED <-> SERVER-OTHER Ubisoft Uplay browser plugin backdoor attempt (server-other.rules) * 1:23618 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection attempt (malware-other.rules) * 1:23636 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript built-in function parseInt appears obfuscated - likely packer or encoder (indicator-obfuscation.rules) * 1:23621 <-> DISABLED <-> INDICATOR-OBFUSCATION known packer routine with secondary obfuscation (indicator-obfuscation.rules) * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox resource URL handling directory traversal attempt (browser-firefox.rules) * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23643 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules) * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:23642 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules) * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:23644 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules) * 1:23649 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules) * 1:23646 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules) * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23648 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23650 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules) * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23661 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules) * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:23663 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:23660 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules) * 1:23665 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules) * 1:23662 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:23664 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:23669 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules) * 1:23666 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23671 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules) * 1:23668 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules) * 1:23673 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:23675 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules) * 1:23672 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules) * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:23674 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules) * 1:23679 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23688 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules) * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23690 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules) * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23692 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules) * 1:23689 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules) * 1:23694 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules) * 1:23691 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:23696 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:23693 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules) * 1:23698 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:23695 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:23703 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:23705 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.62-v1.22 packed file magic detected (file-identify.rules) * 1:23702 <-> DISABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules) * 1:23707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:23704 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.51-v0.61 packed file magic detected (file-identify.rules) * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:23706 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v2.90 v2.93-v3.00 packed file magic detected (file-identify.rules) * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:23709 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules) * 1:23722 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Address Book file magic detected (file-identify.rules) * 1:23713 <-> DISABLED <-> FILE-IDENTIFY Metastock mwl file magic detected (file-identify.rules) * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:23726 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules) * 1:23731 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules) * 1:23728 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:23733 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules) * 1:23730 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules) * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:23732 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules) * 1:23737 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:23734 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules) * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23736 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23749 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23751 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:23750 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:23752 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:23760 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:23756 <-> DISABLED <-> FILE-IDENTIFY New Executable binary file magic detected (file-identify.rules) * 1:23762 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23764 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:23768 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Basic v6.0 - additional file magic detected (file-identify.rules) * 1:23763 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:23770 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules) * 1:23765 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:23772 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules) * 1:23769 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules) * 1:23774 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:23771 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules) * 1:23779 <-> DISABLED <-> SERVER-APACHE Apache WebDAV mod_dav nested entity reference DoS attempt (server-apache.rules) * 1:23773 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules) * 1:23807 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23776 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules) * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23798 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection page (malware-other.rules) * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23813 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23810 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23819 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23816 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23823 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23830 <-> DISABLED <-> INDICATOR-COMPROMISE Alsa3ek Web Shell (indicator-compromise.rules) * 1:23822 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23832 <-> DISABLED <-> INDICATOR-OBFUSCATION non-alphanumeric javascript detected (indicator-obfuscation.rules) * 1:23829 <-> DISABLED <-> INDICATOR-COMPROMISE Loaderz Web Shell (indicator-compromise.rules) * 1:23846 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Terminal server RDP freed memory write attempt (os-windows.rules) * 1:23831 <-> DISABLED <-> INDICATOR-OBFUSCATION non-alphanumeric javascript detected (indicator-obfuscation.rules) * 1:23852 <-> DISABLED <-> FILE-PDF Blackhole exploit kit related malicious file detection (file-pdf.rules) * 1:23833 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection campaign - blackmuscat (malware-other.rules) * 1:23864 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid font WeightVector attempt (file-pdf.rules) * 1:23851 <-> DISABLED <-> FILE-PDF Blackhole exploit kit related malicious file detection (file-pdf.rules) * 1:23866 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23863 <-> DISABLED <-> PUA-ADWARE LiveSecurityPlatinum.A outbound connection - initial connection (pua-adware.rules) * 1:23868 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23865 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid font WeightVector attempt (file-pdf.rules) * 1:23870 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23867 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23874 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader postscript font execution malformed subroutine entries attempt (file-pdf.rules) * 1:23869 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23881 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23871 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23883 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 encoding invalid symbol in dictionary segment (file-pdf.rules) * 1:23875 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader postscript font execution malformed subroutine entries attempt (file-pdf.rules) * 1:23891 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23882 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23898 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.collectEmailInfo exploit attempt (file-pdf.rules) * 1:23884 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 encoding invalid symbol in dictionary segment (file-pdf.rules) * 1:23900 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (file-pdf.rules) * 1:23892 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23902 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (file-pdf.rules) * 1:23899 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (file-pdf.rules) * 1:23906 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23901 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (file-pdf.rules) * 1:23908 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23905 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23910 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23907 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23912 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23909 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23914 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23911 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23916 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23913 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23918 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23915 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23920 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23917 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23922 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23919 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23924 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23921 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23926 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23923 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23928 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23925 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23930 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23927 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23932 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23929 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules) * 1:23931 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules) * 1:23933 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23952 <-> DISABLED <-> MALWARE-TOOLS Tors Hammer slow post flood attempt (malware-tools.rules) * 1:23947 <-> DISABLED <-> SQL IBM System Storage DS storage manager profiler sql injection attempt (sql.rules) * 1:23964 <-> DISABLED <-> PROTOCOL-SCADA BroadWin WebAccess Client format string exploit attempt (protocol-scada.rules) * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules) * 1:23966 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk invite malformed SDP denial of service attempt (protocol-voip.rules) * 1:23954 <-> DISABLED <-> OS-MOBILE Android SMSZombie APK file download attempt (os-mobile.rules) * 1:23979 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23965 <-> DISABLED <-> PROTOCOL-SCADA BroadWin WebAccess Client arbitrary memory corruption attempt (protocol-scada.rules) * 1:23981 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23969 <-> ENABLED <-> OS-MOBILE Android SMSZombie APK file download (os-mobile.rules) * 1:23983 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23980 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23991 <-> DISABLED <-> POLICY-SOCIAL Apple Messages service server request attempt (policy-social.rules) * 1:23982 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:23990 <-> DISABLED <-> POLICY-SOCIAL Apple Messages client side certificate request attempt (policy-social.rules) * 1:24008 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool (policy-other.rules) * 1:23998 <-> DISABLED <-> SERVER-OTHER DHCP discover broadcast flood attempt (server-other.rules) * 1:24020 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24022 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24017 <-> ENABLED <-> MALWARE-OTHER Possible malicious redirect - rebots.php (malware-other.rules) * 1:24024 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24021 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24027 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24023 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24036 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24025 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24038 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24028 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24046 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules) * 1:24037 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24048 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file download request (file-identify.rules) * 1:24045 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file download request (file-identify.rules) * 1:24050 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules) * 1:24047 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules) * 1:24052 <-> DISABLED <-> FILE-OTHER Winamp skin file arbitrary code execution attempt (file-other.rules) * 1:24049 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules) * 1:24056 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24051 <-> DISABLED <-> FILE-OTHER Winamp skin file arbitrary code execution attempt (file-other.rules) * 1:24058 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24055 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24065 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24057 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24067 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 buffer over-read attempt (file-other.rules) * 1:24064 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24069 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 buffer over-read attempt (file-other.rules) * 1:24066 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24074 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:24068 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 bufer over-read attempt (file-other.rules) * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24070 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 buffer over-read attempt (file-other.rules) * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24085 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24089 <-> ENABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (os-windows.rules) * 1:24084 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24095 <-> DISABLED <-> APP-DETECT Teamviewer installer download attempt (app-detect.rules) * 1:24086 <-> DISABLED <-> PUA-ADWARE Adware.AdultAds outbound connection (pua-adware.rules) * 1:24097 <-> DISABLED <-> APP-DETECT Teamviewer remote connection attempt (app-detect.rules) * 1:24094 <-> DISABLED <-> APP-DETECT Teamviewer control server ping (app-detect.rules) * 1:24099 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection attempt (malware-other.rules) * 1:24096 <-> DISABLED <-> APP-DETECT Teamviewer remote connection attempt (app-detect.rules) * 1:24101 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:24098 <-> DISABLED <-> APP-DETECT Teamviewer remote connection attempt (app-detect.rules) * 1:24104 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPEG file (malware-other.rules) * 1:24100 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:24106 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a PNG file (malware-other.rules) * 1:24103 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPG file (malware-other.rules) * 1:24108 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a RAR file (malware-other.rules) * 1:24105 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a GIF file (malware-other.rules) * 1:24110 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to an MP3 file (malware-other.rules) * 1:24107 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a BMP file (malware-other.rules) * 1:24115 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24109 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a ZIP file (malware-other.rules) * 1:24117 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24114 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic avoid_underscore_tolower encoder (indicator-shellcode.rules) * 1:24119 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24116 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24121 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24118 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24123 <-> DISABLED <-> MALWARE-BACKDOOR Virus.Win32.Xpaj.A variant outbound connection (malware-backdoor.rules) * 1:24120 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24126 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24122 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24128 <-> DISABLED <-> OS-WINDOWS Microsoft SCCM ReportChart xss attempt (os-windows.rules) * 1:24125 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24130 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel catLabel pointer manipulation attempt (file-office.rules) * 1:24127 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - QUERY_PATH_INFO csrss.exe (indicator-compromise.rules) * 1:24132 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24129 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel catLabel pointer manipulation attempt (file-office.rules) * 1:24134 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24131 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24136 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24133 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24143 <-> ENABLED <-> MALWARE-OTHER Dorifel/Quervar/XDocCrypt query for machine name KASPERSKY (malware-other.rules) * 1:24135 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24145 <-> ENABLED <-> MALWARE-OTHER Dorifel/Quervar/XDocCrypt sent over email (malware-other.rules) * 1:24137 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24149 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious charstring stream attempt (file-pdf.rules) * 1:24144 <-> ENABLED <-> MALWARE-OTHER Dorifel/Quervar/XDocCrypt download (malware-other.rules) * 1:24153 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF bytecode memory corruption attempt (file-pdf.rules) * 1:24148 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious charstring stream attempt (file-pdf.rules) * 1:24155 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader free text annotation invalid IT value denial of service attempt (file-pdf.rules) * 1:24152 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF bytecode memory corruption attempt (file-pdf.rules) * 1:24160 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24154 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader free text annotation invalid IT value denial of service attempt (file-pdf.rules) * 1:24162 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24159 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24164 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24161 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24166 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24163 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24168 <-> DISABLED <-> INDICATOR-OBFUSCATION hidden iframe - potential include of malicious content (indicator-obfuscation.rules) * 1:24165 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24176 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24167 <-> DISABLED <-> INDICATOR-OBFUSCATION document write of unescaped value with remote script (indicator-obfuscation.rules) * 1:24178 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24173 <-> DISABLED <-> MALWARE-BACKDOOR Trojan-Downloader.Win32.Doneltart.A runtime detection (malware-backdoor.rules) * 1:24180 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24177 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24190 <-> ENABLED <-> FILE-IDENTIFY X PixMap file magic detected (file-identify.rules) * 1:24179 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24209 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow (file-other.rules) * 1:24181 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24218 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules) * 1:24221 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24223 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24219 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:24229 <-> DISABLED <-> FILE-OTHER RealNetworks Netzip Classic zip archive long filename buffer overflow attempt (file-other.rules) * 1:24222 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24231 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit redirection attempt (exploit-kit.rules) * 1:24225 <-> ENABLED <-> MALWARE-OTHER malicious redirection attempt (malware-other.rules) * 1:24233 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit outbound connection (exploit-kit.rules) * 1:24230 <-> DISABLED <-> FILE-OTHER RealNetworks Netzip Classic zip archive long filename buffer overflow attempt (file-other.rules) * 1:24250 <-> DISABLED <-> SERVER-OTHER telephone URI to USSD code for factory reset (server-other.rules) * 1:24232 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit outbound connection (exploit-kit.rules) * 1:24253 <-> DISABLED <-> INDICATOR-COMPROMISE IP only webpage redirect attempt (indicator-compromise.rules) * 1:24234 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit outbound connection (exploit-kit.rules) * 1:24256 <-> ENABLED <-> MALWARE-BACKDOOR phpMyAdmin server_sync.php backdoor access attempt (malware-backdoor.rules) * 1:24251 <-> DISABLED <-> OS-MOBILE Android/Fakelash.A!tr.spy trojan command and control channel traffic (os-mobile.rules) * 1:24258 <-> ENABLED <-> MALWARE-OTHER mygeeksmail.dll download (malware-other.rules) * 1:24254 <-> DISABLED <-> INDICATOR-COMPROMISE IP only webpage redirect attempt (indicator-compromise.rules) * 1:24260 <-> ENABLED <-> MALWARE-OTHER PwDump7.exe download (malware-other.rules) * 1:24257 <-> ENABLED <-> MALWARE-OTHER mygeeksmail.dll download (malware-other.rules) * 1:24262 <-> ENABLED <-> MALWARE-OTHER Lanman2.dll download (malware-other.rules) * 1:24259 <-> ENABLED <-> MALWARE-OTHER PwDump7.exe download (malware-other.rules) * 1:24265 <-> ENABLED <-> MALWARE-OTHER Malicious UA detected on non-standard port (malware-other.rules) * 1:24261 <-> ENABLED <-> MALWARE-OTHER Lanman2.dll download (malware-other.rules) * 1:24270 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk RTP comfort noise denial of service attempt (protocol-voip.rules) * 1:24264 <-> DISABLED <-> FILE-PDF Overly large CreationDate within a pdf - likely malicious (file-pdf.rules) * 1:24290 <-> DISABLED <-> SERVER-OTHER Fortinet FortiOS appliedTags field cross site scripting attempt (server-other.rules) * 1:24266 <-> DISABLED <-> FILE-PDF xpdf ObjectStream integer overflow (file-pdf.rules) * 1:24295 <-> DISABLED <-> PROTOCOL-ICMP suspicious IPv6 router advertisement attempt (protocol-icmp.rules) * 1:24283 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC webm memory corruption attempt (file-multimedia.rules) * 1:24297 <-> DISABLED <-> PROTOCOL-ICMP IPv6 oversized ICMP ping attempt (protocol-icmp.rules) * 1:24294 <-> DISABLED <-> PROTOCOL-ICMP IPv6 neighbor advertisement flood attempt (protocol-icmp.rules) * 1:24299 <-> DISABLED <-> PROTOCOL-ICMP IPv6 invalid router advertisement attempt (protocol-icmp.rules) * 1:24296 <-> DISABLED <-> PROTOCOL-ICMP IPv6 router advertisement invalid prefix option attempt (protocol-icmp.rules) * 1:24302 <-> DISABLED <-> PROTOCOL-ICMP IPv6 multicast neighbor delete attempt (protocol-icmp.rules) * 1:24298 <-> DISABLED <-> PROTOCOL-ICMP IPv6 0xdeadbeef ICMP ping attempt (protocol-icmp.rules) * 1:24305 <-> DISABLED <-> PROTOCOL-ICMP invalid ICMPv6 header attempt (protocol-icmp.rules) * 1:24301 <-> DISABLED <-> PROTOCOL-ICMP IPv6 MLD multicast listener query attempt (protocol-icmp.rules) * 1:24311 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Downloader download (malware-other.rules) * 1:24304 <-> DISABLED <-> PROTOCOL-DNS dead alive6 DNS attempt (protocol-dns.rules) * 1:24344 <-> ENABLED <-> EXPLOIT-KIT Unknown exploit kit redirection page (exploit-kit.rules) * 1:24306 <-> DISABLED <-> SERVER-APACHE HP Operations Dashboard Apache Tomcat default admin account access attempt (server-apache.rules) * 1:24355 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server Reporting Services cross site scripting attempt (server-mssql.rules) * 1:24312 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Downloader inbound email (malware-other.rules) * 1:24359 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules) * 1:24348 <-> DISABLED <-> SERVER-APACHE Apache mod_rpaf X-Forwarded-For header denial of service attempt (server-apache.rules) * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24356 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server Reporting Services cross site scripting attempt (server-mssql.rules) * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24360 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Kerberos NULL session denial of service attempt (os-windows.rules) * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24370 <-> DISABLED <-> OS-LINUX Linux kernel IA32 out-of-bounds system call attempt (os-linux.rules) * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24372 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules) * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24377 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.FakeAV.FakeAlert runtime detection (malware-backdoor.rules) * 1:24371 <-> DISABLED <-> OS-LINUX Linux kernel IA32 out-of-bounds system call attempt (os-linux.rules) * 1:24379 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules) * 1:24376 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.Delf.KDV runtime detection (malware-backdoor.rules) * 1:24387 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products xdomain object information disclosure attempt (browser-firefox.rules) * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules) * 1:24389 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro status check (indicator-compromise.rules) * 1:24386 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products xdomain object information disclosure attempt (browser-firefox.rules) * 1:24391 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro start php (indicator-compromise.rules) * 1:24388 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro file upload (indicator-compromise.rules) * 1:24393 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro stop attack (indicator-compromise.rules) * 1:24390 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro start perl (indicator-compromise.rules) * 1:24395 <-> DISABLED <-> MALWARE-OTHER itsoknoproblembro TCP flood (malware-other.rules) * 1:24392 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro write file (indicator-compromise.rules) * 1:24397 <-> DISABLED <-> APP-DETECT Steam game URI handler (app-detect.rules) * 1:24394 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro start attack (indicator-compromise.rules) * 1:24401 <-> DISABLED <-> OS-WINDOWS PCT Client_Hello overflow attempt (os-windows.rules) * 1:24396 <-> DISABLED <-> MALWARE-OTHER itsoknoproblembro UDP flood (malware-other.rules) * 1:24403 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (malware-backdoor.rules) * 1:24400 <-> DISABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Protos.A runtime detection (malware-backdoor.rules) * 1:24408 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Miniflame download attempt (malware-other.rules) * 1:24402 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO install time detection (malware-backdoor.rules) * 1:24410 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gauss download attempt (malware-other.rules) * 1:24404 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (malware-backdoor.rules) * 1:24412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules) * 1:24409 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Miniflame download attempt (malware-other.rules) * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24411 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gauss download attempt (malware-other.rules) * 1:24421 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL injection attempt (protocol-scada.rules) * 1:24413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules) * 1:24423 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL hard coded user login attempt (protocol-scada.rules) * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24425 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi command injection attempt (protocol-scada.rules) * 1:24422 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL injection attempt (protocol-scada.rules) * 1:24427 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot jar download (malware-other.rules) * 1:24424 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL hard coded user login attempt (protocol-scada.rules) * 1:24433 <-> DISABLED <-> BROWSER-OTHER HTML5 canvas element heap spray attempt (browser-other.rules) * 1:24426 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot class download (malware-other.rules) * 1:24453 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules) * 1:24432 <-> DISABLED <-> BROWSER-OTHER HTML5 canvas element heap spray attempt (browser-other.rules) * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24434 <-> DISABLED <-> INDICATOR-COMPROMISE fx29shell.php connection attempt (indicator-compromise.rules) * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24454 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules) * 1:24459 <-> ENABLED <-> FILE-IDENTIFY PSD file download request (file-identify.rules) * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24461 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules) * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24460 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules) * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:24462 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules) * 1:24467 <-> ENABLED <-> FILE-IDENTIFY XCF file download request (file-identify.rules) * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24469 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules) * 1:24466 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules) * 1:24471 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules) * 1:24468 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules) * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24470 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules) * 1:24476 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24478 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:24474 <-> DISABLED <-> BROWSER-OTHER Puffin Browser usage detected (browser-other.rules) * 1:24481 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:24477 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24479 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:24489 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI common name spoofing attempt (os-windows.rules) * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24498 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules) * 1:24488 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI common name spoofing attempt (os-windows.rules) * 1:24506 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader null pointer dereference attempt (file-pdf.rules) * 1:24490 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI common name spoofing attempt (os-windows.rules) * 1:24511 <-> DISABLED <-> FILE-JAVA Oracle Java XGetSamplePtrFromSnd memory corruption attempt (file-java.rules) * 1:24499 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules) * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules) * 1:24510 <-> DISABLED <-> FILE-JAVA Oracle Java XGetSamplePtrFromSnd memory corruption attempt (file-java.rules) * 1:24516 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Lucuis malware file download (malware-other.rules) * 1:24512 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules) * 1:24524 <-> DISABLED <-> SERVER-MAIL Novell GroupWise internet agent iCalendar parsing denial of service attempt (server-mail.rules) * 1:24515 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Lucuis malware file download (malware-other.rules) * 1:24536 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules) * 1:24522 <-> DISABLED <-> SERVER-OTHER VxWorks RPC request to MGCP service attempt (server-other.rules) * 1:24538 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules) * 1:24530 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.Ransomlock runtime detection (malware-backdoor.rules) * 1:24545 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client response (malware-backdoor.rules) * 1:24537 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules) * 1:24552 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:24540 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Spy.Heur variant outbound connection attempt (malware-backdoor.rules) * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24551 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:24580 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:24553 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:24582 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24584 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:24581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:24589 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24583 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:24591 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24585 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:24594 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.MiniFlame C&C command response attempt (malware-other.rules) * 1:24590 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24600 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24592 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24602 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24598 <-> DISABLED <-> POLICY-SPAM 1.usa.gov URL in email, possible spam redirect (policy-spam.rules) * 1:24604 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24601 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24606 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24603 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24609 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24605 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24611 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24607 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24613 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24610 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24615 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24612 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24617 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24614 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24619 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24616 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24621 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24618 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24625 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules) * 1:24620 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24627 <-> DISABLED <-> SERVER-OTHER Quest NetVault SmartDisk libnvbasics.dll denial of service attempt (server-other.rules) * 1:24622 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24649 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:24626 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules) * 1:24651 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file download request (file-identify.rules) * 1:24648 <-> DISABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules) * 1:24655 <-> DISABLED <-> OS-WINDOWS Microsoft .NET fully qualified System.Data.dll assembly name exploit attempt (os-windows.rules) * 1:24650 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:24658 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record code execution attempt (file-office.rules) * 1:24652 <-> DISABLED <-> FILE-OTHER Microsoft proxy autoconfig script system library import attempt (file-other.rules) * 1:24664 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET blacklisted method reflection sandbox bypass attempt (file-executable.rules) * 1:24656 <-> DISABLED <-> OS-WINDOWS Microsoft .NET fully qualified System.Data.dll assembly name exploit attempt (os-windows.rules) * 1:24673 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SST record invalid length memory corruption attempt (file-office.rules) * 1:24659 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record code execution attempt (file-office.rules) * 1:24708 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file download request (file-identify.rules) * 1:24665 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET blacklisted method reflection sandbox bypass attempt (file-executable.rules) * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SST record invalid length memory corruption attempt (file-office.rules) * 1:24722 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader empty object page tree node reference attempt (file-pdf.rules) * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24763 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules) * 1:24721 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader empty object page tree node reference attempt (file-pdf.rules) * 1:24770 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24727 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules) * 1:24786 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java Exploit request structure (exploit-kit.rules) * 1:24764 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules) * 1:24788 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit PDF Exploit request structure (exploit-kit.rules) * 1:24785 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit possible redirection attempt (exploit-kit.rules) * 1:24790 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Portable Executable request (exploit-kit.rules) * 1:24787 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java Exploit download (exploit-kit.rules) * 1:24799 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.Imuler suspicious download (malware-other.rules) * 1:24789 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit PDF Exploit download attempt (exploit-kit.rules) * 1:24805 <-> DISABLED <-> SERVER-OTHER lighthttpd connection header denial of service attempt (server-other.rules) * 1:24791 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Portable Executable download (exploit-kit.rules) * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24800 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.Imuler suspicious download (malware-other.rules) * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24818 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24814 <-> DISABLED <-> PROTOCOL-SNMP Samsung printer default community string (protocol-snmp.rules) * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (file-identify.rules) * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24819 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24866 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (server-iis.rules) * 1:24824 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file download request (file-identify.rules) * 1:24868 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint bad text header txttype attempt (file-office.rules) * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24867 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (server-iis.rules) * 1:24884 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules) * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24889 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:24883 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules) * 1:24891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action InitArray stack overflow attempt (file-flash.rules) * 1:24888 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules) * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24897 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL grant file long database name stack overflow attempt (server-mysql.rules) * 1:24894 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:24900 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules) * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24899 <-> ENABLED <-> MALWARE-OTHER Compromised Website response - leads to Exploit Kit (malware-other.rules) * 1:24908 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL user enumeration attempt (server-mysql.rules) * 1:24901 <-> ENABLED <-> FILE-IDENTIFY JNLP file download request (file-identify.rules) * 1:24910 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL MDL free corrupted pointer heap overflow attempt (server-mysql.rules) * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24955 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:24909 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL select UpdateXML nested xml elements denial of service attempt (server-mysql.rules) * 1:24977 <-> ENABLED <-> EXPLOIT-KIT ProPack exploit kit outbound connection attempt (exploit-kit.rules) * 1:24912 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In Excel file parsing integer overflow attempt (server-oracle.rules) * 1:24979 <-> ENABLED <-> EXPLOIT-KIT ProPack exploit kit outbound connection (exploit-kit.rules) * 1:24972 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 find file and directory info request (netbios.rules) * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24978 <-> ENABLED <-> EXPLOIT-KIT ProPack exploit kit outbound payload request (exploit-kit.rules) * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24988 <-> DISABLED <-> MALWARE-OTHER itsoknoproblembro v2 UDP flood attempt (malware-other.rules) * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:25002 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Narilam variant inbound attachemtn (malware-other.rules) * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:25013 <-> DISABLED <-> FILE-OTHER Sophos CAB CFDATA cbData overflow attempt (file-other.rules) * 1:25001 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Narilam variant outbound connection (malware-other.rules) * 1:25015 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - NOP command attempt (malware-backdoor.rules) * 1:25012 <-> DISABLED <-> FILE-OTHER Sophos CAB CFDATA cbData overflow attempt (file-other.rules) * 1:25020 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules) * 1:25014 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file magic detected (file-identify.rules) * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (file-identify.rules) * 1:25018 <-> ENABLED <-> MALWARE-OTHER connection to malware sinkhole (malware-other.rules) * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent variant outbound connection (malware-other.rules) * 1:25040 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules) * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25046 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java V6 exploit download (exploit-kit.rules) * 1:25039 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules) * 1:25048 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit PDF Library exploit download (exploit-kit.rules) * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (exploit-kit.rules) * 1:25058 <-> DISABLED <-> SERVER-OTHER IBM Director CIM server alert indication request dll injection attempt (server-other.rules) * 1:25047 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java V7 exploit download (exploit-kit.rules) * 1:25060 <-> DISABLED <-> INDICATOR-OBFUSCATION ActiveX multiple adjacent object tags (indicator-obfuscation.rules) * 1:25057 <-> DISABLED <-> PROTOCOL-SCADA Tridium Niagara directory traversal config.bog access attempt (protocol-scada.rules) * 1:25081 <-> DISABLED <-> APP-DETECT Apple Messages courier.push.apple.com DNS TXT request attempt (app-detect.rules) * 1:25059 <-> DISABLED <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt (server-other.rules) * 1:25083 <-> DISABLED <-> APP-DETECT Apple Messages service server request attempt (app-detect.rules) * 1:25080 <-> DISABLED <-> APP-DETECT Apple Messages push.apple.com DNS TXT request attempt (app-detect.rules) * 1:25085 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25082 <-> DISABLED <-> APP-DETECT Apple Messages client side certificate request attempt (app-detect.rules) * 1:25087 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25084 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25089 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25086 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25091 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25088 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25094 <-> ENABLED <-> MALWARE-OTHER PERL.Exploit.C99 suspicious file download (malware-other.rules) * 1:25090 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25096 <-> ENABLED <-> MALWARE-OTHER PHP.Exploit.C99 suspicious file download (malware-other.rules) * 1:25092 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool variant outbound connection (malware-other.rules) * 1:25101 <-> DISABLED <-> SERVER-OTHER Cisco IOS syslog message flood denial of service attempt (server-other.rules) * 1:25095 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules) * 1:25103 <-> DISABLED <-> SERVER-OTHER Zabbix Server arbitrary command execution attempt (server-other.rules) * 1:25097 <-> ENABLED <-> MALWARE-OTHER PHP.Exploit.C99 suspicious file download (malware-other.rules) * 1:25227 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox iframe and xul element reload crash attempt (browser-firefox.rules) * 1:25102 <-> DISABLED <-> SERVER-OTHER Zabbix Agent net.tcp.listen command injection attempt (server-other.rules) * 1:25247 <-> DISABLED <-> FILE-OTHER Lattice PAC Designer symbol value buffer overflow attempt (file-other.rules) * 1:25106 <-> DISABLED <-> MALWARE-BACKDOOR UnrealIRCd backdoor command execution attempt (malware-backdoor.rules) * 1:25266 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion Admin API arbitrary command execution attempt (server-other.rules) * 1:25228 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox iframe and xul element reload crash attempt (browser-firefox.rules) * 1:25270 <-> ENABLED <-> FILE-OTHER overly large XML file MSXML heap overflow attempt (file-other.rules) * 1:25248 <-> DISABLED <-> FILE-OTHER Lattice PAC Designer symbol value buffer overflow attempt (file-other.rules) * 1:25275 <-> ENABLED <-> FILE-OTHER MSXML dynamic pointer casting arbitrary code execution attempt (file-other.rules) * 1:25267 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion Admin API arbitrary command execution attempt (server-other.rules) * 1:25277 <-> ENABLED <-> MALWARE-OTHER Request for a non-legit postal receipt (malware-other.rules) * 1:25274 <-> DISABLED <-> SERVER-IIS Microsoft Windows Server 2012 IIS OData protocol nested replace filter dos attempt (server-iis.rules) * 1:25279 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - slave (malware-backdoor.rules) * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules) * 1:25281 <-> DISABLED <-> MALWARE-BACKDOOR Htran banner (malware-backdoor.rules) * 1:25278 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - listen (malware-backdoor.rules) * 1:25283 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - slave (malware-backdoor.rules) * 1:25280 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - tran (malware-backdoor.rules) * 1:25285 <-> DISABLED <-> SERVER-OTHER Ruby on Rails authlogic session cookie SQL injection attempt (server-other.rules) * 1:25282 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - listen (malware-backdoor.rules) * 1:25290 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules) * 1:25284 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - tran (malware-backdoor.rules) * 1:25292 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules) * 1:25289 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules) * 1:25295 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules) * 1:25291 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules) * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (file-identify.rules) * 1:25294 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules) * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25296 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules) * 1:25358 <-> ENABLED <-> APP-DETECT Acunetix web vulnerability scan attempt (app-detect.rules) * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (file-identify.rules) * 1:25360 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner authentication attempt (app-detect.rules) * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25362 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner base64 XSS attempt (app-detect.rules) * 1:25359 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner probe attempt (app-detect.rules) * 1:25364 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner prompt XSS attempt (app-detect.rules) * 1:25361 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner RFI attempt (app-detect.rules) * 1:25369 <-> DISABLED <-> OS-WINDOWS NVIDIA graphics driver nvsr named pipe buffer overflow attempt (os-windows.rules) * 1:25363 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner URI injection attempt (app-detect.rules) * 1:25373 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file download request (file-identify.rules) * 1:25365 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner XSS attempt (app-detect.rules) * 1:25375 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules) * 1:25370 <-> DISABLED <-> SERVER-OTHER CakePHP unserialize method vulnerability exploitation attempt (server-other.rules) * 1:25378 <-> DISABLED <-> FILE-IMAGE Apple QuickTime Targa image file buffer overflow attempt (file-image.rules) * 1:25374 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules) * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:25376 <-> DISABLED <-> FILE-IMAGE Apple QuickTime Targa image file buffer overflow attempt (file-image.rules) * 1:25450 <-> ENABLED <-> FILE-PDF Javascript openDoc UNC network request attempt (file-pdf.rules) * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Forefront Threat Management Gateway remote code execution attempt (server-other.rules) * 1:25452 <-> ENABLED <-> INDICATOR-OBFUSCATION PNG header followed by PDF header (indicator-obfuscation.rules) * 1:25449 <-> ENABLED <-> FILE-PDF Javascript openDoc UNC network request attempt (file-pdf.rules) * 1:25454 <-> ENABLED <-> INDICATOR-OBFUSCATION DOC header followed by PDF header (indicator-obfuscation.rules) * 1:25451 <-> ENABLED <-> INDICATOR-OBFUSCATION GIF header followed by PDF header (indicator-obfuscation.rules) * 1:25456 <-> ENABLED <-> INDICATOR-OBFUSCATION PNG header followed by PDF header (indicator-obfuscation.rules) * 1:25453 <-> ENABLED <-> INDICATOR-OBFUSCATION JPEG header followed by PDF header (indicator-obfuscation.rules) * 1:25458 <-> ENABLED <-> INDICATOR-OBFUSCATION DOC header followed by PDF header (indicator-obfuscation.rules) * 1:25455 <-> ENABLED <-> INDICATOR-OBFUSCATION GIF header followed by PDF header (indicator-obfuscation.rules) * 1:25462 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules) * 1:25457 <-> ENABLED <-> INDICATOR-OBFUSCATION JPEG header followed by PDF header (indicator-obfuscation.rules) * 1:25464 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules) * 1:25461 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules) * 1:25467 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules) * 1:25463 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules) * 1:25469 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules) * 1:25466 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules) * 1:25478 <-> DISABLED <-> POLICY-SOCIAL IRC G-line active (policy-social.rules) * 1:25468 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules) * 1:25512 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSsend variant outbound connection (os-mobile.rules) * 1:25474 <-> DISABLED <-> SERVER-OTHER Citrix Access Gateway legacy authentication attempt (server-other.rules) * 1:25519 <-> DISABLED <-> OS-MOBILE Apple iPad User-Agent detected (os-mobile.rules) * 1:25479 <-> DISABLED <-> POLICY-SOCIAL IRC K-line active (policy-social.rules) * 1:25521 <-> DISABLED <-> OS-MOBILE Android User-Agent detected (os-mobile.rules) * 1:25518 <-> DISABLED <-> OS-MOBILE Apple iPod User-Agent detected (os-mobile.rules) * 1:25523 <-> DISABLED <-> OS-MOBILE Samsung User-Agent detected (os-mobile.rules) * 1:25520 <-> DISABLED <-> OS-MOBILE Apple iPhone User-Agent detected (os-mobile.rules) * 1:25525 <-> DISABLED <-> OS-OTHER Nintendo User-Agent detected (os-other.rules) * 1:25522 <-> DISABLED <-> OS-MOBILE Nokia User-Agent detected (os-mobile.rules) * 1:25537 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF parsing bad cmap format attempt (file-pdf.rules) * 1:25524 <-> DISABLED <-> OS-MOBILE Kindle User-Agent detected (os-mobile.rules) * 1:25556 <-> DISABLED <-> SERVER-OTHER RaySharp CCTV derivative user credential retrieval attempt (server-other.rules) * 1:25536 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF parsing bad cmap format attempt (file-pdf.rules) * 1:25558 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit redirection (exploit-kit.rules) * 1:25552 <-> DISABLED <-> SERVER-OTHER Rails JSON to YAML parsing deserialization attempt (server-other.rules) * 1:25560 <-> ENABLED <-> EXPLOIT-KIT JDB exploit kit landing page (exploit-kit.rules) * 1:25557 <-> DISABLED <-> SERVER-OTHER RaySharp CCTV derivative command injection attempt (server-other.rules) * 1:25563 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader heap-based buffer overflow attempt (file-pdf.rules) * 1:25559 <-> ENABLED <-> EXPLOIT-KIT JDB exploit kit landing page retrieval (exploit-kit.rules) * 1:25567 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop web access cross site scripting attempt - POST request (os-windows.rules) * 1:25561 <-> ENABLED <-> EXPLOIT-KIT JDB exploit kit landing page (exploit-kit.rules) * 1:25579 <-> ENABLED <-> MALWARE-OTHER Fake bookinginfo HTTP Response phishing attack (malware-other.rules) * 1:25564 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader heap-based buffer overflow attempt (file-pdf.rules) * 1:25589 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25578 <-> ENABLED <-> MALWARE-OTHER Fake postal receipt HTTP Response phishing attack (malware-other.rules) * 1:25602 <-> ENABLED <-> SERVER-OTHER Sybase Open Server TDS login request (server-other.rules) * 1:25580 <-> ENABLED <-> MALWARE-OTHER Fake bookingdetails HTTP Response phishing attack (malware-other.rules) * 1:25605 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules) * 1:25601 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25607 <-> DISABLED <-> FILE-OTHER cSounds.com Csound hetro audio file buffer overflow attempt (file-other.rules) * 1:25604 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file download request (file-identify.rules) * 1:25612 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25606 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules) * 1:25616 <-> DISABLED <-> OS-MOBILE Apple iOS 6.x jailbreak download attempt (os-mobile.rules) * 1:25608 <-> DISABLED <-> FILE-OTHER cSounds.com Csound hetro audio file buffer overflow attempt (file-other.rules) * 1:25618 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25615 <-> DISABLED <-> OS-MOBILE Apple iOS 6.x jailbreak download attempt (os-mobile.rules) * 1:25620 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25617 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25622 <-> DISABLED <-> BROWSER-OTHER Opera use after free attempt (browser-other.rules) * 1:25619 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25631 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules) * 1:25621 <-> DISABLED <-> BROWSER-OTHER Opera use after free attempt (browser-other.rules) * 1:25635 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25630 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules) * 1:25638 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25633 <-> DISABLED <-> FILE-OTHER ELF file parsing in different antivirus evasion attempt (file-other.rules) * 1:25642 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25637 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25653 <-> DISABLED <-> BROWSER-OTHER Opera browser window null pointer dereference attempt (browser-other.rules) * 1:25641 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25655 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25643 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25657 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations directory traversal attempt (server-other.rules) * 1:25654 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25664 <-> DISABLED <-> SERVER-OTHER MiniUPnPd SSDP request buffer overflow attempt (server-other.rules) * 1:25656 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25767 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt (file-pdf.rules) * 1:25658 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations directory traversal attempt (server-other.rules) * 1:25780 <-> ENABLED <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt (server-other.rules) * 1:25683 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:25783 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to char function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:25768 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unchecked index value remote code execution attempt (file-office.rules) * 1:25796 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow MPEG heap overflow attempt (file-multimedia.rules) * 1:25782 <-> DISABLED <-> MALWARE-OTHER WIN.Trojan.Nap Malicious executable file download from webroot (malware-other.rules) * 1:25814 <-> DISABLED <-> FILE-FLASH Adobe Flash Player nested SWF cross domain clickjacking attempt (file-flash.rules) * 1:25795 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow MPEG heap overflow attempt (file-multimedia.rules) * 1:25816 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules) * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules) * 1:25822 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit malicious PDF retrieval (exploit-kit.rules) * 1:25815 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules) * 1:25824 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit malicious payload retrieval (exploit-kit.rules) * 1:25821 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit possible plugin detection attempt (exploit-kit.rules) * 1:25826 <-> DISABLED <-> SERVER-OTHER TLSv1.1 plaintext recovery attempt (server-other.rules) * 1:25823 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java V5 exploit download (exploit-kit.rules) * 1:25828 <-> DISABLED <-> SERVER-OTHER SSLv3 plaintext recovery attempt (server-other.rules) * 1:25825 <-> DISABLED <-> SERVER-OTHER TLSv1.0 plaintext recovery attempt (server-other.rules) * 1:25837 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 IBM (indicator-compromise.rules) * 1:25827 <-> DISABLED <-> SERVER-OTHER TLSv1.2 plaintext recovery attempt (server-other.rules) * 1:25839 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Alpha (indicator-compromise.rules) * 1:25836 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Virtuallythere (indicator-compromise.rules) * 1:25841 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Lame (indicator-compromise.rules) * 1:25838 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Webmail (indicator-compromise.rules) * 1:25843 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Server (indicator-compromise.rules) * 1:25840 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Email (indicator-compromise.rules) * 1:25845 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 AOL (indicator-compromise.rules) * 1:25842 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 NS (indicator-compromise.rules) * 1:25847 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Moon-Night (indicator-compromise.rules) * 1:25844 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Sur (indicator-compromise.rules) * 1:25864 <-> DISABLED <-> OS-MOBILE Android AngryBirdsRioUnlocker initial device info send (os-mobile.rules) * 1:25846 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Yahoo (indicator-compromise.rules) * 1:25869 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25848 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 No-Name (indicator-compromise.rules) * 1:25871 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25868 <-> DISABLED <-> OS-MOBILE Android.Trojan.Rus.SMS outbound communication attempt (os-mobile.rules) * 1:25873 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25870 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25875 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25872 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25877 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25874 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25879 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25876 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25881 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25878 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25883 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25880 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25885 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25882 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25887 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25884 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25889 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25886 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25891 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25888 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25893 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25890 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25895 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25892 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25897 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25894 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25899 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25896 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25901 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25898 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25903 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25900 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25905 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25902 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25908 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25904 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25910 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25906 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25912 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25909 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25914 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25911 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25916 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25913 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25918 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25915 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25920 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25917 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25922 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25919 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25924 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25921 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25926 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25923 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25928 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25925 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25930 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25927 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25932 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25929 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25934 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25931 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25936 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25933 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25938 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25935 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25940 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25937 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25942 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25939 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25944 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25941 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25947 <-> DISABLED <-> APP-DETECT Ammyy remote access tool (app-detect.rules) * 1:25943 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25975 <-> ENABLED <-> POLICY-OTHER Adobe ColdFusion admin interface access attempt (policy-other.rules) * 1:25945 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25977 <-> ENABLED <-> POLICY-OTHER Adobe ColdFusion component browser access attempt (policy-other.rules) * 1:25948 <-> ENABLED <-> EXPLOIT-KIT redirection to driveby download (exploit-kit.rules) * 1:25983 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS tunneling attempt (indicator-obfuscation.rules) * 1:25976 <-> ENABLED <-> POLICY-OTHER Adobe ColdFusion admin API access attempt (policy-other.rules) * 1:25998 <-> DISABLED <-> OS-MOBILE Android ADRD encrypted information leak (os-mobile.rules) * 1:25981 <-> DISABLED <-> APP-DETECT Chocoplayer successful installation (app-detect.rules) * 1:26000 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:25997 <-> DISABLED <-> OS-MOBILE Android jSMSHider initial encrypted device info send (os-mobile.rules) * 1:26002 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:25999 <-> DISABLED <-> OS-MOBILE Android ADRD encrypted information leak (os-mobile.rules) * 1:26004 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26001 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26006 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26003 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26008 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF-based shellcode download attempt (file-flash.rules) * 1:26005 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26015 <-> DISABLED <-> OS-MOBILE Android Lovetrap initial connection (os-mobile.rules) * 1:26007 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26017 <-> DISABLED <-> OS-MOBILE Android GGTracker leak of device phone number (os-mobile.rules) * 1:26009 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF-based shellcode download attempt (file-flash.rules) * 1:26020 <-> ENABLED <-> EXPLOIT-KIT Sibhost exploit kit (exploit-kit.rules) * 1:26016 <-> DISABLED <-> OS-MOBILE Android GGTracker server communication (os-mobile.rules) * 1:26027 <-> DISABLED <-> FILE-OTHER Adobe Director file file rcsL overflow attempt (file-other.rules) * 1:26018 <-> DISABLED <-> OS-MOBILE Android GGTracker installation call out (os-mobile.rules) * 1:26029 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:26026 <-> DISABLED <-> OS-MOBILE Android Gmaster device information send (os-mobile.rules) * 1:26035 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - java on (exploit-kit.rules) * 1:26028 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk memory corruption attempt (file-other.rules) * 1:26040 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Portable Executable download attempt (exploit-kit.rules) * 1:26034 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - stats access (exploit-kit.rules) * 1:26042 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - stats loaded (exploit-kit.rules) * 1:26036 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Java Exploit (exploit-kit.rules) * 1:26044 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - redirection attempt (exploit-kit.rules) * 1:26041 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Portable Executable download attempt (exploit-kit.rules) * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (file-identify.rules) * 1:26043 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Portable Executable download attempt (exploit-kit.rules) * 1:26059 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:26045 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - setup (exploit-kit.rules) * 1:26061 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:26070 <-> ENABLED <-> FILE-EXECUTABLE Ichitaro JSMISC32.dll dll-load exploit attempt (file-executable.rules) * 1:26060 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:26073 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Message Server buffer overflow attempt (server-other.rules) * 1:26062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:26079 <-> DISABLED <-> FILE-PDF PDF file with embedded PDF object (file-pdf.rules) * 1:26071 <-> ENABLED <-> FILE-EXECUTABLE Ichitaro JSMISC32.dll dll-load exploit attempt (file-executable.rules) * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:26074 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Message Server buffer overflow attempt (server-other.rules) * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:26082 <-> DISABLED <-> FILE-PDF Nuance PDF reader launch overflow attempt (file-pdf.rules) * 1:26093 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules) * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:26104 <-> DISABLED <-> OS-MOBILE Android KMin imei imsi leakage (os-mobile.rules) * 1:26087 <-> DISABLED <-> OS-MOBILE Android GoneIn60Seconds data upload (os-mobile.rules) * 1:26108 <-> DISABLED <-> SERVER-OTHER HP Linux Imaging and Printing Project hpssd daemon command injection attempt (server-other.rules) * 1:26102 <-> DISABLED <-> OS-MOBILE Android GoldDream device registration (os-mobile.rules) * 1:26122 <-> DISABLED <-> FILE-OTHER Lattice Semiconductor ispXCF version attribute overflow attempt (file-other.rules) * 1:26107 <-> DISABLED <-> SERVER-OTHER HP Linux Imaging and Printing Project hpssd daemon command injection attempt (server-other.rules) * 1:26126 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file download request (file-identify.rules) * 1:26114 <-> DISABLED <-> OS-MOBILE Android Zitmo trojan intercepted sms upload (os-mobile.rules) * 1:26128 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules) * 1:26123 <-> DISABLED <-> FILE-OTHER Lattice Semiconductor ispXCF version attribute overflow attempt (file-other.rules) * 1:26164 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSheet code execution attempt (file-office.rules) * 1:26127 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules) * 1:26171 <-> DISABLED <-> FILE-OFFICE Microsoft Office OneNote 2010 buffer overread info disclosure attempt (file-office.rules) * 1:26163 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSheet code execution attempt (file-office.rules) * 1:26173 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sortOn heap overflow attempt (file-flash.rules) * 1:26170 <-> DISABLED <-> FILE-OFFICE Microsoft Office OneNote 2010 buffer overread info disclosure attempt (file-office.rules) * 1:26177 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB memory corruption attempt (file-office.rules) * 1:26172 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sortOn heap overflow attempt (file-flash.rules) * 1:26188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3.5 unicode stack overflow attempt (browser-firefox.rules) * 1:26176 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB memory corruption attempt (file-office.rules) * 1:26190 <-> DISABLED <-> OS-MOBILE Android YZHC device registration (os-mobile.rules) * 1:26180 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt (server-other.rules) * 1:26195 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:26189 <-> DISABLED <-> OS-MOBILE Android YZHC device registration (os-mobile.rules) * 1:26197 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt (file-java.rules) * 1:26192 <-> DISABLED <-> OS-MOBILE Android CruseWind imei leakage (os-mobile.rules) * 1:26199 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib LookupOp integer overflow attempt (file-java.rules) * 1:26196 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib LookupOp integer overflow attempt (file-java.rules) * 1:26205 <-> DISABLED <-> OS-MOBILE Android Fakenetflix email password upload (os-mobile.rules) * 1:26198 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:26207 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules) * 1:26200 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt (file-java.rules) * 1:26209 <-> DISABLED <-> FILE-OTHER CyberLink Power2Go name parameter overflow attempt (file-other.rules) * 1:26206 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file download request (file-identify.rules) * 1:26226 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit redirection attempt (exploit-kit.rules) * 1:26208 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules) * 1:26243 <-> DISABLED <-> FILE-MULTIMEDIA CCMPlayer m3u buffer overflow attempt (file-multimedia.rules) * 1:26210 <-> DISABLED <-> FILE-OTHER CyberLink Power2Go name parameter overflow attempt (file-other.rules) * 1:26247 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.PremiumSMS APK file download attempt (os-mobile.rules) * 1:26242 <-> DISABLED <-> FILE-MULTIMEDIA CCMPlayer m3u buffer overflow attempt (file-multimedia.rules) * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:26246 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.PremiumSMS APK file download attempt (os-mobile.rules) * 1:26258 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari SVG Markers Memory Use-After-Free attempt (browser-webkit.rules) * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:26261 <-> ENABLED <-> MALWARE-OTHER Fake postal receipt HTTP Response phishing attack (malware-other.rules) * 1:26257 <-> DISABLED <-> OS-MOBILE Android ANDR-WIN.MSIL variant PC-USB Malicious executable file download (os-mobile.rules) * 1:26272 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Chuli APK file download attempt (os-mobile.rules) * 1:26259 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari SVG Markers Memory Use-After-Free attempt (browser-webkit.rules) * 1:26286 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search.dnssearch.org (app-detect.rules) * 1:26262 <-> DISABLED <-> SERVER-OTHER MongoDB nativeHelper.apply method command injection attempt (server-other.rules) * 1:26290 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.RootSmart outbound communication attempt (os-mobile.rules) * 1:26273 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Chuli APK file download attempt (os-mobile.rules) * 1:26292 <-> ENABLED <-> EXPLOIT-KIT Oracle Java Jar file downloaded when zip is defined (exploit-kit.rules) * 1:26287 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search.namequery.com (app-detect.rules) * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules) * 1:26291 <-> DISABLED <-> OS-MOBILE Android Ksapp device registration (os-mobile.rules) * 1:26300 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules) * 1:26293 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit request (exploit-kit.rules) * 1:26302 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules) * 1:26299 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules) * 1:26304 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules) * 1:26301 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules) * 1:26306 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules) * 1:26303 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules) * 1:26308 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules) * 1:26305 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules) * 1:26310 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules) * 1:26307 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules) * 1:26312 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules) * 1:26309 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules) * 1:26314 <-> DISABLED <-> SERVER-OTHER Coppermine Photo Gallery picEditor.php command execution attempt (server-other.rules) * 1:26311 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules) * 1:26316 <-> DISABLED <-> SERVER-OTHER Coppermine Photo Gallery picEditor.php command execution attempt (server-other.rules) * 1:26313 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules) * 1:26318 <-> DISABLED <-> FILE-MULTIMEDIA Cool Player Plus M3U buffer overflow attempt (file-multimedia.rules) * 1:26315 <-> DISABLED <-> SERVER-OTHER Coppermine Photo Gallery picEditor.php command execution attempt (server-other.rules) * 1:26323 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit redirection page (exploit-kit.rules) * 1:26317 <-> DISABLED <-> FILE-MULTIMEDIA Cool Player Plus M3U buffer overflow attempt (file-multimedia.rules) * 1:26326 <-> ENABLED <-> MALWARE-BACKDOOR DarkSeoul related wiper (malware-backdoor.rules) * 1:26321 <-> DISABLED <-> NETBIOS SMB named pipe bruteforce attempt (netbios.rules) * 1:26332 <-> ENABLED <-> MALWARE-BACKDOOR Jokra dropper download (malware-backdoor.rules) * 1:26324 <-> DISABLED <-> PROTOCOL-DNS ISC BIND NAPTR record regular expression handling denial of service attempt (protocol-dns.rules) * 1:26334 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra diag request buffer overflow attempt (server-other.rules) * 1:26328 <-> ENABLED <-> MALWARE-BACKDOOR Windows vernot download (malware-backdoor.rules) * 1:26340 <-> DISABLED <-> FILE-OTHER Corel WordPerfect document parsing buffer overflow attempt (file-other.rules) * 1:26333 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra diag request buffer overflow attempt (server-other.rules) * 1:26366 <-> DISABLED <-> EXPLOIT-KIT Egypack exploit kit landing page (exploit-kit.rules) * 1:26336 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra snmp request buffer overflow attempt (server-other.rules) * 1:26368 <-> DISABLED <-> EXPLOIT-KIT Egypack exploit kit landing page (exploit-kit.rules) * 1:26353 <-> DISABLED <-> INDICATOR-COMPROMISE IP address check to dyndns.org detected (indicator-compromise.rules) * 1:26379 <-> DISABLED <-> SERVER-OTHER Squid proxy Accept-Language denial of service attempt (server-other.rules) * 1:26367 <-> DISABLED <-> EXPLOIT-KIT Egypack exploit kit outbound connection (exploit-kit.rules) * 1:26381 <-> DISABLED <-> MALWARE-OTHER UTF-8 BOM in zip file attachment detected (malware-other.rules) * 1:26369 <-> ENABLED <-> MALWARE-OTHER Double HTTP Server declared (malware-other.rules) * 1:26385 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows executable file save onto SMB share attempt (file-executable.rules) * 1:26380 <-> DISABLED <-> MALWARE-OTHER UTF-8 BOM in zip file attachment detected (malware-other.rules) * 1:26387 <-> DISABLED <-> OS-MOBILE Android Stels initial server contact (os-mobile.rules) * 1:26382 <-> DISABLED <-> MALWARE-OTHER UTF-8 BOM in zip file attachment detected (malware-other.rules) * 1:26391 <-> DISABLED <-> PROTOCOL-POP libcurl MD5 digest buffer overflow attempt (protocol-pop.rules) * 1:26386 <-> DISABLED <-> SERVER-OTHER Polycom HDX authorization bypass attempt (server-other.rules) * 1:26395 <-> DISABLED <-> APP-DETECT Ufasoft bitcoin miner possible data upload (app-detect.rules) * 1:26388 <-> DISABLED <-> OS-MOBILE Android Stels server response (os-mobile.rules) * 1:26410 <-> DISABLED <-> INDICATOR-COMPROMISE IP address check to j.maxmind.com detected (indicator-compromise.rules) * 1:26394 <-> DISABLED <-> SERVER-OTHER Bopup Communications server buffer overflow attempt (server-other.rules) * 1:26412 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot executable snkb0ptz.exe creation attempt SMB (malware-other.rules) * 1:26397 <-> DISABLED <-> INDICATOR-COMPROMISE IP address check to myip.dnsomatic.com detected (indicator-compromise.rules) * 1:26425 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP SDP header parsing stack buffer overflow attempt (protocol-voip.rules) * 1:26411 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot folder snkb0ptz creation attempt SMB (malware-other.rules) * 1:26427 <-> DISABLED <-> PROTOCOL-DNS ISC libdns client NAPTR record regular expression handling denial of service attempt (protocol-dns.rules) * 1:26413 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot Desktop.ini snkb0ptz.exe creation attempt SMB (malware-other.rules) * 1:26430 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules) * 1:26426 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP SDP header parsing stack buffer overflow attempt (protocol-voip.rules) * 1:26433 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:26429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules) * 1:26438 <-> DISABLED <-> PUA-OTHER Bitcoin outbound request attempt (pua-other.rules) * 1:26432 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:26440 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript/html generated by myobfuscate.com detected (indicator-obfuscation.rules) * 1:26437 <-> DISABLED <-> PUA-OTHER Bitcoin inbound response attempt (pua-other.rules) * 1:26443 <-> DISABLED <-> OS-MOBILE Android MDK encrypted information leak (os-mobile.rules) * 1:26439 <-> DISABLED <-> FILE-JAVA Oracle Java known malicious jar file download - specific structure (file-java.rules) * 1:26454 <-> DISABLED <-> SERVER-OTHER UltraVNC Listening mode stack buffer overflow attempt (server-other.rules) * 1:26442 <-> DISABLED <-> OS-MOBILE Android MDK encrypted information leak (os-mobile.rules) * 1:26456 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (file-identify.rules) * 1:26451 <-> DISABLED <-> INDICATOR-OBFUSCATION g01pack Javascript substr function wrapper attempt (indicator-obfuscation.rules) * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (file-identify.rules) * 1:26455 <-> DISABLED <-> SERVER-OTHER UltraVNC Listening mode stack buffer overflow attempt (server-other.rules) * 1:26460 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules) * 1:26457 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (file-identify.rules) * 1:26462 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules) * 1:26459 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules) * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:26461 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules) * 1:26469 <-> DISABLED <-> SERVER-ORACLE Oracle WebCenter FatWire Satellite Server header injection on blobheadername2 attempt (server-oracle.rules) * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:26471 <-> DISABLED <-> PROTOCOL-FTP VanDyke AbsoluteFTP LIST command stack buffer overflow attempt (protocol-ftp.rules) * 1:26468 <-> DISABLED <-> SERVER-ORACLE Oracle WebCenter FatWire Satellite Server header injection on blobheadername2 attempt (server-oracle.rules) * 1:26490 <-> ENABLED <-> BROWSER-OTHER Novell Messenger Client nim URI handler buffer overflow attempt (browser-other.rules) * 1:26470 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Zeus Spam 2013 dated zip/exe HTTP Response - potential malware download (malware-other.rules) * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:26489 <-> ENABLED <-> BROWSER-OTHER Novell Messenger Client nim URI handler buffer overflow attempt (browser-other.rules) * 1:26514 <-> ENABLED <-> FILE-IDENTIFY maplet file download attempt (file-identify.rules) * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (file-identify.rules) * 1:26516 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules) * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:26520 <-> DISABLED <-> FILE-OTHER Maple Maplet File Creation and Command Execution attempt (file-other.rules) * 1:26515 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules) * 1:26527 <-> ENABLED <-> EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt (exploit-kit.rules) * 1:26517 <-> ENABLED <-> FILE-IDENTIFY maplet bin file download attempt (file-identify.rules) * 1:26529 <-> DISABLED <-> MALWARE-BACKDOOR Unix.Backdoor.Cdorked backdoor command attempt (malware-backdoor.rules) * 1:26521 <-> DISABLED <-> FILE-OTHER Maple Maplet File Creation and Command Execution attempt (file-other.rules) * 1:26531 <-> ENABLED <-> MALWARE-OTHER Unix.Backdoor.Cdorked download attempt (malware-other.rules) * 1:26528 <-> DISABLED <-> INDICATOR-COMPROMISE Unix.Backdoor.Cdorked redirect attempt (indicator-compromise.rules) * 1:26542 <-> DISABLED <-> SERVER-OTHER Autonomy Ultraseek cs.html url parameter with url - possible malicious redirection attempt (server-other.rules) * 1:26530 <-> DISABLED <-> INDICATOR-COMPROMISE Unix.Backdoor.Cdorked redirected URI attempt (indicator-compromise.rules) * 1:26559 <-> DISABLED <-> OS-OTHER DLink IP camera remote command execution vulnerability - access to vulnerable rtpd.cgi (os-other.rules) * 1:26532 <-> ENABLED <-> MALWARE-OTHER Unix.Backdoor.Cdorked download attempt (malware-other.rules) * 1:26565 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded nop sled detected (indicator-obfuscation.rules) * 1:26553 <-> DISABLED <-> PUA-ADWARE Win.Adware.BProtector browser hijacker dll list download attempt (pua-adware.rules) * 1:26585 <-> DISABLED <-> INDICATOR-COMPROMISE config.inc.php in iframe (indicator-compromise.rules) * 1:26562 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit Spoofed Host Header .com- requests (exploit-kit.rules) * 1:26591 <-> ENABLED <-> EXPLOIT-KIT unknown exploit kit script injection attempt (exploit-kit.rules) * 1:26567 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded nop sled detected (indicator-obfuscation.rules) * 1:26597 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules) * 1:26586 <-> DISABLED <-> SERVER-OTHER PostgreSQL database name command line injection attempt (server-other.rules) * 1:26610 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Dulevco.A runtime detection (malware-backdoor.rules) * 1:26594 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Management Interface HTTP digest authentication stack buffer overflow attempt (protocol-voip.rules) * 1:26615 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript substr rename attempt (indicator-obfuscation.rules) * 1:26598 <-> DISABLED <-> FILE-OTHER .tar multiple antivirus evasion attempt (file-other.rules) * 1:26619 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple comment tags used in embedded RTF object - potentially malicious (indicator-obfuscation.rules) * 1:26611 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Dulevco.A runtime detection (malware-backdoor.rules) * 1:26621 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion adminapi information disclosure attempt (server-other.rules) * 1:26616 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript indexOf rename attempt (indicator-obfuscation.rules) * 1:26627 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio SVG external entity local file disclosure attempt (file-office.rules) * 1:26620 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple comment tags used in embedded RTF object - potentially malicious (indicator-obfuscation.rules) * 1:26644 <-> ENABLED <-> SERVER-OTHER SSL TLS DEFLATE compression detected (server-other.rules) * 1:26626 <-> DISABLED <-> FILE-OFFICE XML parameter entity reference local file disclosure attempt (file-office.rules) * 1:26650 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript regex embedded sandbox escape attempt (file-pdf.rules) * 1:26628 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio SVG external entity local file disclosure attempt (file-office.rules) * 1:26658 <-> DISABLED <-> BROWSER-WEBKIT Possible Google Chrome Plugin install from non-trusted source (browser-webkit.rules) * 1:26645 <-> DISABLED <-> SERVER-OTHER SSL TLS deflate compression weakness brute force attempt (server-other.rules) * 1:26660 <-> ENABLED <-> MALWARE-OTHER Fake delivery information phishing attack (malware-other.rules) * 1:26655 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.PCRat data upload (malware-backdoor.rules) * 1:26670 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.KitM file download (malware-other.rules) * 1:26659 <-> DISABLED <-> BROWSER-FIREFOX Possible Mozilla Firefox Plugin install from non-Mozilla source (browser-firefox.rules) * 1:26687 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:26662 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:26689 <-> DISABLED <-> OS-MOBILE Android Denofow phone information exfiltration (os-mobile.rules) * 1:26671 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.KitM file download (malware-other.rules) * 1:26694 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader dll injection sandbox escape (file-pdf.rules) * 1:26688 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:26699 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:26693 <-> DISABLED <-> OS-MOBILE Android Antammi device information exfiltration (os-mobile.rules) * 1:26701 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:26698 <-> ENABLED <-> MALWARE-OTHER Compromised Website response - leads to Exploit Kit (malware-other.rules) * 1:26716 <-> ENABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:26700 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:26755 <-> DISABLED <-> FILE-PDF Adobe Acrobat file extension overflow attempt (file-pdf.rules) * 1:26705 <-> DISABLED <-> OS-MOBILE Android Ewalls device information exfiltration (os-mobile.rules) * 1:26760 <-> DISABLED <-> OS-MOBILE Android Fakeinst device information leakage (os-mobile.rules) * 1:26717 <-> ENABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:26769 <-> DISABLED <-> SERVER-OTHER MIT Kerberos kpasswd process_chpw_request denial of service attempt (server-other.rules) * 1:26759 <-> DISABLED <-> SERVER-OTHER MIT Kerberos libkdb_ldap principal name handling denial of service attempt (server-other.rules) * 1:26773 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.Midwgif.A runtime detection (malware-backdoor.rules) * 1:26768 <-> DISABLED <-> OS-MOBILE Android Fakedoc device information leakage (os-mobile.rules) * 1:26783 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Opfake APK file download (os-mobile.rules) * 1:26772 <-> ENABLED <-> SERVER-OTHER Apache Struts2 skillName remote code execution attempt (server-other.rules) * 1:26789 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:26778 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Kazy download attempt (malware-other.rules) * 1:26796 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.ZertSecurity encrypted information leak (malware-other.rules) * 1:26788 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:26803 <-> ENABLED <-> MALWARE-OTHER DNS data exfiltration attempt (malware-other.rules) * 1:26795 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.ZertSecurity apk download (os-mobile.rules) * 1:26817 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript regex embedded sandbox escape attempt (file-pdf.rules) * 1:26802 <-> DISABLED <-> MALWARE-OTHER WIN.Worm.Beagle.AZ SMTP propagation detection (malware-other.rules) * 1:26826 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Opfake credential theft attempt (os-mobile.rules) * 1:26814 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit Initial Gate from Linked-In Mailing Campaign (exploit-kit.rules) * 1:26833 <-> DISABLED <-> FILE-OFFICE Microsoft Office MSComctlLib.Toolbar ActiveX control exploit attempt (file-office.rules) * 1:26823 <-> DISABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Neshgai.A runtime detection (malware-backdoor.rules) * 1:26842 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Boda Malware Checkin (malware-backdoor.rules) * 1:26827 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Opfake device information disclosure attempt (os-mobile.rules) * 1:26891 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit executable download (exploit-kit.rules) * 1:26838 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit Initial Gate from NatPay Mailing Campaign (exploit-kit.rules) * 1:26893 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit landing page (exploit-kit.rules) * 1:26881 <-> DISABLED <-> MALWARE-OTHER HTML.Dropper.Agent uri scheme detected (malware-other.rules) * 1:26895 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit Java V7 exploit download (exploit-kit.rules) * 1:26892 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit jar file download (exploit-kit.rules) * 1:26897 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit malware download (exploit-kit.rules) * 1:26894 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit Java V6 exploit download (exploit-kit.rules) * 1:26903 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules) * 1:26896 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit Plugin detection response (exploit-kit.rules) * 1:26906 <-> DISABLED <-> SERVER-OTHER Foswiki/Twiki MAKETEXT command execution attempt (server-other.rules) * 1:26902 <-> ENABLED <-> FILE-IDENTIFY Android APK download request (file-identify.rules) * 1:26921 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Kazy download attempt (malware-other.rules) * 1:26904 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules) * 1:26926 <-> DISABLED <-> FILE-OTHER Multiple products ZIP archive virus detection bypass attempt (file-other.rules) * 1:26909 <-> DISABLED <-> FILE-IMAGE Microsoft Windows WMF denial of service attempt (file-image.rules) * 1:26934 <-> ENABLED <-> MALWARE-OTHER Clickserver ad harvesting redirection attempt (malware-other.rules) * 1:26922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:26939 <-> DISABLED <-> OS-MOBILE Android Tetus device information leakage variant (os-mobile.rules) * 1:26933 <-> ENABLED <-> MALWARE-OTHER Clickserver ad harvesting redirection attempt (malware-other.rules) * 1:26951 <-> ENABLED <-> EXPLOIT-KIT DotkaChef/Rmayana/DotCache exploit kit Malvertising Campaign URI request (exploit-kit.rules) * 1:26938 <-> DISABLED <-> OS-MOBILE Android Tetus device information leakage (os-mobile.rules) * 1:26957 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 2 (exploit-kit.rules) * 1:26949 <-> ENABLED <-> EXPLOIT-KIT DotkaChef/Rmayana/DotCache exploit kit landing page (exploit-kit.rules) * 1:26959 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 4 (exploit-kit.rules) * 1:26956 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 1 (exploit-kit.rules) * 1:26961 <-> ENABLED <-> EXPLOIT-KIT Flim exploit kit landing page (exploit-kit.rules) * 1:26958 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 3 (exploit-kit.rules) * 1:26963 <-> DISABLED <-> EXPLOIT-KIT Flim exploit kit outbound jar request (exploit-kit.rules) * 1:26960 <-> ENABLED <-> EXPLOIT-KIT Zuponcic exploit kit landing page (exploit-kit.rules) * 1:26982 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules) * 1:26962 <-> ENABLED <-> EXPLOIT-KIT Flim exploit kit portable executable download (exploit-kit.rules) * 1:26985 <-> ENABLED <-> EXPLOIT-KIT Rawin exploit kit outbound java retrieval (exploit-kit.rules) * 1:26964 <-> DISABLED <-> EXPLOIT-KIT Flim exploit kit outbound jnlp request (exploit-kit.rules) * 1:27005 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Portable Executable downloaded when mp3 is declared (exploit-kit.rules) * 1:26983 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules) * 1:27024 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Netweird.A file download attempt (malware-other.rules) * 1:26989 <-> DISABLED <-> FILE-OTHER Multiple products ZIP archive virus detection bypass attempt (file-other.rules) * 1:27026 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit landing page (exploit-kit.rules) * 1:27016 <-> DISABLED <-> OS-MOBILE Android AnserverBot initial contact (os-mobile.rules) * 1:27032 <-> DISABLED <-> OS-MOBILE Android Walkinwat / Wandt information leakage generic (os-mobile.rules) * 1:27025 <-> DISABLED <-> MALWARE-OTHER UNIX.Trojan.Netweird.A file download attempt (malware-other.rules) * 1:27035 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.Transhell file download (malware-other.rules) * 1:27031 <-> DISABLED <-> OS-MOBILE Android Satfi device information leakage (os-mobile.rules) * 1:27038 <-> DISABLED <-> OS-MOBILE Android Vidro / EClips device information leakage (os-mobile.rules) * 1:27034 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.Transhell file download (malware-other.rules) * 1:27047 <-> DISABLED <-> INDICATOR-COMPROMISE Unknown ?1 redirect (indicator-compromise.rules) * 1:27037 <-> DISABLED <-> OS-MOBILE Android Vidro / EClips sms send instructions (os-mobile.rules) * 1:27051 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Dokstormac file download (malware-other.rules) * 1:27046 <-> DISABLED <-> APP-DETECT iodine dns tunneling handshake server ACK (app-detect.rules) * 1:27053 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.JVDrop.A jar file download attempt (malware-other.rules) * 1:27050 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Dokstormac file download (malware-other.rules) * 1:27056 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Yakes download attempt (malware-other.rules) * 1:27052 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.JVDrop.A jar file download attempt (malware-other.rules) * 1:27060 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.HackBack file upload attempt (malware-other.rules) * 1:27055 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Yakes download attempt (malware-other.rules) * 1:27068 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious jar file download (exploit-kit.rules) * 1:27059 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.HackBack file download attempt (malware-other.rules) * 1:27078 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit landing page - specific structure (exploit-kit.rules) * 1:27064 <-> DISABLED <-> OS-MOBILE Android Spy2Mobile device information leakage (os-mobile.rules) * 1:27080 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit Firefox exploit download - autopwn (exploit-kit.rules) * 1:27069 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious portable executable download (exploit-kit.rules) * 1:27085 <-> ENABLED <-> EXPLOIT-KIT Unknown Malvertising exploit kit Hostile Jar pipe.class (exploit-kit.rules) * 1:27079 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit landing page stage 2 (exploit-kit.rules) * 1:27089 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules) * 1:27084 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit rhino remote code execution exploit download - autopwn (exploit-kit.rules) * 1:27094 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeToken information disclosure attempt (os-mobile.rules) * 1:27086 <-> ENABLED <-> EXPLOIT-KIT Unknown Malvertising exploit kit stage-1 redirect (exploit-kit.rules) * 1:27096 <-> DISABLED <-> FILE-OTHER XML exponential entity expansion attack attempt (file-other.rules) * 1:27090 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules) * 1:27098 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSSilence unsolicited sms attempt (os-mobile.rules) * 1:27095 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeToken APK file download attempt (os-mobile.rules) * 1:27102 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime enof atom parsing heap buffer overflow attempt (file-multimedia.rules) * 1:27097 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSSilence APK file download attempt (os-mobile.rules) * 1:27106 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious jar download (exploit-kit.rules) * 1:27099 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSSilence device information disclosure attempt (os-mobile.rules) * 1:27108 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit malicious jar file downloaded when exe is declared (exploit-kit.rules) * 1:27103 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime enof atom parsing heap buffer overflow attempt (file-multimedia.rules) * 1:27115 <-> ENABLED <-> MALWARE-OTHER DirtJumper denial of service attack traffic (malware-other.rules) * 1:27107 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious jar download (exploit-kit.rules) * 1:27117 <-> DISABLED <-> OS-MOBILE Android Androrat sms message leakage (os-mobile.rules) * 1:27109 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit malicious jar download (exploit-kit.rules) * 1:27119 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple plugin version detection attempt (indicator-obfuscation.rules) * 1:27116 <-> DISABLED <-> OS-MOBILE Android Androrat device information leakage (os-mobile.rules) * 1:27136 <-> ENABLED <-> OS-WINDOWS Microsoft Windows .NET CLR mutlidimensional array handling remote code execution attempt (os-windows.rules) * 1:27118 <-> DISABLED <-> OS-MOBILE Android Androrat contact list leakage (os-mobile.rules) * 1:27193 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules) * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:27195 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules) * 1:27139 <-> ENABLED <-> OS-WINDOWS Microsoft Windows .NET CLR mutlidimensional array handling remote code execution attempt (os-windows.rules) * 1:27198 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Pintsized file download attempt (malware-other.rules) * 1:27194 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules) * 1:27210 <-> ENABLED <-> SERVER-OTHER IPMI RAKP cipher zero remote authentication bypass attempt (server-other.rules) * 1:27197 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Pintsized file download attempt (malware-other.rules) * 1:27225 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion JRun error page getWriter denial of service attempt (server-other.rules) * 1:27203 <-> DISABLED <-> INDICATOR-COMPROMISE Apache auto_prepend_file a.control.bin C2 traffic (indicator-compromise.rules) * 1:27229 <-> ENABLED <-> MALWARE-OTHER IFRAMEr Tool code injection attack (malware-other.rules) * 1:27224 <-> ENABLED <-> SERVER-OTHER Adobe ColdFusion websocket invoke method access (server-other.rules) * 1:27234 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory LDAP search denial of service attempt (server-other.rules) * 1:27228 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.Janicab file download attempt (malware-other.rules) * 1:27237 <-> DISABLED <-> SERVER-OTHER IPMI default username - root (server-other.rules) * 1:27231 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:27239 <-> DISABLED <-> SERVER-OTHER IPMI default username - USERID (server-other.rules) * 1:27236 <-> DISABLED <-> SERVER-OTHER Citrix XenApp password buffer overflow attempt (server-other.rules) * 1:27241 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page detected (exploit-kit.rules) * 1:27238 <-> DISABLED <-> SERVER-OTHER IPMI default username - admin (server-other.rules) * 1:27246 <-> ENABLED <-> MALWARE-OTHER Mac OSX FBI ransomware (malware-other.rules) * 1:27240 <-> DISABLED <-> SERVER-OTHER multiple vendors IPMI RAKP username brute force attempt (server-other.rules) * 1:27255 <-> DISABLED <-> INDICATOR-COMPROMISE All Numbers .EXE file name from abnormally ordered HTTP headers - Potential Yakes Trojan Download (indicator-compromise.rules) * 1:27242 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:27259 <-> DISABLED <-> INDICATOR-OBFUSCATION eval large block of fromCharCode (indicator-obfuscation.rules) * 1:27249 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:27266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap buffer overflow attempt (file-flash.rules) * 1:27258 <-> DISABLED <-> INDICATOR-OBFUSCATION eval large block of fromCharCode (indicator-obfuscation.rules) * 1:27268 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript user-supplied PCM resampling integer overflow attempt (file-flash.rules) * 1:27265 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap buffer overflow attempt (file-flash.rules) * 1:27270 <-> DISABLED <-> SERVER-OTHER GuildFTPd LIST command heap overflow attempt (server-other.rules) * 1:27267 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript user-supplied PCM resampling integer overflow attempt (file-flash.rules) * 1:27274 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java Exploit request structure (exploit-kit.rules) * 1:27269 <-> DISABLED <-> SERVER-OTHER GuildFTPd CWD command heap overflow attempt (server-other.rules) * 1:27276 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:27273 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit iframe redirection (exploit-kit.rules) * 1:27278 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (file-other.rules) * 1:27275 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:27280 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (file-other.rules) * 1:27277 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file download request (file-identify.rules) * 1:27525 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:27279 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (file-other.rules) * 1:27527 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:27281 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (file-other.rules) * 1:27529 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:27526 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:27532 <-> DISABLED <-> SERVER-MAIL Exim and Dovecot mail from remote command execution attempt (server-mail.rules) * 1:27528 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:27538 <-> DISABLED <-> MALWARE-OTHER self-signed SSL certificate with default MyCompany Ltd organization name (malware-other.rules) * 1:27530 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:27541 <-> DISABLED <-> APP-DETECT OzymanDNS dns tunneling down attempt (app-detect.rules) * 1:27536 <-> DISABLED <-> APP-DETECT TCP over DNS response attempt (app-detect.rules) * 1:27543 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:27540 <-> DISABLED <-> APP-DETECT OzymanDNS dns tunneling up attempt (app-detect.rules) * 1:27552 <-> DISABLED <-> OS-MOBILE Android Exploit Extra_Field APK file download attempt (os-mobile.rules) * 1:27542 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:27569 <-> DISABLED <-> FILE-IMAGE JPEG parser multipacket heap overflow attempt (file-image.rules) * 1:27550 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules) * 1:27573 <-> ENABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:27565 <-> ENABLED <-> MALWARE-OTHER HideMeBetter spam injection variant (malware-other.rules) * 1:27575 <-> ENABLED <-> SERVER-APACHE Apache Struts arbitrary OGNL remote code execution attempt (server-apache.rules) * 1:27572 <-> ENABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:27578 <-> DISABLED <-> SERVER-OTHER OpenX POST to known backdoored file (server-other.rules) * 1:27574 <-> ENABLED <-> SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt (server-apache.rules) * 1:27593 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split (indicator-obfuscation.rules) * 1:27576 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font maxComponentPoints overflow attempt (file-other.rules) * 1:27595 <-> ENABLED <-> MALWARE-OTHER Fake Adobe Flash Player malware binary requested (malware-other.rules) * 1:27579 <-> DISABLED <-> SERVER-OTHER Sybase Open Server function pointer array code execution attempt (server-other.rules) * 1:27603 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:27594 <-> ENABLED <-> MALWARE-OTHER Fake Adobe Flash Player update warning enticing clicks to malware payload (malware-other.rules) * 1:27609 <-> DISABLED <-> POLICY-OTHER Microsoft ADFS endpoint information disclosure attempt (policy-other.rules) * 1:27602 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:27611 <-> DISABLED <-> PROTOCOL-ICMP Truncated ICMPv6 denial of service attempt (protocol-icmp.rules) * 1:27604 <-> DISABLED <-> POLICY-SPAM FedEX spam campaign outbound connection (policy-spam.rules) * 1:27624 <-> DISABLED <-> OS-WINDOWS Microsoft ICMPv6 mismatched prefix length and length field denial of service attempt (os-windows.rules) * 1:27610 <-> DISABLED <-> PROTOCOL-ICMP Truncated ICMPv6 denial of service attempt (protocol-icmp.rules) * 1:27669 <-> DISABLED <-> APP-DETECT Heyoka outbound communication attempt (app-detect.rules) * 1:27623 <-> DISABLED <-> SERVER-OTHER Joomla media.php arbitrary file upload attempt (server-other.rules) * 1:27690 <-> DISABLED <-> FILE-PDF Foxit PDF Reader authentication bypass attempt (file-pdf.rules) * 1:27668 <-> DISABLED <-> APP-DETECT Heyoka initial outbound connection attempt (app-detect.rules) * 1:27694 <-> DISABLED <-> FILE-JAVA Oracle Java 2D ImagingLib BytePackedRaster signed integer overflow attempt (file-java.rules) * 1:27689 <-> DISABLED <-> FILE-PDF Foxit PDF Reader authentication bypass attempt (file-pdf.rules) * 1:27712 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection injection (exploit-kit.rules) * 1:27693 <-> DISABLED <-> FILE-JAVA Oracle Java 2D ImagingLib BytePackedRaster signed integer overflow attempt (file-java.rules) * 1:27715 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page (exploit-kit.rules) * 1:27700 <-> DISABLED <-> APP-DETECT NSTX DNS tunnel outbound connection attempt (app-detect.rules) * 1:27723 <-> DISABLED <-> SQL McAfee ePolicy Orchestrator timing based SQL injection attempt (sql.rules) * 1:27713 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection injection (exploit-kit.rules) * 1:27725 <-> DISABLED <-> OS-MOBILE Android SMSAgent.C outbound SMTP communication (os-mobile.rules) * 1:27721 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .su dns query (indicator-compromise.rules) * 1:27730 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /css3.jsp (indicator-compromise.rules) * 1:27724 <-> DISABLED <-> SQL McAfee ePolicy Orchestrator timing based SQL injection attempt (sql.rules) * 1:27732 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /jspspy.jsp (indicator-compromise.rules) * 1:27729 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /Silic.jsp (indicator-compromise.rules) * 1:27734 <-> ENABLED <-> EXPLOIT-KIT IFRAMEr Tool embedded javascript attack method - specific structure (exploit-kit.rules) * 1:27731 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /inback.jsp (indicator-compromise.rules) * 1:27739 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit redirection page (exploit-kit.rules) * 1:27733 <-> DISABLED <-> EXPLOIT-KIT IFRAMEr Tool embedded javascript attack method - generic structure (exploit-kit.rules) * 1:27755 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:27738 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit landing page (exploit-kit.rules) * 1:27765 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:27754 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:27786 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:27764 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:27810 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit redirection (exploit-kit.rules) * 1:27783 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit plugin detection page (exploit-kit.rules) * 1:27819 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint denial of service attempt (server-other.rules) * 1:27787 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:27821 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel PtgMemFunc zero-value cce-field read access violation attempt (file-office.rules) * 1:27818 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint denial of service attempt (server-other.rules) * 1:27825 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid external defined names read AV attempt (file-office.rules) * 1:27820 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel PtgMemFunc zero-value cce-field read access violation attempt (file-office.rules) * 1:27851 <-> ENABLED <-> FILE-OFFICE Microsoft Office SDTI signed integer underflow attempt (file-office.rules) * 1:27824 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid external defined names read AV attempt (file-office.rules) * 1:27853 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word invalid number of cells memory corruption attempt (file-office.rules) * 1:27850 <-> ENABLED <-> FILE-OFFICE Microsoft Office SDTI signed integer underflow attempt (file-office.rules) * 1:27855 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (file-office.rules) * 1:27852 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word invalid number of cells memory corruption attempt (file-office.rules) * 1:27857 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (file-office.rules) * 1:27854 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (file-office.rules) * 1:27859 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word malformed OCXINFO element EoP attempt (file-office.rules) * 1:27856 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (file-office.rules) * 1:27861 <-> DISABLED <-> SERVER-ORACLE Oracle Enterprise Manager Database Control directory traversal attempt (server-oracle.rules) * 1:27858 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word malformed OCXINFO element EoP attempt (file-office.rules) * 1:27880 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Acrobat Reader 9 (exploit-kit.rules) * 1:27860 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt (os-windows.rules) * 1:27887 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27879 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Acrobat Reader 8 (exploit-kit.rules) * 1:27889 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27882 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Flash Player (exploit-kit.rules) * 1:27891 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit secondary payload (exploit-kit.rules) * 1:27888 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27900 <-> DISABLED <-> PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt (protocol-voip.rules) * 1:27890 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit secondary payload (exploit-kit.rules) * 1:27902 <-> DISABLED <-> PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt (protocol-voip.rules) * 1:27899 <-> DISABLED <-> PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt (protocol-voip.rules) * 1:27904 <-> DISABLED <-> PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt (protocol-voip.rules) * 1:27901 <-> DISABLED <-> PROTOCOL-VOIP Ghost call attack attempt (protocol-voip.rules) * 1:27911 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit landing page (exploit-kit.rules) * 1:27903 <-> DISABLED <-> PROTOCOL-VOIP Ghost call attack attempt (protocol-voip.rules) * 1:27913 <-> DISABLED <-> PUA-ADWARE Vittalia adware - get ads (pua-adware.rules) * 1:27907 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit payload download attempt (exploit-kit.rules) * 1:27915 <-> DISABLED <-> PUA-ADWARE Vittalia adware outbound connection - pre install (pua-adware.rules) * 1:27912 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit landing page (exploit-kit.rules) * 1:27917 <-> DISABLED <-> PUA-TOOLBARS Vittalia adware outbound connection - offers (pua-toolbars.rules) * 1:27914 <-> DISABLED <-> PUA-ADWARE Vittalia adware - post install (pua-adware.rules) * 1:27923 <-> DISABLED <-> APP-DETECT Splashtop connection negotiation attempt (app-detect.rules) * 1:27916 <-> DISABLED <-> PUA-TOOLBARS Vittalia adware outbound connection - Eazel toolbar install (pua-toolbars.rules) * 1:27925 <-> DISABLED <-> APP-DETECT Splashtop Personal download attempt (app-detect.rules) * 1:27922 <-> DISABLED <-> APP-DETECT Splashtop outbound connection attempt (app-detect.rules) * 1:27927 <-> DISABLED <-> APP-DETECT Splashtop inbound connection negotiation attempt (app-detect.rules) * 1:27924 <-> DISABLED <-> APP-DETECT Splashtop Streamer download attempt (app-detect.rules) * 1:27929 <-> DISABLED <-> APP-DETECT Splashtop communication attempt (app-detect.rules) * 1:27926 <-> DISABLED <-> APP-DETECT Splashtop Streamer certificate server connect attempt (app-detect.rules) * 1:27931 <-> DISABLED <-> APP-DETECT DNS request for Splashtop domain splashtop.net (app-detect.rules) * 1:27928 <-> DISABLED <-> APP-DETECT Splashtop connection attempt (app-detect.rules) * 1:27933 <-> DISABLED <-> APP-DETECT Splashtop streamer download attempt (app-detect.rules) * 1:27930 <-> DISABLED <-> APP-DETECT DNS request for Splashtop domain splashtop.com (app-detect.rules) * 1:27935 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit landing page (exploit-kit.rules) * 1:27932 <-> DISABLED <-> APP-DETECT DNS request for Splashtop domain devicevm.com (app-detect.rules) * 1:27938 <-> DISABLED <-> PROTOCOL-DNS IPv6 host name enumeration (protocol-dns.rules) * 1:27934 <-> DISABLED <-> APP-DETECT Splashtop personal download attempt (app-detect.rules) * 1:27957 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit download attempt (malware-other.rules) * 1:27936 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit portable executable download (exploit-kit.rules) * 1:27959 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit upload attempt (malware-other.rules) * 1:27956 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit download attempt (malware-other.rules) * 1:27961 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit upload attempt (malware-other.rules) * 1:27958 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit download attempt (malware-other.rules) * 1:27983 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application zip download attempt (app-detect.rules) * 1:27960 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit upload attempt (malware-other.rules) * 1:27985 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain hjuyv.com (app-detect.rules) * 1:27982 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application executable download attempt (app-detect.rules) * 1:27987 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain vfrtg.com (app-detect.rules) * 1:27984 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dfgvx.com (app-detect.rules) * 1:27989 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain mjuyh.com (app-detect.rules) * 1:27986 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain rfvcd.com (app-detect.rules) * 1:27991 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain ziyouforever.com (app-detect.rules) * 1:27988 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dongtaiwang.com (app-detect.rules) * 1:27993 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain xcder.com (app-detect.rules) * 1:27990 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain umikl.com (app-detect.rules) * 1:27995 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain ewsxz.com (app-detect.rules) * 1:27992 <-> DISABLED <-> APP-DETECT DNS response for Dynamic Internet Technology domain ziyouforever.com (app-detect.rules) * 1:27997 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dongtaiwang.net (app-detect.rules) * 1:27994 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dit-inc.us (app-detect.rules) * 1:27999 <-> DISABLED <-> APP-DETECT Possible Dynamic Internet Technology Frontgate application PING (app-detect.rules) * 1:27996 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain nbgtr.com (app-detect.rules) * 1:28001 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application zip download attempt (app-detect.rules) * 1:27998 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain washingtonchinareview.org (app-detect.rules) * 1:28003 <-> DISABLED <-> INDICATOR-SCAN UPnP WANIPConnection (indicator-scan.rules) * 1:28000 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application executable download attempt (app-detect.rules) * 1:28015 <-> ENABLED <-> EXPLOIT-KIT g01pack exploit kit redirection attempt (exploit-kit.rules) * 1:28002 <-> DISABLED <-> INDICATOR-SCAN UPnP WANPPPConnection (indicator-scan.rules) * 1:28017 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28006 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kuluoz outbound download request (malware-other.rules) * 1:28019 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28016 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28021 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28018 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28026 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:28020 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28038 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit successful redirection (exploit-kit.rules) * 1:28022 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - IFRAMEr injection tool (exploit-kit.rules) * 1:28046 <-> DISABLED <-> OS-MOBILE Android fake iMessage app download (os-mobile.rules) * 1:28028 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit exploit download attempt (exploit-kit.rules) * 1:28055 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV outbound communication attempt (os-mobile.rules) * 1:28043 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:28057 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV APK file download attempt (os-mobile.rules) * 1:28054 <-> ENABLED <-> MALWARE-OTHER VBScript potential executable write attempt (malware-other.rules) * 1:28069 <-> DISABLED <-> APP-DETECT DNS request for potential malware SafeGuard to domain 360.cn (app-detect.rules) * 1:28056 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV APK file download attempt (os-mobile.rules) * 1:28071 <-> DISABLED <-> APP-DETECT 360.cn SafeGuard local HTTP management console access attempt (app-detect.rules) * 1:28068 <-> DISABLED <-> APP-DETECT 360.cn Safeguard runtime outbound communication (app-detect.rules) * 1:28082 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Malapp APK file download attempt (os-mobile.rules) * 1:28070 <-> DISABLED <-> APP-DETECT DNS request for potential malware SafeGuard to domain 360safe.com (app-detect.rules) * 1:28087 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SmsSpy APK file download attempt (os-mobile.rules) * 1:28081 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Malapp APK file download attempt (os-mobile.rules) * 1:28089 <-> DISABLED <-> POLICY-SOCIAL multiple chat protocols link to local file attempt (policy-social.rules) * 1:28086 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SmsSpy APK file download attempt (os-mobile.rules) * 1:28098 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS reGenerateReports/DeleteReports SQL injection attempt (server-other.rules) * 1:28088 <-> DISABLED <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt (policy-social.rules) * 1:28100 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS deleteReportFilter SQL injection attempt (server-other.rules) * 1:28090 <-> DISABLED <-> POLICY-SOCIAL multiple chat protocols link to local file attempt (policy-social.rules) * 1:28102 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS ReportFilterID/reportTemplateID SQL injection attempt (server-other.rules) * 1:28099 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS reGenerateReports/DeleteReports SQL injection attempt (server-other.rules) * 1:28137 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ShrFmla record use after free attempt (file-office.rules) * 1:28101 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS reGenerateReports/DeleteReports SQL injection attempt (server-other.rules) * 1:28140 <-> DISABLED <-> PUA-ADWARE Win.Adware.Schmidti outbound communication attempt (pua-adware.rules) * 1:28103 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Workspace file FontCount record memory corruption attempt (file-office.rules) * 1:28150 <-> DISABLED <-> SERVER-OTHER Quest Software Big Brother attempted arbitrary file upload (server-other.rules) * 1:28138 <-> ENABLED <-> EXPLOIT-KIT DotkaChef/Rmayana exploit kit redirection attempt (exploit-kit.rules) * 1:28161 <-> DISABLED <-> FILE-OTHER Microsoft .NET XML digital signature denial of service attempt (file-other.rules) * 1:28149 <-> DISABLED <-> SERVER-OTHER Quest Software Big Brother attempted arbitrary file deletion (server-other.rules) * 1:28165 <-> DISABLED <-> PROTOCOL-VOIP attempted DOS detected (protocol-voip.rules) * 1:28156 <-> DISABLED <-> PUA-ADWARE Linkury outbound time check (pua-adware.rules) * 1:28194 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit landing page (exploit-kit.rules) * 1:28162 <-> DISABLED <-> FILE-OTHER Microsoft .NET XML digital signature denial of service attempt (file-other.rules) * 1:28201 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint XSS attempt (server-other.rules) * 1:28190 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cc dns query (indicator-compromise.rules) * 1:28203 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules) * 1:28195 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit post java exploit download attempt (exploit-kit.rules) * 1:28206 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2003 macro byte opcode large data structure arbitrary code execution attempt (file-office.rules) * 1:28202 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules) * 1:28233 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit payload download attempt (exploit-kit.rules) * 1:28205 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2003 macro byte opcode large data structure arbitrary code execution attempt (file-office.rules) * 1:28245 <-> DISABLED <-> APP-DETECT Bizhi Sogou Wallpaper application outbound connection attempt (app-detect.rules) * 1:28213 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit redirection received (exploit-kit.rules) * 1:28264 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit java compromise successful (exploit-kit.rules) * 1:28238 <-> DISABLED <-> EXPLOIT-KIT Multiple exploit kits malicious pdf download (exploit-kit.rules) * 1:28279 <-> ENABLED <-> PUA-ADWARE Wajam outbound connection - post install (pua-adware.rules) * 1:28246 <-> DISABLED <-> APP-DETECT Bizhi Sogou Wallpaper application download schema response (app-detect.rules) * 1:28286 <-> ENABLED <-> FILE-OTHER overly large XML file MSXML heap overflow attempt (file-other.rules) * 1:28265 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page attempt (exploit-kit.rules) * 1:28292 <-> DISABLED <-> PROTOCOL-ICMP IPv6 0xfacebabe ICMP ping attempt (protocol-icmp.rules) * 1:28280 <-> ENABLED <-> PUA-ADWARE Wajam outbound connection - post install (pua-adware.rules) * 1:28308 <-> ENABLED <-> EXPLOIT-KIT Himan exploit kit payload - Adobe Reader compromise (exploit-kit.rules) * 1:28291 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit exploit download attempt (exploit-kit.rules) * 1:28324 <-> ENABLED <-> PUA-ADWARE FakeAV runtime detection (pua-adware.rules) * 1:28301 <-> DISABLED <-> INDICATOR-SCAN User-Agent known malicious user-agent Masscan (indicator-scan.rules) * 1:28347 <-> DISABLED <-> MALWARE-OTHER SimpleTDS - page redirecting to a SimpleTDS (malware-other.rules) * 1:28310 <-> ENABLED <-> EXPLOIT-KIT Himan exploit kit payload - Oracle Java compromise (exploit-kit.rules) * 1:28365 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Stoberox outbound communication attempt (malware-other.rules) * 1:28344 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to chr function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:28368 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:28348 <-> DISABLED <-> MALWARE-OTHER SimpleTDS - request to go.php (malware-other.rules) * 1:28370 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:28367 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:28372 <-> ENABLED <-> PUA-ADWARE UpdateStar encapsulated installer outbound connection (pua-adware.rules) * 1:28369 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:28383 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules) * 1:28371 <-> ENABLED <-> PUA-ADWARE UpdateStar CIS file retrieval attempt (pua-adware.rules) * 1:28386 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTML Help security zone bypass attempt (os-windows.rules) * 1:28382 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index file download request (file-identify.rules) * 1:28390 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:28384 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules) * 1:28392 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (file-multimedia.rules) * 1:28387 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTML Help security zone bypass attempt (os-windows.rules) * 1:28423 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit single digit exe detection (exploit-kit.rules) * 1:28391 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:28450 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retrieve attempt (exploit-kit.rules) * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules) * 1:28497 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules) * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:28499 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:28483 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Magitart outbound communication attempt (malware-other.rules) * 1:28501 <-> DISABLED <-> FILE-OTHER WordPerfect file magic with .doc extension (file-other.rules) * 1:28498 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:28503 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:28500 <-> DISABLED <-> FILE-OTHER WordPerfect file magic with .doc extension (file-other.rules) * 1:28530 <-> DISABLED <-> PUA-TOOLBARS Babylon toolbar outbound connection (pua-toolbars.rules) * 1:28502 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:28532 <-> DISABLED <-> MALWARE-TOOLS PyLoris http DoS tool (malware-tools.rules) * 1:28521 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:28535 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28531 <-> DISABLED <-> PUA-ADWARE FreePDS installer outbound connection (pua-adware.rules) * 1:28537 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28534 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28545 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules) * 1:28536 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28549 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:28544 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules) * 1:28552 <-> DISABLED <-> INDICATOR-SCAN inbound probing for IPTUX messenger port (indicator-scan.rules) * 1:28546 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules) * 1:28567 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free race condition (file-flash.rules) * 1:28550 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:28569 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules) * 1:28555 <-> DISABLED <-> MALWARE-OTHER SQL Slammer worm propagation attempt inbound (malware-other.rules) * 1:28571 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:28568 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules) * 1:28573 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:28570 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:28575 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader FDF submitForm cross-site scripting attempt (file-other.rules) * 1:28572 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:28577 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader memory disclosure attempt (file-pdf.rules) * 1:28574 <-> ENABLED <-> FILE-IDENTIFY FDF file download request (file-identify.rules) * 1:28587 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GlyphOffset memory disclosure attempt (file-flash.rules) * 1:28576 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader FDF submitForm cross-site scripting attempt (file-other.rules) * 1:28589 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28578 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader memory disclosure attempt (file-pdf.rules) * 1:28591 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF remote code execution attempt (file-pdf.rules) * 1:28588 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GlyphOffset memory disclosure attempt (file-flash.rules) * 1:28593 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit payload download (exploit-kit.rules) * 1:28590 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28597 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader field dictionary null pointer dereference attempt (file-pdf.rules) * 1:28592 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF remote code execution attempt (file-pdf.rules) * 1:28600 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (file-pdf.rules) * 1:28594 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit Microsoft Internet Explorer vulnerability request (exploit-kit.rules) * 1:28602 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (file-pdf.rules) * 1:28598 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader field dictionary null pointer dereference attempt (file-pdf.rules) * 1:28608 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit Atomic exploit download - specific-structure (exploit-kit.rules) * 1:28601 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (file-pdf.rules) * 1:28610 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retreive attempt (exploit-kit.rules) * 1:28603 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (file-pdf.rules) * 1:28618 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDSElementGetPageRangeList recursive call denial of service attempt (file-pdf.rules) * 1:28609 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit obfuscated exploit payload download (exploit-kit.rules) * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:28617 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDSElementGetPageRangeList recursive call denial of service attempt (file-pdf.rules) * 1:28796 <-> ENABLED <-> EXPLOIT-KIT iFRAMEr successful cnt.php redirection (exploit-kit.rules) * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:28798 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit possibly malicious iframe embedded into a webpage (exploit-kit.rules) * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:28819 <-> DISABLED <-> FILE-OTHER 7-Zip ARJ archive handling buffer overflow attempt (file-other.rules) * 1:28797 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit binkey xored binary download attempt (exploit-kit.rules) * 1:28822 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28818 <-> DISABLED <-> FILE-OTHER 7-Zip ARJ archive handling buffer overflow attempt (file-other.rules) * 1:28824 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28821 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28826 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28823 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28831 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro d2d1.dll dll-load exploit attempt (file-other.rules) * 1:28825 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28834 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules) * 1:28827 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28836 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wintab32.dll dll-load exploit attempt (file-other.rules) * 1:28833 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules) * 1:28839 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules) * 1:28835 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules) * 1:28841 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules) * 1:28837 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro d2d1.dll dll-load exploit attempt (file-other.rules) * 1:28847 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Tavdig download attempt (malware-other.rules) * 1:28840 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules) * 1:28867 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28842 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wintab32.dll dll-load exploit attempt (file-other.rules) * 1:28869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28848 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Tavdig download attempt (malware-other.rules) * 1:28871 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28883 <-> ENABLED <-> PUA-ADWARE Apponic CIS file retrieval attempt (pua-adware.rules) * 1:28870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28885 <-> ENABLED <-> PUA-ADWARE Apponic encapsulated installer outbound connection (pua-adware.rules) * 1:28872 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:28884 <-> ENABLED <-> PUA-ADWARE Apponic encapsulated installer outbound connection (pua-adware.rules) * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (file-identify.rules) * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (file-identify.rules) * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28913 <-> DISABLED <-> MALWARE-BACKDOOR Zollard variant outbound connection attempt (malware-backdoor.rules) * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28926 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:28908 <-> DISABLED <-> SERVER-OTHER Nagios core config manager tfpassword sql injection attempt (server-other.rules) * 1:28929 <-> ENABLED <-> PUA-ADWARE Amonetize installer outbound connection attempt (pua-adware.rules) * 1:28917 <-> DISABLED <-> PROTOCOL-SCADA Microsys Promotic directory traversal attempt (protocol-scada.rules) * 1:28935 <-> DISABLED <-> PUA-ADWARE InstallBrain software download attempt (pua-adware.rules) * 1:28927 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:28963 <-> ENABLED <-> EXPLOIT-KIT HiMan exploit kit Flash Exploit landing page (exploit-kit.rules) * 1:28934 <-> DISABLED <-> PUA-ADWARE InstallBrain software download attempt (pua-adware.rules) * 1:28968 <-> ENABLED <-> EXPLOIT-KIT HiMan exploit kit outbound flash exploit retrieval attempt (exploit-kit.rules) * 1:28945 <-> DISABLED <-> INDICATOR-COMPROMISE exe.exe download (indicator-compromise.rules) * 1:28979 <-> DISABLED <-> FILE-OTHER CHM LZX compression reset interval anti-virus evasion attempt (file-other.rules) * 1:28966 <-> ENABLED <-> EXPLOIT-KIT HiMan exploit kit outbound POST connection (exploit-kit.rules) * 1:28998 <-> DISABLED <-> OS-LINUX Linux kernel ARM put_user write outside process address space privilege escalation attempt (os-linux.rules) * 1:28978 <-> DISABLED <-> FILE-OTHER CHM LZX compression reset interval anti-virus evasion attempt (file-other.rules) * 1:29001 <-> ENABLED <-> EXPLOIT-KIT SPL2 exploit kit landing page detection (exploit-kit.rules) * 1:28993 <-> DISABLED <-> PROTOCOL-VOIP Sipvicious User-Agent detected (protocol-voip.rules) * 1:29006 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules) * 1:28999 <-> DISABLED <-> OS-LINUX Linux kernel ARM put_user write outside process address space privilege escalation attempt (os-linux.rules) * 1:29008 <-> ENABLED <-> FILE-IDENTIFY XWD image file download request (file-identify.rules) * 1:29002 <-> ENABLED <-> EXPLOIT-KIT SPL2 exploit kit Silverlight plugin outbound connection attempt (exploit-kit.rules) * 1:29010 <-> DISABLED <-> FILE-OTHER GIMP XWD file heap buffer overflow attempt (file-other.rules) * 1:29007 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules) * 1:29013 <-> ENABLED <-> MALWARE-OTHER Possible Win.Trojan.Zbot variant outbound connection (malware-other.rules) * 1:29009 <-> DISABLED <-> FILE-OTHER GIMP XWD file heap buffer overflow attempt (file-other.rules) * 1:29023 <-> ENABLED <-> MALWARE-OTHER multi-hop iframe campaign client-side exploit attempt (malware-other.rules) * 1:29012 <-> ENABLED <-> MALWARE-OTHER Possible Win.Trojan.Zbot variant outbound connection (malware-other.rules) * 1:29025 <-> ENABLED <-> MALWARE-OTHER multi-hop iframe campaign client-side exploit attempt (malware-other.rules) * 1:29014 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded OpenType font engine LZX decompression buffer overflow attempt (os-windows.rules) * 1:29029 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server TDS packet fragment handling remote denial of service attempt (server-mssql.rules) * 1:29024 <-> ENABLED <-> MALWARE-OTHER multi-hop iframe campaign client-side exploit attempt (malware-other.rules) * 1:29048 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29028 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server TDS packet fragment handling remote denial of service attempt (server-mssql.rules) * 1:29050 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29047 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29052 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29049 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29054 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29051 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29061 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:29053 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29063 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed JBIG2 decode segment null pointer crash attempt (file-pdf.rules) * 1:29055 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Descrantol variant data exfiltration attempt (malware-backdoor.rules) * 1:29096 <-> ENABLED <-> MALWARE-TOOLS Browser Password Decryptor - Password List sent via FTP (malware-tools.rules) * 1:29062 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed JBIG2 decode segment null pointer crash attempt (file-pdf.rules) * 1:29162 <-> ENABLED <-> FILE-IDENTIFY CIS file download request (file-identify.rules) * 1:29094 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.Shatekrat variant initial outbound connection (malware-backdoor.rules) * 1:29182 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29124 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.InstallMonster variant outbound connection (malware-other.rules) * 1:29184 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29164 <-> DISABLED <-> EXPLOIT-KIT CritX exploit kit outbound flash request (exploit-kit.rules) * 1:29186 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound connection (exploit-kit.rules) * 1:29183 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29194 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding registers - too many inputs (protocol-scada.rules) * 1:29185 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29196 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input status - too many inputs (protocol-scada.rules) * 1:29188 <-> DISABLED <-> EXPLOIT-KIT Magnitude exploit kit embedded open type font file request (exploit-kit.rules) * 1:29198 <-> DISABLED <-> PROTOCOL-SCADA Modbus read write multiple registers - too many writes (protocol-scada.rules) * 1:29195 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input register - too many inputs (protocol-scada.rules) * 1:29200 <-> DISABLED <-> PROTOCOL-SCADA Modbus write single coil - invalid state (protocol-scada.rules) * 1:29197 <-> DISABLED <-> PROTOCOL-SCADA Modbus read write multiple registers - too many writes (protocol-scada.rules) * 1:29202 <-> DISABLED <-> PROTOCOL-SCADA Modbus read coil status response - too many coils (protocol-scada.rules) * 1:29199 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple registers - too many registers (protocol-scada.rules) * 1:29204 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding register response - invalid byte count (protocol-scada.rules) * 1:29201 <-> DISABLED <-> PROTOCOL-SCADA Modbus read coil status response - too many coils (protocol-scada.rules) * 1:29206 <-> DISABLED <-> PROTOCOL-SCADA Modbus read write register response - invalid byte count (protocol-scada.rules) * 1:29203 <-> DISABLED <-> PROTOCOL-SCADA Modbus read fifo response invalid byte count (protocol-scada.rules) * 1:29208 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29205 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input registers response invalid byte count (protocol-scada.rules) * 1:29210 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29207 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29212 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29209 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29215 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules) * 1:29211 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29219 <-> ENABLED <-> FILE-JAVA Oracle Java and JavaFX JPEGImageReader memory corruption attempt (file-java.rules) * 1:29214 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules) * 1:29268 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules) * 1:29218 <-> ENABLED <-> FILE-JAVA Oracle Java and JavaFX JPEGImageReader memory corruption attempt (file-java.rules) * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:29266 <-> DISABLED <-> SERVER-OTHER Cisco Prime Data Center Network Manager arbitrary file read attempt (server-other.rules) * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (file-identify.rules) * 1:29269 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules) * 1:29283 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:29285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29282 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29287 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29284 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29314 <-> DISABLED <-> PROTOCOL-SCADA Modbus function scan (protocol-scada.rules) * 1:29286 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29316 <-> DISABLED <-> PROTOCOL-SCADA Modbus value scan (protocol-scada.rules) * 1:29288 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29318 <-> DISABLED <-> PROTOCOL-SCADA Modbus invalid encapsulated interface response (protocol-scada.rules) * 1:29315 <-> DISABLED <-> PROTOCOL-SCADA Modbus list scan (protocol-scada.rules) * 1:29320 <-> DISABLED <-> APP-DETECT Baidu IME download attempt (app-detect.rules) * 1:29317 <-> DISABLED <-> PROTOCOL-SCADA Modbus invalid exception message (protocol-scada.rules) * 1:29322 <-> DISABLED <-> APP-DETECT Baidu IME runtime detection - remote sync (app-detect.rules) * 1:29319 <-> DISABLED <-> PROTOCOL-SCADA Modbus invalid encapsulated interface request (protocol-scada.rules) * 1:29357 <-> DISABLED <-> PUA-P2P Vuze BitTorrent client outbound connection (pua-p2p.rules) * 1:29321 <-> DISABLED <-> APP-DETECT Baidu IME download attempt (app-detect.rules) * 1:29361 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules) * 1:29354 <-> DISABLED <-> APP-DETECT Foca file scanning attempt (app-detect.rules) * 1:29364 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Esjey outbound communication attempt (malware-other.rules) * 1:29360 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit encrypted binary download (exploit-kit.rules) * 1:29382 <-> DISABLED <-> APP-DETECT VPN Over DNS application download attempt (app-detect.rules) * 1:29362 <-> DISABLED <-> SERVER-OTHER Novell NetWare AFP denial of service attempt (server-other.rules) * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (file-identify.rules) * 1:29381 <-> DISABLED <-> APP-DETECT VPN Over DNS outbound traffic attempt (app-detect.rules) * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:29383 <-> DISABLED <-> APP-DETECT VPN Over DNS application download attempt (app-detect.rules) * 1:29396 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same (policy-spam.rules) * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:29398 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same (policy-spam.rules) * 1:29393 <-> DISABLED <-> SERVER-OTHER ntp monlist denial of service attempt (server-other.rules) * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:29397 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same (policy-spam.rules) * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (file-identify.rules) * 1:29399 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same (policy-spam.rules) * 1:29412 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Java download attempt (exploit-kit.rules) * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:29414 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:29411 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page (exploit-kit.rules) * 1:29419 <-> DISABLED <-> OS-MOBILE Android signature validation bypass APK file download attempt (os-mobile.rules) * 1:29413 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:29437 <-> DISABLED <-> OS-MOBILE Android Goodix gt915 touchscreen driver improper bounds-check privileged access attempt (os-mobile.rules) * 1:29418 <-> DISABLED <-> OS-MOBILE Android signature validation bypass APK file download attempt (os-mobile.rules) * 1:29444 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit flashplayer11 payload download (exploit-kit.rules) * 1:29433 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:29454 <-> DISABLED <-> PROTOCOL-ICMP Unusual L3retriever Ping detected (protocol-icmp.rules) * 1:29438 <-> DISABLED <-> OS-MOBILE Android Goodix gt915 touchscreen driver improper bounds-check privileged access attempt (os-mobile.rules) * 1:29456 <-> DISABLED <-> PROTOCOL-ICMP Unusual PING detected (protocol-icmp.rules) * 1:29447 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit payload download - scandsk.exe (exploit-kit.rules) * 1:29490 <-> ENABLED <-> FILE-JAVA Oracle Java ShortComponentRaster integer overflow attempt (file-java.rules) * 1:29455 <-> DISABLED <-> PROTOCOL-ICMP Unusual Microsoft Windows Ping detected (protocol-icmp.rules) * 1:29500 <-> DISABLED <-> PUA-ADWARE 4Shared Downloader outbound connection attempt (pua-adware.rules) * 1:29457 <-> DISABLED <-> PROTOCOL-ICMP Unusual Microsoft Windows 7 Ping detected (protocol-icmp.rules) * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:29491 <-> ENABLED <-> FILE-JAVA Oracle Java ShortComponentRaster integer overflow attempt (file-java.rules) * 1:29516 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29501 <-> DISABLED <-> PUA-ADWARE 4Shared Downloader executable file download attempt (pua-adware.rules) * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules) * 1:29515 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:29517 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules) * 1:29534 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:29539 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:29541 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:29543 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29540 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29545 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29542 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29551 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (file-flash.rules) * 1:29544 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29553 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (file-flash.rules) * 1:29546 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:29552 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (file-flash.rules) * 1:29585 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt (server-other.rules) * 1:29554 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (file-flash.rules) * 1:29587 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29582 <-> DISABLED <-> SERVER-OTHER Mediawiki DjVu and PDF handling code execution attempt (server-other.rules) * 1:29589 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:29586 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29591 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:29588 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:29604 <-> DISABLED <-> OS-OTHER CoDeSys Gateway Server Denial of Service attempt detected (os-other.rules) * 1:29590 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:29606 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules) * 1:29605 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules) * 1:29611 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules) * 1:29628 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:29640 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules) * 1:29626 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29642 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules) * 1:29629 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29660 <-> DISABLED <-> FILE-OTHER Norton Anti-Virus decompression bomb denial of service attempt (file-other.rules) * 1:29641 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules) * 1:29669 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader pattern object memory corruption attempt (file-pdf.rules) * 1:29643 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules) * 1:29723 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (file-office.rules) * 1:29661 <-> DISABLED <-> FILE-OTHER Norton Anti-Virus decompression bomb denial of service attempt (file-other.rules) * 1:29725 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (file-office.rules) * 1:29715 <-> DISABLED <-> SERVER-IIS Microsoft Windows ASP .NET denial of service attempt (server-iis.rules) * 1:29745 <-> DISABLED <-> INDICATOR-OBFUSCATION Alternating character encodings - JS variable (indicator-obfuscation.rules) * 1:29724 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (file-office.rules) * 1:29792 <-> DISABLED <-> SERVER-OTHER Novell iPrint Server remote code execution attempt (server-other.rules) * 1:29726 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (file-office.rules) * 1:29794 <-> DISABLED <-> SERVER-OTHER D-Link IP Cameras access to the video stream via HTTP (server-other.rules) * 1:29755 <-> DISABLED <-> BROWSER-CHROME Google Chrome and Apple Safari Ruby before and after memory corruption (browser-chrome.rules) * 1:29800 <-> DISABLED <-> FILE-OTHER XML exponential entity expansion attack attempt (file-other.rules) * 1:29793 <-> DISABLED <-> SERVER-OTHER D-Link IP Cameras execution of commands from administration web interface (server-other.rules) * 1:29809 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (browser-webkit.rules) * 1:29795 <-> DISABLED <-> SERVER-OTHER D-Link IP Cameras access the ASCII video stream via image luminance (server-other.rules) * 1:29811 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (browser-webkit.rules) * 1:29807 <-> DISABLED <-> INDICATOR-OBFUSCATION Alternating character encodings - JS array (indicator-obfuscation.rules) * 1:29823 <-> DISABLED <-> OS-WINDOWS Microsoft Windows secure channel malformed certificate request memory corruption attempt (os-windows.rules) * 1:29810 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (browser-webkit.rules) * 1:29836 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode object type confusion information disclosure attempt (file-flash.rules) * 1:29812 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (browser-webkit.rules) * 1:29866 <-> DISABLED <-> SERVER-IIS Microsoft Windows Server 2012 IIS OData protocol nested replace filter dos attempt (server-iis.rules) * 1:29835 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode object type confusion information disclosure attempt (file-flash.rules) * 1:29874 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Dremseko outbound username enumeration (malware-backdoor.rules) * 1:29864 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit payload request (exploit-kit.rules) * 1:29889 <-> DISABLED <-> FILE-OTHER Clam Anti-Virus TNEF file handling denial of service attempt (file-other.rules) * 1:29871 <-> DISABLED <-> SERVER-ORACLE Oracle Reports server remote code execution attempt (server-oracle.rules) * 1:29902 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:29888 <-> DISABLED <-> FILE-OTHER Clam Anti-Virus TNEF file handling denial of service attempt (file-other.rules) * 1:29904 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:29896 <-> DISABLED <-> SERVER-APACHE Apache Tomcat infinite loop denial of service attempt (server-apache.rules) * 1:29918 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Vacky system information disclosure (malware-other.rules) * 1:29903 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:29927 <-> ENABLED <-> FILE-FLASH Adobe Flash Player buffer overflow attempt (file-flash.rules) * 1:29905 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:29933 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE regexp out of bounds memory leak ASLR bypass attempt (file-flash.rules) * 1:29926 <-> ENABLED <-> FILE-FLASH Adobe Flash Player buffer overflow attempt (file-flash.rules) * 1:29935 <-> DISABLED <-> PROTOCOL-DNS ISC libdns client NAPTR record regular expression handling denial of service attempt (protocol-dns.rules) * 1:29932 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE regexp out of bounds memory leak ASLR bypass attempt (file-flash.rules) * 1:29939 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29934 <-> DISABLED <-> FILE-FLASH Adobe Flash regular expression grouping depth buffer overflow attempt (file-flash.rules) * 1:29941 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29938 <-> DISABLED <-> SERVER-OTHER InduSoft Web Studio Remote Agent buffer overflow attempt (server-other.rules) * 1:29950 <-> DISABLED <-> SERVER-OTHER TP-Link TL-WR740N wireless router remote denial of service attempt (server-other.rules) * 1:29940 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29952 <-> DISABLED <-> SERVER-OTHER HP LoadRunner XDR handling heap buffer overflow (server-other.rules) * 1:29942 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29954 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server heap buffer overflow attempt (protocol-scada.rules) * 1:29951 <-> DISABLED <-> SERVER-OTHER HylaFAX plus LDAP authentication username buffer overflow attempt (server-other.rules) * 1:29959 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:29953 <-> DISABLED <-> SERVER-OTHER Ubiquiti airCam RTSP service buffer overflow attempt (server-other.rules) * 1:29961 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (protocol-scada.rules) * 1:29958 <-> DISABLED <-> SERVER-OTHER multiple products HTTP HEAD request buffer overflow attempt (server-other.rules) * 1:29963 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (protocol-scada.rules) * 1:29960 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (protocol-scada.rules) * 1:29965 <-> DISABLED <-> PROTOCOL-SCADA Tri PLC Nano 10 PLC denial of service attempt (protocol-scada.rules) * 1:29962 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (protocol-scada.rules) * 1:29967 <-> DISABLED <-> SERVER-OTHER Python socket.recvfrom_into remote buffer overflow attempt (server-other.rules) * 1:29964 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime directory traversal attempt (protocol-scada.rules) * 1:29969 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (file-java.rules) * 1:29966 <-> DISABLED <-> SERVER-OTHER Ubiquiti airCam RTSP service buffer overflow attempt (server-other.rules) * 1:29971 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (file-java.rules) * 1:29968 <-> DISABLED <-> SERVER-OTHER Python socket.recvfrom_into remote buffer overflow attempt (server-other.rules) * 1:29991 <-> DISABLED <-> PUA-ADWARE The Best All Codecs App runtime detection (pua-adware.rules) * 1:29970 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (file-java.rules) * 1:30010 <-> DISABLED <-> SERVER-APACHE Apache Solr SolrResourceLoader directory traversal attempt (server-apache.rules) * 1:29972 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (file-java.rules) * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:30000 <-> DISABLED <-> MALWARE-BACKDOOR FireCrotch exploit kit backdoor attempt (malware-backdoor.rules) * 1:30017 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:30014 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:30032 <-> DISABLED <-> SERVER-OTHER Borland VisiBroker Smart Agent heap overflow attempt (server-other.rules) * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:30070 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.iBanking outbound connection attempt (malware-other.rules) * 1:30018 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (file-identify.rules) * 1:30072 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.iBanking outbound connection attempt (malware-other.rules) * 1:30038 <-> DISABLED <-> PUA-TOOLBARS Babylon toolbar outbound connection (pua-toolbars.rules) * 1:30134 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit malicious payload delivery - specific string (exploit-kit.rules) * 1:30071 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.iBanking outbound connection attempt (malware-other.rules) * 1:30138 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - RULEZ cookie (malware-other.rules) * 1:30133 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit landing page (exploit-kit.rules) * 1:30147 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (file-flash.rules) * 1:30137 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - RULEZ cookie set (malware-other.rules) * 1:30149 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (file-flash.rules) * 1:30146 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (file-flash.rules) * 1:30151 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:30148 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (file-flash.rules) * 1:30195 <-> DISABLED <-> APP-DETECT Paros proxy outbound connection attempt (app-detect.rules) * 1:30150 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:30205 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (server-other.rules) * 1:30152 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:30207 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (server-other.rules) * 1:30202 <-> DISABLED <-> SERVER-MAIL Mortal Universe POP Peeper uidl header overflow attempt (server-mail.rules) * 1:30213 <-> DISABLED <-> FILE-IMAGE GIMP heap buffer overflow vulnerability attempt (file-image.rules) * 1:30206 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (server-other.rules) * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:30212 <-> DISABLED <-> FILE-IMAGE GIMP heap buffer overflow vulnerability attempt (file-image.rules) * 1:30221 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit linux/x86 reverse_tcp stager transfer attempt (indicator-shellcode.rules) * 1:30215 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow attempt (file-multimedia.rules) * 1:30223 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit shellcode linux/x86/shell stage transfer attempt (indicator-shellcode.rules) * 1:30218 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:30225 <-> DISABLED <-> INDICATOR-SHELLCODE possible /bin/sh shellcode transfer attempt (indicator-shellcode.rules) * 1:30222 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit shellcode linux/x86/meterpreter stage transfer attempt (indicator-shellcode.rules) * 1:30227 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/reverse_tcp stager transfer attempt (indicator-shellcode.rules) * 1:30224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit shellcode linux/x86/shell_reverse_tcp single stage transfer attempt (indicator-shellcode.rules) * 1:30229 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/shell stage transfer attempt (indicator-shellcode.rules) * 1:30226 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/meterpreter stage transfer attempt (indicator-shellcode.rules) * 1:30237 <-> DISABLED <-> PUA-ADWARE InstallMonster initial runtime outbound connection (pua-adware.rules) * 1:30228 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/shell stage transfer attempt (indicator-shellcode.rules) * 1:30240 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules) * 1:30236 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader field flags exploit attempt (file-pdf.rules) * 1:30242 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:30238 <-> DISABLED <-> PUA-ADWARE InstallMonster follow-up outbound connection (pua-adware.rules) * 1:30244 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fOdbcConn parsing remote code execution attempt (file-office.rules) * 1:30241 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules) * 1:30246 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules) * 1:30243 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:30248 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules) * 1:30245 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules) * 1:30253 <-> DISABLED <-> APP-DETECT Anyplace proxy header detected (app-detect.rules) * 1:30247 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules) * 1:30260 <-> ENABLED <-> PUA-ADWARE Lucky Leap Adware outbound connection (pua-adware.rules) * 1:30252 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor filter security policy bypass attempt (browser-chrome.rules) * 1:30272 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Onimiki redirected client DNS request (malware-other.rules) * 1:30254 <-> DISABLED <-> APP-DETECT Anyplace usage attempt (app-detect.rules) * 1:30281 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool SMBv2 (policy-other.rules) * 1:30261 <-> ENABLED <-> PUA-ADWARE Lucky Leap Adware outbound connection (pua-adware.rules) * 1:30312 <-> ENABLED <-> EXPLOIT-KIT WhiteLotus exploit kit plugin outbound detection (exploit-kit.rules) * 1:30273 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Onimiki DNS compromised server response (malware-other.rules) * 1:30317 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules) * 1:30306 <-> ENABLED <-> EXPLOIT-KIT SofosFO/Stamp exploit kit plugin detection page (exploit-kit.rules) * 1:30325 <-> ENABLED <-> MALWARE-OTHER malicious iframe injection redirect attempt (malware-other.rules) * 1:30316 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules) * 1:30329 <-> DISABLED <-> SERVER-OTHER McAfee Asset Manager downloadReport information disclosure attempt (server-other.rules) * 1:30320 <-> ENABLED <-> MALWARE-OTHER connection to malware sinkhole (malware-other.rules) * 1:30337 <-> DISABLED <-> SERVER-OTHER Cisco Catalyst SSH protocol mismatch denial of service attempt (server-other.rules) * 1:30326 <-> DISABLED <-> OS-LINUX Linux kernel SCTP duplicate cookie denial of service attempt (os-linux.rules) * 1:30339 <-> DISABLED <-> SERVER-OTHER Cisco Catalyst telnet memory leak denial of service attempt (server-other.rules) * 1:30330 <-> DISABLED <-> SERVER-OTHER McAfee Asset Manager downloadReport information disclosure attempt (server-other.rules) * 1:30348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (file-flash.rules) * 1:30338 <-> DISABLED <-> SERVER-OTHER Cisco 677-678 telnet buffer overflow attempt (server-other.rules) * 1:30350 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_bind_tcp (indicator-shellcode.rules) * 1:30347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (file-flash.rules) * 1:30352 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_interact (indicator-shellcode.rules) * 1:30349 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (file-flash.rules) * 1:30354 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload android_shell_reverse_tcp (indicator-shellcode.rules) * 1:30351 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_find_port (indicator-shellcode.rules) * 1:30356 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_sparc_shell_reverse_tcp (indicator-shellcode.rules) * 1:30353 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_reverse_tcp (indicator-shellcode.rules) * 1:30358 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_bind_ipv6_tcp (indicator-shellcode.rules) * 1:30355 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_sparc_shell_bind_tcp (indicator-shellcode.rules) * 1:30360 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_find_port (indicator-shellcode.rules) * 1:30357 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_exec (indicator-shellcode.rules) * 1:30362 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_reverse_tcp (indicator-shellcode.rules) * 1:30359 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_bind_tcp (indicator-shellcode.rules) * 1:30364 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_awk (indicator-shellcode.rules) * 1:30361 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_reverse_ipv6_tcp (indicator-shellcode.rules) * 1:30366 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_lua (indicator-shellcode.rules) * 1:30363 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsdi_x86_shell_find_port (indicator-shellcode.rules) * 1:30368 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_netcat_gaping (indicator-shellcode.rules) * 1:30365 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_inetd (indicator-shellcode.rules) * 1:30370 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_nodejs (indicator-shellcode.rules) * 1:30367 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_netcat (indicator-shellcode.rules) * 1:30372 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_perl_ipv6 (indicator-shellcode.rules) * 1:30369 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_netcat_gaping_ipv6 (indicator-shellcode.rules) * 1:30374 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_zsh (indicator-shellcode.rules) * 1:30371 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_perl (indicator-shellcode.rules) * 1:30376 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_awk (indicator-shellcode.rules) * 1:30373 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_ruby (indicator-shellcode.rules) * 1:30378 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_openssl (indicator-shellcode.rules) * 1:30375 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse (indicator-shellcode.rules) * 1:30380 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl_ssl (indicator-shellcode.rules) * 1:30377 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_lua (indicator-shellcode.rules) * 1:30382 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_python (indicator-shellcode.rules) * 1:30379 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (indicator-shellcode.rules) * 1:30384 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_ruby_ssl (indicator-shellcode.rules) * 1:30381 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_php_ssl (indicator-shellcode.rules) * 1:30386 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_adduser (indicator-shellcode.rules) * 1:30383 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_ruby (indicator-shellcode.rules) * 1:30388 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_bind_perl_ipv6 (indicator-shellcode.rules) * 1:30385 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_zsh (indicator-shellcode.rules) * 1:30390 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_download_exec_vbs (indicator-shellcode.rules) * 1:30387 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_bind_perl (indicator-shellcode.rules) * 1:30392 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_reverse_powershell (indicator-shellcode.rules) * 1:30389 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_bind_ruby (indicator-shellcode.rules) * 1:30394 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload firefox_exec (indicator-shellcode.rules) * 1:30391 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_reverse_perl (indicator-shellcode.rules) * 1:30396 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload java_jsp_shell_bind_tcp (indicator-shellcode.rules) * 1:30393 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_reverse_ruby (indicator-shellcode.rules) * 1:30398 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_adduser (indicator-shellcode.rules) * 1:30395 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload firefox_shell_bind_tcp (indicator-shellcode.rules) * 1:30400 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_shell_bind_tcp (indicator-shellcode.rules) * 1:30397 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload java_shell_reverse_tcp (indicator-shellcode.rules) * 1:30402 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsbe_shell_bind_tcp (indicator-shellcode.rules) * 1:30399 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_exec (indicator-shellcode.rules) * 1:30404 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsle_reboot (indicator-shellcode.rules) * 1:30401 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_shell_reverse_tcp (indicator-shellcode.rules) * 1:30406 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsle_shell_reverse_tcp (indicator-shellcode.rules) * 1:30403 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsbe_shell_reverse_tcp (indicator-shellcode.rules) * 1:30408 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc64_shell_find_port (indicator-shellcode.rules) * 1:30405 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsle_shell_bind_tcp (indicator-shellcode.rules) * 1:30410 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc_shell_find_port (indicator-shellcode.rules) * 1:30407 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc64_shell_bind_tcp (indicator-shellcode.rules) * 1:30412 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_bind_tcp (indicator-shellcode.rules) * 1:30409 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc_shell_bind_tcp (indicator-shellcode.rules) * 1:30414 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_find_port (indicator-shellcode.rules) * 1:30411 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_exec (indicator-shellcode.rules) * 1:30416 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_adduser (indicator-shellcode.rules) * 1:30413 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_bind_tcp_random_port (indicator-shellcode.rules) * 1:30418 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_exec (indicator-shellcode.rules) * 1:30415 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_reverse_tcp (indicator-shellcode.rules) * 1:30420 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_bind_nonx_tcp (indicator-shellcode.rules) * 1:30417 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_chmod (indicator-shellcode.rules) * 1:30422 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_find_tag (indicator-shellcode.rules) * 1:30419 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_bind_ipv6_tcp (indicator-shellcode.rules) * 1:30424 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_reverse_nonx_tcp (indicator-shellcode.rules) * 1:30421 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_bind_tcp (indicator-shellcode.rules) * 1:30426 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_bind_ipv6_tcp (indicator-shellcode.rules) * 1:30423 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_reverse_ipv6_tcp (indicator-shellcode.rules) * 1:30428 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_bind_tcp_random_port (indicator-shellcode.rules) * 1:30425 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_reverse_tcp (indicator-shellcode.rules) * 1:30430 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_reverse_tcp (indicator-shellcode.rules) * 1:30427 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_bind_tcp (indicator-shellcode.rules) * 1:30432 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload netware_shell_reverse_tcp (indicator-shellcode.rules) * 1:30429 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_find_port (indicator-shellcode.rules) * 1:30434 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_armle_shell_bind_tcp (indicator-shellcode.rules) * 1:30431 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_reverse_tcp2 (indicator-shellcode.rules) * 1:30436 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_armle_vibrate (indicator-shellcode.rules) * 1:30433 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload nodejs_shell_bind_tcp (indicator-shellcode.rules) * 1:30438 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_ppc_shell_find_tag (indicator-shellcode.rules) * 1:30435 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_armle_shell_reverse_tcp (indicator-shellcode.rules) * 1:30440 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_dupandexecve_bind_tcp (indicator-shellcode.rules) * 1:30437 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_ppc_shell_bind_tcp (indicator-shellcode.rules) * 1:30442 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_exec (indicator-shellcode.rules) * 1:30439 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_ppc_shell_reverse_tcp (indicator-shellcode.rules) * 1:30444 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_shell_find_tag (indicator-shellcode.rules) * 1:30441 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_dupandexecve_reverse_tcp (indicator-shellcode.rules) * 1:30446 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_exec (indicator-shellcode.rules) * 1:30443 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_say (indicator-shellcode.rules) * 1:30448 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_isight_reverse_tcp (indicator-shellcode.rules) * 1:30445 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_shell_reverse_tcp (indicator-shellcode.rules) * 1:30450 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_vforkshell_bind_tcp (indicator-shellcode.rules) * 1:30447 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_isight_bind_tcp (indicator-shellcode.rules) * 1:30452 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_bind_perl (indicator-shellcode.rules) * 1:30449 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_shell_find_port (indicator-shellcode.rules) * 1:30454 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_exec (indicator-shellcode.rules) * 1:30451 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_vforkshell_reverse_tcp (indicator-shellcode.rules) * 1:30456 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_meterpreter_reverse_tcp (indicator-shellcode.rules) * 1:30453 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_download_exec (indicator-shellcode.rules) * 1:30458 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_reverse_php (indicator-shellcode.rules) * 1:30455 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_meterpreter_bind_tcp (indicator-shellcode.rules) * 1:30460 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload python_meterpreter_bind_tcp (indicator-shellcode.rules) * 1:30457 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_reverse_perl (indicator-shellcode.rules) * 1:30462 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload ruby_shell_bind_tcp (indicator-shellcode.rules) * 1:30459 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_shell_findsock (indicator-shellcode.rules) * 1:30464 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload ruby_shell_reverse_tcp_ssl (indicator-shellcode.rules) * 1:30461 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload python_shell_reverse_tcp_ssl (indicator-shellcode.rules) * 1:30466 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_sparc_shell_find_port (indicator-shellcode.rules) * 1:30463 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload ruby_shell_reverse_tcp (indicator-shellcode.rules) * 1:30468 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_x86_shell_bind_tcp (indicator-shellcode.rules) * 1:30465 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_sparc_shell_bind_tcp (indicator-shellcode.rules) * 1:30470 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_x86_shell_reverse_tcp (indicator-shellcode.rules) * 1:30467 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_sparc_shell_reverse_tcp (indicator-shellcode.rules) * 1:30472 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_messagebox (indicator-shellcode.rules) * 1:30469 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_x86_shell_find_port (indicator-shellcode.rules) * 1:30474 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_bind_tcp (indicator-shellcode.rules) * 1:30471 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_adduser (indicator-shellcode.rules) * 1:30476 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_reverse_ord_tcp (indicator-shellcode.rules) * 1:30473 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_bind_nonx_tcp (indicator-shellcode.rules) * 1:30478 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_speak_pwned (indicator-shellcode.rules) * 1:30475 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_find_tag (indicator-shellcode.rules) * 1:30480 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_x64_meterpreter_reverse_https (indicator-shellcode.rules) * 1:30477 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_shell_bind_tcp_xpfw (indicator-shellcode.rules) * 1:30486 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:30479 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_x64_exec (indicator-shellcode.rules) * 1:30488 <-> DISABLED <-> SERVER-OTHER Zilab Chat and Instant Messaging server channel join heap overflow attempt (server-other.rules) * 1:30485 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:30492 <-> DISABLED <-> PUA-ADWARE Win.Adware.Boaxxe suspicious advert traffic related to click fraud (pua-adware.rules) * 1:30487 <-> DISABLED <-> SERVER-OTHER Zilab Chat and Instant Messaging server heap overflow attempt (server-other.rules) * 1:30496 <-> DISABLED <-> PUA-ADWARE Win.Adware.Boaxxe suspicious advert traffic related to click fraud (pua-adware.rules) * 1:30489 <-> DISABLED <-> SERVER-OTHER Zilab Chat and Instant Messaging server connection heap overflow attempt (server-other.rules) * 1:30510 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30493 <-> DISABLED <-> PUA-ADWARE Win.Adware.Boaxxe suspicious advert traffic related to click fraud (pua-adware.rules) * 1:30512 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30507 <-> DISABLED <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt (server-other.rules) * 1:30514 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30511 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30516 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30513 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30520 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 heartbeat read overrun attempt - vulnerable client response (server-other.rules) * 1:30515 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30522 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - vulnerable client response (server-other.rules) * 1:30517 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30524 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30521 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 heartbeat read overrun attempt - vulnerable client response (server-other.rules) * 1:30530 <-> DISABLED <-> FILE-MULTIMEDIA CoCSoft Stream Down SEH based buffer overflow attempt (file-multimedia.rules) * 1:30523 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt - vulnerable client response (server-other.rules) * 1:30532 <-> ENABLED <-> FILE-MULTIMEDIA CoCSoft Stream Download session (file-multimedia.rules) * 1:30525 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:30531 <-> DISABLED <-> FILE-MULTIMEDIA CoCSoft Stream Down SEH based buffer overflow attempt (file-multimedia.rules) * 1:30538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:30535 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:30540 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigateToUrl hidden channel to file creation (file-flash.rules) * 1:30537 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:30562 <-> ENABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 stack buffer overflow attempt (protocol-scada.rules) * 1:30539 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigateToUrl hidden channel to file creation (file-flash.rules) * 1:30565 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime long rnet atom size buffer overflow attempt (file-multimedia.rules) * 1:30549 <-> ENABLED <-> SERVER-OTHER OpenSSL Heartbleed masscan access exploitation attempt (server-other.rules) * 1:30568 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent E-FAX phishing attempt (malware-other.rules) * 1:30564 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime long rnet atom size buffer overflow attempt (file-multimedia.rules) * 1:30711 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30567 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent E-FAX phishing attempt (malware-other.rules) * 1:30713 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30569 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent Funeral ceremony phishing attempt (malware-other.rules) * 1:30715 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30712 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30717 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30714 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30719 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30716 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30721 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30718 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30723 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30720 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30725 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30722 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30727 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30724 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30729 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30726 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30731 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30728 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30733 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30730 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30735 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30732 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30737 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30734 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30739 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30736 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30741 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30738 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30756 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30740 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30758 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30742 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30760 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file download request (file-identify.rules) * 1:30757 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30762 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:30759 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30764 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:30761 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:30766 <-> ENABLED <-> EXPLOIT-KIT Magnitude exploit kit landing page (exploit-kit.rules) * 1:30763 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:30771 <-> DISABLED <-> FILE-PDF Foxit Reader CFF CharStrings buffer overflow attempt (file-pdf.rules) * 1:30765 <-> DISABLED <-> PUA-TOOLBARS Inbox Public Transport Toolbar outbound connection (pua-toolbars.rules) * 1:30778 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30770 <-> DISABLED <-> FILE-PDF Foxit Reader CFF CharStrings buffer overflow attempt (file-pdf.rules) * 1:30780 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30777 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30782 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30779 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30784 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30781 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30786 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30783 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30788 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30785 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30791 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30787 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30793 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30790 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30798 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 STOR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30792 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30800 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 XATR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30797 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 RETR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30802 <-> ENABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 bkclogserv buffer overflow attempt (protocol-scada.rules) * 1:30799 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 ATTR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30817 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large byte count (protocol-scada.rules) * 1:30801 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 PMODE bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30819 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - small byte count (protocol-scada.rules) * 1:30816 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - invalid reference type (protocol-scada.rules) * 1:30821 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large byte count (protocol-scada.rules) * 1:30818 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large reference value (protocol-scada.rules) * 1:30823 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - small byte count (protocol-scada.rules) * 1:30820 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - invalid reference type (protocol-scada.rules) * 1:30844 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Reader cross-site scripting attempt (file-flash.rules) * 1:30822 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large reference value (protocol-scada.rules) * 1:30846 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF ActionScript exploit attempt (file-flash.rules) * 1:30843 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Reader cross-site scripting attempt (file-flash.rules) * 1:30853 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain bitseed.xf2.org (app-detect.rules) * 1:30845 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF ActionScript exploit attempt (file-flash.rules) * 1:30855 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.fc.altcointech.net (app-detect.rules) * 1:30852 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page - base64 encoded xml/jnlp statement (exploit-kit.rules) * 1:30857 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.koin-project.com (app-detect.rules) * 1:30854 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.btcltcftc.com (app-detect.rules) * 1:30859 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.litecointools.com (app-detect.rules) * 1:30856 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.feathercoin.com (app-detect.rules) * 1:30861 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.ppc.altcointech.net (app-detect.rules) * 1:30858 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.litecoinpool.org (app-detect.rules) * 1:30863 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dvcstable01.dvcnode.org (app-detect.rules) * 1:30860 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.ltc.xurious.com (app-detect.rules) * 1:30865 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.bitcoinstats.com (app-detect.rules) * 1:30862 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.xpm.altcointech.net (app-detect.rules) * 1:30867 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.dogechain.info (app-detect.rules) * 1:30864 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dvcstable02.dvcnode.org (app-detect.rules) * 1:30869 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.mophides.com (app-detect.rules) * 1:30866 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.dglibrary.org (app-detect.rules) * 1:30871 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed1.metiscoininvest.info (app-detect.rules) * 1:30868 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.dogecoin.com (app-detect.rules) * 1:30873 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed1.qrkcoin.org (app-detect.rules) * 1:30870 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.ppcoin.net (app-detect.rules) * 1:30875 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain tnseed.ppcoin.net (app-detect.rules) * 1:30872 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed1.net.terracoin.org (app-detect.rules) * 1:30898 <-> DISABLED <-> FILE-OTHER Microsoft Windows Briefcase integer underflow (file-other.rules) * 1:30874 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed2.net.terracoin.org (app-detect.rules) * 1:30907 <-> DISABLED <-> FILE-OTHER RARLAB WinRAR ZIP format filename spoof attempt (file-other.rules) * 1:30878 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit mp3 requested by Java (exploit-kit.rules) * 1:30927 <-> DISABLED <-> PUA-ADWARE Win.Adware.Linkular variant outbound connection (pua-adware.rules) * 1:30904 <-> DISABLED <-> FILE-OTHER RARLAB WinRAR ZIP format filename spoof attempt (file-other.rules) * 1:30934 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity/Rig exploit kit encrypted binary download (exploit-kit.rules) * 1:30920 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit redirection gate (exploit-kit.rules) * 1:30939 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows NtUserMessageCall implementation exploitation attempt (file-executable.rules) * 1:30930 <-> DISABLED <-> PUA-ADWARE Win.Adware.FakeAV variant outbound connection (pua-adware.rules) * 1:30946 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Wysotot variant download attempt (malware-other.rules) * 1:30935 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity/Rig exploit kit landing page - specific structure (exploit-kit.rules) * 1:30950 <-> DISABLED <-> SERVER-MAIL BitDefender Antivirus logging function format string remote code execution attempt (server-mail.rules) * 1:30940 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows NtUserMessageCall implementation exploitation attempt (file-executable.rules) * 1:30965 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Oracle Java exploit (exploit-kit.rules) * 1:30948 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Hikit outbound banner response (malware-backdoor.rules) * 1:30967 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Adobe Flash exploit (exploit-kit.rules) * 1:30960 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit outbound jnlp request (exploit-kit.rules) * 1:30969 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Internet Explorer landing page (exploit-kit.rules) * 1:30966 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Microsoft Internet Explorer exploit (exploit-kit.rules) * 1:30971 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Oracle Java landing page (exploit-kit.rules) * 1:30968 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to font exploit (exploit-kit.rules) * 1:30975 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Oracle Java exploit (exploit-kit.rules) * 1:30970 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Adobe Flash landing page (exploit-kit.rules) * 1:30992 <-> DISABLED <-> FILE-OTHER invalid ELF padding field value attempt (file-other.rules) * 1:30972 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Silverlight landing page (exploit-kit.rules) * 1:30994 <-> DISABLED <-> INDICATOR-COMPROMISE possible TAR file oversize length field (indicator-compromise.rules) * 1:30976 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Adobe Flash exploit (exploit-kit.rules) * 1:31008 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader length-compute UTF-16 string buffer overflow attempt (file-pdf.rules) * 1:30993 <-> DISABLED <-> FILE-OTHER invalid ELF padding field value attempt (file-other.rules) * 1:31011 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader DCT encoded stream null pointer dereference attempt (file-pdf.rules) * 1:30995 <-> DISABLED <-> INDICATOR-COMPROMISE possible TAR file oversize length field (indicator-compromise.rules) * 1:31013 <-> DISABLED <-> SERVER-OTHER UNIX platform forwardslash directory traversal (server-other.rules) * 1:31009 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader length-compute UTF-16 string buffer overflow attempt (file-pdf.rules) * 1:31016 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (file-pdf.rules) * 1:31012 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader DCT encoded stream null pointer dereference attempt (file-pdf.rules) * 1:31021 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader api call handling arbitrary execution attempt (file-pdf.rules) * 1:31015 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (file-pdf.rules) * 1:31023 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:31019 <-> DISABLED <-> PUA-ADWARE Win.Adware.OptimumInstaller variant outbound connection (pua-adware.rules) * 1:31025 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:31022 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader api call handling arbitrary execution attempt (file-pdf.rules) * 1:31037 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CS3000 BKESimmgr.exe buffer overflow attempt (protocol-scada.rules) * 1:31024 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:31039 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (file-image.rules) * 1:31026 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:31041 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (file-image.rules) * 1:31038 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (file-image.rules) * 1:31045 <-> DISABLED <-> SERVER-OTHER Oracle Demantra arbitrary file retrieval with authentication bypass attempt (server-other.rules) * 1:31040 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (file-image.rules) * 1:31052 <-> DISABLED <-> PUA-ADWARE Win.Adware.Kdupd variant outbound connection (pua-adware.rules) * 1:31042 <-> DISABLED <-> PUA-ADWARE Win.Adware.Outbrowse installation attempt (pua-adware.rules) * 1:31057 <-> DISABLED <-> PROTOCOL-SNMP Motorola Netopia 3347 series WPA key enumeration attempt (protocol-snmp.rules) * 1:31048 <-> DISABLED <-> PUA-ADWARE Win.Adware.PCSpeedUp variant outbound connection (pua-adware.rules) * 1:31059 <-> DISABLED <-> PROTOCOL-SNMP Brocade snAgentUserAccntPassword enumeration attempt (protocol-snmp.rules) * 1:31056 <-> DISABLED <-> PROTOCOL-SNMP Motorola Netopia 3347 series WEP key enumeration attempt (protocol-snmp.rules) * 1:31075 <-> DISABLED <-> PUA-TOOLBARS AVG anti-virus toolbar download attempt - mmi.explabs.net (pua-toolbars.rules) * 1:31058 <-> DISABLED <-> PROTOCOL-SNMP Brocade snAgentUserAccntName enumeration attempt (protocol-snmp.rules) * 1:31082 <-> DISABLED <-> SERVER-OTHER Vino VNC multiple client authentication denial of service attempt (server-other.rules) * 1:31074 <-> DISABLED <-> PUA-TOOLBARS AVG anti-virus toolbar download attempt - download-toolbar.avg.com (pua-toolbars.rules) * 1:31086 <-> DISABLED <-> FILE-OTHER Autodesk AutoCAD insecure acad.fas file load attempt (file-other.rules) * 1:31076 <-> DISABLED <-> PUA-TOOLBARS Babylon toolbar download attempt - stat.info-stream.net (pua-toolbars.rules) * 1:31088 <-> DISABLED <-> FILE-OTHER Sophos RAR virtual machine filters memory corruption attempt (file-other.rules) * 1:31085 <-> DISABLED <-> FILE-OTHER Autodesk AutoCAD insecure acad.fas file load attempt (file-other.rules) * 1:31091 <-> ENABLED <-> PUA-ADWARE Win.Adware.Inbox/PCFixSpeed/RebateInformer variant outbound connection (pua-adware.rules) * 1:31087 <-> DISABLED <-> FILE-OTHER Sophos RAR virtual machine filters memory corruption attempt (file-other.rules) * 1:31096 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series WPA key enumeration attempt (protocol-snmp.rules) * 1:31089 <-> ENABLED <-> PUA-ADWARE Win.Adware.CloseApp variant outbound connection (pua-adware.rules) * 1:31098 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series WEP key enumeration attempt (protocol-snmp.rules) * 1:31095 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series WEP key enumeration attempt (protocol-snmp.rules) * 1:31100 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series password enumeration attempt (protocol-snmp.rules) * 1:31097 <-> DISABLED <-> PROTOCOL-SNMP CableHome Devices cabhPsDevUIPassword enumeration attempt (protocol-snmp.rules) * 1:31102 <-> DISABLED <-> SERVER-OTHER TrendMicro InterScan Viruswall directory traversal attempt (server-other.rules) * 1:31099 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series WPA key enumeration attempt (protocol-snmp.rules) * 1:31126 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:31101 <-> DISABLED <-> SERVER-OTHER Sharetronix cross site request forgery attempt (server-other.rules) * 1:31128 <-> DISABLED <-> PROTOCOL-FTP CoreFTP FTP Server TYPE command denial of service attempt (protocol-ftp.rules) * 1:31125 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:31146 <-> DISABLED <-> PUA-ADWARE Win.Adware.iBryte variant outbound connection (pua-adware.rules) * 1:31127 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:31166 <-> DISABLED <-> PUA-ADWARE InstallRex bundled installer outbound activity (pua-adware.rules) * 1:31130 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31176 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31162 <-> DISABLED <-> SERVER-OTHER Beetel 450TC2 CSRF attempt (server-other.rules) * 1:31178 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31167 <-> DISABLED <-> PUA-ADWARE InstallRex bundled installer outbound activity (pua-adware.rules) * 1:31180 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules) * 1:31177 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31184 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ZBerp variant download attempt (malware-other.rules) * 1:31179 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31212 <-> DISABLED <-> INDICATOR-COMPROMISE http GET request smuggling attempt (indicator-compromise.rules) * 1:31181 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules) * 1:31217 <-> DISABLED <-> OS-WINDOWS Microsoft Lync Server meeting URL XSS attempt (os-windows.rules) * 1:31185 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ZBerp variant download attempt (malware-other.rules) * 1:31230 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit outbound connection (exploit-kit.rules) * 1:31213 <-> DISABLED <-> INDICATOR-COMPROMISE http POST request smuggling attempt (indicator-compromise.rules) * 1:31237 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound swf request (exploit-kit.rules) * 1:31229 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:31246 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:31231 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit outbound connection (exploit-kit.rules) * 1:31275 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit landing page (exploit-kit.rules) * 1:31245 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:31282 <-> DISABLED <-> FILE-FLASH Adobe Flash Player redirect attempt (file-flash.rules) * 1:31274 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit encrypted binary download (exploit-kit.rules) * 1:31285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31281 <-> DISABLED <-> FILE-FLASH Adobe Flash Player redirect attempt (file-flash.rules) * 1:31292 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DynamicAnnotStore exploit attempt (file-pdf.rules) * 1:31283 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31313 <-> DISABLED <-> PUA-ADWARE Ticno Multibar installation attempt (pua-adware.rules) * 1:31291 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DynamicAnnotStore exploit attempt (file-pdf.rules) * 1:31331 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31298 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules) * 1:31338 <-> DISABLED <-> SERVER-OTHER OpenAFS GetStatistics buffer overflow attempt (server-other.rules) * 1:31329 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Zbot variant download attempt (malware-other.rules) * 1:31348 <-> ENABLED <-> FILE-FLASH Adobe AS3 pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31337 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules) * 1:31350 <-> ENABLED <-> FILE-FLASH Adobe AS3 simplified pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31347 <-> ENABLED <-> FILE-FLASH Adobe AS3 pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31352 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31349 <-> ENABLED <-> FILE-FLASH Adobe AS3 simplified pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31354 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31351 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31376 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer mpeg width integer memory underflow attempt (file-multimedia.rules) * 1:31353 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31379 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTTextFflow overflow attempt (file-office.rules) * 1:31370 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit redirection page (exploit-kit.rules) * 1:31393 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31378 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules) * 1:31395 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31392 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31397 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31394 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31396 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31405 <-> DISABLED <-> SERVER-APACHE Apache Chunked-Encoding worm attempt (server-apache.rules) * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31412 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31416 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31413 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31436 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB record memory corruption attempt (file-office.rules) * 1:31415 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31477 <-> DISABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31435 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB record memory corruption attempt (file-office.rules) * 1:31479 <-> DISABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31455 <-> DISABLED <-> EXPLOIT-KIT Rig Exploit Kit Outbound DGA Request (exploit-kit.rules) * 1:31481 <-> ENABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31478 <-> DISABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31483 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31480 <-> DISABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31487 <-> ENABLED <-> MALWARE-OTHER Game Over Zeus executable download detected (malware-other.rules) * 1:31482 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31489 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31484 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31488 <-> ENABLED <-> MALWARE-OTHER Game Over Zeus executable download detected (malware-other.rules) * 1:31493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31490 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31510 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Injector outbound traffic (malware-other.rules) * 1:31494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31512 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:31496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31532 <-> DISABLED <-> APP-DETECT Xolominer outbound connection attempt (app-detect.rules) * 1:31511 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:31535 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31513 <-> DISABLED <-> BROWSER-FIREFOX Multiple browser pressure function denial of service attempt (browser-firefox.rules) * 1:31537 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31534 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31536 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31554 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules) * 1:31551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules) * 1:31558 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Andromeda variant outbound connection (malware-backdoor.rules) * 1:31553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31570 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB mysql.cc buffer overflow attempt (server-mysql.rules) * 1:31555 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt (file-pdf.rules) * 1:31572 <-> DISABLED <-> FILE-IMAGE GIMP XWD GreenMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31559 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Andromeda variant outbound connection (malware-backdoor.rules) * 1:31574 <-> DISABLED <-> FILE-IMAGE GIMP XWD BlueMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31571 <-> DISABLED <-> FILE-IMAGE GIMP XWD BlueMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31576 <-> DISABLED <-> FILE-IMAGE GIMP XWD RedMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31573 <-> DISABLED <-> FILE-IMAGE GIMP XWD RedMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31578 <-> DISABLED <-> PROTOCOL-SNMP HP Huawei password disclosure attempt (protocol-snmp.rules) * 1:31575 <-> DISABLED <-> FILE-IMAGE GIMP XWD GreenMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31587 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XDP encoded download attempt (file-pdf.rules) * 1:31577 <-> DISABLED <-> PROTOCOL-SNMP HP Huawei password disclosure attempt (protocol-snmp.rules) * 1:31590 <-> DISABLED <-> PROTOCOL-SERVICES Linux iscsi_add_notunderstood_response request buffer overflow attempt (protocol-services.rules) * 1:31579 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record attempt (file-office.rules) * 1:31595 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (browser-chrome.rules) * 1:31589 <-> DISABLED <-> PROTOCOL-SERVICES Linux iscsi_add_notunderstood_response request buffer overflow attempt (protocol-services.rules) * 1:31597 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (browser-chrome.rules) * 1:31594 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (browser-chrome.rules) * 1:31599 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (browser-chrome.rules) * 1:31596 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (browser-chrome.rules) * 1:31613 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded PRC stream NULL dereference denial of service attempt (file-pdf.rules) * 1:31598 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (browser-chrome.rules) * 1:31670 <-> DISABLED <-> FILE-OTHER Symantec Endpoint Protection Sysplant kernel pool overflow exploit attempt (file-other.rules) * 1:31612 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded PRC stream NULL dereference denial of service attempt (file-pdf.rules) * 1:31673 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URL handling remote code execution attempt (file-flash.rules) * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player possible cross-domain bypass attempt (policy-other.rules) * 1:31675 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31671 <-> DISABLED <-> FILE-OTHER Symantec Endpoint Protection Sysplant kernel pool overflow exploit attempt (file-other.rules) * 1:31677 <-> DISABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31674 <-> DISABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31679 <-> ENABLED <-> FILE-FLASH Adobe Flash valueOf memory leak attempt (file-flash.rules) * 1:31676 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31685 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-origin security policy bypass attempt (file-flash.rules) * 1:31678 <-> ENABLED <-> FILE-FLASH Adobe Flash valueOf memory leak attempt (file-flash.rules) * 1:31695 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31684 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-origin security policy bypass attempt (file-flash.rules) * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31692 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page detected (exploit-kit.rules) * 1:31704 <-> DISABLED <-> SERVER-OTHER FCKeditor textinputs cross site scripting attempt (server-other.rules) * 1:31699 <-> ENABLED <-> EXPLOIT-KIT Hanjuan exploit kit encrypted binary download (exploit-kit.rules) * 1:31709 <-> DISABLED <-> SERVER-OTHER Cougar-LG configuration file access attempt (server-other.rules) * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31723 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules) * 1:31708 <-> DISABLED <-> SERVER-OTHER Cougar-LG SSH key path access attempt (server-other.rules) * 1:31725 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules) * 1:31719 <-> DISABLED <-> FILE-IMAGE Microsoft Multiple Products JPEG parser heap overflow attempt (file-image.rules) * 1:31727 <-> DISABLED <-> SERVER-OTHER Cistron-LG configuration file access attempt (server-other.rules) * 1:31724 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules) * 1:31733 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MMgc use-after-free attempt (file-flash.rules) * 1:31726 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules) * 1:31739 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (file-flash.rules) * 1:31732 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MMgc use-after-free attempt (file-flash.rules) * 1:31741 <-> ENABLED <-> SERVER-OTHER Multi-Router Looking Glass remote command injection attempt (server-other.rules) * 1:31734 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detection (exploit-kit.rules) * 1:31749 <-> DISABLED <-> FILE-FLASH Adobe Flash Player marshallException through JavaScript XSS attempt (file-flash.rules) * 1:31740 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (file-flash.rules) * 1:31764 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC TGS request cross-realm referral null pointer dereference denial of service attempt (server-other.rules) * 1:31746 <-> ENABLED <-> MALWARE-BACKDOOR Backdoor.Perl.Shellbot outbound communication attempt (malware-backdoor.rules) * 1:31766 <-> DISABLED <-> SERVER-OTHER Cougar-LG addr parameter XSS attempt (server-other.rules) * 1:31750 <-> DISABLED <-> FILE-FLASH Adobe Flash Player marshallException through JavaScript XSS attempt (file-flash.rules) * 1:31769 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit outbound connection on non-standard port (exploit-kit.rules) * 1:31765 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC TGS request cross-realm referral null pointer dereference denial of service attempt (server-other.rules) * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31767 <-> DISABLED <-> SERVER-OTHER MRLG fastping echo reply memory corruption attempt (server-other.rules) * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31770 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit jquery_datepicker domain decode attempt (exploit-kit.rules) * 1:31817 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Graftor variant retrieval of a DLL hosted as a JPG (malware-other.rules) * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31822 <-> DISABLED <-> FILE-OTHER Mozilla products clipPath element stroke-width buffer overflow attempt (file-other.rules) * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31839 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules) * 1:31821 <-> DISABLED <-> FILE-OTHER Mozilla products clipPath element stroke-width buffer overflow attempt (file-other.rules) * 1:31841 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules) * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules) * 1:31847 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (file-flash.rules) * 1:31840 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules) * 1:31849 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (file-flash.rules) * 1:31842 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules) * 1:31851 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A 128 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31848 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (file-flash.rules) * 1:31853 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A WPA key enumeration attempt (protocol-snmp.rules) * 1:31850 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (file-flash.rules) * 1:31855 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 64 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31852 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A 64 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31857 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit enumeration code detected (exploit-kit.rules) * 1:31854 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 128 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31859 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit exfiltration attempt (exploit-kit.rules) * 1:31856 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products WPA key enumeration attempt (protocol-snmp.rules) * 1:31861 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (file-flash.rules) * 1:31858 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit enumeration code detected (exploit-kit.rules) * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:31860 <-> DISABLED <-> SERVER-OTHER Apple CUPS web interface cross site scripting attempt (server-other.rules) * 1:31899 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash encoded shellcode detected (exploit-kit.rules) * 1:31862 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (file-flash.rules) * 1:31902 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit flash file download (exploit-kit.rules) * 1:31898 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:31966 <-> DISABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules) * 1:31900 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Internet Explorer encoded shellcode detected (exploit-kit.rules) * 1:31972 <-> DISABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules) * 1:31903 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit flash file download (exploit-kit.rules) * 1:31987 <-> ENABLED <-> FILE-OTHER Wireshark MPEG dissector stack buffer overflow attempt (file-other.rules) * 1:31967 <-> DISABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules) * 1:32005 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules) * 1:31986 <-> ENABLED <-> FILE-OTHER Wireshark MPEG dissector stack buffer overflow attempt (file-other.rules) * 1:32008 <-> ENABLED <-> MALWARE-OTHER Fake Delta Ticket HTTP Response phishing attack (malware-other.rules) * 1:31988 <-> ENABLED <-> EXPLOIT-KIT Gong Da exploit kit landing page (exploit-kit.rules) * 1:32022 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D format Line Set Continuation out-of-bounds memory access attempt (file-pdf.rules) * 1:32006 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules) * 1:32025 <-> ENABLED <-> FILE-FLASH Adobe Flash Player unsupported bitmapFormat value memory disclosure attempt (file-flash.rules) * 1:32021 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D format Line Set Continuation out-of-bounds memory access attempt (file-pdf.rules) * 1:32027 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules) * 1:32024 <-> ENABLED <-> FILE-FLASH Adobe Flash Player unsupported bitmapFormat value memory disclosure attempt (file-flash.rules) * 1:32045 <-> ENABLED <-> OS-OTHER Bash redir_stack here document handling denial of service attempt (os-other.rules) * 1:32026 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules) * 1:32047 <-> ENABLED <-> OS-OTHER Bash CGI nested loops word_lineno denial of service attempt (os-other.rules) * 1:32029 <-> DISABLED <-> BROWSER-OTHER Android WebView same origin policy bypass attempt (browser-other.rules) * 1:32055 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Blohi variant outbound connection (malware-backdoor.rules) * 1:32046 <-> ENABLED <-> OS-OTHER Bash redir_stack here document handling denial of service attempt (os-other.rules) * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (policy-other.rules) * 1:32049 <-> ENABLED <-> OS-OTHER Bash CGI nested loops word_lineno denial of service attempt (os-other.rules) * 1:32077 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP ping abort message double free attempt (file-flash.rules) * 1:32059 <-> ENABLED <-> PROTOCOL-SCADA KingSCADA Alarm Server stack buffer overflow attempt (protocol-scada.rules) * 1:32081 <-> ENABLED <-> MALWARE-BACKDOOR Linux.Backdoor.Starysu variant inbound connection (malware-backdoor.rules) * 1:32076 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 directory traversal attempt (server-other.rules) * 1:32085 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32080 <-> ENABLED <-> MALWARE-BACKDOOR Linux.Backdoor.Starysu variant inbound connection (malware-backdoor.rules) * 1:32088 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules) * 1:32084 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (policy-other.rules) * 1:32087 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules) * 1:32100 <-> DISABLED <-> FILE-OTHER Adobe Flash Player integer overflow out-of-bounds read attempt (file-other.rules) * 1:32089 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules) * 1:32118 <-> DISABLED <-> PUA-ADWARE MplayerX malvertising connectivity check (pua-adware.rules) * 1:32099 <-> DISABLED <-> FILE-OTHER Adobe Flash Player integer overflow out-of-bounds read attempt (file-other.rules) * 1:32120 <-> DISABLED <-> PUA-ADWARE Vsearch installer request (pua-adware.rules) * 1:32117 <-> DISABLED <-> PUA-ADWARE MplayerX malvertising browser hijacker (pua-adware.rules) * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:32119 <-> DISABLED <-> PUA-ADWARE Vsearch installer User-Agent (pua-adware.rules) * 1:32142 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:32144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32146 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32143 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32148 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word styleWithEffects use-after-free attempt (file-office.rules) * 1:32145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32147 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word styleWithEffects use-after-free attempt (file-office.rules) * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32166 <-> ENABLED <-> FILE-OTHER Microsoft Internet Explorer SVG heap corruption attempt (file-other.rules) * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32170 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader string replacement heap overflow attempt (file-pdf.rules) * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (file-identify.rules) * 1:32190 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font parsing remote code execution attempt (os-windows.rules) * 1:32167 <-> ENABLED <-> FILE-OTHER Microsoft Internet Explorer SVG heap corruption attempt (file-other.rules) * 1:32199 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 305 directory traversal attempt (server-other.rules) * 1:32171 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader string replacement heap overflow attempt (file-pdf.rules) * 1:32205 <-> DISABLED <-> SERVER-OTHER SSLv3 POODLE CBC padding brute force attempt (server-other.rules) * 1:32191 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font parsing remote code execution attempt (os-windows.rules) * 1:32237 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (file-flash.rules) * 1:32204 <-> DISABLED <-> SERVER-OTHER SSLv3 POODLE CBC padding brute force attempt (server-other.rules) * 1:32239 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (file-flash.rules) * 1:32236 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (file-flash.rules) * 1:32244 <-> DISABLED <-> BROWSER-FIREFOX Mozilla 1.0 Javascript arbitrary cookie access attempt (browser-firefox.rules) * 1:32238 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (file-flash.rules) * 1:32248 <-> ENABLED <-> MALWARE-BACKDOOR PHP IRCBot file edit attempt (malware-backdoor.rules) * 1:32240 <-> DISABLED <-> SERVER-OTHER rsyslog remote PRI out of bounds attempt (server-other.rules) * 1:32251 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:32247 <-> ENABLED <-> MALWARE-BACKDOOR PHP IRCBot command execution attempt (malware-backdoor.rules) * 1:32253 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file download request (file-identify.rules) * 1:32249 <-> ENABLED <-> MALWARE-BACKDOOR PHP IRCBot port bind attempt (malware-backdoor.rules) * 1:32274 <-> DISABLED <-> OS-MOBILE Apple iOS 8.x jailbreak download attempt (os-mobile.rules) * 1:32252 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:32277 <-> DISABLED <-> SERVER-OTHER Novell ZENworks PreBoot directory traversal attempt (server-other.rules) * 1:32260 <-> ENABLED <-> MALWARE-OTHER Sinkhole reply - irc-sinkhole.cert.pl (malware-other.rules) * 1:32302 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32275 <-> DISABLED <-> OS-MOBILE Apple iOS 8.x jailbreak download attempt (os-mobile.rules) * 1:32304 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32301 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32306 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32303 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32308 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32305 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32320 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink locationAttributeSetter use after free attempt (browser-chrome.rules) * 1:32307 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32322 <-> DISABLED <-> SERVER-OTHER Generic JPEG stored cross site scripting attempt (server-other.rules) * 1:32319 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink locationAttributeSetter use after free attempt (browser-chrome.rules) * 1:32339 <-> DISABLED <-> PUA-ADWARE Nosibay Bubble Dock freeware auto update outbound connection (pua-adware.rules) * 1:32321 <-> DISABLED <-> SERVER-OTHER Generic JPEG stored cross site scripting attempt (server-other.rules) * 1:32346 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 directory traversal attempt (server-other.rules) * 1:32337 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader pattern object memory corruption attempt (file-pdf.rules) * 1:32361 <-> DISABLED <-> FILE-OTHER Microsoft Windows Briefcase integer overflow (file-other.rules) * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules) * 1:32358 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JpxDecode invalid crgn memory corruption attempt (file-pdf.rules) * 1:32376 <-> DISABLED <-> SERVER-OTHER Citrix NetScaler stack buffer overflow attempt (server-other.rules) * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules) * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (file-identify.rules) * 1:32371 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32382 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules) * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (file-identify.rules) * 1:32388 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules) * 1:32381 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules) * 1:32399 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound Oracle Java request (exploit-kit.rules) * 1:32387 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit jar file download (exploit-kit.rules) * 1:32404 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32390 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:32406 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32403 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32408 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32405 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32410 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32407 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32412 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32409 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32414 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32411 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32416 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32413 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32419 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel ECDH key exchange heap overflow attempt (os-windows.rules) * 1:32415 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32421 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel ECDH key exchange heap overflow attempt (os-windows.rules) * 1:32417 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32423 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DTLSv1.0 hello verify request out of bounds read attempt (os-windows.rules) * 1:32420 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel ECDH key exchange heap overflow attempt (os-windows.rules) * 1:32429 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document malicious lcbSttbfBkmkArto value attempt (file-office.rules) * 1:32422 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DTLSv1.0 handshake cookie buffer overflow attempt (os-windows.rules) * 1:32433 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word fcPlfguidUim out-of-bounds attempt (file-office.rules) * 1:32428 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document malicious lcbSttbfBkmkArto value attempt (file-office.rules) * 1:32435 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word fcPlfguidUim out-of-bounds attempt (file-office.rules) * 1:32432 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word lcbPlcffndTxt out-of-bounds attempt (file-office.rules) * 1:32466 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (server-other.rules) * 1:32434 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word lcbPlcffndTxt out-of-bounds attempt (file-office.rules) * 1:32468 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (server-other.rules) * 1:32465 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (server-other.rules) * 1:32475 <-> ENABLED <-> OS-WINDOWS .NET Framework BinaryServerFormatterSink-ProcessMessage IMessage corruption attempt (os-windows.rules) * 1:32467 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (server-other.rules) * 1:32477 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word bOffset value overflow attempt (file-office.rules) * 1:32474 <-> ENABLED <-> OS-WINDOWS .NET Framework BinaryServerFormatterSink-ProcessMessage IMessage corruption attempt (os-windows.rules) * 1:32490 <-> DISABLED <-> OS-WINDOWS Microsoft Windows tcpip.sys null pointer dereference attempt (os-windows.rules) * 1:32476 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word bOffset value overflow attempt (file-office.rules) * 1:32500 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer EPM sandbox escape attempt (file-other.rules) * 1:32489 <-> DISABLED <-> OS-WINDOWS Microsoft Windows tcpip.sys null pointer dereference attempt (os-windows.rules) * 1:32502 <-> ENABLED <-> FILE-OTHER Microsoft XML invalid priority in xsl template (file-other.rules) * 1:32499 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer EPM sandbox escape attempt (file-other.rules) * 1:32515 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules) * 1:32501 <-> ENABLED <-> FILE-OTHER Microsoft XML invalid priority in xsl template (file-other.rules) * 1:32517 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules) * 1:32514 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules) * 1:32519 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer registry symbolic link attack attempt (file-other.rules) * 1:32516 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules) * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (policy-other.rules) * 1:32518 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer registry symbolic link attack attempt (file-other.rules) * 1:32533 <-> ENABLED <-> SERVER-MYSQL Oracle MySQL Server XPath memory Corruption attempt (server-mysql.rules) * 1:32525 <-> ENABLED <-> BROWSER-OTHER FreeBSD tnftp client detected (browser-other.rules) * 1:32535 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32530 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32537 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32534 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32541 <-> ENABLED <-> FILE-FLASH Adobe Flash Player decompressed microphone object codec denial of service attempt (file-flash.rules) * 1:32538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32543 <-> ENABLED <-> FILE-FLASH Adobe Flash Player compressed microphone object codec denial of service attempt (file-flash.rules) * 1:32540 <-> ENABLED <-> FILE-FLASH Adobe Flash Player decompressed microphone object codec denial of service attempt (file-flash.rules) * 1:32545 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML focus with no data denial of service attempt (file-flash.rules) * 1:32542 <-> ENABLED <-> FILE-FLASH Adobe Flash Player compressed microphone object codec denial of service attempt (file-flash.rules) * 1:32553 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect codec denial of service attempt (file-flash.rules) * 1:32544 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML focus with no data denial of service attempt (file-flash.rules) * 1:32558 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (file-flash.rules) * 1:32552 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect codec denial of service attempt (file-flash.rules) * 1:32560 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (file-flash.rules) * 1:32554 <-> ENABLED <-> EXPLOIT-KIT Hellspawn exploit kit landing page detected (exploit-kit.rules) * 1:32566 <-> DISABLED <-> POLICY-OTHER SSLv3 CBC client connection attempt (policy-other.rules) * 1:32559 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (file-flash.rules) * 1:32568 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (file-flash.rules) * 1:32561 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (file-flash.rules) * 1:32570 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (file-flash.rules) * 1:32567 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (file-flash.rules) * 1:32572 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32569 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (file-flash.rules) * 1:32574 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32571 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32576 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32573 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32587 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Series record exploit attempt (file-office.rules) * 1:32575 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32589 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules) * 1:32578 <-> ENABLED <-> PUA-OTHER Request for known malware domain pierrejb.agora.eu.org (pua-other.rules) * 1:32593 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed JPEG information leak attempt (file-flash.rules) * 1:32588 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules) * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (policy-other.rules) * 1:32592 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed JPEG information leak attempt (file-flash.rules) * 1:32616 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules) * 1:32601 <-> DISABLED <-> SERVER-OTHER Hikvision DVR RTSP request buffer overflow attempt (server-other.rules) * 1:32618 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file download request (file-identify.rules) * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (policy-other.rules) * 1:32620 <-> DISABLED <-> FILE-OTHER MostGear EasyLanFolderShare serial key overflow attempt (file-other.rules) * 1:32617 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules) * 1:32636 <-> DISABLED <-> FILE-OTHER fCreateShellLink function use - potential attack (file-other.rules) * 1:32619 <-> DISABLED <-> FILE-OTHER MostGear EasyLanFolderShare serial key overflow attempt (file-other.rules) * 1:32638 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit Adobe Flash exploit on defined port (exploit-kit.rules) * 1:32628 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32641 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit Oracle Java jnlp file requested on defined port (exploit-kit.rules) * 1:32637 <-> DISABLED <-> PROTOCOL-TFTP UDP large packet use after free attempt (protocol-tftp.rules) * 1:32648 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32640 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit outbound payload detection (exploit-kit.rules) * 1:32650 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32647 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32668 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray.uncompress use after free attempt (file-flash.rules) * 1:32649 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32671 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (file-other.rules) * 1:32651 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32673 <-> DISABLED <-> SERVER-OTHER Web Service on Devices API WSDAPI URL processing buffer corruption attempt (server-other.rules) * 1:32669 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray.uncompress use after free attempt (file-flash.rules) * 1:32684 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel blip image use after free attempt (file-office.rules) * 1:32672 <-> DISABLED <-> SERVER-OTHER Cisco ios ftp proxy overflow attempt (server-other.rules) * 1:32688 <-> DISABLED <-> FILE-OFFICE Microsoft Office use after free (file-office.rules) * 1:32683 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel blip image use after free attempt (file-office.rules) * 1:32707 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object use after free attempt (file-office.rules) * 1:32687 <-> DISABLED <-> FILE-OFFICE Microsoft Office use after free (file-office.rules) * 1:32711 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word array index out-of-bounds attempt (file-office.rules) * 1:32705 <-> DISABLED <-> SERVER-MAIL Microsoft Exchange OWA meeting invite XSS attempt (server-mail.rules) * 1:32713 <-> DISABLED <-> BROWSER-OTHER Microsoft Internet Explorer cross site scripting filter bypass attempt (browser-other.rules) * 1:32708 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object use after free attempt (file-office.rules) * 1:32719 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel remote code execution attempt (file-office.rules) * 1:32712 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word array index out-of-bounds attempt (file-office.rules) * 1:32731 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32718 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel remote code execution attempt (file-office.rules) * 1:32737 <-> DISABLED <-> SERVER-OTHER Lianja SQL Server db_netserver Buffer Overflow attempt (server-other.rules) * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (policy-other.rules) * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32732 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32749 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules) * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32751 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules) * 1:32748 <-> DISABLED <-> SERVER-OTHER Ecava IntegraXor HMI /res buffer overflow attempt (server-other.rules) * 1:32755 <-> DISABLED <-> SERVER-OTHER TLSv1.0 POODLE CBC padding brute force attempt (server-other.rules) * 1:32750 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules) * 1:32757 <-> DISABLED <-> SERVER-OTHER TLSv1.2 POODLE CBC padding brute force attempt (server-other.rules) * 1:32752 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules) * 1:32759 <-> DISABLED <-> SERVER-OTHER TLSv1.1 POODLE CBC padding brute force attempt (server-other.rules) * 1:32756 <-> DISABLED <-> SERVER-OTHER TLSv1.1 POODLE CBC padding brute force attempt (server-other.rules) * 1:32764 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (file-flash.rules) * 1:32758 <-> DISABLED <-> SERVER-OTHER TLSv1.0 POODLE CBC padding brute force attempt (server-other.rules) * 1:32766 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (file-flash.rules) * 1:32760 <-> DISABLED <-> SERVER-OTHER TLSv1.2 POODLE CBC padding brute force attempt (server-other.rules) * 1:32768 <-> DISABLED <-> SQL PK-CMS SQL injection attempt (sql.rules) * 1:32765 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (file-flash.rules) * 1:32772 <-> DISABLED <-> MALWARE-OTHER Adobe License Key email scam phishing attempt (malware-other.rules) * 1:32767 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (file-flash.rules) * 1:32788 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32771 <-> DISABLED <-> MALWARE-OTHER Adobe Invoice email scam phishing attempt (malware-other.rules) * 1:32790 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32787 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32794 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:32789 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32796 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D light resource orphaned array use after free attempt (file-pdf.rules) * 1:32793 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:32798 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32795 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D light resource orphaned array use after free attempt (file-pdf.rules) * 1:32800 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32797 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32802 <-> DISABLED <-> FILE-FLASH Adobe Flash Player orphaning MP3 crash attempt (file-flash.rules) * 1:32799 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32806 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32801 <-> DISABLED <-> FILE-FLASH Adobe Flash Player orphaning MP3 crash attempt (file-flash.rules) * 1:32808 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32805 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32807 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32809 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32814 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D object use after free attempt (file-pdf.rules) * 1:32811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32816 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:32813 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D object use after free attempt (file-pdf.rules) * 1:32818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:32815 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:32820 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 row out of bounds memory corruption attempt (file-pdf.rules) * 1:32817 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:32822 <-> DISABLED <-> FILE-PDF Cross Domain potentially malicious redirection attempt (file-pdf.rules) * 1:32819 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 row out of bounds memory corruption attempt (file-pdf.rules) * 1:32829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32821 <-> DISABLED <-> FILE-PDF Cross Domain potentially malicious redirection attempt (file-pdf.rules) * 1:32831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32833 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32835 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32832 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32837 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32834 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32839 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ANTrustPropgateAll privilege propagation attempt (file-pdf.rules) * 1:32836 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32846 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - absolute.com (app-detect.rules) * 1:32838 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ANTrustPropgateAll privilege propagation attempt (file-pdf.rules) * 1:32848 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - namequery.nettrace.co.za (app-detect.rules) * 1:32845 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - 209.53.113.223 (app-detect.rules) * 1:32850 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search2.namequery.com (app-detect.rules) * 1:32847 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - bh.namequery.com (app-detect.rules) * 1:32864 <-> DISABLED <-> APP-DETECT I2P NetBIOS name resolution request attempt (app-detect.rules) * 1:32849 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search.us.namequery.com (app-detect.rules) * 1:32866 <-> DISABLED <-> APP-DETECT I2P UPNP query attempt (app-detect.rules) * 1:32851 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search64.namequery.com (app-detect.rules) * 1:32868 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader resampling invalid graphic matrix value attempt (file-pdf.rules) * 1:32865 <-> DISABLED <-> APP-DETECT I2P DNS request attempt (app-detect.rules) * 1:32873 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray crash attempt (file-flash.rules) * 1:32867 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader resampling invalid graphic matrix value attempt (file-pdf.rules) * 1:32875 <-> DISABLED <-> MALWARE-TOOLS BlackSpider Tool ali.txt file upload attempt (malware-tools.rules) * 1:32872 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff exploit attempt (file-office.rules) * 1:32878 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:32874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray crash attempt (file-flash.rules) * 1:32880 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules) * 1:32877 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:32884 <-> DISABLED <-> FILE-OTHER Adobe Reader MoveFileEx arbitrary file write attempt (file-other.rules) * 1:32879 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit payload delivery (exploit-kit.rules) * 1:32890 <-> DISABLED <-> SERVER-OTHER ntpd configure buffer overflow attempt (server-other.rules) * 1:32883 <-> DISABLED <-> FILE-OTHER Adobe Reader MoveFileEx arbitrary file write attempt (file-other.rules) * 1:32899 <-> DISABLED <-> FILE-MULTIMEDIA Quicktime MJPEG Frame stsd Atom Heap Overflow attempt (file-multimedia.rules) * 1:32889 <-> DISABLED <-> FILE-IMAGE Microsoft and libpng multiple products PNG large image width overflow attempt (file-image.rules) * 1:32903 <-> DISABLED <-> FILE-OTHER Oracle Database Server XML stack buffer overflow attempt (file-other.rules) * 1:32898 <-> DISABLED <-> FILE-MULTIMEDIA Quicktime MJPEG Frame stsd Atom Heap Overflow attempt (file-multimedia.rules) * 1:32907 <-> DISABLED <-> POLICY-OTHER PirateBrowser User-Agent detected (policy-other.rules) * 1:32900 <-> DISABLED <-> FILE-FLASH Adobe Flash pepper player 307 redirect custom header cross domain policy evasion attempt (file-flash.rules) * 1:32912 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper outbound communication attempt (malware-backdoor.rules) * 1:32904 <-> DISABLED <-> FILE-OTHER Oracle Database Server XML stack buffer overflow attempt (file-other.rules) * 1:32914 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper download attempt (malware-backdoor.rules) * 1:32911 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper inbound communication attempt (malware-backdoor.rules) * 1:32916 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper outbound communication attempt (malware-backdoor.rules) * 1:32913 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper download attempt (malware-backdoor.rules) * 1:32918 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper download attempt (malware-backdoor.rules) * 1:32915 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper inbound communication attempt (malware-backdoor.rules) * 1:32920 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32917 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper inbound communication attempt (malware-backdoor.rules) * 1:32922 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32919 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32924 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32921 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32926 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32923 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32928 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32925 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32930 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32927 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32932 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32929 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32934 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32931 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32936 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Wiper proxy tools download attempt (malware-tools.rules) * 1:32933 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32938 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Wiper proxy tool download attempt (malware-tools.rules) * 1:32935 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32941 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules) * 1:32937 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Wiper proxy communication attempt (malware-tools.rules) * 1:32943 <-> DISABLED <-> FILE-OTHER Microsoft SYmbolic LinK stack overflow attempt (file-other.rules) * 1:32940 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed Label record exploit attempt (file-office.rules) * 1:32946 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules) * 1:32942 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules) * 1:32948 <-> DISABLED <-> INDICATOR-COMPROMISE Download of executable screensaver file (indicator-compromise.rules) * 1:32945 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules) * 1:32951 <-> DISABLED <-> POLICY-OTHER base64 encoded executable file download (policy-other.rules) * 1:32947 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file download request (file-identify.rules) * 1:32954 <-> DISABLED <-> SERVER-OTHER XCat Blind XPath Injection attempt (server-other.rules) * 1:32949 <-> DISABLED <-> MALWARE-OTHER Download of executable screensaver file (malware-other.rules) * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (protocol-dns.rules) * 1:32953 <-> DISABLED <-> SERVER-OTHER XCat Blind XPath Injection attempt (server-other.rules) * 1:32961 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules) * 1:32955 <-> DISABLED <-> SERVER-OTHER XCat Blind XPath Injection attempt (server-other.rules) * 1:32966 <-> DISABLED <-> OS-WINDOWS Microsoft Windows identity token authorization bypass attempt (os-windows.rules) * 1:32960 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules) * 1:32974 <-> DISABLED <-> OS-MOBILE Android ObjectInputStream privilege escalation attempt (os-mobile.rules) * 1:32965 <-> DISABLED <-> OS-WINDOWS Microsoft Windows identity token authorization bypass attempt (os-windows.rules) * 1:32995 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit Adobe Flash download (exploit-kit.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules) * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules) * 1:32975 <-> DISABLED <-> OS-MOBILE Android ObjectInputStream privilege escalation attempt (os-mobile.rules) * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules) * 1:33048 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebdavRedirector privilege escalation attempt (os-windows.rules) * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:33062 <-> DISABLED <-> FILE-OTHER BulletProof FTP Client BPS file buffer overflow attempt (file-other.rules) * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (file-identify.rules) * 1:33155 <-> DISABLED <-> OS-WINDOWS CryptProtectMemory Impersonation Check Bypass attempt (os-windows.rules) * 1:33049 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebdavRedirector privilege escalation attempt (os-windows.rules) * 1:33159 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM2 opcode type confusion denial of service attempt (file-flash.rules) * 1:33063 <-> DISABLED <-> FILE-OTHER BulletProof FTP Client BPS file buffer overflow attempt (file-other.rules) * 1:33162 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:33156 <-> DISABLED <-> OS-WINDOWS CryptProtectMemory Impersonation Check Bypass attempt (os-windows.rules) * 1:33164 <-> DISABLED <-> FILE-FLASH Adobe Flash Player RTMP out-of-bounds read attempt (file-flash.rules) * 1:33160 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM2 opcode type confusion denial of service attempt (file-flash.rules) * 1:33177 <-> ENABLED <-> FILE-FLASH Adobe Flash AWM2 out of bounds corruption attempt (file-flash.rules) * 1:33163 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:33185 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:33176 <-> ENABLED <-> FILE-FLASH Adobe Flash AWM2 out of bounds corruption attempt (file-flash.rules) * 1:33187 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (exploit-kit.rules) * 1:33183 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:33205 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC 2.1.5 Media Player libavcodex memory corruption attempt (file-multimedia.rules) * 1:33186 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (exploit-kit.rules) * 1:33208 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bladbindi obfuscated with Yano Obfuscator download attempt (malware-other.rules) * 1:33197 <-> DISABLED <-> SERVER-OTHER BMC Track-It FileStorageService directory traversal attempt (server-other.rules) * 1:33213 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader newfunction memory corruption attempt (file-pdf.rules) * 1:33206 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC 2.1.5 Media Player libavcodex memory corruption attempt (file-multimedia.rules) * 1:33215 <-> DISABLED <-> INDICATOR-COMPROMISE DNS request for known malware domain icanhazip.com (indicator-compromise.rules) * 1:33212 <-> ENABLED <-> PUA-ADWARE SoftPulse variant HTTP response attempt (pua-adware.rules) * 1:33224 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.Blocker variant outbound connection attempt (indicator-compromise.rules) * 1:33214 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader newfunction memory corruption attempt (file-pdf.rules) * 1:33286 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (exploit-kit.rules) * 1:33216 <-> DISABLED <-> INDICATOR-COMPROMISE DNS request for known malware domain tor2web.org (indicator-compromise.rules) * 1:33295 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (file-flash.rules) * 1:33280 <-> DISABLED <-> PUA-ADWARE Win.Adware.iBryte variant outbound connection (pua-adware.rules) * 1:33297 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (file-flash.rules) * 1:33292 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:33304 <-> ENABLED <-> PUA-ADWARE Win.Adware.Gamevance variant outbound connection (pua-adware.rules) * 1:33296 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (file-flash.rules) * 1:33307 <-> DISABLED <-> FILE-OTHER Microsoft Visio packed object parsing memory corruption attempt (file-other.rules) * 1:33298 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (file-flash.rules) * 1:33309 <-> DISABLED <-> FILE-OTHER libxml2 entity reference name heap buffer overflow attempt (file-other.rules) * 1:33306 <-> ENABLED <-> MALWARE-OTHER connection to malware sinkhole (malware-other.rules) * 1:33311 <-> ENABLED <-> PUA-ADWARE Win.Adware.OptimizerPro variant outbound connection (pua-adware.rules) * 1:33308 <-> DISABLED <-> FILE-OTHER Microsoft Visio packed object parsing memory corruption attempt (file-other.rules) * 1:33344 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 x64 linked cursor double free attempt (os-windows.rules) * 1:33310 <-> DISABLED <-> FILE-OTHER libxml2 entity reference name heap buffer overflow attempt (file-other.rules) * 1:33363 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules) * 1:33343 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 x64 linked cursor double free attempt (os-windows.rules) * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (policy-other.rules) * 1:33355 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys use-after-free attempt (os-windows.rules) * 1:33436 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font integer overflow attempt (file-other.rules) * 1:33364 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules) * 1:33441 <-> DISABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (file-office.rules) * 1:33430 <-> DISABLED <-> APP-DETECT I2P traffic transmission attempt (app-detect.rules) * 1:33445 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP channel driver denial of service attempt (protocol-voip.rules) * 1:33437 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font integer overflow attempt (file-other.rules) * 1:33454 <-> ENABLED <-> FILE-OTHER Adobe Reader CoolType.DLL out-of-bounds memory access attempt (file-other.rules) * 1:33442 <-> DISABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (file-office.rules) * 1:33475 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (file-flash.rules) * 1:33452 <-> ENABLED <-> PUA-TOOLBARS Win.Toolbar.Crossrider variant outbound connection (pua-toolbars.rules) * 1:33477 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (file-flash.rules) * 1:33455 <-> ENABLED <-> FILE-OTHER Adobe Reader CoolType.DLL out-of-bounds memory access attempt (file-other.rules) * 1:33480 <-> DISABLED <-> PUA-ADWARE Win.Adware.DownloadGuide variant outbound connection (pua-adware.rules) * 1:33476 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (file-flash.rules) * 1:33515 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (file-flash.rules) * 1:33517 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33483 <-> ENABLED <-> PUA-ADWARE Win.Adware.InstallMonster variant outbound connection (pua-adware.rules) * 1:33525 <-> DISABLED <-> FILE-OTHER Apple OSX Safari format string validation corruption attempt (file-other.rules) * 1:33516 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33527 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33518 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33529 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33526 <-> DISABLED <-> FILE-OTHER Apple OSX Safari format string validation corruption attempt (file-other.rules) * 1:33531 <-> DISABLED <-> PUA-ADWARE MediaBuzz malvertising browser redirect attempt (pua-adware.rules) * 1:33528 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33530 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33532 <-> DISABLED <-> PUA-ADWARE MediaBuzz malvertising browser redirect attempt (pua-adware.rules) * 1:33553 <-> DISABLED <-> PUA-ADWARE Win.Adware.iBryte variant outbound connection (pua-adware.rules) * 1:33550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33562 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document with embedded networking script (file-office.rules) * 1:33552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33564 <-> DISABLED <-> SERVER-MAIL GNU Mailman date field buffer overflow attempt (server-mail.rules) * 1:33561 <-> DISABLED <-> SERVER-OTHER OpenSSL fragmented protocol downgrade attempt (server-other.rules) * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules) * 1:33563 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document with embedded networking script (file-office.rules) * 1:33580 <-> DISABLED <-> PUA-ADWARE SuperFish adware outbound connection attempt (pua-adware.rules) * 1:33565 <-> DISABLED <-> SERVER-OTHER McAfee E-Business Server remote preauth code execution attempt (server-other.rules) * 1:33588 <-> DISABLED <-> FILE-OTHER Oracle Java WebStart JNLP stack buffer overflow attempt (file-other.rules) * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules) * 1:33593 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player SwDir.dll PlayerVersion Buffer Overflow attempt (file-other.rules) * 1:33583 <-> DISABLED <-> PROTOCOL-DNS ISC BIND recursive resolver resource consumption denial of service attempt (protocol-dns.rules) * 1:33596 <-> DISABLED <-> SERVER-OTHER GnuTLS TLSA record heap buffer overflow attempt (server-other.rules) * 1:33592 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player SwDir.dll PlayerVersion Buffer Overflow attempt (file-other.rules) * 1:33604 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption attempt (file-other.rules) * 1:33595 <-> DISABLED <-> SERVER-OTHER GnuTLS TLSA record heap buffer overflow attempt (server-other.rules) * 1:33618 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.lubot download (malware-backdoor.rules) * 1:33603 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption attempt (file-other.rules) * 1:33622 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33615 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules) * 1:33624 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33619 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.lubot download (malware-backdoor.rules) * 1:33626 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33628 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33625 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33630 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33627 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33634 <-> DISABLED <-> FILE-FLASH Adobe Flash Player decompressing denial of service attempt (file-flash.rules) * 1:33629 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33636 <-> DISABLED <-> SERVER-OTHER SAP Sybase ESP xmlrpc unsafe pointer dereference attempt (server-other.rules) * 1:33631 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33640 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file download request (file-identify.rules) * 1:33635 <-> DISABLED <-> FILE-FLASH Adobe Flash Player decompressing denial of service attempt (file-flash.rules) * 1:33642 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules) * 1:33637 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query object integer overflow attempt (server-mysql.rules) * 1:33644 <-> DISABLED <-> FILE-OTHER Apple Motion OZDocumentparseElement Integer Overflow attempt (file-other.rules) * 1:33641 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules) * 1:33654 <-> DISABLED <-> SERVER-OTHER OpenSSH maxstartup threshold connection exhaustion denial of service attempt (server-other.rules) * 1:33643 <-> DISABLED <-> FILE-OTHER Apple Motion OZDocumentparseElement Integer Overflow attempt (file-other.rules) * 1:33662 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (browser-chrome.rules) * 1:33645 <-> DISABLED <-> PUA-ADWARE SuperFish adware outbound connection attempt (pua-adware.rules) * 1:33664 <-> DISABLED <-> BROWSER-OTHER Network Security Services NSS library RSA signature forgery attempt (browser-other.rules) * 1:33661 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (browser-chrome.rules) * 1:33667 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules) * 1:33663 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound uri structure (exploit-kit.rules) * 1:33669 <-> DISABLED <-> FILE-OTHER Executable disguised as PIF file (file-other.rules) * 1:33666 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file download request (file-identify.rules) * 1:33680 <-> DISABLED <-> SERVER-OTHER Cisco CNS Network Registrar denial of service attempt (server-other.rules) * 1:33668 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules) * 1:33683 <-> DISABLED <-> SERVER-OTHER PHP unserialize use after free attempt (server-other.rules) * 1:33679 <-> DISABLED <-> SERVER-OTHER Cisco CNS Network Registrar denial of service attempt (server-other.rules) * 1:33713 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules) * 1:33682 <-> DISABLED <-> SERVER-OTHER PHP unserialize use after free attempt (server-other.rules) * 1:33717 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Task Scheduler access control bypass attempt (os-windows.rules) * 1:33685 <-> DISABLED <-> SERVER-OTHER PHPMoAdmin remote code execution attempt (server-other.rules) * 1:33729 <-> DISABLED <-> OS-WINDOWS ATLMFD.DLL improperly terminated encrypted charstrings in type 1 font attempt (os-windows.rules) * 1:33714 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules) * 1:33733 <-> DISABLED <-> FILE-OTHER Microsoft OpenType font atlmfd.dll uninitialized memory read attempt (file-other.rules) * 1:33728 <-> DISABLED <-> OS-WINDOWS ATLMFD.DLL improperly terminated encrypted charstrings in type 1 font attempt (os-windows.rules) * 1:33735 <-> DISABLED <-> FILE-OFFICE Microsoft Office ADODB.RecordSet code execution attempt (file-office.rules) * 1:33732 <-> DISABLED <-> FILE-OTHER Microsoft OpenType font atlmfd.dll uninitialized memory read attempt (file-other.rules) * 1:33759 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.CTB-Locker download attempt (malware-other.rules) * 1:33734 <-> DISABLED <-> FILE-OFFICE Microsoft Office ADODB.RecordSet code execution attempt (file-office.rules) * 1:33761 <-> DISABLED <-> FILE-IMAGE Microsoft Internet Explorer PNG tRNS chuck size 1 information disclosure attempt (file-image.rules) * 1:33758 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.CTB-Locker download attempt (malware-other.rules) * 1:33766 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetClipboardAccessToken privilege escalation attempt (os-windows.rules) * 1:33760 <-> DISABLED <-> FILE-IMAGE Microsoft Internet Explorer PNG tRNS chuck size 1 information disclosure attempt (file-image.rules) * 1:33768 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserFnINOUTNCCALCSIZE kernel memory leak attempt (os-windows.rules) * 1:33765 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetClipboardAccessToken privilege escalation attempt (os-windows.rules) * 1:33770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserfnINSTRINGNULL memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:33767 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserFnINOUTNCCALCSIZE kernel memory leak attempt (os-windows.rules) * 1:33772 <-> DISABLED <-> FILE-OTHER Microsoft Windows jxr information disclosure attempt (file-other.rules) * 1:33769 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserfnINSTRINGNULL memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:33774 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CmpGetVirtualizationID race condition user impersonation attempt (os-windows.rules) * 1:33771 <-> DISABLED <-> FILE-OTHER Microsoft Windows jxr information disclosure attempt (file-other.rules) * 1:33778 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33773 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CmpGetVirtualizationID race condition user impersonation attempt (os-windows.rules) * 1:33780 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33777 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33782 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33779 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33784 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33781 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33786 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33783 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33788 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33785 <-> DISABLED <-> SERVER-OTHER SSL request for export grade cipher suite attempt (server-other.rules) * 1:33790 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33787 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33792 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33789 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33794 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33791 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33796 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33793 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33798 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33795 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33800 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33797 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33802 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33799 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33804 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33801 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33806 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33803 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33808 <-> DISABLED <-> SERVER-OTHER Microsoft Sharepoint Server Newsfeed XSS attempt (server-other.rules) * 1:33805 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33810 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server custom DLP policy name cross-site scripting attempt (server-other.rules) * 1:33807 <-> DISABLED <-> SERVER-MAIL Microsoft Exchange OWA X-OWA-CANARY command injection attempt (server-mail.rules) * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:33809 <-> DISABLED <-> SERVER-OTHER Microsoft Sharepoint user display name XSS attempt (server-other.rules) * 1:33816 <-> DISABLED <-> PUA-ADWARE Adware Goobzo/CrossRider variant outbound connection (pua-adware.rules) * 1:33811 <-> DISABLED <-> SERVER-MAIL Microsoft Exchange UM Management user stored XSS attempt (server-mail.rules) * 1:33825 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules) * 1:33815 <-> DISABLED <-> PUA-ADWARE Adware Goobzo/CrossRider variant outbound connection (pua-adware.rules) * 1:33830 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:33823 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Speccom variant outbound connection (malware-backdoor.rules) * 1:33834 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules) * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules) * 1:33858 <-> DISABLED <-> SERVER-OTHER rsyslog remote PRI out of bounds attempt (server-other.rules) * 1:33833 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules) * 1:33835 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules) * 1:33909 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll out-of-bounds memory write access attempt (file-pdf.rules) * 1:33874 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Latekonsul Runtime Detection (malware-other.rules) * 1:33911 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit rowspan denial of service attempt (browser-webkit.rules) * 1:33908 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll out-of-bounds memory write access attempt (file-pdf.rules) * 1:33940 <-> DISABLED <-> MALWARE-OTHER Executable control panel file attachment detected (malware-other.rules) * 1:33910 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit rowspan denial of service attempt (browser-webkit.rules) * 1:33942 <-> DISABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:33939 <-> DISABLED <-> MALWARE-OTHER Executable control panel file attachment detected (malware-other.rules) * 1:33944 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33941 <-> DISABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:33946 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33943 <-> ENABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:33948 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33945 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33950 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33947 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33952 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33949 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33954 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33951 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33956 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33953 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33958 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33955 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33960 <-> DISABLED <-> SERVER-OTHER PHP unserialize code execution attempt (server-other.rules) * 1:33957 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33962 <-> DISABLED <-> BROWSER-CHROME Google Chrome Pepper Flash same-origin-policy bypass attempt (browser-chrome.rules) * 1:33959 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33961 <-> DISABLED <-> SERVER-OTHER PHP unserialize code execution attempt (server-other.rules) * 1:33972 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross domain policy bypass attempt (file-flash.rules) * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33974 <-> DISABLED <-> FILE-FLASH Adobe Flash Player compressed file cross domain policy bypass attempt (file-flash.rules) * 1:33971 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross domain policy bypass attempt (file-flash.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:33973 <-> DISABLED <-> FILE-FLASH Adobe Flash Player compressed file cross domain policy bypass attempt (file-flash.rules) * 1:34053 <-> DISABLED <-> SERVER-OTHER PHP unserialize and __wakeup use after free attempt (server-other.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34057 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:34027 <-> DISABLED <-> SERVER-OTHER PHP 4 unserialize ZVAL Reference Counter Overflow attempt (server-other.rules) * 1:34078 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules) * 1:34054 <-> DISABLED <-> SERVER-OTHER PHP unserialize and __wakeup use after free attempt (server-other.rules) * 1:34080 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules) * 1:34058 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:34082 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules) * 1:34079 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules) * 1:34088 <-> DISABLED <-> SERVER-IIS Web.config information disclosure attempt (server-iis.rules) * 1:34081 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules) * 1:34092 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender misconfiguration MpCmdRun.exe system execution attempt (os-windows.rules) * 1:34083 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules) * 1:34096 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtCreateTransactionManager type confusion attempt (os-windows.rules) * 1:34091 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender misconfiguration MpCmdRun.exe system execution attempt (os-windows.rules) * 1:34098 <-> DISABLED <-> FILE-OTHER Multiple products external entity injection attempt (file-other.rules) * 1:34095 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtCreateTransactionManager type confusion attempt (os-windows.rules) * 1:34112 <-> DISABLED <-> SERVER-OTHER NTP mode 6 REQ_NONCE denial of service attempt (server-other.rules) * 1:34097 <-> DISABLED <-> FILE-OTHER Multiple products external entity injection attempt (file-other.rules) * 1:34118 <-> DISABLED <-> INDICATOR-OBFUSCATION known malicious javascript packer detected (indicator-obfuscation.rules) * 1:34099 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint projectdetails.aspx ret parameter XSS attempt (server-other.rules) * 1:34120 <-> DISABLED <-> PUA-ADWARE InstallMetrix fetch offers stage outbound connection (pua-adware.rules) * 1:34114 <-> DISABLED <-> SERVER-OTHER NTP mode 6 UNSETTRAP denial of service attempt (server-other.rules) * 1:34122 <-> DISABLED <-> PUA-ADWARE InstallMetrix reporting fetch offers stage status (pua-adware.rules) * 1:34119 <-> DISABLED <-> PUA-ADWARE InstallMetrix precheck stage outbound connection (pua-adware.rules) * 1:34126 <-> DISABLED <-> PUA-ADWARE Vitruvian outbound connection (pua-adware.rules) * 1:34121 <-> DISABLED <-> PUA-ADWARE InstallMetrix reporting binary installation stage status (pua-adware.rules) * 1:34131 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules) * 1:34125 <-> DISABLED <-> PUA-ADWARE User-Agent Vitruvian (pua-adware.rules) * 1:34141 <-> DISABLED <-> SERVER-OTHER Oracle CorelDRAW file parser heap buffer overflow attempt (server-other.rules) * 1:34127 <-> DISABLED <-> PUA-ADWARE Vitruvian outbound connection (pua-adware.rules) * 1:34144 <-> DISABLED <-> PUA-ADWARE SuperOptimizer installation status (pua-adware.rules) * 1:34137 <-> DISABLED <-> PUA-ADWARE SearchProtect user-agent detection (pua-adware.rules) * 1:34146 <-> DISABLED <-> PUA-ADWARE SuperOptimizer geolocation request (pua-adware.rules) * 1:34142 <-> DISABLED <-> SERVER-OTHER Oracle CorelDRAW file parser heap buffer overflow attempt (server-other.rules) * 1:34148 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34145 <-> DISABLED <-> PUA-ADWARE SuperOptimizer encrypted data transmission (pua-adware.rules) * 1:34150 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34147 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34170 <-> DISABLED <-> BROWSER-OTHER Opera SVG use after free memory corruption attempt (browser-other.rules) * 1:34149 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34176 <-> DISABLED <-> FILE-FLASH Adobe Flash Player domain security bypass attempt (file-flash.rules) * 1:34160 <-> DISABLED <-> SERVER-OTHER Oracle Outside In Paradox database denial of service attempt (server-other.rules) * 1:34224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (indicator-shellcode.rules) * 1:34171 <-> DISABLED <-> BROWSER-OTHER Opera SVG use after free memory corruption attempt (browser-other.rules) * 1:34227 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple AV products evasion attempt (indicator-obfuscation.rules) * 1:34177 <-> DISABLED <-> FILE-FLASH Adobe Flash Player domain security bypass attempt (file-flash.rules) * 1:34233 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules) * 1:34226 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple AV products evasion attempt (indicator-obfuscation.rules) * 1:34235 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules) * 1:34232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules) * 1:34237 <-> DISABLED <-> PUA-ADWARE Eorezo get advertisement (pua-adware.rules) * 1:34234 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules) * 1:34239 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file upload attempt (server-other.rules) * 1:34236 <-> DISABLED <-> PUA-ADWARE Eorezo outbound connection (pua-adware.rules) * 1:34254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules) * 1:34238 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file upload attempt (server-other.rules) * 1:34295 <-> DISABLED <-> SQL Lblog possible sql injection attempt - GET parameter (sql.rules) * 1:34253 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules) * 1:34336 <-> ENABLED <-> MALWARE-OTHER Html.Phishing.Crea outbound connection attempt (malware-other.rules) * 1:34288 <-> DISABLED <-> SERVER-OTHER Windows iSCSI target login request Denial of Service attempt (server-other.rules) * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34301 <-> DISABLED <-> SERVER-OTHER GNU Mailman listname directory traversal attempt (server-other.rules) * 1:34343 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (file-multimedia.rules) * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (policy-other.rules) * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (policy-other.rules) * 1:34373 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34344 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (file-multimedia.rules) * 1:34375 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34348 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit payload download (exploit-kit.rules) * 1:34377 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetComboBoxInfo information disclosure attempt (os-windows.rules) * 1:34374 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34395 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:34376 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34397 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download request (file-identify.rules) * 1:34378 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetComboBoxInfo information disclosure attempt (os-windows.rules) * 1:34413 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetScrollBarInfo information disclosure attempt (os-windows.rules) * 1:34396 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:34426 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:34398 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download attempt (file-identify.rules) * 1:34434 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET XML recursive call denial of service attempt (os-windows.rules) * 1:34414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetScrollBarInfo information disclosure attempt (os-windows.rules) * 1:34438 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .msc file stack overflow attempt (os-windows.rules) * 1:34427 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:34442 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTUserGetTitleBarInfo information disclosure attempt (os-windows.rules) * 1:34435 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET XML recursive call denial of service attempt (os-windows.rules) * 1:34463 <-> DISABLED <-> APP-DETECT TeamViewer remote administration tool outbound connection attempt (app-detect.rules) * 1:34439 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .msc file stack overflow attempt (os-windows.rules) * 1:34465 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT28 Lisuife (indicator-compromise.rules) * 1:34443 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTUserGetTitleBarInfo information disclosure attempt (os-windows.rules) * 1:34480 <-> DISABLED <-> FILE-EXECUTABLE Adobe Flash Player Internet Explorer broker process directory traversal attempt (file-executable.rules) * 1:34464 <-> DISABLED <-> SERVER-OTHER AsusWRT infosvr remote command execution attempt (server-other.rules) * 1:34482 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34479 <-> DISABLED <-> FILE-EXECUTABLE Adobe Flash Player Internet Explorer broker process directory traversal attempt (file-executable.rules) * 1:34484 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34481 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34486 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34483 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34488 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34485 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:34487 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:34492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:34497 <-> DISABLED <-> APP-DETECT Your-Freedom DNS tunneling query response attempt (app-detect.rules) * 1:34494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:34499 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules) * 1:34496 <-> DISABLED <-> APP-DETECT Your-Freedom DNS tunneling query attempt (app-detect.rules) * 1:34528 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader AVDoc use-after-free attempt (file-pdf.rules) * 1:34498 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules) * 1:34530 <-> DISABLED <-> FILE-OTHER Microsoft CAB incorrect version multiple antivirus evasion attempt (file-other.rules) * 1:34500 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Wekby Torn variant outbound connection (malware-backdoor.rules) * 1:34532 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader customDictionaryExport information disclosure attempt (file-pdf.rules) * 1:34529 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader AVDoc use-after-free attempt (file-pdf.rules) * 1:34534 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PRC invalid index attempt (file-pdf.rules) * 1:34531 <-> DISABLED <-> FILE-OTHER Microsoft CAB incorrect version multiple antivirus evasion attempt (file-other.rules) * 1:34536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:34533 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader customDictionaryExport information disclosure attempt (file-pdf.rules) * 1:34566 <-> DISABLED <-> FILE-OTHER Microsoft Windows Font Library file buffer overflow attempt (file-other.rules) * 1:34535 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PRC invalid index attempt (file-pdf.rules) * 1:34574 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:34576 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34573 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34578 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34575 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34580 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34577 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34579 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34587 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:34595 <-> DISABLED <-> SERVER-OTHER OpenSSL handshake with potentially unseeded PRNG information disclosure attempt (server-other.rules) * 1:34586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34630 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules) * 1:34588 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34649 <-> DISABLED <-> SERVER-OTHER OpenSSL zero-length ClientKeyExchange message denial of service attempt (server-other.rules) * 1:34629 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules) * 1:34710 <-> DISABLED <-> SERVER-OTHER PHP unserialize datetimezone object code execution attempt (server-other.rules) * 1:34631 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file download request (file-identify.rules) * 1:34715 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules) * 1:34709 <-> DISABLED <-> SERVER-OTHER MIT Kerberos MIT Kerberos 5 krb5_read_message denial of service attempt (server-other.rules) * 1:34762 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference privilege escalation attempt (os-windows.rules) * 1:34714 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules) * 1:34770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows bitmap menu item use after free attempt (os-windows.rules) * 1:34761 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference privilege escalation attempt (os-windows.rules) * 1:34774 <-> DISABLED <-> OS-WINDOWS Microsoft Windows multiple linked fonts memory corruption attempt (os-windows.rules) * 1:34769 <-> DISABLED <-> SERVER-IIS Microsoft Active Directory Federation Services wct parameter cross site scripting attempt (server-iis.rules) * 1:34776 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserMessageCall information disclosure attempt (os-windows.rules) * 1:34771 <-> DISABLED <-> OS-WINDOWS Microsoft Windows bitmap menu item use after free attempt (os-windows.rules) * 1:34780 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context visible region memory corruption attempt (file-other.rules) * 1:34775 <-> DISABLED <-> OS-WINDOWS Microsoft Windows multiple linked fonts memory corruption attempt (os-windows.rules) * 1:34782 <-> DISABLED <-> OS-WINDOWS Microsoft Windows BrushAttributes use-after-free attempt (os-windows.rules) * 1:34777 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserMessageCall information disclosure attempt (os-windows.rules) * 1:34784 <-> DISABLED <-> OS-WINDOWS Microsoft Windows window placement invalid memory write attempt (os-windows.rules) * 1:34781 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context visible region memory corruption attempt (file-other.rules) * 1:34786 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context memory corruption attempt (file-other.rules) * 1:34783 <-> DISABLED <-> OS-WINDOWS Microsoft Windows BrushAttributes use-after-free attempt (os-windows.rules) * 1:34788 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 CreateWindowEx privilege escalation attempt (os-windows.rules) * 1:34785 <-> DISABLED <-> OS-WINDOWS Microsoft Windows window placement invalid memory write attempt (os-windows.rules) * 1:34792 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules) * 1:34787 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context memory corruption attempt (file-other.rules) * 1:34800 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:34789 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 CreateWindowEx privilege escalation attempt (os-windows.rules) * 1:34802 <-> DISABLED <-> OS-LINUX Linux kernel SCTP Unknown Chunk Types denial of service attempt (os-linux.rules) * 1:34793 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules) * 1:34812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34801 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:34814 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player assumed trust URI reference to child file attempt (file-flash.rules) * 1:34836 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34838 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34858 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34837 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34860 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34839 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34864 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (indicator-compromise.rules) * 1:34859 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34927 <-> DISABLED <-> PUA-ADWARE PullUpdate installer outbound connection (pua-adware.rules) * 1:34861 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34933 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HSC DVD driver upgrade code execution attempt (os-windows.rules) * 1:34889 <-> DISABLED <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt (server-other.rules) * 1:34946 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox automatic user click event attempt (browser-firefox.rules) * 1:34930 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy outbound traffic attempt (malware-other.rules) * 1:34951 <-> DISABLED <-> SERVER-OTHER PHP DateTimeZone object timezone unserialize type confusion attempt (server-other.rules) * 1:34945 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.Dridex dropper message (malware-tools.rules) * 1:34953 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34947 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox automatic user click event attempt (browser-firefox.rules) * 1:34955 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34952 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34964 <-> DISABLED <-> PUA-ADWARE Win.Adware.Sendori user-agent detection (pua-adware.rules) * 1:34954 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34970 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:34956 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34974 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio UML string object heap buffer overflow attempt (file-office.rules) * 1:34969 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:34984 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (file-other.rules) * 1:34973 <-> DISABLED <-> SERVER-OTHER Apache mod_include buffer overflow attempt (server-other.rules) * 1:34986 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (file-other.rules) * 1:34975 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio UML string object heap buffer overflow attempt (file-office.rules) * 1:35003 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Malumpos malware download attempt (malware-other.rules) * 1:34985 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (file-other.rules) * 1:35018 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules) * 1:34987 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (file-other.rules) * 1:35020 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules) * 1:35004 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Malumpos malware download attempt (malware-other.rules) * 1:35022 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime corrupt stbl atom out of bounds read attempt (file-multimedia.rules) * 1:35019 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules) * 1:35038 <-> DISABLED <-> SERVER-OTHER Trustwave ModSecurity chunked transfer encoding policy bypass attempt (server-other.rules) * 1:35021 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules) * 1:35044 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari URI spoofing attempt (browser-webkit.rules) * 1:35023 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime corrupt stbl atom out of bounds read attempt (file-multimedia.rules) * 1:35070 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (browser-firefox.rules) * 1:35042 <-> DISABLED <-> POLICY-OTHER Apple Cups cupsd.conf change attempt (policy-other.rules) * 1:35072 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (browser-firefox.rules) * 1:35045 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari URI spoofing attempt (browser-webkit.rules) * 1:35074 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use after free attempt (browser-firefox.rules) * 1:35071 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use after free attempt (browser-firefox.rules) * 1:35084 <-> DISABLED <-> EXPLOIT-KIT Null Hole exploit kit binary download request (exploit-kit.rules) * 1:35073 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (browser-firefox.rules) * 1:35092 <-> DISABLED <-> SERVER-OTHER PHP core compressed file temp_len buffer overflow attempt (server-other.rules) * 1:35075 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (browser-firefox.rules) * 1:35094 <-> DISABLED <-> FILE-OTHER Microsoft proxy autoconfig script system library import attempt (file-other.rules) * 1:35085 <-> DISABLED <-> EXPLOIT-KIT Null Hole exploit kit malicious swf request (exploit-kit.rules) * 1:35098 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35093 <-> DISABLED <-> SERVER-OTHER PHP core compressed file temp_len buffer overflow attempt (server-other.rules) * 1:35106 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (os-windows.rules) * 1:35097 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35108 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (os-windows.rules) * 1:35105 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (os-windows.rules) * 1:35110 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit obfuscated Flash actionscript classname detected (exploit-kit.rules) * 1:35107 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (os-windows.rules) * 1:35112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference attempt (os-windows.rules) * 1:35109 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit obfuscated Flash actionscript classname detected (exploit-kit.rules) * 1:35118 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos privilege escalation attempt (os-windows.rules) * 1:35111 <-> DISABLED <-> SERVER-OTHER OpenSSL anomalous x509 certificate with default org name and certificate chain detected (server-other.rules) * 1:35130 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid table information disclosure attempt (file-office.rules) * 1:35113 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference attempt (os-windows.rules) * 1:35132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserDisableProcessWindowFiltering information disclosure attempt (os-windows.rules) * 1:35129 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid table information disclosure attempt (file-office.rules) * 1:35136 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DeferWindowPos access after release code injection attempt (os-windows.rules) * 1:35131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserDisableProcessWindowFiltering information disclosure attempt (os-windows.rules) * 1:35144 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Viewer request for msostyle.dll over SMB attempt (file-office.rules) * 1:35135 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DeferWindowPos access after release code injection attempt (os-windows.rules) * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:35143 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Viewer msostyle.dll dll-load exploit attempt (file-office.rules) * 1:35150 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop reference use after free attempt (os-windows.rules) * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:35161 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules) * 1:35149 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop reference use after free attempt (os-windows.rules) * 1:35163 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules) * 1:35160 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules) * 1:35167 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object remote code execution attempt (file-office.rules) * 1:35162 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules) * 1:35169 <-> DISABLED <-> FILE-OFFICE Microsoft Office request for rapi.dll over SMB attempt (file-office.rules) * 1:35166 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object remote code execution attempt (file-office.rules) * 1:35175 <-> DISABLED <-> OS-WINDOWS DCOM DCE/RPC NTLM reflection elevation of privilege attempt (os-windows.rules) * 1:35168 <-> DISABLED <-> FILE-OFFICE Microsoft Office rapi.dll dll-load exploit attempt (file-office.rules) * 1:35186 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:35174 <-> DISABLED <-> OS-WINDOWS DCOM DCE/RPC NTLM reflection elevation of privilege attempt (os-windows.rules) * 1:35188 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35187 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35189 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35414 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules) * 1:46318 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules) * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:40538 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:35986 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserSetWindowsHook memory disclosure attempt (os-windows.rules) * 1:36527 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:46668 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:47275 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:37054 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:42343 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:39758 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:42269 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42058 <-> DISABLED <-> PROTOCOL-SCADA Moxa unlock function code attempt (protocol-scada.rules) * 1:36384 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:42344 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:47115 <-> DISABLED <-> SERVER-MAIL Zerofont phishing attempt (server-mail.rules) * 1:41365 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RtlQueryRegistryValues buffer overflow attempt (os-windows.rules) * 1:37282 <-> DISABLED <-> FILE-OTHER Microsoft Office MScomctl.ocx memory leak attempt (file-other.rules) * 1:47839 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules) * 1:48331 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:45350 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules) * 1:40921 <-> DISABLED <-> FILE-PDF Iceni Argus loadLZWBuffer out of bounds write attempt (file-pdf.rules) * 1:48145 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules) * 1:44826 <-> DISABLED <-> OS-WINDOWS Microsoft Edge out of bounds write attempt (os-windows.rules) * 1:43104 <-> DISABLED <-> PROTOCOL-SCADA OPC Systems denial of service attempt (protocol-scada.rules) * 1:47154 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:38708 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:41647 <-> DISABLED <-> POLICY-OTHER Piwik Analytics Platform PHP plugin installation detected (policy-other.rules) * 1:37332 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:42305 <-> DISABLED <-> FILE-OTHER fwpuclnt dll-load exploit attempt (file-other.rules) * 1:49026 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Bits ASCII reply (protocol-scada.rules) * 1:41747 <-> DISABLED <-> PROTOCOL-SCADA Moxa SoftCMS webserver DOS attempt (protocol-scada.rules) * 1:43946 <-> DISABLED <-> FILE-OTHER Guitar Pro malformed GPX buffer overflow attempt (file-other.rules) * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules) * 1:41463 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (file-executable.rules) * 1:45576 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Function focus overflow attempt (browser-firefox.rules) * 1:46671 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:35406 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_status heap buffer overflow attempt (server-apache.rules) * 1:38897 <-> DISABLED <-> FILE-OTHER Adobe Illustrator CS4 request for aires.dll over SMB attempt (file-other.rules) * 1:47944 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules) * 1:40873 <-> DISABLED <-> FILE-PDF Iceni Argus loadTrailer heap corruption attempt (file-pdf.rules) * 1:44980 <-> DISABLED <-> FILE-PDF Foxit Reader util printf information disclosure attempt (file-pdf.rules) * 1:48313 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:35433 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:35808 <-> DISABLED <-> FILE-PDF Adobe Reader validation bypass privilege escalation attempt (file-pdf.rules) * 1:47093 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules) * 1:42351 <-> DISABLED <-> PROTOCOL-SCADA InduSoft Web Studio CEServer buffer overflow attempt (protocol-scada.rules) * 1:38683 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:44096 <-> DISABLED <-> MALWARE-TOOLS Request to service that provices external IP address detected (malware-tools.rules) * 1:37304 <-> DISABLED <-> APP-DETECT Hola VPN non-http port ping (app-detect.rules) * 1:38361 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (malware-other.rules) * 1:49000 <-> DISABLED <-> PROTOCOL-SCADA PCOM Stop Device ASCII request (protocol-scada.rules) * 1:42940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules) * 1:45671 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:35289 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (file-flash.rules) * 1:40531 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (pua-adware.rules) * 1:48340 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:42227 <-> DISABLED <-> SERVER-OTHER NTP Config Unpeer denial of service attempt (server-other.rules) * 1:45672 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:38866 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:44203 <-> DISABLED <-> SERVER-OTHER HP Data Protector memory corruption attempt (server-other.rules) * 1:41771 <-> ENABLED <-> MALWARE-TOOLS slowhttptest DoS tool (malware-tools.rules) * 1:41051 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 TESTFR ACT (protocol-scada.rules) * 1:49052 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:35778 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:41079 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 traffic to/from EXTERNAL_NET (protocol-scada.rules) * 1:47188 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules) * 1:42938 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules) * 1:35561 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules) * 1:43226 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework CLI loader denial of service attempt (os-windows.rules) * 1:47413 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic T3 inbound connection detected (policy-other.rules) * 1:39806 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:37056 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:42873 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:44355 <-> DISABLED <-> FILE-IMAGE Free Opener malformed JPEG file buffer overflow attempt (file-image.rules) * 1:35542 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit flash exploit download attempt (exploit-kit.rules) * 1:46910 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows Interrupt Service Routine stack rollback attempt (indicator-compromise.rules) * 1:43232 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:38547 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT table markup command out of bounds read attempt (server-other.rules) * 1:38451 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:39807 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Lethic outbound connection detected (malware-other.rules) * 1:43686 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.NemucodAES variant outbound connection (malware-other.rules) * 1:44914 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PrintParams out of bounds array index attempt (file-pdf.rules) * 1:36529 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:43218 <-> DISABLED <-> PUA-ADWARE Win.Adware.Hotbar variant outbound connection (pua-adware.rules) * 1:38702 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:49056 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:48322 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:37060 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:45234 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon Quantum modbus start command attempt (protocol-scada.rules) * 1:47230 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules) * 1:48966 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:43986 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electroc ModbusDrv.exe buffer overflow attempt (protocol-scada.rules) * 1:35240 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (file-pdf.rules) * 1:35239 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (file-pdf.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
