Talos has added and modified multiple rules in the browser-ie, browser-plugins, file-pdf, malware-cnc, malware-other, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53163 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.ObliqueRAT download attempt (malware-other.rules) * 1:53162 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (malware-other.rules) * 1:53161 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (malware-other.rules) * 1:53160 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (malware-other.rules) * 1:53159 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (malware-other.rules) * 1:53158 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (malware-other.rules) * 1:53157 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.CrimsonRAT download attempt (malware-other.rules) * 1:53156 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.CrimsonRAT download attempt (malware-other.rules) * 1:53155 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ObliqueRAT outbound connection (malware-cnc.rules) * 1:53154 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ObliqueRAT outbound connection (malware-cnc.rules) * 1:53153 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound command (malware-cnc.rules) * 1:53152 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound connection (malware-cnc.rules) * 1:53151 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:53150 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:53149 <-> DISABLED <-> FILE-PDF Adobe Acrobat CTextWidget memory corruption attempt (file-pdf.rules) * 1:53148 <-> DISABLED <-> FILE-PDF Adobe Acrobat CTextWidget memory corruption attempt (file-pdf.rules) * 1:53188 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53187 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53186 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53185 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53184 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53183 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53182 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53181 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53180 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53179 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53178 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53177 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53167 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (malware-other.rules) * 1:53166 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (malware-other.rules) * 1:53165 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (malware-other.rules) * 1:53164 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.ObliqueRat download attempt (malware-other.rules) * 1:53191 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53190 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53189 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53194 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53193 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53192 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53195 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53198 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.WindowsKeylogger variant download attempt (malware-other.rules) * 1:53197 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.WindowsKeylogger variant download attempt (malware-other.rules) * 1:53196 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53201 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (browser-plugins.rules) * 1:53200 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (browser-plugins.rules) * 1:53199 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (browser-plugins.rules) * 1:53202 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (browser-plugins.rules) * 3:53168 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Contact Center Express arbitrary JSP file upload attempt (server-webapp.rules) * 3:53169 <-> ENABLED <-> POLICY-OTHER PostgreSQL default credential login detected (policy-other.rules) * 3:53170 <-> ENABLED <-> SERVER-OTHER Cisco Email Security Appliance mail log parsing denial of service attempt (server-other.rules) * 3:53171 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager password change detected (policy-other.rules) * 3:53172 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager user add detected (policy-other.rules) * 3:53173 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager server properties update detected (policy-other.rules) * 3:53174 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager saveDefaultCredentials detected (policy-other.rules) * 3:53175 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager cross site request forgery attempt (server-webapp.rules) * 3:53176 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager cross site request forgery attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53193 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53151 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:53152 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound connection (malware-cnc.rules) * 1:53153 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound command (malware-cnc.rules) * 1:53165 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (malware-other.rules) * 1:53155 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ObliqueRAT outbound connection (malware-cnc.rules) * 1:53156 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.CrimsonRAT download attempt (malware-other.rules) * 1:53148 <-> DISABLED <-> FILE-PDF Adobe Acrobat CTextWidget memory corruption attempt (file-pdf.rules) * 1:53150 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:53157 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.CrimsonRAT download attempt (malware-other.rules) * 1:53159 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (malware-other.rules) * 1:53160 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (malware-other.rules) * 1:53161 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (malware-other.rules) * 1:53162 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (malware-other.rules) * 1:53154 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ObliqueRAT outbound connection (malware-cnc.rules) * 1:53163 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.ObliqueRAT download attempt (malware-other.rules) * 1:53164 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.ObliqueRat download attempt (malware-other.rules) * 1:53166 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (malware-other.rules) * 1:53167 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (malware-other.rules) * 1:53177 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53178 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53179 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53180 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53158 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (malware-other.rules) * 1:53181 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53182 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53183 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53184 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53185 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53186 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53187 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53188 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53189 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53190 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53191 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53202 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (browser-plugins.rules) * 1:53201 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (browser-plugins.rules) * 1:53200 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (browser-plugins.rules) * 1:53199 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (browser-plugins.rules) * 1:53198 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.WindowsKeylogger variant download attempt (malware-other.rules) * 1:53197 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.WindowsKeylogger variant download attempt (malware-other.rules) * 1:53195 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53194 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53196 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53149 <-> DISABLED <-> FILE-PDF Adobe Acrobat CTextWidget memory corruption attempt (file-pdf.rules) * 1:53192 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 3:53173 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager server properties update detected (policy-other.rules) * 3:53170 <-> ENABLED <-> SERVER-OTHER Cisco Email Security Appliance mail log parsing denial of service attempt (server-other.rules) * 3:53171 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager password change detected (policy-other.rules) * 3:53174 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager saveDefaultCredentials detected (policy-other.rules) * 3:53175 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager cross site request forgery attempt (server-webapp.rules) * 3:53176 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager cross site request forgery attempt (server-webapp.rules) * 3:53168 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Contact Center Express arbitrary JSP file upload attempt (server-webapp.rules) * 3:53172 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager user add detected (policy-other.rules) * 3:53169 <-> ENABLED <-> POLICY-OTHER PostgreSQL default credential login detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53149 <-> DISABLED <-> FILE-PDF Adobe Acrobat CTextWidget memory corruption attempt (file-pdf.rules) * 1:53193 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53197 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.WindowsKeylogger variant download attempt (malware-other.rules) * 1:53195 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53194 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53196 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53151 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:53152 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound connection (malware-cnc.rules) * 1:53155 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ObliqueRAT outbound connection (malware-cnc.rules) * 1:53153 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound command (malware-cnc.rules) * 1:53165 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (malware-other.rules) * 1:53202 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (browser-plugins.rules) * 1:53201 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (browser-plugins.rules) * 1:53200 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (browser-plugins.rules) * 1:53199 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (browser-plugins.rules) * 1:53198 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.WindowsKeylogger variant download attempt (malware-other.rules) * 1:53150 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:53157 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.CrimsonRAT download attempt (malware-other.rules) * 1:53158 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (malware-other.rules) * 1:53163 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.ObliqueRAT download attempt (malware-other.rules) * 1:53166 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (malware-other.rules) * 1:53167 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (malware-other.rules) * 1:53177 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53178 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53179 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53180 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53181 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53182 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53183 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53184 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53185 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53186 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53187 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53188 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53189 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53190 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53191 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53192 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53154 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ObliqueRAT outbound connection (malware-cnc.rules) * 1:53161 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (malware-other.rules) * 1:53162 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (malware-other.rules) * 1:53159 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (malware-other.rules) * 1:53160 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (malware-other.rules) * 1:53148 <-> DISABLED <-> FILE-PDF Adobe Acrobat CTextWidget memory corruption attempt (file-pdf.rules) * 1:53164 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.ObliqueRat download attempt (malware-other.rules) * 1:53156 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.CrimsonRAT download attempt (malware-other.rules) * 3:53170 <-> ENABLED <-> SERVER-OTHER Cisco Email Security Appliance mail log parsing denial of service attempt (server-other.rules) * 3:53168 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Contact Center Express arbitrary JSP file upload attempt (server-webapp.rules) * 3:53169 <-> ENABLED <-> POLICY-OTHER PostgreSQL default credential login detected (policy-other.rules) * 3:53176 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager cross site request forgery attempt (server-webapp.rules) * 3:53173 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager server properties update detected (policy-other.rules) * 3:53174 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager saveDefaultCredentials detected (policy-other.rules) * 3:53175 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager cross site request forgery attempt (server-webapp.rules) * 3:53171 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager password change detected (policy-other.rules) * 3:53172 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager user add detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53193 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53151 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:53194 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53152 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound connection (malware-cnc.rules) * 1:53165 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (malware-other.rules) * 1:53153 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound command (malware-cnc.rules) * 1:53155 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ObliqueRAT outbound connection (malware-cnc.rules) * 1:53148 <-> DISABLED <-> FILE-PDF Adobe Acrobat CTextWidget memory corruption attempt (file-pdf.rules) * 1:53150 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:53157 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.CrimsonRAT download attempt (malware-other.rules) * 1:53161 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (malware-other.rules) * 1:53195 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53197 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.WindowsKeylogger variant download attempt (malware-other.rules) * 1:53198 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.WindowsKeylogger variant download attempt (malware-other.rules) * 1:53201 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (browser-plugins.rules) * 1:53202 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (browser-plugins.rules) * 1:53200 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (browser-plugins.rules) * 1:53149 <-> DISABLED <-> FILE-PDF Adobe Acrobat CTextWidget memory corruption attempt (file-pdf.rules) * 1:53159 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (malware-other.rules) * 1:53160 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (malware-other.rules) * 1:53156 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.CrimsonRAT download attempt (malware-other.rules) * 1:53163 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.ObliqueRAT download attempt (malware-other.rules) * 1:53164 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.ObliqueRat download attempt (malware-other.rules) * 1:53166 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (malware-other.rules) * 1:53167 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (malware-other.rules) * 1:53177 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53178 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53179 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53180 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53181 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53182 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53183 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53154 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ObliqueRAT outbound connection (malware-cnc.rules) * 1:53162 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (malware-other.rules) * 1:53192 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53184 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53185 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53186 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53187 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53188 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53189 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53199 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (browser-plugins.rules) * 1:53158 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (malware-other.rules) * 1:53190 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53191 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53196 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 3:53176 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager cross site request forgery attempt (server-webapp.rules) * 3:53173 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager server properties update detected (policy-other.rules) * 3:53171 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager password change detected (policy-other.rules) * 3:53174 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager saveDefaultCredentials detected (policy-other.rules) * 3:53172 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager user add detected (policy-other.rules) * 3:53175 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager cross site request forgery attempt (server-webapp.rules) * 3:53170 <-> ENABLED <-> SERVER-OTHER Cisco Email Security Appliance mail log parsing denial of service attempt (server-other.rules) * 3:53168 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Contact Center Express arbitrary JSP file upload attempt (server-webapp.rules) * 3:53169 <-> ENABLED <-> POLICY-OTHER PostgreSQL default credential login detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53193 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53194 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53196 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53151 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:53152 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound connection (malware-cnc.rules) * 1:53153 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound command (malware-cnc.rules) * 1:53149 <-> DISABLED <-> FILE-PDF Adobe Acrobat CTextWidget memory corruption attempt (file-pdf.rules) * 1:53148 <-> DISABLED <-> FILE-PDF Adobe Acrobat CTextWidget memory corruption attempt (file-pdf.rules) * 1:53159 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (malware-other.rules) * 1:53162 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (malware-other.rules) * 1:53150 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:53157 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.CrimsonRAT download attempt (malware-other.rules) * 1:53198 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.WindowsKeylogger variant download attempt (malware-other.rules) * 1:53160 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (malware-other.rules) * 1:53195 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53202 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (browser-plugins.rules) * 1:53200 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (browser-plugins.rules) * 1:53161 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (malware-other.rules) * 1:53163 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.ObliqueRAT download attempt (malware-other.rules) * 1:53165 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (malware-other.rules) * 1:53164 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.ObliqueRat download attempt (malware-other.rules) * 1:53166 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (malware-other.rules) * 1:53167 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (malware-other.rules) * 1:53177 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53178 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53192 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53179 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53154 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ObliqueRAT outbound connection (malware-cnc.rules) * 1:53180 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53199 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (browser-plugins.rules) * 1:53181 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53156 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.CrimsonRAT download attempt (malware-other.rules) * 1:53182 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53201 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (browser-plugins.rules) * 1:53197 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.WindowsKeylogger variant download attempt (malware-other.rules) * 1:53183 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53184 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53185 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53186 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53187 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53188 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53189 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53190 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53191 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53155 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ObliqueRAT outbound connection (malware-cnc.rules) * 1:53158 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (malware-other.rules) * 3:53171 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager password change detected (policy-other.rules) * 3:53175 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager cross site request forgery attempt (server-webapp.rules) * 3:53176 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager cross site request forgery attempt (server-webapp.rules) * 3:53173 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager server properties update detected (policy-other.rules) * 3:53170 <-> ENABLED <-> SERVER-OTHER Cisco Email Security Appliance mail log parsing denial of service attempt (server-other.rules) * 3:53168 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Contact Center Express arbitrary JSP file upload attempt (server-webapp.rules) * 3:53169 <-> ENABLED <-> POLICY-OTHER PostgreSQL default credential login detected (policy-other.rules) * 3:53174 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager saveDefaultCredentials detected (policy-other.rules) * 3:53172 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager user add detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53151 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (snort3-browser-ie.rules) * 1:53184 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (snort3-malware-other.rules) * 1:53197 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.WindowsKeylogger variant download attempt (snort3-malware-other.rules) * 1:53161 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (snort3-malware-other.rules) * 1:53182 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (snort3-malware-other.rules) * 1:53198 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.WindowsKeylogger variant download attempt (snort3-malware-other.rules) * 1:53153 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound command (snort3-malware-cnc.rules) * 1:53201 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (snort3-browser-plugins.rules) * 1:53200 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (snort3-browser-plugins.rules) * 1:53194 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (snort3-malware-other.rules) * 1:53192 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (snort3-malware-other.rules) * 1:53185 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (snort3-malware-other.rules) * 1:53199 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (snort3-browser-plugins.rules) * 1:53202 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (snort3-browser-plugins.rules) * 1:53183 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (snort3-malware-other.rules) * 1:53186 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (snort3-malware-other.rules) * 1:53157 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.CrimsonRAT download attempt (snort3-malware-other.rules) * 1:53181 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (snort3-malware-other.rules) * 1:53156 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.CrimsonRAT download attempt (snort3-malware-other.rules) * 1:53154 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ObliqueRAT outbound connection (snort3-malware-cnc.rules) * 1:53195 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (snort3-malware-other.rules) * 1:53152 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound connection (snort3-malware-cnc.rules) * 1:53150 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (snort3-browser-ie.rules) * 1:53149 <-> DISABLED <-> FILE-PDF Adobe Acrobat CTextWidget memory corruption attempt (snort3-file-pdf.rules) * 1:53166 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (snort3-malware-other.rules) * 1:53162 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (snort3-malware-other.rules) * 1:53159 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (snort3-malware-other.rules) * 1:53167 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (snort3-malware-other.rules) * 1:53164 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.ObliqueRat download attempt (snort3-malware-other.rules) * 1:53165 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (snort3-malware-other.rules) * 1:53148 <-> DISABLED <-> FILE-PDF Adobe Acrobat CTextWidget memory corruption attempt (snort3-file-pdf.rules) * 1:53163 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.ObliqueRAT download attempt (snort3-malware-other.rules) * 1:53155 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ObliqueRAT outbound connection (snort3-malware-cnc.rules) * 1:53177 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (snort3-malware-other.rules) * 1:53178 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (snort3-malware-other.rules) * 1:53179 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (snort3-malware-other.rules) * 1:53160 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (snort3-malware-other.rules) * 1:53158 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (snort3-malware-other.rules) * 1:53187 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (snort3-malware-other.rules) * 1:53188 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (snort3-malware-other.rules) * 1:53189 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (snort3-malware-other.rules) * 1:53190 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (snort3-malware-other.rules) * 1:53191 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (snort3-malware-other.rules) * 1:53180 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (snort3-malware-other.rules) * 1:53193 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (snort3-malware-other.rules) * 1:53196 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (snort3-malware-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:53192 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53200 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (browser-plugins.rules) * 1:53166 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (malware-other.rules) * 1:53193 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53201 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (browser-plugins.rules) * 1:53194 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53189 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53152 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound connection (malware-cnc.rules) * 1:53150 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:53202 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (browser-plugins.rules) * 1:53188 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53155 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ObliqueRAT outbound connection (malware-cnc.rules) * 1:53160 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (malware-other.rules) * 1:53153 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound command (malware-cnc.rules) * 1:53165 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (malware-other.rules) * 1:53191 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53156 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.CrimsonRAT download attempt (malware-other.rules) * 1:53195 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53198 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.WindowsKeylogger variant download attempt (malware-other.rules) * 1:53196 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53177 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53167 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (malware-other.rules) * 1:53161 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (malware-other.rules) * 1:53163 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.ObliqueRAT download attempt (malware-other.rules) * 1:53180 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53199 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (browser-plugins.rules) * 1:53179 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53164 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.ObliqueRat download attempt (malware-other.rules) * 1:53157 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.CrimsonRAT download attempt (malware-other.rules) * 1:53190 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53178 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53186 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53159 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (malware-other.rules) * 1:53151 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:53158 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (malware-other.rules) * 1:53197 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.WindowsKeylogger variant download attempt (malware-other.rules) * 1:53162 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (malware-other.rules) * 1:53148 <-> DISABLED <-> FILE-PDF Adobe Acrobat CTextWidget memory corruption attempt (file-pdf.rules) * 1:53149 <-> DISABLED <-> FILE-PDF Adobe Acrobat CTextWidget memory corruption attempt (file-pdf.rules) * 1:53181 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53182 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53183 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53184 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53185 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53187 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53154 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ObliqueRAT outbound connection (malware-cnc.rules) * 3:53176 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager cross site request forgery attempt (server-webapp.rules) * 3:53175 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager cross site request forgery attempt (server-webapp.rules) * 3:53174 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager saveDefaultCredentials detected (policy-other.rules) * 3:53169 <-> ENABLED <-> POLICY-OTHER PostgreSQL default credential login detected (policy-other.rules) * 3:53173 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager server properties update detected (policy-other.rules) * 3:53172 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager user add detected (policy-other.rules) * 3:53170 <-> ENABLED <-> SERVER-OTHER Cisco Email Security Appliance mail log parsing denial of service attempt (server-other.rules) * 3:53171 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager password change detected (policy-other.rules) * 3:53168 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Contact Center Express arbitrary JSP file upload attempt (server-webapp.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
